Sema4 Privacy Policy

WEBSITE PRIVACY POLICY

This website is owned and operated by Mount Sinai Genomics, Inc. d/b/a Sema4 (“Sema4” or “we”, “us” or “our”). This Privacy Policy applies to Sema4’s website located at sema4genomics.com (the “Website”). Please read this privacy policy before using the Website.

BY ACCESSING OR USING THE WEBSITE, YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY AND THE TERMS AND CONDITIONS OF USE (THE “TERMS”), WHICH ARE AVAILABLE AT sema4genomics.com/terms. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY OR THE TERMS, DO NOT ACCESS OR USE THE WEBSITE.

This Privacy Policy applies to the use of the Website and the information provided by and obtained from users of the Website. Sema4 maintains a separate policy in connection with its provision of healthcare services and with the Health Insurance Portability and Accounting Act of 1996 (“HIPAA”). This policy may be viewed below.

INFORMATION THAT WE COLLECT

Sema4 collects two types of information: (1) personally identifiable information that you provide voluntarily when you access certain features of the Website as noted below in this Privacy Policy, and (2) generalized usage information that we collect automatically as you access the Website.

Information That You Provide Voluntarily. Sema4 collects personally identifiable information that you enter into data fields on the Website. For example, when you access the “Contact Us” feature via a Website, you may be asked for certain personally identifiable information, including but not limited to your name and email address. Other features of the Website may ask for other personally identifiable information necessary for the proper functionality of such features. If you decline to provide certain information while using the Website, you may not be able to use or participate in some or all of the features offered through the Website. We may retain email and other communications that you send us in order to process your inquiries, respond to your requests, and improve the Website.

Usage Information That Is Automatically Collected. When you access the Website, Sema4 may collect certain generalized information without your actively providing such information. This information may include, for example, your browser type, your operating system, and your IP address. This information may be collected using various technologies including cookies, as explained below.

HOW WE USE INFORMATION THAT WE COLLECT

Sema4 uses the personally identifiable information that it collects to ensure the proper functionality of the Website, to process user inquiries and respond to user requests, to analyze usage trends, to improve the Website, and to develop new services.

Sema4 employs a variety of online security measures to safeguard and keep your information private.

Sema4 processes personally identifiable information only for the purposes for which it was collected and in accordance with this Privacy Policy.

Sema4 stores any personally identifiable information collected under this Privacy Policy at our facilities and on cloud services that are HIPAA compliant. Sema4 does not share your personally identifiable information with third parties without your consent, except for third-party vendors that perform essential business or administrative services for us. Sema4 provides these vendors only with the information they need to perform such services and asks that they either comply with this Privacy Policy or maintain comparable privacy policies that protect your personally identifiable information.

COOKIES

Sema4 may place small data files, called “cookies,” on your computer or other device. Cookies are a standard web technology that allow us to both store and retrieve login information on a user’s system. These cookies automatically identify your browser to our server whenever you interact with a service provided on the Website. Cookies can store your preferences and help us review website traffic patterns and improve the Website. Most browsers automatically accept cookies. You usually can change your browser setting to prevent the acceptance of cookies, although this may prevent you from using some of the features of the Website. It is important to note that, to the extent possible, information collected by Sema4 through cookies is not linked to any personally identifiable information.

LINKS TO THIRD-PARTY WEBSITES

Sema4 may provide links to third-party websites from the Website. Sema4 exercises no authority over, and does not necessarily endorse, such third-party websites. These destination links are provided only for your convenience and, as such, you access them at your own risk. However, Sema4 wishes to assure the integrity of the Website and its destination links, so any comments pertaining to the Website or any websites accessed through our links are greatly appreciated. Comments can be submitted to privacy@sema4genomics.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.

LEGAL MATTERS

Sema4 reserves the right to comply with all laws and regulations and to disclose personally identifiable information relating to any user of the Website: (i) if we reasonably believe that the user is in violation of our Terms or other published guidelines or is engaged in illegal activity, (ii) in response to court or governmental orders, other enforceable requests from government entities, civil subpoenas, discovery requests or otherwise as required by law, (iii) if we reasonably believe that such release is required to protect the rights, property, safety or security of any of our users or the public, or (iv) to respond to an emergency.

