BillionToOne Notice of Privacy Practices

Last updated October 29, 2024

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.


BillionToOne is required by law to maintain the privacy and security of your protected health information (“PHI”) and to provide you with a notice of our legal duties and privacy practices with respect to PHI. “PHI” is information about you, including basic demographic information, that may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services.

This Notice of Privacy Practices describes how we may use and disclose your PHI to carry out BillionToOne’s treatment, payment, or health care operations and for other specified purposes that are permitted or required by law. This Notice also describes your rights with respect to your PHI. BillionToOne is required to follow the terms of this Notice of Privacy Practices. We will not use or disclose your PHI without your written permission, except as described in this Notice.

Your personal doctor or other health care provider may have different policies or notices regarding their use and disclosure of your medical information. You should also consult those notices.

Your Health Information Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Obtain a paper copy of this Notice of Privacy Practices upon request. You may request a paper copy of the Notice at any time, even if you have agreed to receive the Notice electronically. Our contact information for such requests is included at the end of the Notice.

Inspect and obtain a copy of your information. You have the right to access, inspect, and obtain a copy of PHI contained in your medical and billing records for as long as BillionToOne maintains the information. If you would like to access your information, please send your written request to the address included at the end of this Notice.

If you request a copy of your information, we may charge you a reasonable fee for the costs of copying, mailing, or other supplies necessary for the electronic transfer of your information. We may deny your request to read and copy in certain limited circumstances. If you are denied access, you may request the denial be reviewed by filing a request for review.

Amend your information. If you feel that the PHI we have about you is incorrect or incomplete, you may request that we amend the information. If you would like to request an amendment to your information, please send your written request to the address included at the end of this
Notice. Any request for amendment must include a description of the amendment
requested and the reasons why you think we should make the amendment.

We will ordinarily respond to your request within 60 days. If we did not create your health information, if your health information is not part of our records, or if your health information is already accurate and complete, we can deny your request and notify you of our decision in writing. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision, which we can rebut. You have the right to request that your original request, our denial, your statement of disagreement, and our rebuttal be included in future disclosures of your health information.

Request confidential communications. You can request that we communicate with you about your PHI only in writing or add a different residence or post office box. If you would like to request confidential communications of your PHI, please send your written request to the address included at the end of this Notice. Your request must state how or when you like to be contacted. We will accommodate all reasonable requests. We reserve the right to verify your identity in order to confirm the alternative contact and address information.

Ask us to limit what we use or share. You have the right to request a restriction on the PHI that we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a restriction on the PHI we disclose about you to someone who is involved in your care or payment for your care, such as a family member or friend. A written request for additional privacy protections should include (i) the information you want to restrict; (ii) whether you want BillionToOne to restrict our use of the information, how we share it with others, or both; and (iii) to whom the restrictions apply. We are not required to agree to your request and may deny your request if it would affect your care. If you or someone on your behalf has paid out of pocket and in full for our service, we will agree to requests not to share that information for the purpose of payment or our operations with your health insurer, unless required by law.

Receive a list of those with whom we’ve shared information. You have the right to receive a list (accounting) of the times we’ve shared your PHI, who we shared it with, and why. You may request such information for the six-year period prior to the date of your request. We will include all disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). If you would like to request an accounting, please send your written request to the address included at the end of this Notice. We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

How We May Use and Disclose Your Health Information

We may use and share your PHI for treatment purposes. We use and disclose your PHI when we process laboratory tests ordered by your health care providers. We may disclose medical information about you to health care providers, including your healthcare providers, genetic counselors (our services include complimentary access to independent genetic counselors), the health system or clinic where your provider practices, and other providers that you or your healthcare provider designated to receive your information.

We may use and share your PHI for payment purposes. We may use or disclose your PHI to bill and collect payment from you or your insurance company. 

We may use and share your PHI for health care operations purposes. We may use and disclose your PHI for certain BillionToOne health care operations, which include quality assurance and quality improvement activities, training, and general administrative activities.

We may disclose your PHI to our business associates. We have contracted with entities (defined as “business associates” under HIPAA) to help us provide our services.  We will enter into contracts with these entities requiring them to only use and disclose your health information as we are permitted to do so under HIPAA.

We may disclose your PHI for certain public health activities. Generally, we may share your PHI to help with public health and safety issues such as:

  • Preventing or controlling disease, injury, or disability;
  • Helping with product recalls;
  • Reporting suspected abuse, neglect, or domestic violence;
  • Preventing or reducing a serious threat to anyone’s health or safety.

We may use or share your PHI for research purposes. We use and share your information for research only as allowed by federal and state rules. We will not use your health information or disclose it outside of BillionToOne for research reasons without either getting your prior written approval or determining that your privacy is protected.

We may share your PHI to address workers’ compensation, law enforcement, and other government requests. We can use or share your PHI:

  • For workers’ compensation claims;
  • For law enforcement purposes as required by law or in response to a valid subpoena or court order;
  • With health oversight agencies for activities authorized by law;
  • For special government functions such as military, national security, and presidential protective services.
  • We may share your PHI to respond to lawsuits and legal actions. We can share health information about you in response to a court or administrative order, or in response to a subpoena.

We may share your PHI to comply with the law. We will share information about you when required to do so by applicable federal, state, or local law.

We may use your information for data breach notification. We may use your PHI to provide legally required notices of unauthorized access, acquisition, or disclosure of your PHI.

Other Uses and Disclosures of PHI

BillionToOne will not sell your information, sample, genetic data or results. We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Uses and disclosures of your PHI for marketing require your authorization. You may revoke an authorization by sending a written request to the address included at the end of this Notice. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.

How We Protect Your Information

BillionToOne implements certain physical, administrative,  and technical safeguards that are designed to protect the integrity and security of your information. We cannot however guarantee that information may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, technical, or administrative safeguards. You agree that BillionToOne is not liable for the unauthorized release of your information, unless such release was the result of gross negligence or willful misconduct on the part of BillionToOne.

BillionToOne complies with the applicable requirements of the Health Insurance Portability and Accountability Act of 1996, as amended  (“HIPAA”) to maintain the privacy and security of your information. If a breach occurs that may have compromised the privacy or security of your information,  we intend to comply with all federal and state reporting requirements.

Record Retention

We will retain PHI contained in your medical record and billing records in accordance with legal requirements.

Compliance with Laws

If more than one law applies to this Notice, such as a more stringent state law, we will follow the more stringent law.

Changes To This Notice of Privacy Practices

We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. When changes are made, the new Notice of Privacy Practices will be available upon request and on our website. The date the Notice was last revised is identified at the top of the page.

Complaints

If you believe your privacy rights have been violated, you can file a complaint with us using the contact information below, or with the United States Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.

Contact Information

BillionToOne commits to resolving questions and comments about your privacy and our collection and use of your information. If you have questions, would like additional information about this Privacy Notice, or would like to request to delete information, please contact us at: [email protected]

Alternatively, you can call us at (650) 460-2551 or send us a written request to the address below:
BillionToOne, Inc.
1035 O’Brien Drive
Menlo Park, CA 94025