Privacy Policy

The providers in this practice offer internet-based health care services. We are sensitive to the privacy of your health information. We are committed to safeguarding the personal and family health information that we may receive from you through our patient portal, by telephone, email, fax submission, or internet discussion. Our online, telephone, fax, and office practices are designed to ensure your privacy.

By using our website, portal, or systems, you are agreeing to the collection, handling, and securing of your personal health information as described in this policy. Individuals must be 18 years of age or older to obtain services through us. Individuals under the age of 18 years of age may obtain services with appropriate consent.

Inaccuracies in any of the information you provide may directly affect your risk assessment, genetic testing options, and other information that you receive through our services by telehealth. The information that you provide to us is the basis for analysis and risk evaluation, which is done in collaboration with your physicians. Clients are recommended to keep in touch with a genetics expert, at least annually, or as new personal and family health information becomes available. An annual review will allow you to learn of updates in genetic information that may be important to your genetic risk assessment and assist you and your physician with personalized health care recommendations.

Your preferred email and telephone contact information should be kept current with us, as this is the primary means by which we may communicate with you.

This policy is the sole authorized statement of our practice concerning the collection, use, and protection of the information you provide. We review our privacy practices regularly; therefore, this policy is subject to change.

The information provided on this website is reviewed by genetic counselors and other genetics experts. Note that medical advice can only be given by those licensed to practice medicine. New York Education Law 6521 defines the practice of the profession of medicine to include diagnosing, treating, operating, and/or prescribing for any human disease, pain, injury, deformity, or physical condition. Visitors to this site should seek the advice of physicians or other qualified health providers regarding medical conditions, medical diagnosis, or treatment. The services offered by or through this website are not intended to replace or disregard medical diagnosis or recommended treatment by one's physicians.

We collect information and create a record to provide you with the service you request, to ensure service quality, for general operations, for billing purposes, and to respond to your questions by telephone, email, and fax or mail service. We will maintain the privacy of your information and may contact you to request your opinion as to your satisfaction with our services or to share information updates about our services.

If you do not use the features of the Forms or Contact Us options of our website, the only information we will collect will be non-personally identifiable. Non-personally identifiable information includes information that you have viewed using cookies. You may adjust your online preferences regarding cookies. We may use cookies to track information regarding data accessed on our website and to record general site activity and statistics. We use communication services and a major business telephone service that tracks personal and aggregate information to provide prompt responses to clients, gather navigational information, and enhance the experience of visitors to our website. These services employ current technical and organizational security measures including internal procedures, back-up, encryption, and firewall security groups to prevent the unauthorized access or use of your personal information.

Personally Identifiable Health Information is any information that we receive (by telephone discussion, fax, voice mail, e-mail, or regular mail) or create that pertains to your past, present, or future healthcare or health status and that can be used to identify you. Such information can be in the form of a written medical record, computer stored information, verbally disclosed information, as well as information collected by us through any of our Questionnaires.

If you decide to schedule a consultation with this service, you will be required to submit Personally Identifiable Information, such as your name, address, telephone number, email address, and fax number, as well as personal and family health information. Personal and Health information is collected and submitted online (or occasionally by fax or regular mail service) by way of our contact forms including but not limited to our Client Intake Form, Family History Questionnaire, Cancer Risk Assessment Form, Insurance Authorization Request Form, Medical Record Request Form, informed consent forms and billing forms.

If we coordinate genetic testing, we will assist with all necessary paperwork and work with your or our affiliated physician and medical personnel to obtain a test script and help coordinate your testing. We can not be responsible for third-party handling of your medical records, data, and specimens.

Although our security measures are extensive, (see section on Security, Storage, and Protection of Data), we cannot guarantee that we can protect you when you send to us by non-secure e-mail, any personally identifiable information, family health/genetic information, feedback, or other information, although any information supplied through the guidegenetics portal is secure.

