Information Geneticure Collects
The specific categories of information we collect include:
- Personally identifiable information (“PII”).
When you set up a Geneticure account or purchase a genetic testing service, we collect what is generally called “personally identifiable information” or “PII”, which is information that specifically identifies you as an individual. Examples of PII we collect may include your name, email address, mailing address, phone number, credit card or other billing information. We may also collect information such as date of birth or sex that, when linked to information that identifies a specific individual, is considered PII.
- Personal and family health information (“PFHI”).
To provide meaningful and medically actionable Test result report (“Results”), we request certain information about you and your biological family, such as age and sex. Personal and Family Health Information also includes information about your history of certain health conditions and your family history of those conditions. For the Service to perform as intended, it’s important that you provide the most accurate information possible.
- Healthcare provider information.
Individuals who use the Service may also provide us with information about their healthcare providers. Healthcare providers using the Service may provide us with information about patients for whom they are ordering a Test and information related to their medical practices, including NPI numbers, fax numbers, and the name, job title, and contact information of other providers involved in an individual’s care.
- Other people’s personally identifiable information.
You may only share with Geneticure PII about someone else with the full consent of that other individual, for example, to purchase a Test for someone else. We will only use the information for the specific reason that it was provided to us and pursuant to the terms of this Policy, our Terms of Service, and if applicable, Informed Consent.
- Biological sample.
To use the Service, we require a DNA sample that is collected from your cheek cells. Please carefully review our Terms of Service and the Informed Consent for a description of how we handle your sample.
- Cookies and online tracking information.
Please refer to the section below entitled “Cookies and Third-Party Services” for more information.
How We Use This Information
In general, we use the information that we collect to provide the Services you request, to help improve our services and client experiences, and to help advance genetic research and science. Specifically, we may use the information as follows:
- To provide the Service.
For example, to set up your Geneticure account, send you your sample collection kit, collect payment for the Service you requested, and analyze your sample to produce the Results. As part of the Service, we may also periodically review your information to determine if any updates or changes to your Results are required.
- To communicate with you.
We may use your contact information to communicate with you about the Service. For example, to notify you when your healthcare provider has ordered a Test for you, remind you about submitting your sample, respond to your inquiries, discuss your Results, connect you with a genetic counselor, follow up if there is an issue with your information or sample, and provide information about or request feedback on your Results.
We may also contact you to request optional customer feedback, which could be used to improve our Services. We’ll only associate your feedback with your name with your consent. To learn how you may opt out of marketing surveys, please read “Your Choices” below.
- To help us improve the Service and develop new tests and services.
For example, your information and de-identified sample may be used to support our laboratory operations with internal quality control, validation studies, and research and development, and performing data analysis to improve our internal quality controls. Geneticure retains your de-identified raw genetic results (A, C, T, and G) at each of the 17 sites that we collect within our software system. However, Geneticure does not retain your DNA. Once we assess the 17 genotypes of interest for the Service, your sample is destroyed, and no further analyses are performed.
- For marketing purposes.
For example, we may send you monthly newsletters, occasional product updates, and special offers and opportunities that we think might interest you. To learn about how you may opt out of marketing emails, please read “Your Choices” below.
We may also process the information we collect about you or from you for the following purposes: (i) to enforce our Terms of Service or other legal rights, including intellectual property rights; (ii) as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and (iii) to comply with industry standards or our policies.
Cookies and Third-Party Digital Services
When you use online services in connection with Geneticure’s Service and/or Site, the following information may be collected, stored, and used:
To improve and customize your experience when you use the Site, we may send one or more cookies — small text files containing a string of alphanumeric characters — to your device. We may use both session cookies that disappear after you close your browser and persistent cookies that remain after you close your browser and may be used automatically by the browser on subsequent visits to the Site. Please review your browser “Help” file to learn how to adjust your cookie settings. Note that some Site services may not function properly if you disable cookies.
- DNT requests.
Some browsers incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor doesn’t want to have their online activity tracked. Because there is not yet an accepted standard for how to respond to DNT signals, we and our service providers (like many digital service operators) do not respond to DNT signals.
- Device, usage, and other automatically collected information.
