At DE LA LUZ Laboratory, your health information and privacy are our highest priorities. This Privacy Policy describes how we collect, use, and protect your personal and medical information when you visit our website, use our services, or interact with our diagnostic facilities.

1. Information We Collect

We collect information to provide you with accurate diagnostic services and a seamless digital experience:

• Personal Identifiers: Name, date of birth, gender, and social security number (where required for insurance).
• Contact Information: Email address, phone number, and physical mailing address.
• Protected Health Information (PHI): Physician referrals, test orders, specimen data, and diagnostic results.
• Financial Information: Insurance provider details and billing information for service payment.
• Technical Data: IP address, browser type, and usage data collected via cookies to improve website performance.

2. How We Use Your Information

Your data is used strictly for clinical and operational purposes:

• Diagnostic Services: To process laboratory tests and deliver results to you and your healthcare provider.
• Communication: To send appointment reminders, billing statements, and critical health updates.
• Compliance: To meet legal obligations under HIPAA, CLIA, and Illinois state healthcare regulations.
• Security: To monitor for fraudulent activity and protect the integrity of our laboratory informatics systems.

3. Sharing of Information

We do not sell your personal or medical data. We only share information with:

• Healthcare Providers: Your ordering physician or authorized medical facility.
• Insurance Companies: For the purpose of verifying coverage and processing claims.
• Regulatory Bodies: As required by law to the Illinois Department of Public Health or federal agencies.
• Service Providers: Secure third-party partners (e.g., cloud hosting, LIS providers) who are contractually bound by Business Associate Agreements (BAAs) to protect your data.

4. Data Security & Illinois Compliance

We implement enterprise-grade security measures:

• Encryption: All data is encrypted at rest and in transit using AES-256 and TLS 1.3 protocols.
• Illinois BIPA: In accordance with the Illinois Biometric Information Privacy Act, we do not collect or store biometric identifiers without explicit, written consent.
• Access Control: Only authorized clinical staff with a "need-to-know" basis can access patient records.

5. Your Rights

Under HIPAA and relevant state laws, you have the right to:

• Request a copy of your medical records.
• Request a correction to inaccurate information.
• Request a list of disclosures made regarding your health information.
• File a complaint if you believe your privacy rights have been violated.

6. Contact Us

If you have questions regarding this Privacy Policy or our data practices, please contact our Privacy Officer: