Privacy Policy | Karius

Karius Website Privacy Policy

This Privacy Policy describes the ways in which Karius, Inc. (“Karius,” “we,” “our,” or “us”) collect, use, and disclose information about you through www.kariusdx.com and other online platforms that we operate and that link to this Privacy Policy (the “Site”). By using the Site, you consent to the processing of your information as set forth in this Privacy Policy, now and as amended by us.

What information do we collect?

Information You Provide – We and our service providers collect any information that you voluntarily provide when you use the Site, including personal information—that is, information that can be used to uniquely identify or contact you, such as your name, address, phone number, e-mail address, and response to specific questions. We may collect information from you in various circumstances, including but not limited to, when you sign up for our newsletters, request information from us, submit comments or questions, or participate in surveys.

Information Automatically Collected From You – We and our service providers may automatically collect certain technical information from your computer or mobile device when you use the Site, such as your Internet Protocol address, another device identifier, your browser type, your operating system, the pages you view on the Site, the pages you view immediately before and after you access the Site, and the search terms you enter on the Site. This information allows us to recognize you and personalize your experience if you return to the Site, and to improve the Site and the services we provide. We and our service providers may collect this information using “cookies,” which are small text files that the Site saves on your computer using your web browser and accesses when you return, or similar technologies.

How do we use this information?

We, and our affiliates and subsidiaries, may use the information we collect for a number of purposes, including, but not limited to:

  • responding to your questions or requests;
  • sending you requested product or service information;
  • providing you with information about the Site or required notices, such as about changes affecting our Site or the information collected about you;
  • processing applications submitted by you;
  • conducting market research, including surveys and analysis;
  • delivering marketing communications, promotional materials, or advertisements that may be of interest to you;
  • customizing your experience when using the Site, such as by providing interactive or personalized elements on the Site and providing you with content based on your interests;
  • improving the Site and the products and services we provide;
  • generating and analyzing statistics about your use of the Site;
  • helping our advertisers and sponsors better understand our users (provided that for such purposes we only use de-identified information); and
  • detecting, preventing, and responding to fraud, intellectual property infringement, violations of any terms of use that may apply to the Site, violations of law, or other misuse of the Site.

We also may combine or aggregate any of the information we collect through the Site or elsewhere for any of these purposes, including delivering targeted advertisements that are based on your previous online activity on the Site and on other third-party websites. For example, if you view a page on the Site about a particular product, you may receive an online advertisement for that product or related products on other pages on the Site or on other online platforms you visit.

Under what circumstances do we disclose this information?

We may disclose the information we collect from you through the Site:

  • to our affiliates and subsidiaries, who may use the information in accordance with this Policy;
  • to service providers who work on our behalf and who have agreed to use the information solely in furtherance of our operations, including, but not limited to, service providers who provide web hosting services, that help us understand how people use the Site, and that help us communicate with you;
  • to third parties that receive information that does not directly identify you in order to analyze how people use the Site;
  • to business partners who may deliver marketing communications, promotional materials, or advertisements that may be of interest to you(some of these third parties, such as online network advertisers, may automatically collect information about your online activities over time and across different websites when you use the Site in order to facilitate the delivery of targeted advertisements on the Site and on third-party platforms);
  • as required by law, such as to comply with a subpoena or other legal process, or to comply with government reporting obligations;
  • when we believe in good faith that disclosure is necessary (a) to protect our rights, the integrity of the Site, or your safety or the safety of others, or (b) to detect, prevent, or respond to fraud, intellectual property infringement, violations of our Terms of Use, violations of law, or other misuse of the Site; and
  • to affiliates, service providers, advisors, and other third parties to the extent reasonably necessary to proceed with the negotiation or completion of a merger, acquisition, or sale of all or a portion of our assets.

We will not rent, sell, or share your personal information with unaffiliated third parties to directly market to you without your permission.

In addition, we may share de-identified reports on user demographics and traffic patterns, as well as de-identified information, with third parties.

The Site also may contain third-party links. You acknowledge and agree that we are not responsible for the collection and use of your information by such third parties that are not under our control. We encourage you to review the privacy policies of each website you visit.

Where is this information processed?

