INFORMATION THAT WE COLLECT
Information That You Provide Voluntarily. Sema4 collects personally identifiable information that you enter into data fields on the Website. For example, when you access the “Contact Us” feature via a Website, you may be asked for certain personally identifiable information, including but not limited to your name and email address. Other features of the Website may ask for other personally identifiable information necessary for the proper functionality of such features. If you decline to provide certain information while using the Website, you may not be able to use or participate in some or all of the features offered through the Website. We may retain email and other communications that you send us in order to process your inquiries, respond to your requests, and improve the Website.
Usage Information That Is Automatically Collected. When you access the Website, Sema4 may collect certain generalized information without your actively providing such information. This information may include, for example, your browser type, your operating system, and your IP address. This information may be collected using various technologies including cookies, as explained below.
HOW WE USE INFORMATION THAT WE COLLECT
Sema4 uses the personally identifiable information that it collects to ensure the proper functionality of the Website, to process user inquiries and respond to user requests, to analyze usage trends, to improve the Website, and to develop new services.
Sema4 employs a variety of online security measures to safeguard and keep your information private.
Sema4 may place small data files, called “cookies,” on your computer or other device. Cookies are a standard web technology that allow us to both store and retrieve login information on a user’s system. These cookies automatically identify your browser to our server whenever you interact with a service provided on the Website. Cookies can store your preferences and help us review website traffic patterns and improve the Website. Most browsers automatically accept cookies. You usually can change your browser setting to prevent the acceptance of cookies, although this may prevent you from using some of the features of the Website. It is important to note that, to the extent possible, information collected by Sema4 through cookies is not linked to any personally identifiable information.
LINKS TO THIRD-PARTY WEBSITES
Sema4 may provide links to third-party websites from the Website. Sema4 exercises no authority over, and does not necessarily endorse, such third-party websites. These destination links are provided only for your convenience and, as such, you access them at your own risk. However, Sema4 wishes to assure the integrity of the Website and its destination links, so any comments pertaining to the Website or any websites accessed through our links are greatly appreciated. Comments can be submitted to firstname.lastname@example.org or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.
Sema4 reserves the right to comply with all laws and regulations and to disclose personally identifiable information relating to any user of the Website: (i) if we reasonably believe that the user is in violation of our Terms or other published guidelines or is engaged in illegal activity, (ii) in response to court or governmental orders, other enforceable requests from government entities, civil subpoenas, discovery requests or otherwise as required by law, (iii) if we reasonably believe that such release is required to protect the rights, property, safety or security of any of our users or the public, or (iv) to respond to an emergency.
NOTICE TO INTERNATIONAL VISITORS
Data collected on this Website is processed in the United States according to United States law. If you access the Website outside of the United States, you do so at your own risk and are responsible for compliance with the laws and regulations of your jurisdiction as well as our policies and terms.
In accordance with the Children’s Online Privacy Protection Act of 1998 (COPPA), Sema4 does not knowingly request personally identifiable information from anyone under the age of 13 without parental consent. When we do receive information (with parental consent) from users under the age of 13, we will not share their personally identifiable information with third parties, regardless of their stated preference given at registration, in compliance with COPPA.
The Website is designed to comply with federal guidelines concerning accessibility. We welcome your comments. If you have suggestions on how to make the Website more accessible, please contact us at email@example.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.
WHY WE COLLECT INFORMATION
We cannot perform our services without collecting information from you. Some of this information is Personally Identifying Information (“PII”), which is information that can be used on its own or with other data to identify you personally. Examples of PII include: name, address, email address, phone number, social security number or credit card number. We also collect Protected Health Information (“PHI”), which, generally speaking, is any information that indicates the past, present or future health status of an individual and that can be linked to an individual’s identity. Examples of PHI would include your family medical history or genetic test results that are paired with PII.
We employ rigorous technical and organizational safeguards against unauthorized disclosure or access to any of your information, including PII and PHI, consistent with the standards established in the Health Insurance Portability and Accounting Act of 1996 (“HIPAA”).
THE INFORMATION SEMA4 COLLECTS AND HOW WE USE IT
Sema4 only collects information that will assist us in providing the services and enabling the products that you have requested.
You will need a user account to access test results for services that were previously ordered by your physician. To create a user account you must provide us with your name, email address, birthdate, and password. We use this information to create your account, verify your identify, and to communicate with you regarding our services or the availability of your testing results.
Sema4 may from time to time wish to send you marketing or other informational announcements. You agree that Sema4, its agents or representatives may do so through telephone calls, text messages and/or emails at any telephone number or email address associated with your account, including wireless telephone numbers that could result in charges to you. The manner in which these communications are made may include, but is not limited to, the use of prerecorded/artificial voice and text messaging and/or automatic telephone dialing systems. This consent may be revoked at any time, and you can opt out of receiving these communications on your Sema4 account or by emailing firstname.lastname@example.org.
If you contact us via a form on the Website, for example, to request technical assistance or have a question regarding our services, we require certain personal information because it is relevant to and necessary for providing you with the assistance that you are requesting. We will only use this information in relation to the purpose for which you are providing it.
