At Genoptix, Inc. (“Genoptix”), we recognize that privacy is important, and, therefore, Genoptix is committed to maintaining and protecting the privacy of our customers, patients, partners, employees, and all others who may visit a website belonging to Genoptix.
BY USING OUR SITE, YOU CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF INFORMATION AS DESCRIBED IN THIS POLICY.
COLLECTION AND USE OF PERSONALLY IDENTIFIABLE INFORMATION
Genoptix only collects personally identifiable information through its websites (such as an individual’s name, e-mail address, account password, etc.) when it is voluntarily submitted to Genoptix by you as permitted under applicable law. For example, when you choose to register for an account through our site (e.g., eCOMPASS®) or for a promotion or service that requires registration, we may ask you to provide some personal information such as your first and last name, medical practice name, job title, phone number, e-mail address, type of medical practice, and similar information required to issue you a username and password. We may also ask for similar information in order to fulfill additional requests you make through our website or a site maintained by a third party on our behalf, including, but not limited to, a request for investor information or in connection with your application for employment.
USE OF PERSONALLY IDENTIFIABLE INFORMATION
- Health Care Professionals–For health care professionals that take advantage of our clinical laboratory services in treating their patients or are considering using our clinical laboratory services, we may use your personal information to (i) inform or send you information on services we provide or services you may request; (ii) to assist you with questions that you may have about our services; (iii) contact you regarding payment matters; and (iv) in order to evaluate the services we offer or similar marketing purposes, such as conducting surveys.
- User Communications–When you send email or other communications to Genoptix, we may retain those communications in order to process your inquiries, respond to your requests, and improve our services.
- Affiliated Genoptix Services Through Other Sites–We may offer some of our services on or through other websites operated by third parties. Personal information that you provide to those sites may be sent to Genoptix in order to deliver the service such as if you apply for a job with Genoptix through another website or if you make a payment to Genoptix through another site. In this case, we will process information that we receive about you from these third parties under this Policy. The affiliated websites through which our services are offered may have different privacy practices, and we encourage you to read their privacy policies.
You can decline to submit certain personally identifiable information, but in such case, Genoptix may not be able to provide those services to you.
COLLECTION AND USE OF NON-PERSONALLY IDENTIFIABLE INFORMATION
We offer a number of services that may not require you to register for an account or provide any personal information to us. For example, we track the total number of visitors to our website, the number of visitors to each page of the website, and the domain names of our visitors’ Internet service providers. No personally identifiable information is gathered in this process. In order to provide our full range of services, we may collect any or all of the following types of information:
Most browsers are initially set up to accept cookies, but you can reset your browser to allow you to control whether you will accept cookies or refuse all cookies or to indicate when a cookie is being sent. However, some Genoptix features and services may not function properly if your cookies are disabled.
Genoptix may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our website and its technology and content.
WEB BROWSER INFORMATION
When you access Genoptix services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request, and one or more cookies that may uniquely identify your browser.
Genoptix does not sell, rent, or share your personal information with non-affiliated third parties. However, to provide our services we may provide your personal information gathered through this site with other companies or individuals outside of Genoptix in the following limited circumstances:
- We may provide such information to our subsidiaries, affiliated companies, or other trusted businesses or persons for the purpose of processing or using personal information on our behalf. We require that these parties agree to use or process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
- We have a good faith belief that access, use, preservation, or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process, or enforceable governmental request, (b) enforce applicable policies, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security, or technical issues, or (d) protect against harm to the rights, property, or safety of Genoptix, its users, or the public as required or permitted by law.
- After having received your consent for the sharing of any sensitive personal information
SECURITY AND CONFIDENTIALITY
To ensure the security and confidentiality of Personal Data that we collect online, we use data networks protected, inter alia, by industry standard firewall and password protection. In the course of handling your Personal Data, we take measures reasonably designed to protect that information from loss, misuse, unauthorized access, disclosure, alteration, or destruction.
Genoptix provides links to a number of third parties’ websites through Genoptix’s site, which may provide you with useful information or offer helpful services as a convenience. Links contained on our site that transfer you to a non-Genoptix site are not controlled by Genoptix and may contain different information and/or different privacy policies than Genoptix. Genoptix is not responsible for the privacy policies of or content on any such third party website. You should review the privacy policies of these third parties should you choose to access these sites. These other sites may place their own cookies or other files on your computer, collect data, or solicit personal information from you.