Information collected through the Site will be processed in and subject to the laws of the United States, which may not provide the same level protection for your personal information as your home country, and may be available to the United States government or its agencies under a lawful order made in the United States. In addition, we may transfer your information outside the United States to our affiliates, business partners, and service providers located in other countries, for the purposes set forth in this Policy. By using the Site, you consent to the collection, use, disclosure, and retention by Karius of your personal information as described in this Policy, including but not limited to the transfer of your personal information to the United States and between our business partners, affiliates, and subsidiaries in accordance with this Policy and to the processing of such information globally.

How is your information secured?

We strive to maintain reasonable administrative, technical, and physical safeguards designed to safeguard the information collected by the Site. However, no information system can be 100% secure, so we cannot guarantee the absolute security of your information. Moreover, we are not responsible for the security of information you transmit to the Site over networks that we do not control, including the Internet and wireless networks.

By using the Site or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Site. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the Site or sending an email to you. You may have a right to receive this notice in writing. To receive free written notice of a security breach or to withdraw your consent from receiving electronic notice, please notify us at privacypolicy@kariusdx.com.

How to make changes to your information

We strive to give you ways to update your personal information or to delete it unless we must keep such information for legitimate business or legal purposes. If you would like to review or update the personal information you have provided to us through the Site, please contact us at the contact information listed in the “Contact us” section below.

Your choices

If you no longer wish to receive marketing communications from us or want to opt-out of our sharing your personal information collected through this Site with our business partners for marketing purposes, please submit a request at the contact information listed in the “Contact us” section below.

If you do not want the Site to collect information through the use of cookies, you can set your web browser to reject cookies from the Site. Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies from the Site, however, the Site may not function as intended.

We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. Visit the following website, www.allaboutdnt.org, for more information on this developing area.

Children’s information

The Site is not directed to, nor do we knowingly collect information from, children under the age of 13. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us at the contact information listed below.

Changes to this Privacy Policy

If we update this Privacy Policy, we will notify you by posting a new Privacy Policy on this page. If we make any revisions that materially change the ways in which we use or share the information previously collected from you through the Site, we will notify you by email (sent to the email address specified in your account) or by means of a notice posted to this Site prior to the change becoming effective and obtain consent to any such uses as may be required by law. We encourage you to periodically review this page for the latest information on our Site’s privacy practices.

Contact us or update your information

If you have any questions about this Privacy Policy or our use of your information collected through the Site, please contact us at privacypolicy@kariusdx.com.

This Privacy Policy was last updated on June 17, 2016.

 

Karius Notice of Privacy Practices

 

Your Information. Your Rights. Our Responsibilities.

This Notice of Privacy Practices describes how Karius, Inc. (“Karius”) may use and disclose your medical information and how you can get access to this information. Please review it carefully.

Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Karius is required by law to maintain the privacy of health information that identifies you, called protected health information (“information”), and to provide you with notice of our legal duties and privacy practices regarding your information. Karius is committed to the protection of your information and will make reasonable efforts to ensure the confidentiality of your information, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.

Your Rights

You have the right to:

  • Get a copy of your paper or electronic medical record
  • Correct your paper or electronic medical record
  • Request confidential communication
  • Ask us to limit the information we share
  • Get a list of those with whom we’ve shared your information
  • Get a copy of this privacy notice
  • Choose someone to act for you
  • File a complaint if you believe your privacy rights have been violated

Your Choices

You have some choices in the way that Karius uses and shares information as we:

  • Provide your test result
  • Provide disaster relief
  • Market our services and sell your information
  • Raise funds

Our Uses and Disclosures

Karius may use and share your information as we:

  • Provide test results and support to your health care provider(s)
  • Run our organization
  • Bill for your services
  • Raise funds
  • Help with public health and safety issues
  • Do research
  • Comply with the law
  • Address workers’ compensation, law enforcement, and other government requests
  • Respond to lawsuits and legal actions

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask Customer Support how to do this.
  • We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

  • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask Customer Support how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send to a different address.
  • We will say “yes” to all reasonable requests.

Ask us to limit what we use or share

  • You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

This privacy notice is available to be viewed and printed from our website. However, you can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

We will make sure the person has this authority and can act for you before we share your health information.

File a complaint if you feel your rights are violated

  • You can complain if you feel we have violated your rights by contacting Customer Support by email at help@kariusdx.com, by phone at 1.866.4KARIUS (1.866.452.7487), or by facsimile at 650.429.2026.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visitingwww.hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

You have both the right and choice to tell us to share information with your family, close friends, or others involved in your care.

