HIPAA Notice of Privacy Practices
Effective date: 03/15/2024
At Nucleus Genomics Inc. (“Nucleus”), keeping your health information safe is our utmost priority. We are committed to complying with state and federal laws to ensure the confidentiality of your Protected Health Information (PHI). This policy outlines our privacy practices, your rights related to your PHI, and our adherence to its terms when using or disclosing your PHI.
01
Purpose
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
02
What is protected health information?
Protected Health Information includes details such as your name, date of birth, medical history, laboratory results, insurance information, and other health-related data that is subject to the Health Insurance Portability and Accountability Act (HIPAA). Your PHI includes the genetic testing results that Nucleus develops and provides to you. We collect, use, and share this information to provide testing services, provide genetic testing reports, and for other purposes allowed or required by law.
In accordance with HIPAA regulations, we will protect the privacy and security of your PHI and inform you of any violation of unsecured PHI as required by law.
We will not use or disclose your PHI in any manner not described in this policy unless we receive your written authorization.
03
What is personally identifiable information?
Personally identifiable information (PII) may be used to distinguish or trace an individual’s identity either directly or indirectly through association with other information. This includes, but is not limited to:
Full name
Email or mailing address
Place of birth
Date of birth
IP address
04
How your personal information may be used for sample processing
As permitted by law, we may use and disclose your PII or PHI in the following ways without obtaining your written authorization:
For payment collection
We may use and disclose your PII to receive payment for the testing services we provide.
For your testing
We may use and disclose your PHI to further your testing, such as conducting genetic testing services.
For healthcare operations
We may use and share your PHI for our healthcare operations, which include management, planning, and activities that improve the quality of care and lower the cost of services we deliver. This includes activities such as monitoring the quality of our testing processes, improving existing operations, and conducting internal research and development to improve and add to our product and feature offerings.
To our business associates
We may share PHI with other organizations who help us with our activities, including those we hire to perform services. All such Business Associates are required to sign an agreement that protects your PHI.
To your personal representative, legal guardian, or other person involved in your care
If you have an authorized personal representative, such as a healthcare power of attorney, we may disclose your PHI to them. We also may share your PHI with your family member, close personal friend, or other person who you identify in writing is involved in your care, unless you ask us not to do so.
To contact you about services being provided to you
We may use and disclose your PHI to communicate with you about the status of your order and/or services that we provide for you.
05
How your personal information may be used as required by law
We are obligated to disclose your PHI when mandated by applicable federal, state, or local laws. These include cases in which a court orders disclosure to help locate suspects, fugitives, witnesses, missing persons, or crime victims.
Even in those cases, we are prepared to exhaust all available legal remedies to protect customer privacy. We will only turn over PHI if we are ultimately required to do so based on legal requirements.
As part of judicial or administrative proceedings
We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
To accrediting agencies
We may disclose your PHI to laboratory accrediting agencies, such as the College of American Pathologists, for authorized activities such as audits, investigations, inspections, and licensure activities. This may include sharing PHI with agencies responsible for ensuring compliance with laboratory accreditation program rules.
To public health or health oversight agencies
We may, when required or permitted by law, disclose your PHI to public health agencies. We also may share your PHI with a health oversight agency that oversees the healthcare system and ensures the rules of a government health program, such as Medicare or Medicaid, are being followed.
06
When authorization is required to use or disclose PHI
For any purpose not described above, we will obtain your written authorization before using or disclosing your PHI. Examples include:
For marketing communications
We will request your authorization before using or disclosing PHI for marketing communications, such as emails about new product offerings as defined by HIPAA.
For research
You may opt in to authorize your PHI to be used for research with external partners to advance medical care and our understanding of genetics. You can do this through our research program. It’s important to note that if you choose to opt into our research program, your data will undergo rigorous processes designed to protect your identity. This means your PHI data will be stripped of direct identifiers like your name, address, IP address, and contact information. Research will focus on new gene/disease associations, development of new treatments, and public health activities. All research data sets will be used and shared in compliance with HIPAA requirements. You can learn more about our research program in Nucleus’ research consent form, which can be viewed during account sign-up or requested by emailing concierge@mynucleus.com.
For the sale and distribution to third parties
We will not sell or distribute your PHI to third parties unless you specifically request or authorize us to do so.
You have the right to revoke your authorizations in writing. Actions already taken based on your authorizations cannot be revoked. To revoke any authorizations, please update your preferences on your account settings page.
07
What are your rights?
The following are your rights related to your PHI:
Access to protected health information
You have the right to inspect or obtain copies of your PHI that we maintain. We may deny access to certain information if it may reasonably endanger you or another person's life or safety. If we deny your request, you may request a review of the denial.
Restrictions on use or disclosure of your PHI
You have the right to request restrictions on how we use or disclose your PHI. While we will carefully consider all such requests, we are not required to agree to them. However, we must agree if you request restrictions on sharing your PHI with a health plan for specific purposes, where full payment has been made directly by you.
Confidential communications
You have the right to request that we communicate with you about your PHI in a specific way or send mail to a particular address (e.g., home or office). We will accommodate reasonable requests for confidential communications.
Correction or updating of information
If you believe there is an error in the PHI we maintain about you, you may request its correction or request an update. We may deny your request in certain circumstances, providing an explanation for the denial.
Accounting of disclosures
You may request an accounting of instances in which we or our business associates have disclosed your PHI for purposes other than testing, payment, healthcare operations, and other specific purposes. This list will include disclosures made within the six years preceding your request.
Copy
You have a right to obtain a paper copy of this notice.
08
Changes to our Privacy Practices Policy
We reserve the right to change our privacy practices and the terms of this notice, as permitted by applicable law. If we make changes, we may apply the updated terms to all PHI we maintain, including previously received or created PHI. Any changes to this policy will be promptly posted on our website. Please check the Nucleus site periodically to stay updated.
09
Questions and complaints
Please contact our Privacy Office (details below) if you have questions or concerns about our privacy practices, your privacy rights, or would like a detailed explanation or a copy of this policy. If you believe we have violated your privacy rights, you may submit a complaint to our Privacy Office or the U.S. Department of Health and Human Services ("HHS"). We will provide you with the address to file a complaint with HHS upon request. We will not retaliate against or penalize you for filing a complaint.
10
Contact information
To communicate with us regarding this policy and privacy-related questions, please use the following contact information:
Nucleus Genomics, Inc.
Attention: Privacy Officer
584 Broadway, Unit 1003
New York, NY 10012
privacy@mynucleus.com
EFFECTIVE DATE 03/15/2024
