Prostate Cancer Genetic Risk Score Privacy Policy

Updated March 15, 2019

Introduction
NorthShore University HealthSystem (“NorthShore” or “Us” or “We”) treats your privacy as a top priority. We recognize how important it is to keep your information secure and confidential. This Privacy Policy describes how We collect, maintain, use, protect, and disclose data that we collect from you. By accessing or using our services, you accept our practices as described in this Privacy Policy. If you do not agree with our practices and policies, you can choose not to access or use our services. This Privacy Policy is applicable to all new and existing users. Capitalized terms not defined in this Privacy Policy have the same meaning as those in our Product Terms and Consent.
To help you make sense of this policy, here are a few key points that you should know:
  • We collect a number of types of data from and about you. We do so from Helix OpCo, LLC, from Genome Medical, and from you directly.
  • You have a number of ways to control how we collect, use, and store your information. We describe these ways throughout this policy.
  • We use your information to provide you our services and improve them over time. We only use the genetic information that you have allowed Helix to share with us.
  • We outline some cases in which we may share your information without your explicit consent. For instance, we may need to do so to comply with a valid legal order (e.g. a warrant). If we are allowed, we will notify you in advance of this sharing. Otherwise, we will only share your information with your consent.
What Information Do We Collect?
We collect various types of information from and about users of our services:
  • Account Information. You must provide certain information when you create an account in order to receive our services (“Account Information”). This information may include your name and email address. Your account information also includes records and copies of any correspondence with you.
  • Health Information. We ask Helix to provide Us data about your personal and family medical history from a health history questionnaire. We will not combine your Product Genetic Information with your NorthShore medical record, if you have one.
  • Product Genetic Information. We ask Helix to provide us the portions of your Helix genetic data that we need to give you your prostate cancer GRS and improve the prostate cancer GRS product over time.
Browser Data & Log Information. Like most websites, when you connect with Us online, NorthShore’s servers automatically and temporarily store the following information in the server log files. This information is provided by your browser, unless you have deactivated the function.
  • IP address of the enquiring computer
  • File query
  • The http response code
  • The Internet page from which you visited us (referrer URL)
  • The time of the server query
  • The browser type and version
  • The operating system used on the enquiring computer
The server log files are not analyzed with respect to individuals. We do not intend to utilize this information to identify specific individuals.  
As is standard practice on many websites, NorthShore and our service providers may use certain tracking technologies, including cookies and web beacons, to collect information about you when you interact with us over the internet. We use cookies and other tracking technologies to study traffic patterns on our websites, to improve their functionality and usability as well as to improve the effectiveness of our communications with users. We may also use cookies to customize your experience and provide greater convenience to you during your interactions with the websites. If you prefer not to enable cookies or to disable them, you may do so through your web browser’s security settings. Please note that certain features of the website may not be available once cookies have been disabled.
If you use a mobile device to access our website, we may collect information about the mobile device, including the hardware model, operating system and version, unique device identifiers and information about your use of our application. 
Minors. Our services are not intended for anyone under 18 years of age. We do not knowingly collect personal information from or on behalf of someone under 18. If you are under 18, do not provide any information about yourself to us. If we learn we have collected or received personal information from or on behalf of someone under 18, we will make commercially reasonable efforts to remove the information and/or user account and not make future use of that information to contact a minor. If you believe we might have any information from or about someone under 18, please contact us at geneticriskscore@northshore.org or (224) 364-7696.

How Do We Use Your Information?
NorthShore will use information that we collect about you or that you provide Us only as described in this Privacy Policy and in our Notice of Health Information Practices.
Although NorthShore is not providing medical services to you with respect to the provision of your GRS, we are committed to protecting your information in the same manner that we protect our patients’ medical information. NorthShore will only use or disclose the information we collect from you in accordance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (collectively, “HIPAA”).  For information about our privacy practices with respect to medical information and our obligations under HIPAA, please see our Notice of Health Information Policies. NorthShore will not use your information for any marketing purpose without your express written consent.
We may choose to perform research that may be published in academic journals. We will only use your data for such research if you give us your separate consent. We will ask for that consent through our Research Consent. The Research Consent will have been approved by an Institutional Review Board (IRB). You can choose to decline taking part in this research. Your choice will not affect any services or opportunities you may otherwise be entitled to.
Product Genetic Information. With your consent, Helix shares your Product Genetic Information with Us so that We can deliver your prostate cancer GRS and improve the prostate cancer GRS product over time. Helix’s Privacy Policy will govern Helix’s collection, use, processing, storage, disclosure and transfer of your Genetic Information. You should review Helix's Privacy Policy with care.
Your Genetic Information may be combined with that of other users as “Aggregated Genetic Information.” Aggregated Genetic Information does not include any data that would reasonably permit someone to identify you individually. NorthShore may use Aggregated Genetic Information for its internal business purposes, such as to improve our products and data quality processes. Aggregated Genetic Information may also be used for our promotional purposes. This could include describing users of our Services in general terms (e.g., “on average, 2% our users have a given result”).