PERSONAL INFORMATION AND CHILDREN
Most of the services available on this site are intended for persons 18 years of age and older. Any individual who requests information about a medicine indicated for use in children must be 18 or over. We will not knowingly collect, use, or disclose Personal Data from a minor under the age of 18 without obtaining prior consent from a person with parental responsibility (e.g., a parent or guardian) through direct off-line contact. We will provide the parent with (i) notice of the specific types of personal data being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information. We abide by laws designed to protect children.
If you have any feedback or questions regarding this Policy, please feel free to contact us at:
c/o Genoptix, Inc.
2131 Faraday Ave
Carlsbad, CA 92008
Please note that this Policy is subject to change from time to time. We will update this Policy on this page with any such changes. Therefore, please review this website periodically to ensure you are aware of our current policy on privacy matters in using this website or other websites offered by Genoptix.
NOTICE OF HEALTH INFORMATION PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
NeoGenomics Laboratories, Inc. and its subsidiaries and affiliates, is required by the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), to maintain the privacy and security of your protected health information (PHI) and to provide you with a notice of NeoGenomics’ legal duties and privacy practices with respect to protected health information (PHI) that NeoGenomics may collect and maintain about you. This protection extends to any PHI whether in oral, written, or electronic format. This Notice of Health Information Privacy Practices (“Notice”) describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information (“PHI”) when in the hands of NeoGenomics and its business associates, which are vendors that may assist us in providing services to you. PHI is any information that identifies you or may be used to identify you (e.g., basic demographic information); that is created or received by a health care provider, health plan, employer or health care clearinghouse; and that relates to your past, present or future physical or mental health or condition and related health care services, or provision of or payment for health care.
We are required by law to abide by the terms of this Notice. We will not use or disclose your PHI without your prior written authorization, except as permitted or required by law and described in this Notice. Please note that if other federal, state, or local laws, rules or regulations restrict or limit the use and disclosure of your PHI in ways that are permitted under this Notice, NeoGenomics will only use or disclose your PHI in compliance with the stricter law, rule or regulation. We strongly urge you to read this Notice carefully and thoroughly so that you will understand both our commitment to protecting the privacy of you PHI and how you can participate in the protection of this information.
What PHI We Collect
We attempt to collect the minimal amount of information necessary for NeoGenomics to provide our services to you and to obtain payment for those services. This may include your name, address, telephone number, social security number, date of birth, medical history, diagnosis, treatment, provider identification, financial responsibility, health insurance coverage (including group numbers and member identification numbers), and payment information.
How We May Use and Disclose Protected Health Information About You WITHOUT YOUR CONSENT
With the exception of information that may qualify for special protection under state and/or federal law, the following categories describe different ways that we use and disclose your PHI. Not every possible use or disclosure in a category is listed below. However, all of the ways in which we are permitted to use and disclose PHI will fall within one of the categories below. Also, NeoGenomics must limit its uses, disclosures, or requests for your PHI to the “minimum necessary” to accomplish the intended purpose of such use, disclosure, or request, except as permitted by law. Please note that, for purposes of this Notice, any references to “we” or “NeoGenomics” include all business associates we may engage.
Treatment: We may use or disclose your PHI to provide and coordinate the treatment and services you receive. For example, we may use your PHI to perform diagnostic tests, or provide your test results to your physician or other authorized health care provider. We may also disclose your PHI to another testing laboratory if we are unable to perform the testing ourselves and as such need to refer your specimen to that laboratory to perform the requested testing.
Payment: We may use and disclose your PHI to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you, your health care provider, or your health plan/insurer that includes information that identifies you and the type of services we performed for you.
Health Care Operations: NeoGenomics may use or disclose your PHI in order to support the health care operations of its business and monitor the quality of the care we provide. For example, we may use information in your health record to evaluate the services we provide or to train NeoGenomics’ staff. In addition, “health care operations” include conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines; patient safety activities; population-based activities relating to protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives, and related functions that do not include treatment; submitting claims for stop-loss coverage; conducting or arranging for medical review, legal services, and audit services; wellness and disease management programs; and business planning, development, management and general administration of the clinical lab.