When you use our Site, we may automatically record certain information from your device by using various types of technology, including “clear gifs” or “web beacons.” This automatically collected information will help us customize and improve your experience with the Site and includes your IP address or other device address or ID, browser and/or device type, the web pages or sites that you visit just before or just after you use the Site, the pages or other content you view or otherwise interact with on the Site, and the dates and times that you visit, access, or use the Site. We also may use these technologies to improve our services by collecting information regarding your interaction with Geneticure email messages, such as whether you opened or clicked on a message. We use automatically collected information to: (i) personalize our services, such as remembering your information so that you won’t have to re-enter it during your visit or the next time you visit the Site; (ii) provide customized content and information; and (iii) monitor and analyze the effectiveness of the Site and marketing activities.
- Analytics services.
Geneticure uses services like Google Analytics in order to improve our services, better understand our clients, and improve our communications. Learn more about Google Analytics’ privacy choices.
- Advertising partners.
We may work with third party advertising partners to show ads for the Service after you visit our Site. These third-party partners collect information from you when you visit our website and other websites. If you don’t want to receive our personalized ads, please visit the opt-out pages of the Network Advertising Initiative (https://www.networkadvertising.org) or the Digital Advertising Alliance http://www.aboutads.info to learn about how you can opt out of receiving personalized ads from member companies. For more information, you can also visit: https://www.consumer.ftc.gov/topics/privacy-identity.
How Information is Shared
This section describes the circumstances under which we may share your information with third parties. For additional details, please review the Informed Consent.
To provide the Service.
- We may disclose your protected health information (“PHI”) to others involved in your care, including healthcare providers (your own provider and/or an independent provider who may review your information to determine whether a test is appropriate for you), genetic counselors (the Service includes complimentary access to Geneticure’s contracted genetic counselors), confirmatory laboratories, and other healthcare providers involved in your medical care.
- We work with third party service providers to provide website, application development, analytics, variant analysis, payment processing, hosting, maintenance, support ticketing, transmission of test results, distribution and collection of Test kits, and other services for us. We limit the personal, health, and non-personal information we share with these service providers to that which is minimally necessary for them to perform their services for us, and we require them to agree to maintain the confidentiality and security of such information, in compliance with the Health Information Portability and Accountability Act (HIPAA) of 1996, as amended.
For Geneticure’s purposes.
- We may share aggregated, de-identified information (for example, aggregated trends about the general use of our Service) publicly and with our partners (this information will not include PHI).
- We may author publications using de-identified information.
- We may disclose your information when we believe in good faith that doing so is appropriate or necessary in order to enforce our Terms of Service.
- Information about our users, including personal information, may be disclosed and otherwise transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
- As described above, we work with third party advertising and analytics partners that collect information from you when you visit our Site. For more information, please see the “Cookies and third-party services” section above.
For security or legal purposes. We may also disclose your information under the following circumstances:
- If we believe in good faith that doing so is appropriate or necessary in order to address fraud, security, or technical issues, or protect against harm to us or others to the extent required or permitted by law.
- To comply with applicable federal and state laws, rules, and regulations, as well as law enforcement requests and legal process, such as a court order or subpoena.
How We Protect Your Information
We use physical, managerial, and technical safeguards that are designed to improve the integrity and security of your information. All information on our servers is encrypted when it is at rest or in transit. All personal information (genetic or otherwise) is encrypted with AES-256 when it’s stored on our servers and is always transmitted over SSL. Internally, strict guidelines and access controls protect your PII and PHI that are in accordance with HIPAA.
We take precautions as set forth by periodic Security Risk Assessment by implementing administrative, physical, and technical safeguards. However, we cannot ensure or warrant the security of any information in the event of a breach of any of our safeguards. You submit your information at your own risk. You agree that Geneticure is not liable for the unauthorized release of your PII or PHI unless such release was the result of gross negligence or willful misconduct on the part of Geneticure.
Geneticure complies with the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will let you know promptly. We will follow the duties and privacy practices described in this Policy, our Notice of Privacy Practices, the Informed Consent, and Terms of Service.
If you receive marketing emails from us, you can unsubscribe from that particular type of marketing email by following the instructions contained within the email or sending your request to us by email at firstname.lastname@example.org. Please be aware that if you opt out of receiving marketing emails from us or otherwise modify the nature or frequency of marketing communications you receive from us, it may take up to ten (10) business days for us to process your request, during which time you might receive marketing communications from us that you have already opted out from. Finally, while you can opt out of receiving marketing emails from us, you will continue to receive administrative communications from us regarding the Service.
Other Important Information
Do not use or access any part of the Site or the Service if you are under 18 years of age. If you’re a parent or guardian and discover that your child under 18 has obtained an account on the Site, please alert us promptly at email@example.com so we can take action to prevent access.