Except as outlined in this policy statement we will not disclose personal identifiable information or personal/family health information, but may release limited information under the following circumstances:

• We may provide a consultation summary which is forwarded to both the client and referring physician(s), with the client's permission or as per insurance requirements. Clients should discuss details about the handling of their genetic consultation notes or genetic test reports with their other physicians. The information that you provide to us, however, is not directly incorporated into any medical record system, electronic or otherwise, from our end at this time.
• Your protected medical information may be used or disclosed to clinicians involved in your treatment, to the extent that you have provided permission and/or appropriate contact information to us, or to the extent that such is required by your medical insurance company, subject to the insurer requirement for payment or as required by a law, regulation, search warrant, subpoena or court order.
• To the extent that we have your permission and to the extent that it is reasonable, we may provide your information to external sources in order to provide you with the services that you request.
• Personal identifiable information including personal and family health information that we collect from you may be used to assist in coordinating genetic testing.
• To the extent that it is required, certain information will be furnished to your insurer to facilitate billing your insurer for our services.
• We provide anonymous and non-identifying information about you to external sources in order to provide you with the services that you request.
• If you, or someone authorized by you gives us a written or signed authorization for the release of information, your health information can be released. We will always verify requests with you prior to release.
• You may request that certain parties be restricted from obtaining all or part of your health or medical information.

• Limited Information may be shared for the purpose of billing, payment, and shipment with our e-commerce vendors, banking, and accounting affiliates. These contractors may have access to your email address so that they may send confirmatory communications to you on our behalf, although these parties are not allowed to use your personal information for any other purpose.
• We use other parties such as genetic testing companies who will need your address and other contact information for the purpose of sending genetic testing kits to you, upon your approval.
• We collect information on the website or portal pages that clients access and other search information in individual and aggregate form about visitors to our service for research or statistical purposes (demographics etc.), to customize and improve the content and layout of our Web pages and for internal review.
• Our Web server does not collect or recognize information regarding the domain or e-mail addresses of visitors to our Web pages.

Our interactive website and portals do not allow for saving information on incomplete forms. Visitors to our sites are encouraged to complete and submit forms to the best of their ability.

We encourage clients to contact us at any time to change or update any information that has been provided to us.

Our site employs advanced technology to secure your interactions with us and we have taken precautionary measures to secure the information that we receive from you. We maintain security over your personal information through a combination of physical, electronic, and procedural means as well as contractual arrangements. All agents of our company must comply with our strict privacy measures.

Any information shared or collected through our service is secured against theft or manipulation. We operate read and write access controls to data on a need-to-know basis with the least privilege. Cybersecurity measures such as defense-in-depth are set up in the infrastructure to prevent unauthorized access. Encryption is used for both data at-rest and in-transit to preserve confidentiality. Load balancers, a reverse proxy, and database replicas support service and data availability.

Virtual private clouds are used for proper segmentation and isolation of our internal systems. Our employees are trained to handle PHI according to HIPAA guidelines and are required by law not to disclose sensitive information to anyone outside of the scope of their work. We conduct regular HIPAA compliance audits to ensure that our systems are secure and following recommended practices.

Our Security Operations Center (SOC) is set up and controlled through our cloud provider, with firewalls, intrusion detection software, with traffic logging through a security information and event management system (SIEM). This allows 24/7 monitoring of all activities, implementation of machine learning to detect abnormalities, and custom malware that does not show up in signature detection; this also leaves an audit trail for analysis.

We are compliant with all requirements of Federal and State laws concerning the confidentiality of patient information.

We utilize Heroku, a cloud platform provided by Salesforce, to store and process data related to our services. Heroku provides a secure and reliable infrastructure for hosting web applications and databases. By using Heroku, we ensure that your data is stored in a controlled and monitored environment.

We are committed to protecting the confidentiality and integrity of the data stored on Heroku. To safeguard your information, we implement a range of security measures, including but not limited to:

• Encryption: Data transmitted between our servers and Heroku is encrypted using industry-standard protocols to prevent unauthorized access during transit.
• Access Controls: Access to the data stored on Heroku is restricted to authorized personnel only. We implement strict access controls and regularly review permissions to minimize the risk of unauthorized access.
• Firewalls and Intrusion Detection: We employ firewalls and intrusion detection systems to monitor and block malicious activities, providing an additional layer of security for the data stored on Heroku.
• Regular Audits and Monitoring: Our systems are subject to regular security audits and monitoring to identify and address potential vulnerabilities promptly.