SEMA4’S SECURITY MEASURES
Sema4 is committed to protecting your privacy, and we employ a range of physical, technical and administrative safeguards to secure the information you entrust to us and protect it from loss, misuse, unauthorized access, disclosure, alteration, corruption or destruction. Information you provide through our Website is encrypted using industry-standard security technology, and your PHI is processed and stored behind firewalls on controlled servers with restricted access. In addition, only our properly-authorized employees and contractors with a valid purpose for accessing your information will have such access. Our information security protocols and governance are aligned with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and also meets the requirements and guidelines of the Clinical Laboratory Improvement Amendments (CLIA) and College of American Pathologists (CAP). However, you acknowledge that security safeguards, by their nature, are capable of circumvention and Sema4 does not and cannot guarantee that personally identifiable information about you will not be accessed by unauthorized persons capable of overcoming such safeguards (such as hackers) who may use viruses, worms, trojan horses, and other undesirable data and software to obtain access to or damage our site. In the unlikely event of a data breach, we will notify you at minimum to the extent required by state and federal laws and regulations.
You play a vital role in protecting your own personal information. When registering on the Website, it is important to choose a password of sufficient length and complexity, to not reveal this password to any third parties, and to immediately notify us if you become aware of any unauthorized access to your account. If you are using our services to access your personal information, you must ensure that the computer and network that you are using is properly secured, and you particularly must take care if you access any personal or sensitive information in a public place. If you wish to communicate with us via standard email or text messages, please be aware that these are not secure means of communicating your personal information and there are known and unknown risks that your information may be disclosed to, or intercepted by, unauthorized third parties. These risks include but are not limited to: (i) the email or text being sent to the wrong person due to the sender’s use of the wrong email address or phone number, (ii) email and text service provider’s ability to archive and inspect communications, and (iii) computer hacking and viruses.
WILL YOU SHARE ANY OF MY INFORMATION?
We will only share your information if we receive your consent or in the following, limited circumstances. We may disclose your PII or PHI if we believe, after legal review and careful consideration, that doing so is reasonably necessary to comply with a law, regulation, or valid legal process, and unless we are legally prohibited from doing so, we will attempt to provide you with notice in advance. We may also disclose your PII to address fraud, security, or spam issues; to comply with a legal duty to inform others, such as if we believe it’s necessary to prevent imminent and serious bodily harm to a person or to protect our rights or property.
RETENTION OF YOUR INFORMATION
As a provider of health care services, we are subject to multiple laws on the retention of data. Accordingly, we retain any information collected about you for as long as we are required to maintain it for regulatory and compliance purposes or for a legal or business necessity.
WILL THIS POLICY EVER CHANGE?
We may change our policies at any time and the changes will apply to any information we already hold, as well as new information that we acquire after the change occurs. We will notify our users of any changes to our privacy policies on our Website.
NOTICE OF PRIVACY AND SECURITY PRACTICES
HOW DOES SEMA4 USE OR SHARE MY HEALTH INFORMATION?
When your sample is submitted to us, you agree that we may use the information you provide, including your personal information, health information, and billing information, where applicable, in accordance with our privacy practices and policies. If we need to share your information for any other purpose, we will not do so without your authorization. You may notify us at any time if you wish to withdraw such authorization.
To provide you with our services
We will use and share your information to perform and track the tests you have authorized, to inform you and your doctor of the results, to provide you with genetic counseling, and to answer any questions you may have about our services or your results.
To ensure that we are providing the highest standard of services
We will use your health information to improve and develop new screenings and other services.
We use and share your information to bill and receive payment from health plans or other entities that pay for all or part of our services, and to provide customer service when you have questions about your billing. If you pay for your services outside of your health insurance plan, we will not share any health information with your insurer, except if required by law.
We may also choose to de-identify and use your information to support medical and academic research, including with our trusted research collaborators. If you prefer not to have any de-identified health information about you used in research, you may request this by contacting us at email@example.com or by sending a written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.
To comply with health oversight audits or inspections
We will share health information about you if required by the Department of Health and Human Services solely to the extent required to demonstrate that we are complying with federal privacy laws.
To comply with the law
We may disclose your information if we believe, after due consideration, that doing so is reasonably necessary to comply with a law, regulation, or valid legal process. If we are going to release your information, we will do our best to provide you with notice in advance unless we are prohibited by court order from doing so.
To a designated recipient
We may disclose health information about you to a friend or family member whom you designate in writing.
WHAT ARE MY RIGHTS TO MY HEALTH INFORMATION?
This is your medical information and Sema4 will enable you with the following rights:
Right to access your health information.
A copy of your test results may be downloaded from the Sema4 patient portal. If you would like to receive any other health information from us, please contact us at firstname.lastname@example.org or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.
Right to a correct health record.
You may update or correct information pertaining to you. If you believe that we have collected any health information about you that is incorrect or incomplete, or that you cannot correct in your account, please contact us at email@example.com or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer.
Right to request special communications.
We will fulfill all reasonable requests regarding your access to your health information, including specific means of sending you your information.
Right to choose someone to act for you.
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
Right to make a complaint.
If you are concerned that we have violated your privacy rights or misused your data, you may contact us by email at firstname.lastname@example.org or by written letter to: Sema4, 1425 Madison Avenue, New York, NY 10029, Attn: Privacy Officer. If you are not satisfied with our response, you may file a written complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201.
Will this notice ever change?
We may change our policies and notices at any time and the changes will apply to any information we already hold, as well as new information that we acquire after the change occurs. We will notify our users of any changes to our privacy policies on our Website.