The Service and Site are hosted in the United States (US). If you choose to use the Service and/or Site from other regions of the world, then by your use of the Service and/or Site you acknowledge and agree that: (i) you are transferring your personal information outside of those regions to the US for genetic analysis, storage and processing as required for us to perform our contractual obligations to you; (ii) the laws and regulations of the US shall govern your use of the Service and provision of your information, and may differ from those of your country of residence; and (iii) as per your acceptance of the Informed Consent, you permit your personal information to be used for the purposes set forth therein. Also, we may transfer your data from the US to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Service as required for us to perform our contractual obligations to you. By providing any information, including personal information, on or to the Service and/or the Site, you consent to such use, transfer, storage, and processing. While there is no statutory or contractual requirement for you to provide this information, some information is necessary for us to be able to provide the requested services. Failure to provide such information will make it impossible for you to use the Service. We will retain your personal information only for as long as is necessary to carry out the function for which the information is being used, as consented by you in the Informed Consent, and to comply with applicable laws and regulations. You further agree that by providing your sample, you are not violating any export ban or other legal restriction in the country of your residence.
Clients who live outside of the US in certain jurisdictions may have the option of requesting that their personal information be accessed, updated, and/or removed at any time from our active databases, subject to the applicable laws and regulations of such jurisdictions. Such clients may also have the right to object to our processing of their personal information and/or request that we provide their personal information to another third party. We may require that such request be provided in writing, subject to applicable laws and regulations with respect to the transfer of medical information. If you would like to access, update, object to processing, request provision to a third party, and/or request removal from our active database of your personal information, please contact us at firstname.lastname@example.org. Any such requests will be honored within one month. If you believe Geneticure’s processing of your personal information is inappropriate, you have the right to lodge a complaint with a supervisory authority or to contact Geneticure’s Privacy Officer at email@example.com.
With respect to requests to remove or halt the processing of personal information, such requests received prior to initiation of the Service will result in a cancellation of the Service, and no Results will be provided to you or your healthcare provider. Please also refer to the section above entitled “Your Choices” to understand how requests to remove personal information are handled.
If you’re a resident of the EU, we will only send you marketing communications if you’ve opted in. If you are an EU resident, and you didn’t opt in, but you’re receiving marketing communications anyway, please contact us at firstname.lastname@example.org so we can promptly correct your preferences in our systems.
Changes and updates to this policy
Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. If we modify the Policy, we’ll make it available through the Site, and indicate the date of the latest revision. In the event that the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of this change. Your continued use of the Site and/or Service after the revised Policy becomes effective indicates that you have read, understood and agreed to the current version of the Policy.
Our contact information
Please contact us with any questions or comments about this Policy, your personal information, our use and disclosure practices, or your consent choices by email at email@example.com.
GENETICURE, INC. NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU THAT IS PROTECTED UNDER THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, AS AMENDED (“HIPAA”)
MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
Geneticure, Inc. (“Geneticure”) is required by law to maintain the privacy of your protected health information and to provide you with a notice of our legal duties and privacy practices with respect to protected health information (“PHI”). This Notice of Privacy Practices, or the Notice, describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information. PHI is information about you, including basic demographic information that may identify you and that relates to your past, present or future physical or mental health condition and related health care services.
Your Health Information Rights
You have the following rights with respect to your protected health information:
- Obtain a paper copy of the Notice upon request. You may request a copy of the Notice at any time. To obtain a copy of the Notice, contact firstname.lastname@example.org.
- Request a restriction on certain uses and disclosures of your information. You have the right to request a restriction on the PHI that we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a restriction on the PHI we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. Except as described in this section, we are not required to agree to your request. We must agree to your request if the disclosure has been made to a health plan for the purpose of payment or health care operations and the disclosure relates to an expense for which you have paid out of pocket. To request restrictions, you must send a written request to email@example.com.
- Inspect and obtain a copy of your information. You have the right to access and copy PHI about you contained in your medical and billing records for as long as Geneticure maintains the information. To read or copy your PHI, you must send a written request to firstname.lastname@example.org. Additional state law requirements may apply in order to access and copy such PHI. If you request a copy of the information, we may charge you a reasonable fee for the costs of the copying, mailing, or other supplies that are necessary for the electronic transfer of your information. If we maintain an electronic health record containing your health information, you have the right to request that we send a copy of your health information in electronic format to you or a third party that you identify. We may deny your request to read and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed by filing a request for review with the Geneticure’s Privacy Officer.
