Palmetto GBA, LLC Privacy Advisory – DEX® Diagnostics Exchange Registry

Published 05/17/2024

This Palmetto GBA DEX® Privacy Advisory ("Privacy Advisory") explains (1) what information we collect and why we collect it; (2) how we use and protect that information; and (3) the choices and rights you have in relation to your information. This Privacy Advisory applies to Personal Information we Process about you in the course of your use of the DEX® Diagnostics Exchange Registry products and/or services (collectively, the "Services"). "Personal Information" is information, or a combination of pieces of information, that (a) could reasonably be used to identify, locate, contact or otherwise link to an individual [or household], (b) relates to an identified or identifiable natural person, (c) is defined as ‘protected health information' under the Health Insurance Portability and Accountability Act ("HIPAA"), or (d) is subject to additional personal or related privacy protections under applicable law. "Processing" means using cookies on a computer or mobile device or using or touching information in any way, including but not limited to, collecting, storing, deleting, using, combining, and disclosing information.

By using the Services, you accept the privacy practices presented in this Privacy Advisory. Privacy matters to Palmetto GBA, so whether you are new to Palmetto GBA or a long-time user, please read this Privacy Advisory in full to understand our privacy practices before using the Services or submitting any personal or other information. If you have any questions, please contact us using the contact information at the bottom of this Privacy Advisory.

This Privacy Advisory applies only to the Services. Palmetto GBA affiliates and subsidiaries may have separate websites, sub-domains, and services through other web, mobile, or cloud platforms which are not subject to this Privacy Advisory. Additionally, Palmetto GBA business partners, and networks and other third parties have their own websites and services with separate privacy practices. We encourage you to read their privacy notices/policies and understand their privacy practices.

By using the Site, you agree to the terms in this Privacy Advisory. If you do not agree with the practices described in this Privacy Advisory, please do not provide us with your Personal Information or otherwise use the Services. Except to the extent required by law or regulation, certain provisions of this Privacy Advisory may be superseded by other written agreements that your Institution (as defined below) has entered into with Palmetto GBA.

Information controlled by your Institution

Upon licensed access, Palmetto GBA will provide you the Services as authorized by your health agency or institution (Institution) such as access to your Institution's servers and databases. Information transmitted to your Institution shall be stored, collected, used, retained, or shared by your Institution according to its policies and procedures.

What information is collected through the Services?

Licensed users of the Services may access information contained in your Institution's or Palmetto GBA's database. Based on your Institution's configuration, the Services may also collect Personal Information and other information from a variety of sources, including from you directly as well as through your use of the Services. This data may include:

Information we may collect directly from you:

  • Personal details (e.g., full name, initials).
  • Contact details (e.g., personal and business phone number, email address, postal address, title).
  • Account details (e.g., username, password, customer ID, license number and other product registration information).
  • Professional and Employment (occupation and title).

Information we may collect through your use of the Services:

  • Technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system).
  • Transaction-related information (e.g., product download ID/name, account contact information, device ID, download frequency/time).
  • Information about your usage of the Services (e.g. the pages you visit, how often you use the Services, content sent or received using the Services).
  • Device event information (e.g., errors, system activity, hardware settings, the date and time of your request).

Information we may collect from other sources:

  • Information captured during account registration.

We may also be required by law to collect certain Personal Information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

Information on your Location

We may collect information about your location for troubleshooting or to enhance your experience with the Services. Furthermore, we may share your geolocation with your Institution. Geolocation information is a critical component of certain Services.

How Does Palmetto GBA Use the Information We Collect?

Palmetto GBA uses the information we collect to provide, maintain, protect and improve the quality of our services, to develop new products and services, and to protect Palmetto GBA and our users. You do not have the option to consent to or opt out of these uses or disclosures, and by providing such information to us, you authorize us to use and to make disclosures of the information in accordance with this Privacy Advisory. If you decline to provide such information to us (thereby authorizing us to use and to make disclosures of the information in accordance with this Privacy Advisory), you will be unable to use the Services.