When Do We Share Your Information?
We only disclose your information: (1) as stated in this Privacy Policy; or (2) as authorized by you in writing; or (3) as set forth in our Notice of Health Information Practices.
We will disclose your information to regulators and law enforcement only if we are compelled by law to do so. When we are allowed to do so, we will let you know when we must share your information. For more information about permitted uses and disclosures, please see our Notice of Health Information Policies.
We will only share your information with your regular NorthShore physician if you authorize us to.

What Choices Do You Have About How We Use and Share Your Information?
We strive to provide you with choices about the information you provide to us. We have the following mechanisms to give you the following controls over your information:
Tracking Technologies and “Do Not Track.” You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our website may not be accessible or not function in the proper way. NorthShore relies on third party ad networks to deliver relevant advertising messages on our behalf. Because we do not deliver or track online ads we currently do not “listen” or respond to your selection of the “Do Not Track” option provided by your browser.
Google Analytics. NorthShore utilizes Google Analytics to better understand our audience and users, to improve our marketing campaigns, and to enhance our services. You can learn more about Google Analytics’ privacy choices or opt out at any time from their site.
Sharing Genetic Information with Others. It is your choice whether and with whom to share your Genetic Information. This Privacy Policy focuses on how NorthShore handles your Genetic Information to protect your privacy. However, you may also choose to share your Genetic Information with others yourself. You should be careful about doing so.

How Do You Access, Correct or Remove Your Information?
We will retain your Product Genetic Information and Health Information for as long as necessary to fulfill the purpose for which it was collected, or for other necessary purposes such as complying with our legal obligations. Retention periods vary depending on the type of information and how it is used. The criteria we use to determine the appropriate retention periods include:
  • How long we have a relationship with you and provide services to you.
  • Whether there is a legal, contractual or similar obligation that requires us to keep your information for a certain period of time.
  • Whether you have consented to retention of your information for a longer period of time.
  • When we no longer need to use or retain your personal information, we may remove it from our systems.
Subject to applicable law, you may have the right to request that NorthShore erase or delete all or some of your information. To make or inquire about such a request, please contact us at geneticriskscore@northshore.org or (224) 364-7696. 

How Do We Keep Your Information Secure?
NorthShore uses reasonable physical, technical, and administrative measures to protect your personal information, including your genetic information. Although we strive to keep your information secure, no safeguards can be guaranteed to be completely secure, so you should exercise caution when transferring personal information over the internet.  The security of your information is important to us.  We constantly review our security practices to ensure that your data is maintained securely.

Changes to Our Privacy Policy
If we make material changes to how we treat our users’ personal information, we will notify you by email to the email address specified in your account. You are responsible for ensuring we have an up-to-date, active and deliverable email address for you.

Questions or Comments
To ask questions or comment about this Privacy Policy and our privacy practices, you may contact us at geneticriskscore@northshore.org or (224) 364-7696.

References
  1. US Preventive Services Task Force, et al., Screening for Prostate Cancer: US Preventive Services Task Force Recommendation Statement. JAMA 319, 1901-1913 (2018)
  2. American Academic of Family Physicians, et al., Prostate Cancer: Clinical Preventative Service Recommendation  Clinical Preventative Recommendation
  3. American Urological Association, et al., Prostate Cancer: Early Detection (2013; reviewed for currency 2018). https://www.auanet.org/guidelines/prostate-cancer-early-detection-(2013-reviewed-for-currency-2018)