Effective September 2019
By accessing or using our online services, you agree to this Policy. We may make changes from time to time, and it is your responsibility to periodically review this Policy for any changes. Your continued use of the online services after we make changes is deemed to be an acceptance of those changes.
In general, Tempus collects personal information that is necessary to provide you with certain online services or other services.
We collect several types of information from and about users of Tempus’ Services. This Policy describes the types of information we may collect from you or that you may provide, and our practices for collecting, using, maintaining, protecting and disclosing that information.
As used in this Policy, “Personal Information” means any information that may be used to identify an individual, such as your first and last name, Social Security Number, age, gender, postal address, e-mail address, telephone number, or other personally identifiable information. When you use Tempus’s Services, we may collect, use or disclose your Personal Information. It is entirely your choice whether or not to provide Personal Information through Tempus’s Services. If you choose not to provide requested Personal Information, you may not be able to use certain features of Tempus’s Services.
You can review and, subject to applicable laws, change your Personal Information by sending us an e-mail at firstname.lastname@example.org, or writing to us at 600 West Chicago Avenue, Suite 510, Chicago, IL 60654.
We may use or disclose your Information:
Certain features of our website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from and on our website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
Tempus’s website does not currently recognize “Do Not Track” signals sent by some browsers.
We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and accessibility of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via Tempus’s Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.
This website and Tempus’s Services are hosted in the United States and are intended for visitors located within the United States. Your use of Tempus’s Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use Tempus’s Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
Tempus’s Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through Tempus’s Services. We do not intentionally collect Personal Information from children through Tempus’s Services. If you are under age 13, do not use or provide any information on or through Tempus’s Services, including, but not limited to, your name, address, telephone number, e-mail address, user name or other. If we learn we have collected or received Personal Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information from or about a child under age 13, please contact us immediately at email@example.com.
Please contact us with any questions or comments about this Policy, your Personal Information or our Notice of Privacy Practices, or your consent choices by email at firstname.lastname@example.org or by mail to 600 West Chicago Avenue, Suite 510, Chicago, IL 60654.
THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Tempus Labs, Inc. (“Tempus,” “our,” “us,” or “we”) collects protected health information about you that is necessary to perform the genetic testing and other services we provide (“Services”). “Protected health information” or “PHI” is information about you, including demographic information, that may identify you and that relates to past, present, and/or future physical or mental health condition and related health care services.
We reserve the right to change the terms of this Notice from time to time, and any change will apply to all PHI we maintain. The current version of this Notice is available on our website and upon request. It is your responsibility to periodically review this Notice for changes.
If you have any questions about anything in this Notice, please contact our privacy officer at email@example.com.
Tempus is committed and required by law to maintain the privacy and security of your PHI. We are required to follow the terms of this Notice and, except as described in this Notice, will not disclose your PHI without your authorization. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. If you provide us with authorization to use or disclose your PHI for a specific purpose and later change your mind, please let us know in writing.
You have certain rights when it comes to your PHI. You have the right to:
Ask that we limit how we use or share your PHI for treatment, payment, or our operations. We are not required to agree to your request and may say “no” if it could affect your care. If you pay for a service out-of-pocket in full, you can ask us not to share that information for the purposes of payment or our operations with your health insurer, in which case we will say “yes” unless a law requires us to share that information.
Ask us to contact you in a specific and/or confidential way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests.
Ask for an electronic or paper copy of your medical record and other information we have about you. We will provide a copy or a summary of your health information. We may charge a reasonable, cost-based fee associated with producing copies of your medical records and other information.
Ask us to correct your protected health information that you think is incorrect or incomplete. We may say “no” to this request if we believe the change would violate any law or other legal requirement or would otherwise cause the information to be incorrect, but if that is the case we will explain why in writing.
Ask for a list (accounting) of times we’ve shared your PHI in the six years prior to the date of your request, who we shared it with, and why. We will include all disclosures except those disclosures related to treatment, payment, and our health care operations, and certain other disclosures, such as disclosures you asked us to make. We will provide one accounting to you in any twelve (12) month period free of charge. We may charge a reasonable, cost-based fee associated with producing additional accountings in any twelve (12) month period in which you have already received a free accounting.
Ask for a paper copy of this Notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy.
Your PHI may be used and disclosed for treatment, payment, healthcare operations, and other purposes permitted or required by law. If we wish to use or disclose your PHI for other purposes, we would have to obtain your authorization. We may, however, use or disclose your PHI without specific authorization or permission for certain purposes, including:
Treatment. We may use and share your PHI to provide and coordinate your treatment with medical professionals responsible for your care. For example, we may use your PHI to perform tests, or send your test results to your health care provider.
