Geneticure Privacy Policy

Your privacy is very important to us. Our privacy policy (“Policy”) explains the information that Geneticure, Inc. (“Geneticure”) gathers from your use of the Service and our Geneticure website (“Site”), how we use, disclose, and protect it, your choices, and some other important information. Before using the Service, you must review and agree to the Terms of Service (“Terms of Service”), along with the Geneticure Informed Consent (“Informed Consent”). Capitalized terms used but not defined in this Policy have the meaning given to them in the Terms of Service. Your use of the Service and the Site and your provision of information is subject to the laws and regulations of the state of Minnesota, USA, where our company is located.  
Information Geneticure Collects
The specific categories of information we collect include:
  • Personally identifiable information (“PII”).
When you set up a Geneticure account or purchase a genetic testing service, we collect what is generally called “personally identifiable information” or “PII”, which is information that specifically identifies you as an individual. Examples of PII we collect may include your name, email address, mailing address, phone number, credit card or other billing information. We may also collect information such as date of birth or sex that, when linked to information that identifies a specific individual, is considered PII.
  • Personal and family health information (“PFHI”).
To provide meaningful and medically actionable Test result report (“Results”), we request certain information about you and your biological family, such as age and sex. Personal and Family Health Information also includes information about your history of certain health conditions and your family history of those conditions. For the Service to perform as intended, it’s important that you provide the most accurate information possible.
  • Healthcare provider information.
Individuals who use the Service may also provide us with information about their healthcare providers. Healthcare providers using the Service may provide us with information about patients for whom they are ordering a Test and information related to their medical practices, including NPI numbers, fax numbers, and the name, job title, and contact information of other providers involved in an individual’s care.
  • Other people’s personally identifiable information.
You may only share with Geneticure PII about someone else with the full consent of that other individual, for example, to purchase a Test for someone else. We will only use the information for the specific reason that it was provided to us and pursuant to the terms of this Policy, our Terms of Service, and if applicable, Informed Consent.
  • Biological sample.
To use the Service, we require a DNA sample that is collected from your cheek cells. Please carefully review our Terms of Service and the Informed Consent for a description of how we handle your sample.
  • Cookies and online tracking information.
Please refer to the section below entitled “Cookies and Third-Party Services” for more information.   How We Use This Information In general, we use the information that we collect to provide the Services you request, to help improve our services and client experiences, and to help advance genetic research and science. Specifically, we may use the information as follows:
  • To provide the Service.
For example, to set up your Geneticure account, send you your sample collection kit, collect payment for the Service you requested, and analyze your sample to produce the Results. As part of the Service, we may also periodically review your information to determine if any updates or changes to your Results are required.
  • To communicate with you.
We may use your contact information to communicate with you about the Service. For example, to notify you when your healthcare provider has ordered a Test for you, remind you about submitting your sample, respond to your inquiries, discuss your Results, connect you with a genetic counselor, follow up if there is an issue with your information or sample, and provide information about or request feedback on your Results. We may also contact you to request optional customer feedback, which could be used to improve our Services. We’ll only associate your feedback with your name with your consent. To learn how you may opt out of marketing surveys, please read “Your Choices” below.
  • To help us improve the Service and develop new tests and services.
For example, your information and de-identified sample may be used to support our laboratory operations with internal quality control, validation studies, and research and development, and performing data analysis to improve our internal quality controls. Geneticure retains your de-identified raw genetic results (A, C, T, and G) at each of the 17 sites that we collect within our software system. However, Geneticure does not retain your DNA. Once we assess the 17 genotypes of interest for the Service, your sample is destroyed, and no further analyses are performed.
  • For marketing purposes.
For example, we may send you monthly newsletters, occasional product updates, and special offers and opportunities that we think might interest you. To learn about how you may opt out of marketing emails, please read “Your Choices” below. We may also process the information we collect about you or from you for the following purposes: (i) to enforce our Terms of Service or other legal rights, including intellectual property rights; (ii) as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and (iii) to comply with industry standards or our policies.   Cookies and Third-Party Digital Services When you use online services in connection with Geneticure’s Service and/or Site, the following information may be collected, stored, and used:
  • Cookies.
To improve and customize your experience when you use the Site, we may send one or more cookies — small text files containing a string of alphanumeric characters — to your device. We may use both session cookies that disappear after you close your browser and persistent cookies that remain after you close your browser and may be used automatically by the browser on subsequent visits to the Site. Please review your browser “Help” file to learn how to adjust your cookie settings. Note that some Site services may not function properly if you disable cookies.
  • DNT requests.
Some browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
  • Device, usage, and other automatically collected information.