Information we collect may be used to:

  • Activate your access to the Services or related databases.
  • Identify and authenticate you as a user.
  • Improve our services (e.g., perform diagnostic services such as error reporting).
  • Provide personalized user services or customized site content.
  • Perform location verification and identify applicable state regulations.
  • Identify usage trends.
  • Perform data analysis and audits.
  • Send push notifications.
  • Communicate with you (e.g., respond to questions you send us).
  • Exercise our legal rights (e.g., detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our Terms of Use).
  • Log into the Services.

We may also de-identify (e.g., pseudonymize) or anonymize your Personal Information in such a way that you may not reasonably be re-identified and may use this information for any additional purpose allowable by law.

Processing of Sensitive Personal Information

We may Process certain special categories of Personal Information where necessary and in compliance with applicable local data privacy and data protection laws and otherwise as required by law.

How Does Palmetto GBA Share the Information We Collect?

Information entered through the Services may be shared with your Institution. Palmetto GBA exercises no authority over your Institution's privacy and data collection practices and policies or how your Institution may use information transmitted through the Services. Palmetto GBA may also share information with companies, organizations or individuals outside of Palmetto GBA if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to:

  • Meet applicable laws, regulations, legal processes or enforceable governmental requests.
  • Provide services you have requested.
  • Enforce applicable Terms of Use, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security or technical issues.
  • Protect against harm to the rights, property or safety of our users, Palmetto GBA, or the public as required or permitted by law.
  • Engage in a merger, acquisition, reorganization, or sale of all or a portion of Palmetto GBA assets.

Users with administrative permissions are considered a contact for the account and as such their name may be shared with individuals trying to access or obtain information pertaining to the registered organization’s account or DEX® Z-Codes®.

We may share personal information with other Palmetto GBA Business Units when permitted by law. Palmetto GBA may also share information with our service partners who do work on our behalf, and have agreed to adhere to appropriate privacy, security and confidentiality provisions. User is given an option to opt-out of future outreach by Palmetto GBA.

Health Information

As a key provider of services and technology to the healthcare industry, Palmetto GBA has implemented programs to address the privacy and security rules required by applicable regulations, including HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Information from Children

The Services are not intended for any user under the age of 13.

Information Security

To help protect the privacy of data and Personal Information you transmit through use of the Services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Information to those employees who need to know that information to provide the Services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Information Retention

Your Personal Information is stored by Palmetto GBA on its and/or your Institution's servers, and on the servers of the cloud-based database management services that we and/or your Institution engage. We retain your Personal Information (a) for the duration of your Institution's business relationship with Palmetto GBA and for a period of time thereafter to allow your Institution to recover data if your Institution decides to renew its business relationship with Palmetto GBA, (b) to analyze the data for Palmetto GBA's own operations, (c) for Palmetto GBA's historical and archiving purposes, and (d) for as long as we deem necessary to comply with contract, our legal obligations or defend against potential legal claims.

Do Not Track Signals

The Services do not track users over time and across third party websites to provide targeted advertising, and therefore does not respond to Do Not Track (DNT) signals.

Privacy Advisory Changes

From time to time, this Privacy Advisory and our Terms of Use are expected to change. We reserve the right to amend the Privacy Advisory and Terms of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Advisory and Terms of Use through the Services. Where required by law, if we make any revisions to this Privacy Advisory or our Terms of Use that materially alter the ways in which we Process your Personal Information, we will notify you of these changes before applying them to that Personal Information.


By using the Services, you agree to the terms and conditions contained in this Privacy Advisory, the Terms of Use and/or any other agreement that we might have with you. If you do not agree, you should not use the Services or any other Palmetto GBA products or services. By using the Services, you are agreeing to our Processing of information as set forth in this Privacy Advisory.

Access and Changes to PII Collected

To obtain a copy of PII you provided us, including how to make corrections or updates, please email

Contact Us

If you have questions or concerns about this Privacy Advisory, please contact

Mailing Address:
Palmetto GBA, LLC
Attn: Privacy Officer
P. O. Box 100134 (AG-A02)
Columbia, SC 29202-3134

Email Address:

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy.