HIPAA Privacy Notice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

1. Our Responsibilities

CENTOGENE US, LLC (hereinafter “CENTOGENE”) is required by law to maintain the privacy of your identifiable health information (“Protected Health Information” or “PHI”). We are also required to provide you with this Notice of Privacy Practices (“Notice”), which describes our legal duties, privacy practices and your patient rights according to the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996. We are required to follow the terms of the Notice currently in effect and to notify affected individuals in the event of a breach involving unsecured protected health information.

CENTOGENE’s current Notice will always be available on our website at www.centogene.com/hipaa-privacy or you can request a paper copy by contacting our Privacy Office as indicated below.

If you have any questions about this Notice or would like additional information, or to exercise your privacy rights as described below, please contact our Privacy Office at the following email:

dataprivacy@centogene.com or by phone at (+1)617-580-2102.

We will not use or share your information other than as described in this Notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind by contacting our Privacy Office.

2. Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you. To exercise any of these rights, contact our Privacy Office at the contact information listed above.

Get an Electronic or Paper Copy of Your Medical Record

You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.

We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask Us To Correct Your Medical Record

You can ask us to correct health information about you that you think is incorrect or incomplete.

We may say “no” to your request for certain reasons, but we’ll tell you why in writing within 60 days.

Request Confidential Communications

You can ask us to contact you in a specific way (for example, home or office phone) or at a specific location (for example, to send mail to a different address).

We may ask you, to confirm you identity first, but will agree to all reasonable requests.

For Certain Health Information, You Can Tell Us Your Choices About What We Share.

If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care
  • Share information in a disaster relief situation
  • Include your information in a hospital directory

Example: If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety or where otherwise permitted or required by applicable law.

Ask Us To Limit What We Use or Share

You can ask us not to use or share certain health information for treatment, payment or our operations. We are not required to agree to your request, and we may say “no” including if it would affect the results of our diagnostic services or the care/treatment options of your physician.

If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless applicable law provisions require us to share that information.

Get a List of Those With Whom We’ve Shared Information

You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.

We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a Copy of This Notice

You can ask for a paper copy of this Notice at any time, even if you have agreed to receive the Notice electronically. We will provide you with a paper copy promptly.

Choose Someone To Act for You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

We will make sure the person has this authority and can act for you before we take any action.

File a Complaint if You Feel Your Rights Are Violated

You can complain if you feel we have violated your rights by addressing us by email at dataprivacy@centogene.com or mail at CENTOGENE US, LLC, 45 Prospect St., 5th Floor, Cambridge, MA 02139.

You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1- 877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.

We will not retaliate against you for filing a complaint.

3. Our Uses and Disclosures

How Do We Typically Use or Share Your Health Information?

The following categories describe different ways that we are permitted to use and disclose your health information. For each category of uses or disclosures, we will explain what we mean. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted or required to use and disclose medical information without your permission will fall within one of the categories. State laws and regulations may impose further limits or requirements on our ability to use or disclose your medical information or certain categories of your medical information, such as genetic information. We will follow more stringent state laws and regulations that apply to us and your medical information. For more information about your state’s laws and whether they limit any of the activities described in this Notice, contact the Privacy Office at the contact information listed above.

Treat You

We may use or disclose your Protected Health Information for treatment purposes.

Example: We may use your Protected Health Information to perform our testing services and disclose your genetic testing results to your physician and other healthcare providers involved in your care.

Run Our Organization

We can use and share your health information to run our practice, improve your care, and contact you when necessary.

Example: We use health information about you to review and improve our services, such as through quality assessment activities, and to provide customer service.

Bill for Our Services

We can use and share your health information to bill and get payment from health plans or other entities.

Example: We give information about you to your health insurance plan so it will pay for your services.

Business Associates

We may provide your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI.

Example: We may provide information to companies that assist us with billing of our services. We may also use an outside collection agency to obtain payment when necessary.

De-Identified or Partially De-Identified Information

We may use and disclose your health information for other purposes if we have de-identified it in accordance with applicable law. We may also use and disclose health information about you for research, public health and certain healthcare operations if information that directly identifies you is removed and the recipient signs an agreement to protect the privacy of the information as required by applicable federal and state law.

How Else Can We Use or Share Your Health Information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.

Help With Public Health and Safety Issues

We can share health information about you for certain situations such as:

  • Preventing disease
  • Helping with product recalls
  • Reporting adverse reactions to medications or products
  • Reporting suspected abuse, neglect, or domestic violence
  • Preventing or reducing a serious threat to anyone’s health or safety

Do Research

In accordance with your consent, we may use or share your data for health research.

Comply With the Law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we are complying with federal privacy law.

Respond to Organ and Tissue Donation Requests

We can share health information about you with organ procurement organizations or other entities engaged in the procurement, banking or transplantation of cadaveric organs, eyes or tissues for donation or transplantation.

Work With a Medical Examiner or Funeral Director

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address Workers’ Compensation, Law Enforcement, and Other Government Requests

We can use or share health information about you:

  • For workers’ compensation claims
  • For law enforcement purposes or with a law enforcement official
  • With health oversight agencies for activities authorized by law
  • For special government functions such as military, national security, and presidential protective services

Respond to Lawsuits and Legal Actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena, discovery request, or other lawful process in certain situations. 

In These Cases We Never Share Your Information Unless You Give Us Written Permission or We Are Otherwise Permitted by Applicable Law:

  • Marketing purposes
  • Sale of your information
  • Most sharing of psychotherapy notes

Changes to the Terms of This Notice

We reserve the right to amend the terms of this Notice to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Notice revision. Our Notice is displayed on our website and a copy is available upon request.

This version of this Notice is effective from June 2022.

Rostock, June 2022