In the following cases, we never share your information unless you give us written permission:

  • Marketing purposes
  • Sale of your information

Our Uses and Disclosures

How do we typically use or share your health information?

We typically use or share your health information in the following ways.

Treatment Support

We can use or disclose your information for treatment purposes, including disclosure to physicians, nurses, medical students, pharmacies and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.

Run our organization

We can use or disclosure your information for health care operations purposes. These uses and disclosures are necessary, for example, to evaluate the quality of our laboratory testing, accuracy of results, accreditation functions and for Karius’s operation and management purposes. Karius may also disclose your information to other health care providers or health insurance providers who are involved in your care for their health care operations. For example, Karius may provide your information to manage disease, or to coordinate health care or health care benefits.

Bill for your services

We can use or disclose your information to bill and collect payment for laboratory services we provide. For example, Karius may provide information to your treating hospital to receive payment for the health care services provided to you.

Health-related benefits and services

Karius may use and disclose your information to tell you about health-related benefits and services that may be of interest to you. For example, Karius may contact you about new testing services available upon order by your physician.

Business Associates

Karius may disclose your information to its business associates to perform certain business functions or provide certain business services to Karius. For example, we may use another company to perform billing services on our behalf. All of our business associates are required to maintain the privacy and confidentiality of your information. In addition, at the request of your health care providers or health plan, Karius may disclose your information to their business associates for purposes of performing certain business functions or health care services on their behalf. For example, we may disclose your information to a business associate of Medicare for purposes of a medical necessity review and audit.

How else can we use or share your health information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Help with public health and safety issues

We can share health information about you for certain situations such as:

  • Disclosures to public health authority to report, prevent or control disease
  • Helping with product recalls
  • Detecting and reporting adverse events or problems with a test
  • Preventing or reducing a serious threat to anyone’s health or safety

Do research

We can use or share your information for health research. Limited data or records may be viewed by researchers to identify patients who may qualify for their research project or for other similar purposes, so long as the researchers do not remove or copy any of the information. Before we use or disclosure protected health information (“PHI”) for any other research activity, one of the following will happen: 1) a special committee will determine that the research activity poses minimal risk to privacy and that there is an adequate plan to safeguard PHI; 2) if the PHI relates to deceased individuals, the researchers give us assurances that the PHI is necessary for the research and will be used only as part of the research; or 3) the researcher will be provided only with information that does not identify you directly.

De-identified Information and Limited Data Sets

We may use and disclose health information that has been “de-identified” by removing certain identifiers, making it unlikely that you could be identified. Karius may also disclose limited health (“limited data set”). The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.

Personal representative

We may disclose your information to your personal representative, as established under applicable law, or to an administrator, executor, or other authorized individual associated with your estate.

Health oversight activities

We may disclose your information to a health care oversight agency for activities authorized by law, such as audits, civil, administrative or criminal investigations and proceedings/actions, inspections, licensure/disciplinary actions, or other activities necessary for appropriate oversight of the health care system, government benefit programs, and compliance with regulatory requirements and civil rights laws.

Address workers’ compensation, law enforcement, and other government requests

We may disclose your information, as authorized by applicable laws, to comply with workers’ compensation or other similar programs established to provide work-related injury or illness benefits.

Government functions

In certain situations, Karius may disclose the information of military personnel and veterans, including Armed Forces personnel, as required by military command authorities. Additionally, we may disclose information to authorized officials for national security purposes, such as conducting intelligence, counter-intelligence, other national security activities, and when requested by foreign military authorities. Disclosures will be made only in compliance with U.S. law.

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Comply with special laws

There are special laws that protect some types of health information, such as treatment for substance use disorders, STDs, and HIV/AIDS testing and treatment. We will obey these laws when they are stricter than this notice.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know without unreasonable delay (and no later than 60 days after discovery) if a breach occurs that may have compromised the privacy or security of your information. Such notification will include information about what happened and what can be done to mitigate any harm.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of this Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website (www.kariusdx.com).

Other Instructions for Notice

  • Our privacy officer is Kathleen Determann, and she may be reached at privacy@kariusdx.com or by phone at 866.452.7487. Our security officer is Jeff Aguilera, and he may be reached at security@kariusdx.com or by phone at 866.452.7487.
  • Karius does not market or sell identifiable patient health information.
  • In addition to the requirements of federal privacy law, Karius also abides by the California Medical Information Act.

Effective Date of Notice: December 5, 2016