To Communicate with Individuals Involved in Your Care or Payment for Your Care: We may disclose to a family member, other relative, close personal friend or any other person you identify, PHI that is directly relevant to that person’s involvement in your care or payment related to your care. We may disclose the relevant PHI to these persons if you do not object or we can reasonably infer from the circumstances that you do not object to the disclosure. If you are incapacitated, we can make the disclosure if, in the exercise of professional judgment, we believe the disclosure is in your best interests. To the extent permitted under federal and state law, we may disclose PHI of minors to their parents or legal guardians.
Business Associates: There are some services provided by NeoGenomics through contracts with business associates (e.g., billing services), and we may disclose your PHI to NeoGenomics’ business associate so that they can perform the job we have asked them to do. To protect your information, however, we require the business associate to enter into a Business Associate Agreement, which specifies the ways in which the business associate may use and disclose your PHI and must appropriately safeguard your information.
Government Agencies: We may disclose to certain government agencies (e.g., FDA, CMS, OIG, CLIA accreditation organizations, etc.), or persons under the jurisdiction of the of such agencies, PHI relative to adverse events with respect to products and/or services we provide, or information to enable product recalls, repairs, or replacements.
Worker’s Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law. These programs provide benefits for work-related injuries or illness without regard to fault.
Public Health: As permitted by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability; to report the abuse or neglect of children, elders, dependent adults, or others; or to a person who may have been exposed to a communicable disease or otherwise be at risk of contracting of spreading the disease or condition.
Law Enforcement or As Otherwise Required by Law: We may disclose your PHI when required to do so by federal, state, or local law or for law enforcement purposes as permitted by law, such as in response to a valid subpoena or court order and to assist in locating suspects, fugitives or witnesses, or victims of crime.
Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities may include audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with laws.
Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process, but only if efforts have been made, either by the requesting party, or us to tell you about the request or to obtain an order protecting the information requested.
Research: We may use or disclose your PHI for research if approved by an independent institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information. We may also disclose information about decedents to researchers under certain circumstances.
Coroners and Medical Examiners: We may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI, if in good faith, we believe the use or disclosure: (i) is necessary to prevent or lessen a serious and imminent threat to your health and safety or the health and safety of the public or another person, and is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or (ii) is necessary for law enforcement authorities to identify or apprehend an individual based on statements made by the individual admitting to participation in a violent crime, or where the individual has escaped from a correctional institution or from lawful custody, or (iii)is necessary for national security, intelligence, or protective services activities.
Military and Veterans: If you are a member of the armed forces, we may use and disclose PHI about you for activities deemed necessary by appropriate military command authorities to assure the proper execution of a military mission. For the same reason, we may also release PHI about foreign military personnel to the appropriate foreign military authority.
Disaster Relief: In the event of a disaster, we may provide your PHI to disaster relief organizations.
National Security, Intelligence Activities, and Protective Services for the President and Others: We may disclose PHI about you to authorized federal officials for the conduct of lawful intelligence, counterintelligence, protective services to the President, and other national security activities authorized by law.
Treatment Alternatives and Health-Related Benefits and Services: We may use and disclose your PHI to tell you about possible treatment options or alternatives and health-related benefits and services that may be of interest to you.
Sale or Merger: In the event of a sale or merger with another organization, your PHI will become the property of the new owner.
Use and Disclosure of PHI (WITH YOUR CONSENT)NeoGenomics will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). Examples include any uses and disclosures of your PHI for marketing purposes, and disclosures that constitute a sale of PHI require your written authorization. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.Fundraising: NeoGenomics does not currently use protected health information (PHI) for fundraising purposes. If NeoGenomics performs fundraising activities at some future time, you may be contacted, but you would have the option to tell us not to contact you again.
Your Rights Regarding Your Health Information/PHI
Obtain a Paper Copy of the Notice upon request. You may request a paper copy of NeoGenomics’ current Notice at any time from the NeoGenomics’ Privacy Office. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. All requests for a paper copy of the Notice must be submitted in writing or electronically to NeoGenomics at the contact information listed below.
Right To Access And Obtain A Copy Of PHI. You (or your designated representative) have the right to access and receive a copy of your PHI that may be used to make decisions about your care or payment for your care. If we maintain the information you have requested in an electronic format you may ask for it to be provided to you electronically, and also ask us to electronically send copies to another person. To exercise this right, you must send a written request to NeoGenomics. You may use NeoGenomics records request form under the “Client Services” tab under the “Consents and Notices” section.
