Your Privacy is Important to Biocept
Last updated: July 2022
What information may be collected by Biocept?
Limited personal identifiable patient data may be collected such as name, address, phone number, date of birth, gender, social security number, physician chart identification number, insurance data, billing address and laboratory tests and results (“Patient Data and Physician Data”).
Certain personal identifiable information regarding you and your data may be viewed by physicians utilizing Biocept’s services. This information may also be collected on or transferred to our secure Physician WebPortal Site in which your physician may retrieve your test results.
Users of the Physician WebPortal Site are required, for HIPPA and security purposes, to provide a unique username and user password.
Most internet browsers are set to automatically accept cookies. Depending on your browser, you can set it to warn you before accepting cookies, or you can set it to refuse them. Please refer to the ‘help’ button (or similar) on your browser to learn more about how you can do this. Disabling cookies may impact your experience on our websites. If you use different devices to access our websites, you will need to ensure that each browser of each device is set to your cookie preference. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website. You can change your cookie settings at any time.
How does Biocept use your information?
Your information is kept strictly confidential, and we do not sell it.
The collection of Patient Data and Physician Data by Biocept is required primarily for placing an order for laboratory tests, facilitating the interpretation and return of the result, and to provide billing information so that third party payers have sufficient information to enable payment for services rendered. These data are supplied to Biocept by the requesting physician and/or their staff.
Be advised that neither Biocept’s website nor its employees or representatives will ever ask for a user password in an unsolicited phone call or e-mail – and you should not disclose your user password to any unauthorized third party under any circumstances.
What physical and technical security is in place to protect information disclosed to Biocept?
Biocept hosts the Physician WebPortal Site internally. Personal data from those who have signed up is stored in a secured database on Biocept’s premises. Biocept has a non-disclosure agreement with each of its employees and contractors regarding all information created or collected on Biocept premises. Relationships with technology partners do not in any way compromise the integrity or confidentiality of Site users’ personal information.
Biocept maintains the highest standards in securing and controlling all data housed within our Data Center. Patient Data and Physician Data are only accessible to authorized users. Ours is a highly secure system that meets or exceeds all of the standards and requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Firewalls, encryption, digital certificates, and authentication through user ID and passwords protect every element of our solution.
To protect access to all sensitive information, the Biocept system is configured with leading encryption technology. The same level of security as online banking protects the Biocept system, using secured socket layering (SSL) with 128-bit encryption for all data transmissions. Access to data will only be permitted with proper presentation of a unique user name and password. It is the end user’s responsibility to protect the integrity and secrecy of these assigned identification codes.
Given the nature of the Internet, we cannot warrant or represent that Patient Data or Physician Data is fully protected against loss, misuse or alteration by third parties, such as determined hackers. Biocept utilizes state-of-the-art hardware and software firewalls to prevent unauthorized access to our data systems. When transmitting Patient Data or Physician Data to user browsers over the Internet, our encryption measures ensure that only the end-user would receive the data in a legible format. Interception of transmissions without appropriate authentication would result in unintelligible data.
Does Biocept abide by HIPAA Regulations?
Biocept will maintain the confidentiality of all Patient Information in accordance with applicable federal and state laws and regulations, including, but not limited to, HIPAA. Biocept recognizes our responsibilities to the patients, physicians and laboratories that utilize our services pursuant to HIPAA and commits to aid all parties in guaranteeing their full compliance with this federal statute and the regulations promulgated to implement it.
Our Site is not directed to children (individuals under the age of 18). We do not knowingly collect, maintain, or process children’s Personal Information unless the child’s parent or guardian consents and provides the information. If we determine that we have received a child’s Personal Information from a source other than the child’s consenting parent/guardian, we will immediately delete the information.
“Do Not Track” Signals
Your browser may offer a Do Not Track (DNT) setting. If you turn that setting on, your browser sends a signal to websites indicating that you don’t want to be tracked over time or across third party sites. We don’t currently respond to these signals because there is not yet a common understanding of how to process them or a consensus on what “tracking” means.
Your Rights and Choices
Opt-Out Of Marketing Communications
You may opt-out of our marketing emails by using the unsubscribe link provided in the email.
If you are a California resident, you may have additional rights as described below.
Links to Third Party Sites
Third Party Direct Marketing
We don’t share Personal Information with third parties for their direct marketing purposes.
How We Share Personal Information
We may share Personal Information with contractors, service providers, and other vendors who assist or support us in providing the Services. Examples of these third party services may include hosting of our Services, storing data, performing analytics, processing payments, or sending marketing communications. Our agreements with vendors prohibit them from retaining, using or disclosing the Personal Information we share with them for any purpose other than providing services to us.
Mandatory Disclosures And Legal Proceedings
Change In Control Or Merger
We may transfer your information in the event of the sale of substantially all of the assets of our business to a third-party or in the event of a corporate merger, consolidation, acquisition or reorganization. However, in such event, any acquirer will be subject to the provisions of our commitments to you or we will not disclose your information.
With Your Direction Or Consent
We will share your Personal Information with other third parties, such as your physicians or health care providers, as you may direct or otherwise consent.