Payment. We may use and share your health information to bill and receive reimbursement from health plans or other entities. For example, we may provide information about you to your health insurance plan so it will pay for the services you receive.
Health care operations. We may use and share your data to support the operations of our business or contact you when necessary. For example, we may retain a copy of your health information for auditing purposes or to improve our Services.
Business associates. There are some services provided to us through contracts with business associates (e.g., billing services), and we may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To further protect your PHI, we require our business associates to appropriately safeguard your information.
Communication with individuals involved in your care or payment for your care. We may disclose your PHI to a family member, other relative, close friend, or any other person you identify that is directly relevant to that person’s involvement in your care or payment related to your care.
Protected health information of minors. As permitted by federal and state law, we may disclose PHI about minors to their parents or guardians.
Research activities. Researchers may be given limited access to your PHI so that they can develop research projects or identify patients who may potentially qualify to participate in research studies. We may otherwise use your PHI when it is in the form of a limited data set or once an institutional review board or privacy board has reviewed the research proposal and determined that your specific authorization or consent for the research use of your PHI is not needed in whole or in part.
Creating “de-identified” information. We may use your PHI to create “de-identified” information, which means that information that can be reasonably used to identify you will be removed. There are specific rules under the law about what type of information needs to be removed before information is considered de-identified. Once the information has been de-identified as required by law, it is no longer considered PHI, not covered by this Notice, and we may use it for any lawful purpose without further notice or compensation to you.
As required to comply with laws. We may disclose your PHI when required to do so by federal, state, or local law.
Law enforcement activity. We may disclose your PHI to law enforcement officers for law enforcement purposes as permitted by law or in response to a valid subpoena or court order.
Judicial and administrative proceedings. We may disclose your PHI in response to a court or administrative order, a subpoena, discovery request, or other lawful process by someone involved in a lawsuit or dispute with or against you.
Public health activities and threats to health and safety. We may disclose your PHI to public health or other legal authorities charged with preventing or controlling disease, receiving report of suspected abuse, neglect, or domestic violence, receiving reports of adverse reactions to medications or devices, notifying people of recalls of products, or otherwise preventing or reducing serious threats to the health and safety of you, others, or the public generally.
Health oversight activities. We may disclose your PHI to an oversight agency for activities authorized by law, including audits, investigations, and inspections necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Food and Drug Administration (FDA) activities. We may disclose your PHI to the FDA, or persons under the jurisdiction of the FDA, when the PHI is related to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Military or veteran affairs. We may disclose your PHI as required by military command authorities if you are or were a member of the armed forces.
Specialized government functions. We may disclose your PHI to units of the government with specialized functions such as the U.S. Military or the U.S. Department of State in response to requests authorized by law.
Correctional institutions. We may disclose your PHI to a correctional institution or its agents for your health and the health and safety of other individuals if you are or become an inmate in the correctional institution.
Worker’s compensation. We may disclose your PHI to the extent authorized by and the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Death. We may disclose your PHI to a coroner, medical examiner, or funeral director to identify a deceased person, determine the cause of death, or otherwise carry out their duties.
Organ tissue procurement organizations. We may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for tissue donation and transplant.
Other Uses and Disclosures of PHI
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above, including uses and disclosures of psychotherapy notes or PHI for marketing purposes, and disclosures that would constitute a sale of PHI. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
In some circumstances, your health information may be subject to additional state-level restrictions that limit or preclude some uses or disclosures described in this Notice. For example, many states have restrictions on the use or disclosure of certain categories of information like HIV/AIDS treatment, treatment for mental health conditions or developmental disabilities, or alcohol and drug abuse treatment. Similarly, state government health benefit programs may limit the disclosure of beneficiary information for purposes unrelated to the program. Some states have laws that specifically protect the privacy of your genetic information.
If you believe your privacy rights have been violated, you may file a complaint with us directly or with the Secretary of the Department of Health and Human Services by filing a complaint with the Office for Civil Rights. We will not retaliate against you in any way for filing a complaint.
Please contact us with any questions, comments, or complaints about this Notice, your rights and PHI, our use and disclosure practices, or your authorization choices by email at firstname.lastname@example.org, by mail at 600 West Chicago Avenue, Suite 510, Chicago, IL 60654, or by calling us at (800) 976-5448.