BillionToOne Notice of Privacy Practices
Last updated May 28, 2019
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
BillionToOne is required by law to maintain the privacy and security of your protected health information (PHI) and to provide you with a notice of our legal duties and privacy practices with respect to PHI. This Notice of Privacy Practices describes how we may use and disclose your PHI to carry our treatment, payment or health care operations and for other specified purposes that are permitted or required by law. This Notice also describes your rights with respect to your PHI. “PHI” is information about you, including basic demographic information, that may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services.
BillionToOne is required to follow the terms of this Notice of Privacy Practices. We will not use of disclose your PHI without your written permission, except as described in this Notice.
Your Health Information Rights
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Obtain a paper copy of the Notice of Privacy Practices upon request. You may request a paper copy of the Notice at any time, even if you have agreed to receive the Notice electronically. Our contact information for such requests is included at the end of the Notice.
Inspect and obtain a copy of your information. You have the right to access, inspect, and obtain a copy of the PHI contained in your medical and billing records for as long as BillionToOne maintains the information. If you would like to access your information, please send your written request to the address included at the end of this Notice.
If you request a copy of your information, we may charge you a reasonable fee for the costs of copying, mailing, or other supplies necessary for the electronic transfer of your information. We may deny your request to read and copy in certain limited circumstances. If you are denied access, you may request the denial be reviewed by filing a request for review.
Amend your information. If you feel that the PHI we have about you is incorrect or incomplete, you may request that we amend the information. If you would like to request an amendment to your information, please send your written request to the address included at the end of this Notice. Any request for amendment must include a description of the amendment requested and the reasons why you think we should make the amendment.
We will ordinarily respond to your request within 60 days. If we did not create your health information, if your health information is not part of our records, or if your health information is already accurate and complete, we can deny your request and notify you of our decision in writing. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision, which we can rebut. You have the right to request that your original request, our denial, your statement of disagreement, and our rebuttal be included in future disclosures of your health information.
Request confidential communications. You can request that we communicate with you about your PHI only in writing or ad a different residence or post office box. If you would like to request confidential communications of your PHI, please send your written request to the address included at the end of this Notice. Your request must state how or when you like to be contacted. We will accommodate all reasonable requests. We reserve the right to verify your identity in order to confirm the alternative contact and address information.
Ask us to limit what we use or share. You have the right to request a restriction on the PHI that we use or disclose about your for treatment, payment, or health care operations. You also have the right to request a restriction on the PHI we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. A written request for additional privacy protections should include (i) the information you want to restrict; (ii) whether you want BillionToOne to restrict our use of the information, how we share it with others, or both; and (iii) to whom the restrictions apply. We are not required to agree to your request and may deny your request if it would affect your care. If you or someone on your behalf has paid out of pocket and in full for our service, we will agree to requests not to share that information for the purpose of payment or our operations with your health insurer, unless required by law.
Receive a list those with whom we’ve shared information. You have the right to receive a list (accounting) of the times we’ve shared your PHI, who we shared it with, and why. You may request such information for the six-year period prior to the date of your request. We will include all disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). If you would like to request an accounting, please send your written request to the address included at the end of this Notice. We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
How We May Use and Disclose Your Health Information
- Preventing or controlling disease, injury, or disability;
- Helping with product recalls;
- Reporting suspected abuse, neglect, or domestic violence;
- Preventing or reducing a serious threat to anyone’s health or safety.
We may use or share your information to do research. We use and share your information for research only as allowed by federal and state rules. We will not use your health information or disclose it outside of BillionToOne for research reasons without either getting your prior written approval or determining that your privacy is protected.
We may share your PHI to address workers’ compensation, law enforcement, and other government requests. We can use or share health information about you:
- For workers’ compensation claims;
- For law enforcement purposes as required by law or in response to a valid subpoena or court order;
- With health oversight agencies for activities authorized by law;
- For special government functions such as military, national security, and presidential protective services.
We may share your PHI to respond to lawsuits and legal actions. We can share health information about you in response to a court or administrative order, or in response to a subpoena.
We may share your PHI to comply with the law. We will share information about you when required to do so by federal, state, or local law.
We may use your information for data breach notification. We may use your PHI to provide legally-required notices of unauthorized access, acquisition, or disclosure of your PHI.
Other Uses and Disclosures of PHI
BillionToOne will not sell your information, sample, genetic data or results. We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Uses and disclosures of your PHI for marketing require your authorization. You may revoke an authorization by sending a written request to the address included at the end of this Notice. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
How We Protect Your Information
BillionToOne implements certain physical, administrative, and technical safeguards that are designed to protect the integrity and security of your information. We cannot however guarantee that information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. You agree that BillionToOne is not liable for the unauthorized release of your information, unless such release was the result of gross negligence or willful misconduct on the part of BillionToOne.
BillionToOne complies with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) to maintain the privacy and security of your information. If a breach occurs that may have compromised the privacy or security of your information, we intend to comply with all federal and state reporting requirements.
Record Retention: We will retain PHI contained in your medical record and billing records in accordance with legal requirements.
Compliance with Laws
If more than one law applies to this Notice, such as more stringent state law, we will follow the more stringent law.
Changes To This Notice of Privacy Practices
We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. When changes are made, the new Notice of Privacy Practices will be available upon request and on our website. The date the Notice was last revised is identified at the top of the page.
If you believe your privacy rights have been violated, you can file a complaint with us using the contact information below, or with the United States Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.
BillionToOne commits to resolve questions and comments about your privacy and our collection and use of your information. If you have questions or would like additional information about this Privacy Notice, please contact us at: firstname.lastname@example.org