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy. The specific retention period may vary based on legal requirements, the nature of the data, and the purposes for which it was collected.

While we use Heroku for data storage, it's important to note that Heroku is a third-party service provider, and its own terms of service and privacy policy apply. We recommend reviewing Heroku's documentation and policies to understand how they handle data.

In the event of a data breach that affects your personal information stored on Heroku, we will comply with all applicable legal requirements. We will promptly investigate the breach, take necessary remedial actions, and notify you and the relevant authorities as required by law.

We may update our security practices over time to adapt to new technologies and industry standards. Any material changes to how we store and protect data will be communicated to you through our notification procedures outlined in this privacy policy.

In the event of a data breach that compromises the security of your personal information stored on Heroku, we are committed to taking swift and transparent action. This section outlines our notification procedure to keep you informed about the breach.

• Detection:We employ security measures and monitoring systems to promptly detect any unauthorized access or potential data breaches.
• Investigation:Upon detecting a data breach, our team initiates a thorough investigation to understand the scope, nature, and impact of the incident.

• Timing:We will notify affected individuals without undue delay after confirming the occurrence of a data breach and assessing its impact.
• Communication Channels:Notification may be delivered through one or more of the following channels:
  1. Email
  2. In-app notifications
  3. Direct mail (where applicable)

Our breach notification will include, to the extent possible:

• Description of the Breach:A clear and concise description of the breach, including the date and time of detection.
• Type of Data Compromised:Information on the types of personal data that were affected by the breach.
• Actions Taken:An overview of the remedial actions taken to address the breach and prevent further unauthorized access.
• Mitigation StepsGuidance on steps individuals can take to mitigate the potential risks associated with the breach.

In accordance with applicable laws and regulations, we will notify relevant data protection authorities of a data breach when required. This notification will be made without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach.

We are committed to keeping affected individuals informed about the progress of our response to the data breach. Updates may be provided through the same channels used for the initial notification.

We are committed to complying with the regulations governing Business-to-Administration (B2A) communication, particularly concerning text messaging. This section outlines how we handle your personal information concerning text messaging:

Consent:By providing your phone number and opting into text messaging services, you consent to receive text messages from us regarding your account, transactions, updates, and promotions. You may opt out of these messages at any time by following the instructions provided in the messages.

Purpose:We will only use your phone number for the purposes outlined at the time of collection, which primarily include providing you with relevant information about our products, services, and your account.

Security:We employ industry-standard security measures to protect your phone number and the messages we send to you. However, please be aware that no method of transmission over the internet or electronic storage is completely secure.

Data Sharing:We do not sell, trade, or otherwise transfer your phone number or text messaging data to third parties unless we have obtained your explicit consent or are required by law to do so.

Data Retention:We will retain your phone number and text messaging data for as long as necessary to fulfill the purposes outlined in this privacy policy or as required by law.

Updates:We reserve the right to update this privacy policy to reflect changes in our practices or legal requirements. We will notify you of any material changes to this policy via text message or other means of communication.

By using our text messaging services, you acknowledge that you have read and understood this privacy policy and agree to its terms. Message and data rates may apply.

If you have any questions or concerns about our text messaging practices or this privacy policy, please contact us at 888-260-6543

We may send the following to you by e-mail or SMS:

• Information to assist you with collecting medical information
• Responses to questions about our services
• Acknowledgement of service that you request
• Informational updates
• Instructions for completing forms
• Acknowledgement of records and information received
• Appointment notifications/confirmations
• Billing Information
• Responses to your questions

No privacy policy can fully protect you when you send by email Personally Identifiable Information, family health/genetic information, feedback or other information to any web-based service. You may also choose to provide information to us by telephone, fax, or by mail.

