Data Privacy and Security

Genos uses a range of physical, technical, and administrative procedures to protect the privacy of your personal information, including your Genetic Data & Participant Content. Our Privacy Policy outlines how Genos protects your privacy while conducting business, such as providing our services to you.

Just as Genos aims to minimize the chances of a privacy breach while conducting its business, Researchers have their own policies and procedures to minimize the chances of a privacy breach while conducting research. Here are the main ways we protect your privacy:

  • Researchers and their Sponsoring Institutions sign agreements with Genos restricting what they can do with Genetic Data & Participant Content
  • Researchers who conduct Studies (and their Sponsoring Institutions) do not have access to your Registration Information (name, street address, phone number, email address, user ID, password, or credit card)
  • Researchers who interact with Participants can do so only through our Site
  • To minimize the chance that an external person can determine that any particular Participant is part of a Study, Researchers (and their Sponsoring Institutions) would either
    • publish only aggregated or derived results or statistics with respect to Genetic Data & Participant Content pooled across multiple Participants or
    • publish only very limited, non-identifying information of a single Participant to the extent any individual-level Genetic Data & Participant Content is published
  • All Genos employees are trained on how to work with individuals participating in human research. Researchers are also trained on how to conduct research responsibly

In 1996, Congress passed the Health Insurance Portability and Accountability Act (“HIPAA”) which, among other provisions, addresses the privacy of individually identifiable health information and the security of electronic protected health information (“PHI”). While significant changes have been made to HIPAA since its initial passage into law, the fundamental provisions governing the privacy and security of health information have remained largely the same:

  • Entities that furnish healthcare services, or that bill or receive payment for healthcare services, are called “covered entities”
  • Covered entities (and the entities that assist them, so-called “business associates”) must take certain steps to protect individuals' medical records and other personal health information, including:
    • Establishing safeguards to protect the privacy of PHI, typically by “de-identifying” PHI
    • Placing restrictions on the use and disclosure of PHI without authorization
    • Affording individuals rights to certain information related to their health information
    • Adopting appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of electronic PHI

Genos does not provide healthcare services to you, nor does it anticipate assisting any third party that may be providing such services to you, and your Genetic Data & Participant Content is not likely to be part of a medical record. Genos is not a “covered entity” or a “business associate” and is not subject to HIPAA or its implementing regulations. However, we understand the importance of keeping your Genetic Data & Participant Content private and secure. We have adopted administrative, physical and technical safeguards to protect the confidentiality, integrity and security of your personal information. No such measures are foolproof; we cannot guarantee the privacy and security of your personal information, and we have described the risks to you elsewhere in this document and the Privacy Policy if your personal information is disclosed. But we believe our policies and procedures minimize the risk of any unintended disclosure.