When you use our Site, we may automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information will help us customize and improve your experience with the Site and includes your IP address or other device address or ID, browser and/or device type, the web pages or sites that you visit just before or just after you use the Site, the pages or other content you view or otherwise interact with on the Site, and the dates and times that you visit, access, or use the Site. We also may use these technologies to improve our services by collecting information regarding your interaction with Geneticure email messages, such as whether you opened or clicked on a message. We use automatically collected information to: (i) personalize our services, such as remembering your information so that you won’t have to re-enter it during your visit or the next time you visit the Site; (ii) provide customized content and information; and (iii) monitor and analyze the effectiveness of the Site and marketing activities.
  • Analytics services.
Geneticure uses services like Google Analytics in order to improve our services, better understand our clients, and improve our communications. Learn more about Google Analytics’ privacy choices.
  • Advertising partners.
We may work with third party advertising partners to show ads for the Service after you visit our Site. These third-party partners collect information from you when you visit our website and other websites. If you don’t want to receive our personalized ads, please visit the opt-out pages of the Network Advertising Initiative (https://www.networkadvertising.org) or the Digital Advertising Alliance http://www.aboutads.info to learn about how you can opt out of receiving personalized ads from member companies. For more information, you can also visit: https://www.consumer.ftc.gov/topics/privacy-identity.   How Information is Shared This section describes the circumstances under which we may share your information with third parties. For additional details, please review the Informed Consent. To provide the Service.
  • We may disclose your protected health information (“PHI”) to others involved in your care, including healthcare providers (your own provider and/or an independent provider who may review your information to determine whether a test is appropriate for you), genetic counselors (the Service includes complimentary access to Geneticure’s contracted genetic counselors), confirmatory laboratories, and other healthcare providers involved in your medical care.
  • We work with third party service providers to provide website, application development, analytics, variant analysis, payment processing, hosting, maintenance, support ticketing, transmission of test results, distribution and collection of Test kits, and other services for us. We limit the personal, health, and non-personal information we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information, in compliance with the Health Information Portability and Accountability Act (HIPAA) of 1996, as amended.
  For research and development.
  • With your consent, we may also include your anonymized genetic information, PFHI, and Results in Geneticure’s internal research database in order to support research in genetics. Information in Geneticure’s research database will be accessible and searchable by researchers and the general public for an indefinite period of time. If you notify us that you wish to opt out of such research database, please note that, because we periodically generate snapshots of the research database, we cannot exclude your information from released snapshots. But we will promptly update our database following an opt-out request and exclude your information in subsequent snapshots for future sharing.
  For Geneticure’s purposes.
  • We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Service) publicly and with our partners (this information will not include PHI).
  • We may author publications using de-identified information.
  • We may disclose your information when we believe in good faith that doing so is appropriate or necessary in order to enforce our Terms of Service.
  • Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
  • As described above, we work with third party advertising and analytics partners that collect information from you when you visit our Site. For more information, please see the “Cookies and third-party services” section above.
  For security or legal purposes. We may also disclose your information under the following circumstances:
  • If we believe in good faith that doing so is appropriate or necessary in order to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
  • To comply with applicable federal and state laws, rules, and regulations, as well as law enforcement requests and legal process, such as a court order or subpoena.
  How We Protect Your Information We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of your information. All information on our servers is encrypted when it is at rest or in transit. All personal information (genetic or otherwise) is encrypted with AES-256 when it’s stored on our servers and is always transmitted over SSL. Internally, strict guidelines and access controls protect your PII and PHI that are in accordance with HIPAA. We take precautions as set forth by periodic Security Risk Assessment by implementing administrative, physical, and technical safeguards. However, we cannot ensure or warrant the security of any information in the event of a breach of any of our safeguards. You submit your information at your own risk. You agree that Geneticure is not liable for the unauthorized release of your PII or PHI unless such release was the result of gross negligence or willful misconduct on the part of Geneticure. Geneticure complies with the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will let you know promptly. We will follow the duties and privacy practices described in this Policy, our Notice of Privacy Practices, the Informed Consent, and Terms of Service.   