Tempus privacy and compliance policies

Last Modified April 8, 2026

At Tempus, we are committed to a future where every patient’s medical journey contributes to a broader understanding of disease. Our technology leverages advanced data-processing tools, including artificial intelligence, to help physicians develop data-driven, personalized treatment plans for their patients. And, the impact of patient data extends beyond the clinic. When patient data is de-identified, aggregated and analyzed, it becomes a powerful engine for discovery, helping researchers identify why certain therapies fail, how diseases evolve, and where the next medical breakthrough might be hiding. To do this work effectively and ethically, we rely on the use of de-identification techniques, which allow each patient’s experience to fuel scientific progress without identifying the individual behind the data.

Scientific advancement requires a vast library of information to find patterns that are invisible in a single patient case. By utilizing de-identified data, Tempus supports a global research ecosystem dedicated to shortening the path between a laboratory discovery and a life-saving treatment. This de-identified data helps life sciences companies and healthcare researchers do important work, like develop more and better therapies that can reach patients sooner through faster clinical trials. It also enables our own scientists to build genomic models that help doctors make more informed decisions about their patients. By learning from the collective experience of many, these insights help doctors move beyond a “one-size-fits-all” approach to more effectively identify the types of care that are right for a patient.

Medical research should not come at the cost of personal privacy. We ensure that the data used in these studies provides the necessary scientific context—such as genetic mutations or treatment history—without ever revealing the human being behind the data points.

Protecting patient privacy is a core pillar of our mission. Tempus is subject to the same privacy laws that apply to doctors and hospitals. We employ a rigorous de-identification process designed to meet and exceed the standards established by the Health Insurance Portability and Accountability Act (HIPAA). This process involves the use of advanced  techniques to systematically remove, modify or mask direct identifiers, including names, specific geographic locations, social security numbers, and full dates of birth. By converting identifiable health records into de-identified datasets, we ensure that the information remains “scientifically meaningful” for researchers but “personally anonymous” to the world. 

We utilize two primary de-identification methods: the “Safe Harbor” method, which removes 18 specific categories of identifiers, and the “Expert Determination” method, where statistical experts certify that the risk of re-identification is very small.

• The Safe Harbor Method: This is a prescriptive approach that requires the removal of 18 specific categories of personal identifiers. These categories include obvious identifiers—names, Social Security numbers, and medical record numbers—but also less obvious identifiers such as full zip codes, IP addresses, biometric identifiers (like finger or voice prints), and any dates directly related to an individual (such as exact birth dates or discharge dates). 
• The Expert Determination Method: Tempus also uses the Expert Determination de-identification method, engaging independent, third-party experts  who apply sophisticated  models to evaluate the data. These experts analyze the dataset to calculate the mathematical probability of re-identification. They then apply techniques such as data suppression (removing rare values), generalization (turning a specific age into an age range), and perturbation (adding slight statistical noise) until they can formally certify that the dataset qualifies as de-identified.
• Ongoing Validation: De-identification is not a “one-and-done” event. As new data is integrated into our library, our privacy and data science teams perform recursive checks. We constantly assess re-identification risks to test the strength of our de-identification, ensuring that as technology evolves, our protective measures evolve faster.

Beyond de-identification, Tempus safeguards your data through a defense-in-depth security strategy. All data is protected by high-level encryption both while it is being transmitted across networks and while it is stored in our secure cloud environments. We maintain strict access controls, ensuring that only authorized personnel with specific, audited roles can interact with our systems. To maintain our integrity as a trusted healthcare partner, we undergo regular, independent third-party audits and security assessments. These protocols are designed to stay ahead of emerging digital threats, ensuring that your information remains secure from the moment it enters our ecosystem. Researchers who would like to access the dataset must also agree to a set of stringent data use terms, similar to the data use agreements used by federal government agencies for sensitive datasets, to ensure that they do not attempt to re-identify or further disclose the data.

Health information is deeply personal. Tempus is committed to transparency.  If you have questions about how Tempus handles your data, your privacy rights, or our research practices, please do not hesitate to reach out to our privacy team.

Email: privacy@tempus.com

Last Modified April 8, 2026

The Tempus AI and Ambry privacy and compliance policies are listed below:

• Notice of Privacy Practices
• New York, Oregon, Alaska patients – Your Privacy Choices
• Privacy Policy (tempus.com only)
• California Compliance Statement (Tempus only)