NOTICE TO INTERNATIONAL VISITORS

Data collected on this Website is processed in the United States according to United States law. If you access the Website outside of the United States, you do so at your own risk and are responsible for compliance with the laws and regulations of your jurisdiction as well as our policies and terms.

CHILDREN’S PRIVACY

In accordance with the Children’s Online Privacy Protection Act of 1998 (COPPA), Sema4 does not knowingly request personally identifiable information from anyone under the age of 13 without parental consent. When we do receive information (with parental consent) from users under the age of 13, we will not share their personally identifiable information with third parties, regardless of their stated preference given at registration, in compliance with COPPA.

ACCESSIBILITY

The Website is designed to comply with federal guidelines concerning accessibility. We welcome your comments. If you have suggestions on how to make the Website more accessible, please contact us at privacy@sema4genomics.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.

CHANGES TO PRIVACY POLICY

Sema4 may change this Privacy Policy from time to time. We encourage you to check this page for any changes to the Privacy Policy and for new versions thereof. By continuing to access, browse, and/or use the Website, you agree to accept all Terms and policies, including any revised terms or policies that we post on the Website.

PERSONAL DATA PRIVACY POLICY

This Privacy Policy describes Sema4’s practices specifically regarding medical and payment information in connection with the genetic testing and related products that we offer. This Privacy Policy supplements the Sema4 Website Privacy Policy, which can be found above and which governs your use of Sema4’s website located at sema4genomics.com (the “Website”).

Please read this Privacy Policy and our other policies carefully. By visiting our Website or using any of our services or product, you are agreeing to these policies.

WHY WE COLLECT INFORMATION

We cannot perform our services without collecting information from you. Some of this information is Personally Identifying Information (“PII”), which is information that can be used on its own or with other data to identify you personally. Examples of PII include: name, address, email address, phone number, social security number or credit card number. We also collect Protected Health Information (“PHI”), which, generally speaking, is any information that indicates the past, present or future health status of an individual and that can be linked to an individual’s identity. Examples of PHI would include your family medical history or genetic test results that are paired with PII.

We employ rigorous technical and organizational safeguards against unauthorized disclosure or access to any of your information, including PII and PHI, consistent with the standards established in the Health Insurance Portability and Accounting Act of 1996 (“HIPAA”).

THE INFORMATION SEMA4 COLLECTS AND HOW WE USE IT

Sema4 only collects information that will assist us in providing the services and enabling the products that you have requested.

As noted in the Sema4 Website Privacy Policy, in connection with your use of the Website we collect industry standard log data, including the address of the webpage that referred you, the type of browser and operating system you are using when you access our Website, and your IP address. This information is collected from every visitor and is used to analyze the use of our Website.

You will need a user account to access test results for services that were previously ordered by your physician. To create a user account you must provide us with your name, email address, birthdate, and password. We use this information to create your account, verify your identify, and to communicate with you regarding our services or the availability of your testing results. You may also receive marketing or informational announcements from us, but you will be able to opt out of receiving these emails.

If you contact us via a form on the Website, for example, to request technical assistance or have a question regarding our services, we require certain personal information because it is relevant to and necessary for providing you with the assistance that you are requesting. We will only use this information in relation to the purpose for which you are providing it.

SEMA4’S SECURITY MEASURES

Sema4 is committed to protecting your privacy, and we employ a range of physical, technical and administrative safeguards to secure the information you entrust to us and protect it from loss, misuse, unauthorized access, disclosure, alteration, corruption or destruction. Information you provide through our Website is encrypted using industry-standard security technology, and your PHI is processed and stored behind firewalls on controlled servers with restricted access. In addition, only our properly-authorized employees and contractors with a valid purpose for accessing your information will have such access. Our information security protocols and governance are aligned with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and also meets the requirements and guidelines of the Clinical Laboratory Improvement Amendments (CLIA) and College of American Pathologists (CAP). However, you acknowledge that security safeguards, by their nature, are capable of circumvention and Sema4 does not and cannot guarantee that personally identifiable information about you will not be accessed by unauthorized persons capable of overcoming such safeguards (such as hackers) who may use viruses, worms, trojan horses, and other undesirable data and software to obtain access to or damage our site. In the unlikely event of a data breach, we will notify you at minimum to the extent required by state and federal laws and regulations. You play a vital role in protecting your own personal information. When registering on the Website, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to your account. If you are using our services to access your personal information, you must ensure that the computer and network that you are using is properly secured, and you particularly must take care if you access any personal or sensitive information in a public place.