Your Choices If you receive marketing emails from us, you can unsubscribe from that particular type of marketing email by following the instructions contained within the email or sending your request to us by email at support@geneticure.com. Please be aware that if you opt out of receiving marketing emails from us or otherwise modify the nature or frequency of marketing communications you receive from us, it may take up to ten (10) business days for us to process your request, during which time you might receive marketing communications from us that you have already opted out from. Finally, while you can opt out of receiving marketing emails from us, you will continue to receive administrative communications from us regarding the Service. Other Important Information   Children’s privacy Do not use or access any part of the Site or the Service if you are under 18 years of age. If you’re a parent or guardian and discover that your child under 18 has obtained an account on the Site, please alert us promptly at support@geneticure.com so we can take action to prevent access. International users The Service and Site are hosted in the United States (US). If you choose to use the Service and/or Site from other regions of the world, then by your use of the Service and/or Site you acknowledge and agree that: (i) you are transferring your personal information outside of those regions to the US for genetic analysis, storage and processing as required for us to perform our contractual obligations to you; (ii) the laws and regulations of the US shall govern your use of the Service and provision of your information, and may differ from those of your country of residence; and (iii) as per your acceptance of the Informed Consent, you permit your personal information to be used for the purposes set forth therein. Also, we may transfer your data from the US to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service as required for us to perform our contractual obligations to you. By providing any information, including personal information, on or to the Service and/or the Site, you consent to such use, transfer, storage, and processing. While there is no statutory or contractual requirement for you to provide this information, some information is necessary for us to be able to provide the requested services. Failure to provide such information will make it impossible for you to use the Service. We will retain your personal information only for as long as is necessary to carry out the function for which the information is being used, as consented by you in the Informed Consent, and to comply with applicable laws and regulations. You further agree that by providing your sample, you are not violating any export ban or other legal restriction in the country of your residence. Clients who live outside of the US in certain jurisdictions may have the option of requesting that their personal information be accessed, updated, and/or removed at any time from our active databases, subject to the applicable laws and regulations of such jurisdictions. Such clients may also have the right to object to our processing of their personal information and/or request that we provide their personal information to another third party. We may require that such request be provided in writing, subject to applicable laws and regulations with respect to the transfer of medical information. If you would like to access, update, object to processing, request provision to a third party, and/or request removal from our active database of your personal information, please contact us at support@geneticure.com. Any such requests will be honored within one month. If you believe Geneticure’s processing of your personal information is inappropriate, you have the right to lodge a complaint with a supervisory authority or to contact Geneticure’s Privacy Officer at support@geneticure.com. With respect to requests to remove or halt the processing of personal information, such requests received prior to initiation of the Service will result in a cancellation of the Service, and no Results will be provided to you or your healthcare provider. Please also refer to the section above entitled “Your Choices” to understand how requests to remove personal information are handled. If you’re a resident of the EU, we will only send you marketing communications if you’ve opted in. If you are an EU resident, and you didn’t opt in, but you’re receiving marketing communications anyway, please contact us at support@geneticure.com so we can promptly correct your preferences in our systems. Changes and updates to this policy Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we’ll make it available through the Site, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of this change. Your continued use of the Site and/or Service after the revised Policy becomes effective indicates that you have read, understood and agreed to the current version of the Policy. Our contact information Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at support@geneticure.com.  
GENETICURE​, ​INC. NOTICE​ ​OF​ ​PRIVACY​ ​PRACTICES THIS​ NOTICE​ D​ESCRIBES​ H​OW​ ​MEDICAL​ ​INFORMATION​ A​BOUT​ YOU THAT IS PROTECTED UNDER THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, AS AMENDED (“HIPAA”) M​AY​ B​E​ U​SED​ A​ND​ ​DISCLOSED​ A​ND​ H​OW​ YOU​ ​CAN GET​ ACCESS​ T​O​ T​HIS​ INFORMATION. PLEASE​ ​REVIEW​ I​T​ CAREFULLY. Geneticure, Inc. (“Geneticure”) is required by law to maintain the privacy of your protected health information and to provide you with a notice of our legal duties and privacy practices with respect to ​protected​ ​health​ ​information​ ​(“PHI”). This Notice of Privacy Practices, or the Notice, describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information. PHI is information about you, including basic demographic information that may identify you and that relates to your past, present or future physical or mental health condition and related health care services. Geneticure is required to follow the terms of this Notice. We will not use or disclose your protected health information without your written permission, except as described in this Notice. We reserve the right to change our practices, this Notice, and to make the new Notice effective for all protected health information we maintain. Upon your request, we will provide you with a revised Notice. You should carefully review this Notice as well as our Privacy Policy. Your​ ​Health Information Rights​ You​ ​have​ ​the​ ​following​ ​rights​ ​with​ ​respect​ ​to​ ​your​ ​protected​ ​health​ ​information:
  • Obtain​ ​a​ ​paper​ ​copy​ ​of​ ​the​ ​Notice​​ ​upon​ ​request. ​​​​​​​You​ ​may​ ​request​ ​a copy​ ​of​ ​the​ ​Notice​ ​at​ ​any​ ​time. To​ ​obtain​ ​a​ ​copy​ ​of​ ​the​ ​Notice, ​contact support@geneticure.com.