We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you will receive a written denial and information regarding how your denial may be reviewed.
Request A Restriction On Certain Uses And Disclosures Of PHI. You have the right to request additional restrictions on how we use or disclose your PHI for treatment, payment, health care operations, and communications to those involved in your care by sending a written request to NeoGenomics’ Privacy Office. We will consider your request, but are not required to agree to it unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you, or someone on your behalf, have paid for the service in full out of pocket. If we agree to a restriction on other types of disclosures, we will abide by them, except in emergency situations when the disclosure is for purposed of treatment. All requests for restrictions on the use or disclosure of your PHI must be submitted in writing to NeoGenomics at the contact information listed below. We retain the right to terminate an agreed-to restriction if we believe such termination is appropriate. In the event we have terminated an agreed-to restriction, we will notify you of such termination.
Request An Amendment Of PHI. You have a right to request that PHI that we maintain about you be amended or corrected. To request an amendment, you must send a signed written request to Neo Genomics at the contact information listed below. You must include a reason that supports your request. We may process your request in accordance with our policy, but original information will not be removed. In certain cases, we may deny your request for an amendment for various reasons, including if we did not create the information or if we believe the current information is accurate and complete. You will be notified in writing if your request is denied. If you request is denied, you have the right to submit a written statement disagreeing with the denial, which, at your request, may be appended or linked to the PHI in question. All requests for an amendment of your PHI must be submitted in writing to NeoGenomics.
Receive An Accounting Of Disclosures Of PHI. You have the right to receive an accounting of the disclosures NeoGenomics or its business associates have made of your PHI for most purposes other than treatment, payment, health care operations, and certain other limited purposes. The right to receive an accounting of disclosures is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit your request in writing to NeoGenomics’ Privacy Office. Your request must specify the time period for which you would like an accounting, but this time period may not be longer than six years prior to your request. All requests for an accounting of the disclosures of your PHI must be submitted in writing to NeoGenomics at the contact information listed below.
Request Confidential Communications Of PHI By Alternative Means Or At Alternative Locations. You have a right to request to receive communications of PHI by alternate means or at alternate locations. For instance, you may request that we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of your PHI, you must submit a request in writing to NeoGenomics’ Privacy Office. Your request must state how or where you would like to be contacted. All requests for communication of PHI by alternative means or at alternative locations must be submitted in writing to NeoGenomics.
Right to Receive Notification in the Event of a Breach. You have a right to receive notification if there is a breach of your unsecured PHI, except in those instances where we determine that there is a low probability that the PHI has been compromised. After learning of such a breach, we must provide notice to you without unreasonable delay and in no event later than sixty (60) calendar days after NeoGenomics’ discovery of the breach, unless a law enforcement official requires us to delay the breach notification.
Security of Your PHI
Access to PHI is restricted to only those employees, agents or contractors of NeoGenomics who require it to provide services to you or your healthcare provider(s) or obtain payment from those financially responsible for payment. NeoGenomics maintains physical, technical, and procedural safeguards protecting PHI against unauthorized use and disclosure. NeoGenomics’ Privacy Office is responsible for overseeing the proper and effective implementation of all required rules and regulations, as well as policies and procedures concerning the use and disclosure or PHI, including ensuring proper educating/training, investigating all issues, complaints and concerns, audit and monitoring compliance by NeoGenomics and its employees, agents and contractors. Please note that any e-mail communication you initiate with NeoGenomics regarding your PHI is not secured in accordance with the HIPAA security standards. As a general rule, NeoGenomics will not communicate with you through e-mail unless the e-mail can be properly encrypted or with your permission/consent.
Data Protection and Privacy Statement (EU and SWISS)
NeoGenomics Laboratories, Inc., U.S.A., (“NeoGenomics-USA”) and its affiliated companies in Switzerland (“NeoGenomics-Swiss”) are committed to adhering to applicable data protection laws. This Data Protection and Privacy Statement discloses our practices with regard to the collection, processing and use of personal data of employees of NeoGenomics Switzerland, and other European/Swiss affiliates of NeoGenomics and patients undergoing clinical diagnostic testing (collectively “European Personal Data”).
