This notice is effective as of May 21, 2021
This notice describes how medical information about United States residents may be used and disclosed and how you can access this information. Please review it carefully.
GRAIL, Inc. (“GRAIL,” “we,” or “us”) is required by law to provide individuals with notice of its legal duties and privacy practices with respect to your “Protected Health Information” or “PHI” (defined below). This Notice of Privacy Practices (“Notice”) describes how we may use and disclose your PHI to carry out treatment, payment, or health care operations, and for other specified purposes that are permitted or required by law.
GRAIL and the members of its workforce are committed to protecting the privacy and confidentiality of your personal information, genetic information, and laboratory test results.
GRAIL is required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), to maintain the privacy and security of your PHI and to provide you with a notice of our legal duties, our privacy practices, and your patient rights.
Whenever we use or disclose your PHI, we are required to abide by the terms of this Notice.
PHI is information about you, including your demographic information, that relates to your physical or mental health condition or health care provided to you. PHI can include your medical history, laboratory results, insurance information, and other health information that is collected, generated, used, and communicated by GRAIL to produce genetic testing results and bill for our testing services. Examples of PHI include your name, date of birth, medical record number, social security number, insurance beneficiary number, and genetic information.
GRAIL may use or disclose your PHI for the following purposes:
You have the following rights with respect to your PHI. To exercise any of these rights, please contact our Privacy Officer using the contact information provided at the end of this Notice.
GRAIL is required by law to notify you following the discovery that there has been a breach of your unsecured PHI, unless GRAIL reasonably determines, after investigating the situation and assessing the risks presented, that there is a low probability that the privacy or security of your PHI has been compromised. You will be notified in a timely manner, no later than sixty (60) days after discovery of the breach, unless state law requires notification sooner.
GRAIL reserves the right to amend our privacy practices and the terms of this Notice from time to time, provided such changes are permitted by applicable law. When changes are made, we will promptly post the updated Notice on the GRAIL website. Please review this website periodically to ensure that you are aware of any updates.
If more than one law applies to this Notice, such as a more stringent state law, we will follow the more stringent law.
If you have any questions or comments about our privacy practices or this Notice, or if you would like a more detailed explanation about your privacy rights, please contact our Privacy Officer using the contact information provided at the end of this Notice.
If you believe that we may have violated your privacy rights, you may submit a complaint to our Privacy Officer. You also may submit a written complaint to the U.S. Department of Health and Human Services (“HHS”). We will provide you with the address to file your complaint with HHS upon request.
GRAIL will not take retaliatory action against you, and you will not be penalized in any way,if you choose to file a complaint with us or with HHS.
When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Officer using the following contact information:
Attention: Privacy Officer
1525 O’Brien Drive
Menlo Park, California 94025
By email: firstname.lastname@example.org
By telephone: 833−694−2553