  • Request​ ​a​ ​restriction​ ​on​ ​certain​ ​uses​ ​and​ ​disclosures​ ​of​ ​your​ ​information.​ ​​​​​​You​ ​have​ ​the right​ ​to​ ​request​ ​a​ ​restriction​ ​on​ ​the​ PHI​ ​that​ ​we​ ​use​ ​or disclose​ ​about​ ​you​ ​for​ ​treatment,​ ​payment,​ ​or​ ​health​ ​care​ ​operations.​ ​​​You​ ​also​ ​have​ ​the right​ ​to​ ​request​ ​a​ ​restriction​ ​on​ ​the​ ​PHI​ ​we​ ​disclose​ ​about​ ​you​ ​to​ ​someone​ ​who​ ​is involved​ ​in​ ​your​ ​care​ ​or​ ​payment​ ​for​ ​your​ ​care,​ ​such​ ​as​ ​a​ ​family​ ​member​ ​or​ ​friend. Except​ ​as​ ​described​ ​in​ ​this​ ​section,​ ​we​ ​are​ ​not​ ​required​ ​to​ ​agree​ ​to​ ​your​ ​request.​ ​​​We must​ ​agree​ ​to​ ​your​ ​request​ ​if​ ​the​ ​disclosure​ ​has​ ​been​ ​made​ ​to​ ​a​ ​health​ ​plan​ ​for​ ​the purpose​ ​of​ ​payment​ ​or​ ​health​ ​care​ ​operations​ ​and​ ​the​ ​disclosure​ ​relates​ ​to​ ​an​ ​expense for​ ​which​ ​you​ ​have​ ​paid​ ​out​ ​of​ ​pocket.​ ​​​To​ ​request​ ​restrictions,​ ​you​ ​must​ ​send​ ​a​ ​written request​ ​to​ support@geneticure.com.
  • Inspect​ ​and​ ​obtain​ ​a​ ​copy​ ​of​ ​your​ ​information​.​ ​​​You​ ​have​ ​the​ ​right​ ​to​ ​access​ ​and​ ​copy PHI​ ​about​ ​you​ ​contained​ ​in​ ​your​ ​medical​ ​and​ ​billing​ ​records​ ​for​ ​as​ ​long​ ​as​ ​Geneticure maintains​ ​the​ ​information.​ ​​​To​ ​read​ ​or​ ​copy​ ​your​ ​PHI,​ ​you​ ​must​ ​send​ ​a​ ​written​ ​request​ ​to support@geneticure.com.​ ​Additional​ ​state​ ​law​ ​requirements​ ​may​ ​apply​ ​in​ ​order​ ​to​ ​access and​ ​copy​ ​such​ ​PHI.​ ​If​ ​you​ ​request​ ​a​ ​copy​ ​of​ ​the​ ​information,​ ​we​ ​may​ ​charge​ ​you​ ​a reasonable​ ​fee​ ​for​ ​the​ ​costs​ ​of​ ​the​ ​copying,​ ​mailing,​ ​or​ ​other​ ​supplies​ ​that​ ​are​ ​necessary for​ ​the​ ​electronic​ ​transfer​ ​of​ ​your​ ​information.​ ​​​If​ ​we​ ​maintain​ ​an​ ​electronic​ ​health​ ​record containing​ ​your​ ​health​ ​information,​ ​you​ ​have​ ​the​ ​right​ ​to​ ​request​ ​that​ ​we​ ​send​ ​a​ ​copy​ ​of your​ ​health​ ​information​ ​in​ ​electronic​ ​format​ ​to​ ​you​ ​or​ ​a​ ​third​ ​party​ ​that​ ​you​ ​identify.​ ​​​We may​ ​deny​ ​your​ ​request​ ​to​ ​read​ ​and​ ​copy​ ​in​ ​certain​ ​limited​ ​circumstances.​ ​​​If​ ​you​ ​are denied​ ​access​ ​to​ ​your​ ​PHI,​ ​you​ ​may​ ​request​ ​that​ ​the​ ​denial​ ​be​ ​reviewed​ ​by​ ​filing​ ​a request​ ​for​ ​review​ ​with​ ​the​ ​Geneticure’s​ ​Privacy​ ​Officer.
  • Amend​ ​your​ ​information​.​ ​​​If​ ​you​ ​feel​ ​that​ ​PHI​ ​we​ ​have​ ​about​ ​you​ ​is​ ​incomplete​ ​or incorrect,​ ​you​ ​may​ ​request​ ​that​ ​we​ ​amend​ ​the​ ​information.​ ​​​You​ ​may​ ​request​ ​an amendment​ ​for​ ​as​ ​long​ ​as​ ​we​ ​maintain​ ​your​ ​health​ ​information.​ ​​​To​ ​request​ ​an amendment,​ ​you​ ​must​ ​send​ ​a​ ​written​ ​request​ ​to​ ​support@geneticure.com.​ ​​​In​ ​addition, you​ ​must​ ​include​ ​a​ ​reason​ ​that​ ​supports​ ​your​ ​request.​ ​​​In​ ​certain​ ​cases,​ ​we​ ​may​ ​deny your​ ​request​ ​for​ ​amendment.​ ​​​If​ ​we​ ​deny​ ​your​ ​request​ ​for​ ​amendment,​ ​you​ ​have​ ​the​ ​right to​ ​file​ ​a​ ​statement​ ​of​ ​disagreement​ ​with​ ​the​ ​decision​ ​with​​ ​​the​ ​Privacy​ ​Officer​, and​ ​we​ ​may prepare​ ​a​ ​rebuttal​ ​to​ ​your​ ​statement,​ ​which​ ​we​ ​will​ ​provide​ ​to​ ​you.