Personal Data of Patients: NeoGenomics collects personal data of patients in the course of clinical diagnostic testing, such as, patient medical data and records, data of clinical diagnostic laboratory testing, name, address, and medical history potentially including diagnosed cancer. NeoGenomics may use this personal data for the following purposes: providing clinical laboratory services, including molecular diagnostic test services and providing customer service.Personal Data of Employees: NeoGenomics Switzerland collects personal data of their employees, in the course of the employment with them, such as the employee’s name, date of birth, address, and salary information. NeoGenomics may use this personal data for general HR administrative functions, including hiring, performance assessment, and promotion, salary and benefits determinations.
Data Transfers outside the EEA and Switzerland:
European Personal Data may be transferred to NeoGenomics USA, NeoGenomics Switzerland, affiliates and subsidiaries of NeoGenomics, business partners, and service providers (“Data Recipients”) for the purposes listed above. Personal Data that is transferred, will be protected in accordance with this Privacy Notice and applicable law.
Data Recipients may be located in countries outside the European Economic Area and Switzerland (“Third-Countries”) in which an adequate level of data protection equivalent to the European Union, the European Economic Area or Switzerland may not be guaranteed. If Data Recipients are located in Third-Countries without an adequate level of data protection, such as the United States, NeoGenomics has implemented appropriate measures to guarantee that the European Personal Data transferred are adequately safeguarded, e.g. by concluding EU Standard Contractual Clauses for transfer of personal data to third-countries, respectively, with the Data Recipients.
Data Security, Integrity and Access: NeoGenomics takes reasonable precautions to protect European Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction. NeoGenomics makes reasonable efforts to keep European Personal Data reliable for its intended use, accurate, current and complete. NeoGenomics provides European data subjects with access to their personal data with the opportunity to review and correct their personal data. European data subjects may request access to their personal data by submitting a written request to NeoGenomics’ Privacy Office. NeoGenomics reserves the right to take reasonable steps to authenticate the identity of any individual seeking access to their Personal Data.
Other Disclosures: In the case of a legally binding order for access to the European Personal Data by an authorized public authority, NeoGenomics may disclose European Personal Data to the extent necessary to comply with such binding order. In any such event, NeoGenomics will use its reasonable efforts to comply with the data disclosure rules under GDPR and FDAP and seek that any disclosures of the personal data by it to any public authority are not massive, disproportionate and indiscriminate in a manner that it would go beyond what is necessary.
To file a complaint with NeoGenomics, you must submit a written complaint to NeoGenomics’ Privacy Office at the address listed below. Any submission must be marked “Confidential,” and should include your name, address, and telephone number where we can contact you (unless you chose to remain anonymous) and a brief description of your concern, issue, or complaint. Filing a complaint will not affect your rights to your personal data or services provided by NeoGenomics.
How to Contact Us
If you would like to exercise your rights or would like additional information about NeoGenomics’ privacy practices, you may contact:
|By Mail:||NeoGenomics Laboratories, Inc.
Attn: Stephanie Bywater, Chief Compliance Officer12701 Commonwealth Drive, Suite 5
Fort Myers, Florida 33913
If you believe your privacy rights have been violated, you may also file a complaint with NeoGenomics’ Privacy Office or with the applicable agency listed below:
|U.S. Based Individuals|
|By Mail:||Office for Civil RightsThe U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
|By Telephone:||1-202-619-0257 or toll free at: 1-877-696-6775|
|E.U. Based Individuals|
|Report should be done to the Data Protection Authority (DPAs) in the EU Member State in which the individual resides. (DPAs contact information: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)|
|Swiss Based Individuals|
|Report should be done to the applicable Cantonal or Municipal Data Protection Authority (DPAs). (DPAs contact information: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html)|
Changes to this Notice
NeoGenomics reserves the right to change its practices and the terms of this Notice as, and to the extent permitted by law, to make the new Notice effective for all PHI and personal data we maintain without prior notice to you. The new Notice will be available upon request and on our web site.
Obtaining a Copy of this Notice.
You are permitted to print or make a copy of this Notice for your records. If you do not have the ability to print or make a copy, you may request one by contacting the NeoGenomics’ Privacy Office at the address listed above.
This Notice was revised and became effective as of March 1, 2019.