Notice of Privacy Practices
Your Information. Your Rights. Our Responsibilities.
Coriell Life Sciences, Inc. (“CLS,” “we”, or “us”) is a leading and trusted bioinformatics company that bridges the gap between genetic knowledge and clinical application. We are committed to protecting your privacy.
At Coriell Life Sciences, your privacy is our priority – we are committed to protecting the confidentiality of our clients and their members. We take every precaution to maintain the security of DNA samples and the data they generate. Every person that we test always has the right, at any time, to decide where their data is sent and whether or not it can be stored.
What We Analyze
Coriell Life Sciences does not sequence an individual’s entire genome – we study the small fraction that affects drug-to- gene interactions. Each person has 3.2 billion base pairs in their DNA, but very little of those base pairs have been found to be associated with drug-to-gene interactions. In fact, within the small fraction that we analyze – no more than 120 out of 3.2 billion base pairs – there is nothing uniquely identifying about a specific person, and the small part of the genome we sample will not tell us whether you are likely to get a particular disease.
We are committed to protecting and respecting your privacy and complying with the principles of applicable data protection laws. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Security Measures – How Your Privacy and DNA Are Protected
Coriell Life Sciences is HIPAA-compliant. HIPAA, the Health Insurance Portability and Accountability Act of 1996, mandates that we meet strict standards for the electronic exchange, privacy, and security of health information in all of its processes and maintains your DNA test results securely, just like other secure medical records. Further, the Genetic Information Nondiscrimination Act (GINA) mandates that an individual’s genetics cannot be held against them by either health insurers or employers.
All personally identifiable information is stripped off from DNA samples and stored in separate databases. The DNA samples collected, including your saliva sample, DNA, and subsequent data are tracked using unique barcodes, rather than your name. Almost all of the person’s DNA sample is consumed during the testing process, and any remaining DNA sample is destroyed at the lab. Coriell Life Sciences’ GeneDose LIVE™ system, which powers the DNA analysis program, is also HITRUST-Certified, meaning it meets the highest information security standards for protecting sensitive information. The data analyzed has multiple layers of encryption and Coriell Life Sciences also “salts” the data, sprinkling random data with the actual data.
All results are confidential. Data is held by Coriell Life Sciences and shared only with the reviewing pharmacist, the individual being tested, and that person’s designated healthcare provider. Program administrators are provided only with overall metrics to monitor the success of the initiative.
Coriell Life Sciences has a strong security culture within the team and management. The importance of security is reflected by the senior leadership within the organization. CLS has mature identity and access management practices and permissions are assigned with the principle of “least privilege” giving users fine-grained access tied specifically to what is required to perform their duties. All personnel receive formation security training on an annual basis.
CLS has a rigorous set of policies that the organization follows to ensure consistent practice and protect CLS and its customer’s confidentiality, integrity, and availability.
Information that you provide to CLS through the website is encrypted using industry-standard Secure Sockets Layer (SSL) technology. Your information is processed and stored on controlled servers with restricted access. We do not and cannot control the security of information as you transmit it to us and therefore are not responsible for any data that is compromised or lost during transmission. Please use your discretion regarding the types of information you send and the security of the device and network you are using.
Please Review Carefully
At CLS we respect the privacy and confidentiality of your protected health information (PHI). We are required by law to maintain the privacy of your health information that CLS creates, requests, or is created on CLS’s behalf, called Protected Health Information (“PHI”) and to provide you with notice of CLS’s legal duties and privacy practices concerning PHI.
This Notice describes how CLS may use and disclose your PHI to carry out health care operations and for other purposes that are permitted or required by law.
You have the right to:
- Get a copy of your paper or electronic medical record.
- Correct your paper or electronic medical record.
- Request confidential communication.
- Ask us to limit the information we share.
- Get a list of those with whom we’ve shared your information.
- Get a copy of this privacy notice.
- Choose someone to act for you.
- File a complaint if your privacy rights have been violated.
You have some choices in the way that we use and share information as we:
- Tell family and friends about your condition.
- Provide disaster relief.
- Include you in a hospital directory.
- Provide mental health care.
- Market our services and sell your information.
- Raise funds.
Our Uses and Disclosures
We may use and share your information as we:
- Treat you.
- Do research.
- Run our organization.
- Work with a medical examiner or funeral director.
- Bill for your services.
- Respond to organ and tissue donation requests.
- Help with public health and safety issues.
- Comply with the law.
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to amend your medical record
- You can ask us to amend health information about you that you think is incorrect or incomplete. Ask us how to do this.
- We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
- You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will ensure the person has this authority before we take any action.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care.
- Share information in a disaster relief situation.
If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. In these cases, we never share your information unless you give us written permission:
- Marketing purposes.
- Most sharing of psychotherapy notes.
- Sale of your information.
In the case of fundraising, we may contact you for fundraising efforts, but you can tell us not to contact you again.
Our Uses and Disclosures
We typically use/share health information in the following ways. We can use your health information and share it with other professionals who are treating you.
We can use and share your health information to run our practice, improve your care, and contact you when necessary. We can use and share your health information to bill and get payment from health plans or other entities.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
How Else Can We Use or Share Your Health Information?
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.
Help with Public Health and Safety Issues
We can share health information about you for certain situations such as:
- Preventing disease.
- Preventing or reducing a serious threat to anyone’s health or safety.
- Helping with product recalls.
- Reporting suspected abuse, neglect, or domestic violence.
- Reporting adverse reactions to medications.
We may use and share your information as we do research, comply with the law, respond to organ and tissue donation requests, work with a medical examiner or funeral director.
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
We can use or share health information about you:
- For workers’ compensation claims.
- For law enforcement purposes or with a law enforcement official.
- With health oversight agencies for activities authorized by law.
- For special government functions as military, national security, and presidential protective services.
- Respond to lawsuits and legal actions.
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you.
The new notice will be available upon request, in our office, and on our web site: www.coriell.com.
You Have a Right to File a Complaint If You Feel Your Privacy Has Been Violated
If you feel your Privacy Rights have been violated, please ask our staff for a Privacy Complaint Form. Our Security Officer will review the form and promptly notify you of the actions our office will take.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775.
If you need to report any issues anonymously please use this link: https://integritycounts.ca/org/corielllifesciences.
We will not retaliate against you for filing a complaint.
Get a copy of this notice, You can ask for a paper copy of this notice at any time.
Coriell Life Sciences
HIPAA Compliance Officer
This Notice of Privacy Practices is effective June 8, 2022.