  • Receive​ ​an​ ​accounting​ ​of​ ​disclosures​ ​of​ ​your​ ​information.​ ​​​​You​ ​have​ ​the​ ​right​ ​to​ ​receive an​ ​accounting​ ​of​ ​certain​ ​disclosures​ ​we​ ​have​ ​made​ ​of​ ​your​ ​PHI​ ​after​ ​the​ ​effective​ ​date​ ​of this​ ​Notice.​ ​​​The​ ​accounting​ ​will​ ​exclude​ ​disclosures​ ​we​ ​have​ ​made​ ​directly​ ​to​ ​you, disclosures​ ​to​ ​friends​ ​or​ ​family​ ​members​ ​involved​ ​in​ ​your​ ​care,​ ​disclosures​ ​made pursuant​ ​to​ ​a​ ​valid​ ​authorization,​ ​and​ ​disclosures​ ​for​ ​notification​ ​purposes.​ ​​​The​ ​right​ ​to receive​ ​an​ ​accounting​ ​is​ ​subject​ ​to​ ​certain​ ​other​ ​exceptions,​ ​restrictions,​ ​and​ ​limitations. To​ ​request​ ​an​ ​accounting,​ ​you​ ​must​ ​submit​ ​your​ ​request​ ​in​ ​writing​ ​to support@geneticure.com.​ ​​​Your​ ​request​ ​must​ ​specify​ ​the​ ​time​ ​period​ ​for​ ​which​ ​you​ ​are seeking​ ​an​ ​accounting,​ ​but​ ​it​ ​may​ ​not​ ​be​ ​longer​ ​than​ ​6​ ​years​ ​or​ ​the​ ​time​ ​period​ ​permitted by​ ​law.​ ​​​The​ ​first​ ​accounting​ ​you​ ​request​ ​within​ ​a​ ​12​ ​month​ ​period​ ​will​ ​be​ ​provided​ ​free of​ ​charge,​ ​but​ ​you​ ​may​ ​be​ ​charged​ ​for​ ​the​ ​cost​ ​of​ ​providing​ ​additional​ ​accountings.​ ​​​We will​ ​notify​ ​you​ ​of​ ​the​ ​cost​ ​involved​, and​ ​you​ ​may​ ​choose​ ​to​ ​withdraw​ ​or​ ​modify​ ​your request​ ​at​ ​that​ ​time.
  • Request​ ​communications​ ​of​ ​your​ ​information​ ​by​ ​alternative​ ​means​ ​or​ ​at​ ​alternative locations​.​ ​​​For​ ​instance,​ ​you​ ​may​ ​request​ ​that​ ​we​ ​contact​ ​you​ ​about​ ​medical​ ​matters only​ ​in​ ​writing​ ​or​ ​at​ ​a​ ​different​ ​residence​ ​or​ ​post​ ​office​ ​box.​ ​​​To​ ​request​ ​confidential communication​ ​of​ ​your​ ​PHI,​ ​you​ ​must​ ​submit​ ​your​ ​request​ ​in​ ​writing​ ​to support@geneticure.com.​ ​​​Your​ ​request​ ​must​ ​state​ ​how​ ​or​ ​when​ ​you​ ​would​ ​like​ ​to​ ​be contacted.​ ​​​We​ ​will​ ​accommodate​ ​all​ ​reasonable​ ​requests.​ ​We​ ​reserve​ ​the​ ​right​ ​to​ ​verify your​ ​identity​ ​in​ ​order​ ​to​ ​confirm​ ​the​ ​alternative​ ​contact​ ​and​ ​address​ ​information.