You have the right to a copy of your record with us and you may request addendums to such record if necessary. Up to 10 pages of records in our possession will be available to you at no cost. Any costs incurred in retrieving medical records (should you request our assistance) may be billed to you, after discussion with you and with your permission.

You also have the right to an accounting of your health information and the right to request restrictions on the release of your health information. We ask that you submit your request for a specific restriction in writing and indicate to whom you would like the restriction to apply.

We reserve the right to transfer or sell portions of our business in developing our business; in doing so, user/client information may be securely transferred.

The information contained on this website (including text, graphics, logos, icons, and images) and the format of this website are proprietary to and copyrighted by us, and may not be copied, reproduced, altered, distributed, stored, sublicensed, sold, displayed or otherwise used, in whole or in part, without written permission from us. Users may make temporary single copies of forms and website pages (on a single computer) as are necessary to browse the website, for personal use and to collect and provide personal information for the purpose of conferring with us, as long as all copyright or proprietary information remains intact. Requests for permission to use copyrighted materials should be made through the Contact Form on our website or in writing.

For your information and convenience our website provides links to websites operated by organizations other than our service. We do not provide personally identifiable information to these sites. We do not endorse these sites nor are we responsible for the privacy practices of these sites. The Privacy Practices of linked sites are outlined on each website.

You the user of this website, agree to hold harmless, our service and its directors, employees, and other agents from any claim arising from the use of this website.

You understand and agree that the owners of this site shall not be liable for any direct, indirect, incidental, consequential, or exemplary damages, including but not limited to, damages for loss of profits, data, or other intangible losses (even if the owners of this site have been advised of the possibility of such damages), resulting from the use or the inability to use the product(s) and or service(s) or any misuse of the product(s) and or service(s) in a manner not in accordance with their intended use.

You may contact us directly by email should you have any questions regarding our policies.

THE CONTENT OF OUR WEBSITE IS PROVIDED FOR GENERAL INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS, NOR SHOULD IT BE CONSIDERED A SUBSTITUTE FOR, PROFESSIONAL MEDICAL ADVICE. THE INFORMATION PROVIDED ON THIS WEBSITE IS PROVIDED ''AS IS'' AND ALL WARRANTIES, EXPRESS OR IMPLIED, ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, ACCURACY OF INFORMATIONAL CONTENT, OR NON-INFRINGEMENT. GUIDE GENETICS, ALSO KNOWN AS GENETIC COUNSELING SERVICES IS NOT LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, LOSS OF BUSINESS, LOSS OF PROFITS OR CONSEQUENTIAL DAMAGES, WHETHER BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT, NEGLIGENCE, PRODUCT LIABILITY OR OTHERWISE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. WE ASSUME NO LIABILITY FOR INTERRUPTIONS, ERRORS, COMPUTER VIRUSES OR OTHER HAZARDS RESULTING FROM YOUR USE OF THIS SITE. YOUR USE OF THE SITE IS AT YOUR SOLE RISK, AND YOU ASSUME FULL RESPONSIBILITY FOR ANY COSTS ASSOCIATED WITH YOUR USE OF THE SITE. ALTHOUGH EVERY EFFORT IS MADE TO ENSURE THAT THE MATERIAL WITHIN THIS WEB SITE IS ACCURATE AND TIMELY, WE MAKE NO WARRANTIES OR REPRESENTATIONS AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS, WHETHER THE CONTENTS ARE CURRENT, OR FREE FROM CHANGES CAUSED BY THIRD PARTIES. THE INFORMATION MAY NOT BE RELEVANT FOR YOUR INDIVIDUAL SITUATION AND MAY BE MISINTERPRETED. WE ASSUME NO RESPONSIBILITY FOR HOW YOU USE THE INFORMATION OBTAINED FROM THIS SITE. DO NOT USE THE INFORMATION ON THIS WEBSITE FOR DIAGNOSING OR TREATING ANY MEDICAL OR HEALTH CONDITION. IF YOU HAVE OR SUSPECT YOU HAVE A MEDICAL PROBLEM, PROMPTLY CONTACT YOUR PROFESSIONAL HEALTHCARE PROVIDER.