- Amend your information. If you feel that PHI we have about you is incomplete or incorrect, you may request that we amend the information. You may request an amendment for as long as we maintain your health information. To request an amendment, you must send a written request to email@example.com. In addition, you must include a reason that supports your request. In certain cases, we may deny your request for amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision with the Privacy Officer, and we may prepare a rebuttal to your statement, which we will provide to you.
- Receive an accounting of disclosures of your information. You have the right to receive an accounting of certain disclosures we have made of your PHI after the effective date of this Notice. The accounting will exclude disclosures we have made directly to you, disclosures to friends or family members involved in your care, disclosures made pursuant to a valid authorization, and disclosures for notification purposes. The right to receive an accounting is subject to certain other exceptions, restrictions, and limitations. To request an accounting, you must submit your request in writing to firstname.lastname@example.org. Your request must specify the time period for which you are seeking an accounting, but it may not be longer than 6 years or the time period permitted by law. The first accounting you request within a 12 month period will be provided free of charge, but you may be charged for the cost of providing additional accountings. We will notify you of the cost involved, and you may choose to withdraw or modify your request at that time.
- Request communications of your information by alternative means or at alternative locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of your PHI, you must submit your request in writing to email@example.com. Your request must state how or when you would like to be contacted. We will accommodate all reasonable requests. We reserve the right to verify your identity in order to confirm the alternative contact and address information.
Examples of How We May Use and Disclose Protected Health Information About You
The following categories describe different ways that we use and disclose your protected health information. For each category of uses or disclosures, we try to explain what we mean and provide some examples.
We will use your protected health information for payment.
For example: A bill may be sent to you or a third-party payor. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.
We are likely to use or disclose your PHI for the following purposes:
Business Associates: There are some services provided at Geneticure through contracts with business associates. For example, we may have a contract with a billing service. When we contract for these services, we may disclose your PHI to our business associate(s) so that they can perform the job we have asked them to do and bill Geneticure, you, or your third-party payor for services rendered. To protect your information, however, we require all business associates to appropriately safeguard your information. Business associates are also directly responsible for compliance with federal security standards and certain provisions of the federal privacy law, to further ensure the protection of your PHI.
Communication with Individuals Involved in your Care or Payment for your Care: Health professionals, such as a physician or nurse, using their professional judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, PHI relevant to that person’s involvement in your care or payment related to your care.
Personal Communications: Subject to certain limitations imposed by law, we may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may receive payment in exchange for making these communications. You may opt out of receiving communications for which we have been paid. To opt out, contact firstname.lastname@example.org.
Food and Drug Administration (FDA) or Other Regulatory Agency: We may disclose to the FDA or other regulatory agencies having jurisdictions, or persons under the jurisdiction of the FDA or such other regulatory agencies, PHI relative to adverse events with respect to food, medicines, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Worker’s Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Public Health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Law Enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a valid subpoena or court order.
As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections, as necessary for licensure and for the government to monitor the healthcare system, government programs, and compliance with civil rights laws.
Judicial and Administrative Proceedings: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. Subject to applicable state law, we may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by us or the requesting party, to tell you about the request or to obtain an order protecting the information requested.
We are permitted to use or disclose your PHI for the following purposes:
Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Regulatory Compliance: Federal law makes provision for your medical information to be released to an appropriate health oversight agency, public health authority or attorney, provided that a member of our workforce or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.
Victims of Abuse or Neglect: We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law, and we believe it is necessary to prevent serious harm to you or someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against you. In such cases, we will promptly inform you that a report has been or will be made unless there is reason to believe that providing this information will place you in serious harm.
Data Breach Notification: We may use your PHI to provide legally-required notices of unauthorized access, acquisition, or disclosure of your PHI.
Other Uses and Disclosures of PHI
We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Most disclosures of your PHI for which we receive payment will require your authorization. Uses and disclosures of your PHI for marketing require your authorization, and your authorization is required for uses and disclosures of psychotherapy notes. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Record Retention: We will retain PHI about you contained in your medical record and billing records in accordance with legal requirements.
Compliance with Laws: If more than one law applies to this Notice, such as more stringent state law, we will follow the more stringent law.
For More Information or to Report a Problem
If you have questions or would like additional information about Geneticure’s privacy practices, you may contact the Privacy Officer at email@example.com. If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the United States Secretary of Health and Human Services. There will be no retaliation for filing a complaint.
This Notice is effective as of November 15, 2018.