Examples​ ​of​ ​How​ ​We​ ​May​ ​Use​ ​and​ ​Disclose​ ​Protected​ ​Health​ ​Information​ ​About​ ​You The​ ​following​ ​categories​ ​describe​ ​different​ ​ways​ ​that​ ​we​ ​use​ ​and​ ​disclose​ ​your​ ​protected​ ​health information. ​ ​​​For​ ​each​ ​category​ ​of​ ​uses​ ​or​ ​disclosures, ​we​ ​try​ ​to​ ​explain​ ​what​ ​we​ ​mean​ ​and provide​ ​some​ ​examples. We​ ​will​ ​use​ ​your​ ​protected​ ​health​ ​information​ ​for​ ​payment. For​ ​example​: ​ ​​​A​ ​bill​ ​may​ ​be​ ​sent​ ​to​ ​you​ ​or​ ​a​ ​third-party​ ​payor. The​​ ​information​ ​on​ ​or accompanying​ ​the​ ​bill​ ​may​ ​include​ ​information​ ​that​ ​identifies​ ​you, ​as​ ​well​ ​as​ ​your​ ​diagnosis, procedures, ​and​ ​supplies​ ​used. We​ ​are​ ​likely​ ​to​ ​use​ ​or​ ​disclose​ ​your​ ​PHI​ ​for​ ​the​ ​following​ ​purposes: Business​ ​Associates​:​ ​​​There​ ​are​ ​some​ ​services​ ​provided​ ​at​ ​Geneticure​ ​through​ ​contracts​ ​with business​ ​associates.​ ​​​For​ ​example,​ ​we​ ​may​ ​have​ ​a​ ​contract​ ​with​ ​a​ ​billing​ ​service.​ ​When​ ​we contract​ ​for​ ​these​ ​services,​ ​we​ ​may​ ​disclose​ ​your​ ​PHI​ ​to​ ​our​ ​business​ ​associate(s)​ ​so​ ​that​ ​they can​ ​perform​ ​the​ ​job​ ​we​ ​have​ ​asked​ ​them​ ​to​ ​do​ ​and​ ​bill​ ​Geneticure,​ ​you,​ ​or​ ​your​ ​third-party​ ​payor​ ​for services​ ​rendered.​ ​​​To​ ​protect​ ​your​ ​information,​ ​however,​ ​we​ ​require​ ​all​ ​business​ ​associates​ ​to appropriately​ ​safeguard​ ​your​ ​information.​ ​​​Business​ ​associates​ ​are​ ​also​ ​directly​ ​responsible​ ​for compliance​ ​with​ ​federal​ ​security​ ​standards​ ​and​ ​certain​ ​provisions​ ​of​ ​the​ ​federal​ ​privacy​ ​law,​ ​to further​ ​ensure​ ​the​ ​protection​ ​of​ ​your​ ​PHI. Communication​ ​with​ ​Individuals​ ​Involved​ ​in​ ​your​ ​Care​ ​or​ ​Payment​ ​for​ ​your​ ​Care​: ​ ​​​Health professionals, ​such​ ​as​ ​a​ ​physician​ ​or ​nurse, ​using​ ​their​ ​professional​ ​judgment, ​ ​may​ ​disclose​ ​to a​ ​family​ ​member, ​other​ ​relative, ​ ​close​ ​personal​ ​friend​ ​or​ ​any​ ​other​ ​person​ ​you​ ​identify, ​ ​PHI relevant​ ​to​ ​that​ ​person’s​ ​involvement​ ​in​ ​your​ ​care​ ​or​ ​payment​ ​related​ ​to​ ​your​ ​care. Personal​ ​Communications​:​ ​​​Subject​ ​to​ ​certain​ ​limitations​ ​imposed​ ​by​ ​law,​ ​we​ ​may​ ​contact​ ​you to​ ​provide​ ​appointment​ ​reminders​ ​or​ ​information​ ​about​ ​treatment​ ​alternatives​ ​or​ ​other health-related​ ​benefits​ ​and​ ​services​ ​that​ ​may​ ​be​ ​of​ ​interest​ ​to​ ​you.​ ​​​We​ ​may​ ​receive​ ​payment​ ​in exchange​ ​for​ ​making​ ​these​ ​communications.​ ​​​You​ ​may​ ​opt​ ​out​ ​of​ ​receiving​ ​communications​ ​for which​ ​we​ ​have​ ​been​ ​paid.