“Here at OneOme, the privacy and security of your genetic information is our top priority. Genetic tests have great potential to improve your health. We aim to provide a solution to help your physician prescribe safer and more effective medications without you having to worry about your privacy and security.”
Paul Owen, CEO
Your genetic information contains sensitive information about you. For example, from a test that analyzes your genome you can learn information about your likelihood of developing certain diseases, your ethnicity, your relatives, your carrier status, and your response to drugs. (Note: OneOme’s test predicts your response to drugs. Although our test is not intended to diagnose any hereditary disease or risk, we will report secondary findings for certain genetic results, so that you have an opportunity to discuss these findings with your doctor.) In addition, the genome itself is a unique identifier for you — no one else has the same one as you. While there are clear clinical benefits to genetic testing, it also introduces new risks to patient privacy, and patients are potentially vulnerable to the misuse of their genetic information. While there are laws that protect patients from health insurance companies and employers using genetic information to discriminate against them, there are still concerns about the use of genetic information to discriminate against applicants for life and disability insurance. For this reason, it’s important that you only work with companies that are committed to safeguarding your genetic information.
Laws and policies have been developed and passed to protect the privacy and security of your genomic information. In 2008, Congress passed the Genetic Information Nondiscrimination Act (GINA) to restrict health insurance companies and employers from accessing an individual’s genetic information, as well as to prohibit genetic discrimination. The passage of GINA makes it illegal for health insurers or employers to request or require genetic information of an individual or of any family members. Additionally, some states have even more comprehensive laws than GINA. To learn more, visit GINAhelp.org.
In addition to GINA, there is the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA protects patient privacy by restricting the sharing of your medical information. The HIPAA Privacy Rule establishes protections to maintain the confidentiality of patients' individually identifiable health information. This information is called Protected Health Information (PHI) and includes things like your name, address, and social security number. There are limits on when and with whom OneOme may share PHI. To learn more go to Your Health Information Privacy Rights.
At OneOme, we recognize that you have entrusted us to keep your data safe and secure. To accomplish this we have implemented strict policies, processes, and technologies along with identifying a data security and privacy officer who ensures we maintain a high level of data security.
POLICIES AND PROCEDURES
Data security starts with clear policies and procedures that assure implementation of all the necessary security controls and measures. At OneOme, we implemented over 30 different policies and procedures related to data security alone. Beyond implementing these policies, we perform regular audits to make sure we are following these necessary processes and procedures.
SYSTEMS AND SERVERS
Our systems, servers, and workstations have strict requirements that meet or exceed the required HIPAA data security standards. As an example, all your genetic and personal information is always encrypted using the industry standard encryption called AES-256. All servers that host OneOme’s applications and databases can only be accessed by a small number of OneOme employees using private digital keys, which means the password can’t be stolen.
To protect and minimize access to your data, we’ve implemented strict authorization policies for our applications and workstations so that only employees who require access to protected health information for their job can access your data. In addition, all actions and data accessed is logged so we can review the history if concerns arise. Apart from those employees who require access in order to perform their job for and on behalf of you, you can also rest assured that only you and your doctor have access to your test results.
In addition to meeting the highest security standards to protect your personal information, OneOme is an accredited laboratory which means that it meets the highest quality standards assuring the soundness of your test and genetic results. Our clinical laboratory is certified under the Clinical Laboratory Improvement Amendments (CLIA) and has achieved accreditation by the College of American Pathologists (CAP). CLIA and CAP have established rigorous quality standards for laboratory testing for the purpose of diagnosis, prevention, or treatment of disease, or assessment of health, and OneOme has met these guidelines. Our licenses and certifications can be found at oneome.com/licensing.
The primary focus of the OneOme RightMed® test is to provide your doctor with information on how your DNA may affect your response to drugs. The OneOme RightMed pharmacogenomic test is not intended to provide information about disease predisposition, paternal status, ethnicity, hereditary, or ancestry information. However, OneOme will report secondary findings for certain genetic results so that you have an opportunity to discuss these additional findings with your doctor. To learn more about this please consult our terms of service are available at oneome.com/terms.
OneOme keeps your DNA sample for up to 60 days from the date your report was released to your doctor for purposes of quality assurance and it may also conduct follow up testing by order from your doctor.