WILL YOU SHARE ANY OF MY INFORMATION?

We will only share your information if we receive your consent or in the following, limited circumstances:

  • We may disclose your PII or PHI if we believe, after legal review and careful consideration, that doing so is reasonably necessary to comply with a law, regulation, or valid legal process, and unless we are legally prohibited from doing so, we will attempt to provide you with notice in advance.
  • We may disclose your PII to address fraud, security, or spam issues; to comply with a legal duty to inform others, such as if we believe it’s necessary to prevent imminent and serious bodily harm to a person or to protect our rights or property.
  • Even if we are acquired by or merged with another company, this Privacy Policy would continue to apply to information collected while it was in place.

    RETENTION OF YOUR INFORMATION

    As a provider of health care services, we are subject to multiple laws on the retention of data. Accordingly, we retain any information collected about you for as long as we are required to maintain it for regulatory and compliance purposes or for a legal or business necessity.

    WILL THIS POLICY EVER CHANGE?

    We may change our policies at any time and the changes will apply to any information we already hold, as well as new information that we acquire after the change occurs. We will notify our users of any changes to our privacy policies on our Website.

    NOTICE OF PRIVACY AND SECURITY PRACTICES

    The purpose of this Notice of Privacy Practices is to help you understand our practices, specifically regarding medical and payment information, so that you make an informed choice about using our clinical testing services and products. To understand our comprehensive privacy practices, please also read our Personal Data Privacy Policy, which can be found above.

    HOW DOES SEMA4 USE OR SHARE MY HEALTH INFORMATION?

    When your sample is submitted to us, you agree that we may use the information you provide, including your personal information, health information, and billing information, where applicable, in accordance with our privacy practices and policies. If we need to share your information for any other purpose, we will not do so without your authorization. You may notify us at any time if you wish to withdraw such authorization.

    To provide you with our services
    We will use and share your information to perform and track the tests you have authorized, to inform you and your doctor of the results, to provide you with genetic counseling, and to answer any questions you may have about our services or your results.

    To ensure that we are providing the highest standard of services
    We will use your health information to improve and develop new screenings and other services.

    For billing
    We use and share your information to bill and receive payment from health plans or other entities that pay for all or part of our services, and to provide customer service when you have questions about your billing. If you pay for your services outside of your health insurance plan, we will not share any health information with your insurer, except if required by law.

    For research
    We may also choose to de-identify and use your information to support medical and academic research, including with our trusted research collaborators. If you prefer not to have any de-identified health information about you used in research, you may request this by contacting us at privacy@sema4genomics.com or by sending a written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.

    To comply with health oversight audits or inspections
    We will share health information about you if required by the Department of Health and Human Services solely to the extent required to demonstrate that we are complying with federal privacy laws.

    To comply with the law
    We may disclose your information if we believe, after due consideration, that doing so is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, we will do our best to provide you with notice in advance unless we are prohibited by court order from doing so.

    To a designated recipient
    We may disclose health information about you to a friend or family member whom you designate in writing.

    WHAT ARE MY RIGHTS TO MY HEALTH INFORMATION?

    This is your medical information and Sema4 will enable you with the following rights:

    Right to access your health information.
    A copy of your test results may be downloaded from the Sema4 patient portal. If you would like to receive any other health information from us, please contact us at privacy@sema4genomics.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.

    Right to a correct health record.
    You may update or correct information pertaining to you. If you believe that we have collected any health information about you that is incorrect or incomplete, or that you can not correct in your account, please contact us at privacy@sema4genomics.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.

    Right to request special communications.
    We will fulfill all reasonable requests regarding your access to your health information, including specific means of sending you your information.

    Right to choose someone to act for you.
    If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

    Right to make a complaint.
    If you are concerned that we have violated your privacy rights or misused your data, you may contact us by email at privacy@sema4genomics.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer. If you are not satisfied with our response, you may file a written complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201.

    Will this notice ever change?
    We may change our policies and notices at any time and the changes will apply to any information we already hold, as well as new information that we acquire after the change occurs. We will notify our users of any changes to our privacy policies on our Website.

    This Privacy Policy was most recently updated on May 1, 2017.