​ ​​​To​ ​opt​ ​out,​ ​contact​ ​support@geneticure.com. Food​ ​and​ ​Drug​ ​Administration​ ​(FDA)​ ​or​ ​Other​ ​Regulatory​ ​Agency​:​ ​​​We​ ​may​ ​disclose​ ​to​ ​the FDA​ ​or​ ​other​ ​regulatory​ ​agencies​ ​having​ ​jurisdictions,​ ​or​ ​persons​ ​under​ ​the​ ​jurisdiction​ ​of​ ​the FDA​ ​or​ ​such​ ​other​ ​regulatory​ ​agencies,​ ​PHI​ ​relative​ ​to​ ​adverse​ ​events​ ​with​ ​respect​ ​to​ ​food, medicines,​ ​supplements,​ ​product​ ​and​ ​product​ ​defects,​ ​or​ ​post​ ​marketing​ ​surveillance information​ ​to​ ​enable​ ​product​ ​recalls,​ ​repairs,​ ​or​ ​replacement. Worker’s​ ​Compensation​: ​ ​​​We​ ​may​ ​disclose​ ​your​ ​PHI​ ​to​ ​the​ ​extent​ ​authorized​ ​by​ ​and​ ​to​ ​the extent​ ​necessary​ ​to​ ​comply​ ​with​ ​laws​ ​relating​ ​to​ ​worker’s​ ​compensation​ ​or​ ​other​ ​similar programs​ ​established​ ​by​ ​law. Public​ ​Health​: ​​​​As​ ​required​ ​by​ ​law, ​we​ ​may​ ​disclose​ ​your​ ​PHI​ ​to​ ​public​ ​health​ ​or​ ​legal authorities​ ​charged​ ​with​ ​preventing​ ​or​ ​controlling​ ​disease, ​​injury, ​​or​ ​disability. Law​ ​Enforcement​: We​ ​may​ ​disclose​ ​your​ ​PHI​ ​for​ ​law​ ​enforcement​ ​purposes​ ​as​ ​required​ ​by law​ ​or​ ​in​ ​response​ ​to​ ​a​ ​valid​ ​subpoena​ ​or​ ​court​ ​order. As​ ​Required​ ​by​ ​Law​: ​We​ ​will​ ​disclose​ ​your​ ​PHI​ ​when​ ​required​ ​to​ ​do​ ​so​ ​by​ ​federal, ​state, ​​or local​ ​law. Health Oversight Activities: ​​​​​We ​​may​​ disclose ​​your ​​PHI ​​to​​ an ​​oversight​​ agency ​​for​​ activities authorized​ ​by​ ​law. ​These​ ​oversight​ ​activities​ ​include​ ​audits, ​ ​investigations, ​and​ ​inspections, ​​as necessary ​f​or ​​licensure ​​and ​​for​​ the ​​government ​​to​​ monitor​​ the​​ health​​care​ system, ​government programs, ​and​ ​compliance​ ​with​ ​civil​ ​rights​ ​laws. Judicialand AdministrativeProceedings:​​​​​ If​​ you ​are ​​involved ​​in ​​a​​ lawsuit​​ or ​​a​​ dispute,​​ we may ​​disclose​​ your ​​PHI ​​in ​​response​ t​o ​​a ​​court ​​or ​​administrative ​​order.​​​​ Subject ​​to ​​applicable state​ ​law,​ ​we​ ​may​ ​also​ ​disclose​ ​health​ ​information​ ​about​ ​you​ ​in​ ​response​ ​to​ ​a​ ​subpoena, discovery​ ​request,​ ​or​ ​other​ ​lawful​ ​process​ ​by​ ​someone​ ​else​ ​involved​ ​in​ ​the​ ​dispute,​ ​but​ ​only​ ​if efforts​ ​have​ ​been​ ​made,​ ​either​ ​by​ ​us​ ​or​ ​the​ ​requesting​ ​party,​ ​to​ ​tell​ ​you​ ​about​ ​the​ ​request​ ​or​ to obtain​ ​an​ ​order​ ​protecting​ ​the​ ​information​ ​requested. We​ ​are​ ​permitted​ ​to​ ​use​ ​or​ ​disclose​ ​your​ ​PHI​ ​for​ ​the​ ​following​ ​purposes: Notification: ​​​​​We ​m​ay ​​use ​​or ​​disclose ​​your ​​PHI​​ to​​ notify ​​or​​ assist ​​in ​​notifying ​​a ​family ​​member, personal​ ​representative, ​or​ ​another​ ​person​ ​responsible​ ​for​ ​your​ ​care, ​regarding​ ​your​ ​location and​ ​general​ ​condition. ToAvert a ​​​Serious Threatto​ Health or Safety: ​​​​​We ​​may ​​use​​ and ​​disclose ​​your ​​PHI​​ when necessary ​to​​ prevent​​ a​​ serious​​ threat​ to​​ your ​​health ​​and​​ safety ​​or ​​the​​ health ​​and​​ safety​​ of​​ the public​​ or ​​another​ person. Regulatory Compliance:​​​​​ Federal​​ law​​ makes ​​provision ​​for ​​your ​​medical ​​information ​​to​ be released​ ​to​ ​an​ ​appropriate​ ​health​ ​oversight​ ​agency,​ ​public​ ​health​ ​authority​ ​or​ ​attorney,​ ​provided that​​ a ​​member ​​of ​​our ​workforce​ ​or ​​business ​​associate ​​believes​ ​in ​good​​ faith ​​that​ ​we ​​have engaged​ ​in​ ​unlawful​ ​conduct​ ​or​ ​have​ ​otherwise​ ​violated​ ​professional​ ​or​ ​clinical​ ​standards​ ​and are​ ​potentially​ ​endangering​ ​one​ ​or​ ​more​ ​patients,​ ​workers​ ​or​ ​the​ ​public. Victimsof ​​Abuseor​ Neglect:​ ​​​​We​ ​may​ ​disclose​ ​PHI​ ​about​ ​you​ t​o​ ​a​ ​government​ ​authority​ ​if​ ​we reasonably​​ believe ​​you ​​are ​​a ​​victim​ of​​ abuse​​ or​​ neglect.