California Residents (CCPA Statement)
This statement makes additional disclosures to California residents (i.e., “consumers”), and describes rights they have, under the California Consumer Privacy Act of 2018, as amended.(the “CCPA”). You can learn more about the CCPA here: https://oag.ca.gov/privacy/ccpa
The rights described in this statement may not apply if you are interacting with us on behalf of an organization that is our customer, vendor or partner, or if the information is subject to regulation under HIPAA or its state equivalent.
Collection Of Personal Information
The categories of Personal Information we have collected about consumers in the past 12 months are as follows:
|Categories of personal information we collect||Business purposes for which information may be used or disclosed||Parties with whom information may be shared|
|Identifiers such as your name, phone number, and address, email, as well as unique identifiers tied to the Account, browser, application, or device you’re using.
Demographic information, such as your age, gender and language.
Health information, such as prescriptions, lab tests, and lab results.
Financial information, such as your payment information, a history of purchases you make with us, and your insurance information.
Internet, network, and other activity information such as information about the interaction of your apps, browsers, and devices with our Site.
|Providing Services: Patient Data and Physician Data by Biocept is required primarily for placing an order for laboratory tests, facilitating the interpretation and return of the result, and to provide billing information so that third party payers have sufficient information to enable payment for services rendered. These data are supplied to Biocept by the requesting physician and/or their staff.
Protecting against security threats, abuse, and illegal activity: Biocept uses and may disclose information to detect, prevent and respond to security incidents, and for protecting against other malicious, deceptive, fraudulent or illegal activity or harm to the rights, property or safety of Biocept, our users, or the public as required or permitted by law.
Research and development: Biocept uses information to improve our services and to develop new products, features, and technologies that benefit our customers or you.
Law enforcement or other third parties, for the legal reasons described in “How does Biocept use your information?”
Sale Or Disclosure Of Personal Information
We don’t sell consumers’ Personal Information.
Within the past 12 months, we disclosed the following categories of Personal Information for a business purpose (to the categories of recipients listed):
- Identifiers (to physicians and their staff)
- Demographic Information (to physicians and their staff)
- Health Information (to physicians and their staff)
- Device/Browser Information (to our vendors)
- Internet Activity (to our vendors)
Your Rights As a Californian
California residents have the right to make the following requests to covered businesses. The requests may be made by a consumer, by a consumer on behalf of the consumer’s minor child, or by a person authorized by the consumer to act on the consumer’s behalf.
Right To Request Information About Collection, Disclosure or Sale of Personal Information
You have the right to request that a business disclose to you: (i) the categories and specific pieces of Personal Information the business has collected about you within the past 12 months, (ii) the categories of sources from which the Personal Information is collected, (iii) the business or commercial purposes for collecting or selling Personal Information, and (iv) the categories of third parties with whom the business shares Personal Information.
If a business sells Personal Information, or discloses it for a business purpose, you also have the right to request that the business disclose the following with respect to the 12-month period preceding your request: (i) the categories of Personal Information that the business sold about you and the categories of third parties to whom the Personal Information was sold, and (ii) the categories of Personal Information that the business disclosed about you for a business purpose.
This type of request may be referred to as a “Request to Know.” Before we can honor a Request to Know, we need to verify that the person making it is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized disclosure.
Right to Request Deletion of Personal Information
You have the right to request that a business delete any Personal Information that the business has collected from you. This type of request may be referred to as a “Request to Delete.”
Before we can honor a Request to Delete, we need to verify that the person making the request is the consumer whose Personal Information we have. Our method for verifying any particular request weighs information we receive as part of the request, the sensitivity of the consumer information at issue, and the risk of harm to the consumer from unauthorized deletion.
We are not required to delete Personal Information if we still need it in order to complete the transaction for which the information was collected, provide a good or service requested by you (or that we reasonably anticipate based on our relationship with you), perform a contract with you, comply with a legal obligation, enable internal uses that are consistent with the context in which you provided the information, or accomplish any other objective recognized as an exception to the right to deletion under applicable law.
Right to Opt-Out of the Sale of Personal Information
You have the right to direct a business that sells Personal Information about you to third parties not to sell your Personal Information. This type of request may be referred to as a “Request to Opt-Out.” Because we don’t “sell” Personal Information as defined by the CCPA, we don’t offer an opt-out mechanism.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by a business for the exercise of your privacy rights under the CCPA.
How to Submit a Request To “Know” or “Delete”
You can submit a Request to Know or Delete to email@example.com. The request must state “CCPA Request” and include:
- your first and last name;
- an email address at which you can be reached for purposes of the request;
- the California county in which you reside;
- for a Request to Know, the disclosure(s) you are requesting;
- for a Request to Delete, a clear statement that you want us to delete your Personal Information; and
- the reason(s) you believe we have collected, disclosed or sold your Personal Information, specifically, within the past 12 months (for example, you purchased a product or received a communication from us)
If you are submitting a request on behalf of another consumer as their authorized representative, you must include the foregoing information about the consumer and attach a copy of a power of attorney appointing you as a duly authorized representative under California Probate Code sections 4000 to 4465 or written permission from the consumer to make the request.
After confirming receipt of your request, we’ll contact you if we need more information in order to verify it. If we can’t verify a request, we may deny it.
Changes To This Policy
Should you have any questions regarding this policy or privacy policies, please write to us at firstname.lastname@example.org.