Notice of Privacy Practices

Notice of Privacy Practices Under HIPPA for US Residents

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT UNITED STATES RESIDENTS MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Scipher Medicine Corporation (“Scipher”) is committed to protecting the privacy and confidentiality of your personal and health information.

The personal and health information that may identify you and relates to your past, present or future health condition, treatment, or payment for services is known as Protected Health Information, or PHI.

Our Responsibilities

Scipher is required by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) to maintain the privacy and security of your PHI and to provide you with a notice of our legal duties, our privacy practices, and your patient rights.

This Notice of Privacy Practices Under HIPPA for US Residents (this “Notice”) describes how we may use and disclose your PHI to carry out treatment, payment, and health care operations and for other specified purposes that are permitted or required by law.

Whenever we use or disclose your PHI we are required to follow the terms of this Notice.

I. Uses and Disclosures of Your Health Information

Scipher may use or disclose your PHI for the following purposes:

  • Treatment. We may use or disclose your PHI for purposes of providing your medical treatment. For example, we use and disclose your PHI to perform our diagnostic testing services and provide results to your physician and other health providers involved in your care.
  • Payment. We may use or disclose your PHI for purposes of billing and collecting payment for our services. For example, we may disclose PHI to your health plan in order to obtain payment for our services.
  • Healthcare Operations. We may use or disclose your PHI to facilitate our laboratory operations. For example, we may review your PHI internally as part of an audit to confirm quality of our services and accuracy of our testing.
  • As Required by Law. We may use or disclose PHI if required to do so by federal or state law.
  • Representatives and Individuals Involved in Your Care. We may disclose your PHI to friends or family members who are involved in your care, including those who are responsible for paying for your care. We may also disclose PHI to your personal representative, as established under applicable law, or to an administrator or authorized individual associated with your estate.
  • Communication about Products and Services. We may use and disclose your PHI to contact you about other Scipher products and services which we believe may be of interest to you. We do not disclose your PHI to third-parties for marketing purposes without your written authorization.
  • Disclosures to Business Associates. We may disclose your PHI to companies who provide serves to us. These business associates are required to protect the privacy and security of your PHI and notify us of any improper disclosure of information.
  • Legal Proceedings. We may disclose your PHI as required to comply with a court or administrative order or in response to a subpoena, discover request, or other legal process.
  • Research. Under certain circumstances, researchers may be given limited access to your PHI at Scipher so that they can develop research projects and identify patients who may qualify to participate in other research studies. Any other uses or disclosures of your PHI for research purposes are only permitted after a committee responsible for ensuring the protection of individual research subjects such as an Institutional Review Board (IRB) or privacy board has reviewed the research proposal, determined if you will need to provide specific consent to use your PHI for the research, and established safeguards to ensure the privacy of your information, or determined that the researcher will only be provided with information that does not identify you directly.
  • De-Identification of PHI. We may use your PHI to create de-identified information. This means that information that can be used to identify you will be removed. There are specific rules under the HIPAA law about what type of information needs to be removed before information is de-identified. Once information has been de-identified as required by law, it is no longer subject to this policy, and we may use it for any purpose without any further notice or compensation toyou.
  • Opt Out. If you do not wish for Scipher to use or disclose your PHI and/or samples for research purposes within Scipher and/or with research collaborators outside of the company who are under contract and are also obligated to protect your information, you can opt out by contacting Scipher at the number below.
  • Health and Safety. We may disclose your PHI to prevent or reduce the risk of a serious and imminent threat to the health and safety of an individual or the general public.
  • Other. Scipher may also use or disclose your PHI in other ways as permitted by law, including but not limited to health oversight agencies or the U.S. Food Drug Administration (FDA).

Uses and disclosures for purposes other than those described above will not be made without written authorization signed by you or your personal representative. Once you sign an authorization, you may revoke it by contacting Scipher at any time unless it has already been relied upon to use or disclose PHI.

II. Your Rights Regarding Your PHI

You have the following rights with respect to your PHI. To exercise any of these rights, please contact our Privacy Office using the contact information provided at the end of this Notice.

  • Access PHI and Test Results. Your or your authorized representative have the right to inspect and copy your PHI. You may retrieve your test results by contacting your physician or Scipher at the contact number below.
  • Correct or Update Your Information. If we believe that there is an error in your PHI, you may request that we update it.
  • Restriction Requests. You have the right to request restrictions on certain uses and disclosures of your PHI. We are not required to honor such requests unless the requested restriction involves a disclosure to a health plan and you have paid for the applicable services in full and out of pocket.
  • Alternate Communications. You may request that we communicate with you about your PHI in a specific means or to an alternative postal mail or email address.
  • Accounting of Disclosures. You may request a list, or accounting, of certain disclosures of your HI made by us or our business associates for purposes other than treatment, payment, healthcare operations and certain other activities. The request must be in writing and the accounting will include disclosures made within the prior six yeats.
  • Copy of Notice. You have the right to obtain a paper or electronic copy of this Notice upon request.

III. Breach Notification

Scipher is required by law to notify you following the discovery that there has been a breach of your PHI, unless Scipher reasonably determines, after investigating the situation and assessing the risk presented, that there is a low probability that the privacy or security of your PHI has been compromised. You will be notified in a timely fashion, no later than 60 days after discovery of the breach.

IV. Changes to Our Notice

Scipher reserves the right to amend this Notice from time to time. When changes are made, we will promptly post the updated Notice on the Scipher website at www.sciphermedicine.com.

V. Questions and Complaints

If you have any questions or comments about this Notice, or if you have any complaints about Scipher’s privacy practices, please contact us using the contact information provided below. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. Scipher will not retaliate against you for filing a complaint.

VI. Contact information

When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Office using the following contact information:

Scipher Medicine Corporation

dataprivacy@sciphermedicine.com

855-724-7437

Effective Date of Notice: July 27, 2020

Scipher Medicine

Precision medicine for autoimmune diseases

Scipher MedicineTM, a molecular data company founded on the principles of Network Medicine, holds the fundamental belief that patients deserve answers to their treatment options using scientifically backed data.

With artificial intelligence and its proprietary molecular technology platform, Scipher Medicine develops diagnostic tests that analyze patients’ unique molecular signatures to accurately predict response to targeted therapeutics. By amassing the data from these tests, the company develops more effective therapies.

Scipher Medicine Website