​​​ We​​ will​​ only​​ disclose ​​this ​​type ​​of information ​​to​​ the​​ extent​​ required ​​by ​​law, ​​if​ you​ ​agree ​​to​​ the​​ disclosure, ​​or​​ if ​​the ​​disclosure ​​is allowed​ ​by​ ​law​, and​ ​we​ ​believe​ ​it​ ​is​ ​necessary​ ​to​ ​prevent​ ​serious​ ​harm​ ​to​ ​you​ ​or​ ​someone​ ​else or ​​the ​​law ​​enforcement ​​or ​​public​​ official​​ that ​​is​​ to​​ receive ​​the​​ report​​ represents​ that​​ it​​ is necessary and ​​will ​​not ​​be ​used ​​against ​​you.​​​​ In​​ such​ cases,​​ we​​ will​​ promptly ​​inform ​​you​ that​ ​a report​ ​has​ ​been​ ​or​ ​will​ ​be​ ​made​ ​unless​ ​there​ ​is​ ​reason​ ​to​ ​believe​ ​that​ ​providing​ ​this​ ​information will​ ​place​ ​you​ ​in​ ​serious​ ​harm. Data ​​Breach ​​Notification: ​​​We ​m​ay ​​use​​ your ​​PHI ​​to ​​provide ​​legally-required ​​notices ​​of unauthorized​ ​access, ​acquisition, ​ ​or​ ​disclosure​ ​of​ ​your​ ​PHI. Other​ ​Uses​ ​and​ ​Disclosures​ ​of​ ​PHI We​ ​will​ ​obtain​ ​your​ ​written​ ​authorization​ ​before​ ​using​ ​or​ ​disclosing​ ​your​ ​PHI​ ​for​ ​purposes​ ​other than​ ​those​ ​provided​ ​for​ ​above​ ​(or​ ​as​ ​otherwise​ ​permitted​ ​or​ ​required​ ​by​ ​law).​ ​​​Most​ ​disclosures of​ ​your​ ​PHI​ ​for​ ​which​ ​we​ ​receive​ ​payment​ ​will​ ​require​ ​your​ ​authorization.​ ​​​Uses​ ​and​ ​disclosures of​ ​your​ ​PHI​ ​for​ ​marketing​ ​require​ ​your​ ​authorization, ​and​ ​your​ ​authorization​ ​is​ ​required​ ​for​ ​uses and​ ​disclosures​ ​of​ ​psychotherapy​ ​notes.​ ​​​You​ ​may​ ​revoke​ ​an​ ​authorization​ ​in​ ​writing​ ​at​ ​any time. ​​​​Upon ​​receipt ​​of ​​the ​​written ​​revocation, ​we ​​will ​​stop ​​using ​​or ​​disclosing ​​your ​​PHI, ​​except​​ to the​ ​extent​ ​that​ ​we​ ​have​ ​already​ ​taken​ ​action​ ​in​ ​reliance​ ​on​ ​the​ ​authorization. RecordRetention: ​​​​​We ​​will ​​retain ​​PHI ​​about ​​you ​​contained​ ​in ​​your ​​medical​ ​record​ ​and ​​billing records​ ​in​ ​accordance​ ​with​ ​legal​ ​requirements. Compliance​​ with Laws: If ​more ​​than ​​one ​​law ​​applies ​​to​ ​this ​​Notice, ​​such​ ​as ​​more ​​stringent ​​state ​​law, ​​we​​ will ​​follow​ ​the more​ ​stringent​ ​law. For More Informationor toReporta ​​Problem If​ ​you​ ​have​ ​questions​ ​or​ ​would​ ​like​ ​additional​ ​information​ ​about​ ​Geneticure’s​ ​privacy​ ​practices, ​you may​​ contact the ​​Privacy​​ Officer ​a​t ​​support@geneticure.com. ​​​​If​​ you ​​believe​​ your ​​privacy ​​rights ​​have been​ ​violated, ​​you​ ​can​ ​file​ ​a​ ​complaint​ ​with​ ​the​ Privacy​ ​Officer​ ​or​ ​with​ ​the​ ​United​ ​States Secretary​ ​of​ ​Health​ ​and​ ​Human​ Services. ​ ​​​There​ ​will​ ​be​ ​no​ ​retaliation​ ​for​ ​filing​ ​a​ ​complaint. EffectiveDate This​ ​Notice​ ​is​ ​effective​ ​as​ ​of​ ​November 15, ​ ​2018.