Privacy Practices

Last Updated: January 25th, 2022

The overview presented below is intended to offer a guide to our privacy practices. For more information, please read these documents, or contact us at contact@probablygenetic.com.

Data we collect, generate, store, and use

What data does Probably Genetic collect?
We collect the information we need in order to provide a high-quality customer experience, including the information below.

Personal information, such as:

  • Name
  • Gender
  • Date of Birth
  • Shipping addresses
  • Contact information (such as email address or phone number)

Protected health information, such as:

  • Personal information (mentioned above) when used in connection with protected health information
  • Medical history (when provided)
  • Laboratory Results
  • Other health information provided by you or your healthcare provider

Web behavior data, such as:

  • Browser data
  • Device information
  • IP address

Identifiable data: How we use and share it

What is identifiable data?
Identifiable data includes protected health information, such as information about your health status, any healthcare you have received, or payments for healthcare that can be linked back to you as an individual. This may include your test results, medical records, and payment history.

How does P​robably Genetic ​use identifiable data?
Probably Genetic uses your identifiable data to produce genetic testing results. Please see the ​How we protect your information​ section below for details on how we keep your identifiable data secure.

Does ​Probably Genetic​ share identifiable data outside of the company?
Probably Genetic does not exchange for payment or lease/rent your identifiable data to any third party (including academic researchers) without your explicit consent. This applies to all data listed above under ​the "What data does ​Probably Genetic​ collect?"​ section (including your email address and phone number). Even with your consent, Probably Genetic limits the sharing of identifiable data outside of the company as much as possible.

That said, there are a few specific instances in which we do share information with others in order to provide you with our services, including:

  • The healthcare provider who ordered your test as part of our partnering physician network
  • The genetic counselors who provide counseling
  • The laboratory we contract with for sequencing
  • The bioinformatics partner we contract with for sequencing data analysis
  • Other service providers and organizations or entities acting on our behalf
  • Legal guardians or personal representatives (if applicable)

In addition, there may be special circumstances where we need to disclose identifiable data as permitted under the US Health Insurance Portability and Accountability Act (HIPAA), including:

  • To ensure compliance with rules of government health programs such as Medicare or Medicaid
  • In response to a court order, subpoena or other lawful process
  • In connection with public health activities, such as reporting diseases to authorized public health authorities
  • As otherwise required by applicable law

De-identified data: Who we share it with

What is de-identified data?
De-identified data is information that cannot be reasonably linked to a specific individual. HIPAA provides a safe harbor method for the de-identification of protected health information, which includes the removal of the following 18 identifiers:

  • Name
  • Specific geographical identifiers
  • Dates (other than year) directly related to an individual
  • Phone number
  • Fax number
  • Email address
  • Social Security number
  • Medical record number
  • Health insurance numbers
  • Account number
  • Certificate/license number
  • Vehicle identifiers and serial numbers (e.g., license plate numbers)
  • Device identifiers and serial numbers
  • URLs
  • IP address
  • Biometric identifiers, including finger, retinal and voice prints
  • Full face photographic images and any comparable images
  • Any other unique identifying number, characteristic, or code

Once all of these identifiers are removed and precautions are taken, we believe that the de-identified data cannot reasonably be traced to you or used to identify you or your genetic information as an individual.

When does ​Probably Genetic​ share de-identified data?
We may share de-identified data in specific ways that help advance medical care and the clinical practice of genetics. For example, although Probably Genetic does not as of the date of this notice do so, we may in the future share de-identified data about genetic variants we observe with a few carefully selected public databases to advance the understanding of genetic information. One such database is ClinVar, a centralized resource managed by the NationalCenter for Biotechnology Information (NCBI) and the National Institutes of Health (NIH) that enables genetic testing laboratories to improve the practice of medicine by uncovering links between specific genetic variants and disease. ClinVar submissions include in which gene the variant was seen, variant description, classification of the variant (positive, negative, or uncertain), and explanation for why the variant was classified as it was. See an example ClinVar entry here.

Subject to applicable law, we may also share de-identified data through research collaborations with universities, hospitals, other laboratories, or companies (that, for example, are developing a treatment for a disease). For example, if a university research group is studying patients with variants in a specific gene, we may provide a list of the variants we’ve seen. The list might include the patients’ age range (in decade), gender, variant name, and how we classified the variant (positive, negative, or uncertain).

Setting your data sharing preferences

How can someone tested at ​Probably Genetic​ set their data sharing preferences?
The easiest way to set your data sharing preferences is by emailing contact@probablygenetic.com​. For all Probably Genetic testing excluding sponsored testing programs (see below), you may opt out of sharing certain data.

Opting out means that Probably Genetic will no longer share your personally identifiable data in accordance with your preference settings. However, we cannot withdraw or reverse the sharing of any personally identifiable data that may have been disclosed prior to you opting out.

Please note that sharing does not include data provided to Probably Genetic’s service providers and other entities and individuals acting on our behalf.

Sponsored testing programs and clinical trials, Advocacy

Group Partnerships

What are sponsored testing programs?
Through sponsored testing programs, patients can elect to have a third party company (other than their insurance company) pay for their testing at Probably Genetic. In these programs, certain de-identified and other data are shared with program sponsors. Examples of information shared through these programs include the treating clinicians’ contact information, variant name and interpretation, symptoms, and disease predictions. No patient-identifiable information is shared with program sponsors unless there is a signed HIPAA authorization form between the patient and the sponsor. We will provide notice of this kind of sharing to users when they are providing this contact information.

What are advocacy group partnerships?
We sometimes partner with advocacy groups, such as those that bring together communities of patients with certain diseases.  In some partnerships, the advocacy group or other organization promotes the Symptom Checker to its members.  To help further the cause of the organization and otherwise communicate with those that took the Symptom Checker, we sometimes agree to provide contact information back to the organization. We will provide notice of this kind of sharing to users when they are providing us this contact information.

Setting your contact preferences

How can someone tested at ​Probably Genetic​ set their contact preferences?
We may contact you about other Probably Genetic products and services we believe may be of interest to you. To request that we only send you marketing notifications about specific topics, please email us at contact@probablygenetic.com. To request that we send none of these notifications to you, email us at contact@probablygenetic.com.

Your contact preferences have no bearing on receiving your test results; you may not opt out of non-promotional messages regarding your account or service-related emails.

How we protect the information of people who receive testing at ​Probably Genetic

How does P​robably Genetic ​protect my information?
We use technical, administrative and physical safeguards to secure your personal information and protect it against misuse, loss or alteration. Sensitive personal information that you provide through our websites is encrypted using industry-standard secure sockets layer (SSL) technology, with the exception of information you send via email. Your sensitive personal information is processed and stored on controlled servers with restricted access.

You play a vital role in protecting your information. Please refrain from emailing us any sensitive information. Please also be sure to choose a secure password when registering for a Probably Genetic account and never reveal this password to any third parties. Immediately notify us if you become aware of any unauthorized access to your account.

If you have any questions, concerns or complaints about Probably Genetic’s privacy practices, please contact us at contact@probablygenetic.com.

©, 2020, Aiwa Health, Inc. All Rights Reserved.

Questions?

Do you have questions regarding this document? Feel free to contact us at: