Legal

HIPAA notice of privacy practices.

Effective date: April 5, 2026  ·  Last updated: April 5, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

TrueTest Labs is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to maintain the privacy of your Protected Health Information (PHI), to provide you with notice of our legal duties and privacy practices, and to follow the terms of this notice.

1. What is Protected Health Information (PHI)?

PHI is individually identifiable health information that we create, receive, maintain, or transmit in connection with our testing services. This includes:

  • Drug and alcohol test results (urine, hair, nail, oral fluid, breath, blood)
  • DNA test results (paternity, relationship, prenatal)
  • Chain-of-custody forms and collection records
  • Medical Review Officer (MRO) reports and verifications
  • Donor identification information linked to test results

2. How we may use and disclose your PHI

Uses and disclosures that do not require your authorization

We may use or disclose your PHI without your written authorization in the following circumstances:

  • Treatment: We may share your test results with healthcare providers involved in your care, including MROs who verify test results.
  • Payment: We may use your PHI to bill for services or collect payment from you, your employer, your attorney, or your insurance carrier.
  • Healthcare operations: We may use your PHI for quality assurance, compliance audits, and accreditation activities.
  • As required by law: We may disclose your PHI when required by federal, state, or local law, including court orders and subpoenas.
  • DOT-mandated reporting: For DOT-regulated tests, we are required to report results to the FMCSA Drug & Alcohol Clearinghouse, designated employer representatives (DERs), and substance abuse professionals (SAPs) as specified in 49 CFR Part 40.
  • Workplace testing: When testing is ordered by an employer, results are disclosed to the designated company representative who ordered the test.
  • Court-ordered testing: When testing is ordered by a court, results may be disclosed to the court, attorneys of record, guardians ad litem, and child welfare agencies as specified in the court order.
  • Public health and safety: We may disclose PHI to prevent a serious threat to health or safety, or as required by public health authorities.

Uses and disclosures that require your authorization

For uses and disclosures not described above, we will obtain your written authorization before disclosing your PHI. You may revoke your authorization at any time in writing, except to the extent that we have already acted on it. Examples include:

  • Releasing test results to a third party not named in the original order (e.g., a new attorney, another family member, a new employer)
  • Using your information for marketing purposes (we do not do this)
  • Selling your PHI (we do not do this)

3. Your rights regarding your PHI

Right to access

You have the right to inspect and obtain a copy of your PHI that we maintain. To request access, contact us in writing. We may charge a reasonable fee for copying and mailing costs. We will respond within 30 days of receiving your request.

Right to amend

You have the right to request an amendment to your PHI if you believe it is inaccurate or incomplete. We may deny your request in certain circumstances (e.g., if the information was not created by us, or if we believe the information is accurate). We will respond within 60 days.

Right to an accounting of disclosures

You have the right to request a list of certain disclosures of your PHI that we have made. This accounting does not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized in writing. We will respond within 60 days.

Right to request restrictions

You have the right to request restrictions on how we use or disclose your PHI. We are not required to agree to your request, but if we do, we will honor it except in emergencies or as required by law. Note: DOT-regulated test results cannot be restricted — federal law requires their disclosure to specific parties.

Right to confidential communications

You have the right to request that we communicate with you about your PHI in a specific way or at a specific location (e.g., by mail to a specific address rather than by phone). We will accommodate reasonable requests.

Right to a copy of this notice

You have the right to a paper copy of this notice at any time. Contact us to request one.

4. Our duties

  • We are required by law to maintain the privacy of your PHI and to provide you with this notice.
  • We are required to abide by the terms of this notice as currently in effect.
  • We are required to notify you if a breach of your unsecured PHI occurs.
  • We will not use or disclose your PHI for marketing or fundraising without your authorization.
  • We will not sell your PHI.

5. Breach notification

In the event of a breach of your unsecured PHI, we will notify you as required by federal and state law. Notification will be made without unreasonable delay and no later than 60 days after discovery of the breach. Notification will include a description of the breach, the types of information involved, steps you can take to protect yourself, and what we are doing to investigate and mitigate the breach.

6. Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

  • TrueTest Labs: Contact us at the information below. We will not retaliate against you for filing a complaint.
  • U.S. Department of Health and Human Services (HHS): Office for Civil Rights, 200 Independence Avenue SW, Washington, DC 20201. Phone: 1-877-696-6775. Website: hhs.gov/ocr

7. Changes to this notice

We reserve the right to change this notice and to make the revised notice effective for PHI we already have as well as any PHI we receive in the future. The current version of this notice will always be available on our website and at our office.

8. Contact information

For questions about this notice, to exercise your rights, or to file a complaint:

Privacy Officer
TrueTest Labs
2256 Landmeier Rd, Suite A
Elk Grove Village, IL 60007
Phone: 847-258-3966
Email: [email protected]