Our commitment to protecting your information.
We work hard to ensure that patients are in control of what information they want to learn or share. Sharing genetic and other information that has been stripped of personal identifiers is a powerful tool for clinical medicine and science. We refer to this kind of information as de-identified information. It can help accelerate understanding of genetic conditions, improve genetic testing, speed development of new treatments, and advance research that may one day lead to cures for a variety of diseases.
De-identified data: Who we share it with
What is de-identified data?
De-identified data is information that cannot be reasonably linked to a specific individual. HIPAA provides a safe harbor method for the de-identification of protected health information, which includes the removal of the following 18 identifiers:
- Specific geographical identifiers
- Dates (other than year) directly related to an individual
- Phone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health insurance numbers
- Account number
- Certificate/license number
- Vehicle identifiers and serial numbers (e.g., license plate numbers)
- Device identifiers and serial numbers
- IP address
- Biometric identifiers, including finger, retinal and voice prints
- Full face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
GCSA removes all of the identifiers listed above and takes further precautions around genetic information by ensuring any information shared includes:
- No more than 4 common genetic variants
- No more than 6 rare genetic variants
- No unique, large family relationship data
Once all of these identifiers are removed and precautions are taken, we believe that the de-identified data cannot reasonably be traced to you or used to identify you or your genetic information as an individual.
When does GCSA share de-identified data?
We share de-identified data in specific ways that help advance medical care and the clinical practice of genetics. For example, we share de-identified data about genetic variants we observe with a few carefully selected public databases to advance the understanding of genetic information. One such database is ClinVar, a centralized resource managed by the National Center for Biotechnology Information (NCBI) and the National Institutes of Health (NIH) that enables genetic testing laboratories to improve the practice of medicine by uncovering links between specific genetic variants and disease. ClinVar submissions include in which gene the variant was seen, variant description, classification of the variant (positive, negative, or uncertain), and explanation for why the variant was classified as it was. See an example ClinVar entry here.
Subject to applicable law, we may also share de-identified data through research collaborations with universities, hospitals, other laboratories, or companies (that, for example, are developing a treatment for a disease). For example, if a university research group is studying patients with variants in a specific gene, we may provide a list of the variants we’ve seen. The list might include the patients’ age range (in decade), gender, variant name, and how we classified the variant (positive, negative, or uncertain).
What are the benefits of sharing de-identified data?
Sharing de-identified genetic data is an essential component of the system by which laboratories assess and improve the quality of the genetic testing they provide. It can also significantly accelerate medical research for both individual patients and society as a whole.
In addition to patients owning and controlling their genetic data, GCSA also believes that genetic information is more valuable when shared. We encourage patients to choose to share their de-identified genetic variants with the medical and scientific community to help accelerate our understanding of genetic conditions, improve genetic testing, find new therapies, and eventually prevent disease.
Setting your data sharing preferences
How can someone tested with GCSA set their data sharing preferences?
The easiest way to set your data sharing preferences is by logging into the Preferences section of your GCSA portal account. For all GCSA testing excluding sponsored testing programs (see below), you may opt out of (or, in certain regions, including the European Union, opt in to) sharing certain de-identified data. If you cannot create an online account, you can also inform GCSA of your preferences in writing.
Opting out means that GCSA will no longer share your de-identified data in accordance with your preference settings. However, we cannot withdraw or reverse the sharing of any de-identified data that may have been disclosed prior to you opting out.
How can Patients Insights Network users change their preferences?
If you have chosen to share information through a GCSA Patient’s Intranet Network (PIN), you can change your sharing preferences or ask to withdraw your information from the PIN in full at any time. Simply log in to your PIN account to update your preferences. De-identified information shared between the time that you initially agreed to share your information and when you update your preferences to no longer share data cannot be recalled.
Setting your contact preferences
How can someone tested at GCSA set their contact preferences?
We may contact you about other GCSA products and services we believe may be of interest to you. To request that we only send you notifications about specific topics, please update your settings within your GCSA portal account. To request that we send none of these notifications to you, either update the settings within your account or click on the unsubscribe link at the bottom of any GCSA email.
Your contact preferences have no bearing on receiving your test results; you may not opt out of non-promotional messages regarding your account or service-related emails.
How we protect the information of people who receive testing through GCSA’s service
How does GCSA protect my information?
As a healthcare company, we are subject to and fully comply with the privacy and security requirements under HIPAA. We take great care to use technical, administrative and physical safeguards to secure your personal information and protect it against misuse, loss or alteration. Information that you provide through our websites is encrypted using industry-standard secure sockets layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access.
You play a vital role in protecting your information. Please refrain from emailing us any sensitive information. Please also be sure to choose a secure password when registering for a GCSA portal account and never reveal this password to any third-parties. Immediately notify us if you become aware of any unauthorized access to your account so we can disable it.
Additional information about your data and rights can be found on the following forms:
If you have any questions, concerns or complaints about GCSA’s privacy practices, please contact us at firstname.lastname@example.org