Genome.One Pty Ltd ACN 608 029 732 (Genome.One) appreciates that privacy is important to you. Genome.One is committed to handling personal information (including health information and other sensitive information) in accordance with applicable privacy laws, including the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
Genome.One is a specialist provider of genomic pathology services and was established by the Garvan Institute of Medical Research (Garvan). Genome.One uses specialised whole genome sequencing technology (including exome technology) for diagnostic and health screening of genetic disease. Our services are only available on request from your appropriately qualified clinicians.
This document sets out our policies for handling your personal information. In this policy 'we' and 'us' refers to Genome.One and 'you' refers to any individual about whom we collect personal information.
We collect personal information about you (including information about your health) to provide you with genomic pathology and health management services. We collect personal information from your clinician and directly from you. Specialist genetic pathologists and scientific personnel working with Genome.One use your personal information to generate a report about the results of our screening tests which is provided to your referring clinician. We may need to disclose your personal information to reputable service providers who provide us with scientific and technical services necessary to provide you with the services your requesting clinician has requested.
We collect personal information necessary to provide the genomic pathology services and health management services requested by your requesting clinician. When we receive a request for a genomic pathology report, an electronic record is made containing your personal information such as your name, date of birth, address and other contact details. The information we receive in a request will typically include information about your health including:
your medical history;
results of previous tests and investigations;
your family medical history;
your genetic information;
medications you may be taking or treatments you are undergoing;
details about your treating doctors and other health professionals involved in your care;
other information which may be relevant to your care.
We may collect other sensitive information that is relevant to your care, including information about your racial or ethnic origin.
Information may also be collected about individuals who are not patients of Genome.One. For example, we may collect information about your family and genetic relatives in the form of a family medical history.
Our services are not currently eligible for Medicare benefits and must be paid for privately.
You have the option of not identifying yourself, or using a pseudonym, when dealing with Genome.One (for example, when making an enquiry). However, it is generally not practicable to deal with you anonymously or pseudonymously on an ongoing basis (for example, as a patient of the pathology service). If we do not collect personal information about you, we may be unable to provide you with genomic pathology services.
We will usually collect your personal information from your requesting clinician or directly from you. We use your personal information to provide the services requested by your requesting clinician and to provide your Genome.One report.
We will only collect your personal information with your consent.
If you are a person under the age of 18, we will generally collect personal information about you from your requesting clinician or your parent or legal guardian. Where the requesting clinician considers that you have sufficient understanding and maturity to consent to diagnostic screening of genetic disease, we may collect personal information directly from you.
When your requesting clinician requests a genomic pathology report from Genome.One, a specimen, usually of your blood, is taken. You may also be asked to provide a saliva or a cheek brush sample. Your clinician will arrange for the specimen to be collected by their preferred pathology service, who will in turn forward this to SydPath, the pathology service of St Vincent's Hospital, Sydney, who receives those specimens on our behalf. Genome.One and SydPath share information to enable your specimen to be transferred to our laboratory for analysis.
Genomic pathology is a specialist field of medicine and involves specialist genetic pathologists working with medical scientific and technical personnel (such as other specialist clinicians, laboratory scientists, bioinformaticians and statisticians). Information which is derived from the specimen you provide to Genome.One may be collected in databanks that are managed by Genome.One or external organisations. The information may be used for the purposes of improving genomic pathology services to other individuals; to further clinical research, to improve genomic pathology services provided by Genome.One and other organisations; and by researchers and industry to develop new drugs, treatments and therapies. These databanks are designed to protect the privacy of individuals and to comply with highest standards of clinical ethics.
We will not use your personal information for direct marketing without your consent.
We hold personal information in paper based and electronic records and systems. Personal information may be collected in paper-based documents (such as request forms) and converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).
Genome.One uses physical security and other measures to ensure that personal information is protected from misuse, interference and loss; and from unauthorised access, modification and disclosure. Personal information held in paper-based form is generally securely stored at Genome.One facilities in Sydney, or in the case of archived records, at an external storage facility in Australia.
We maintain computer and network security by using physically secure servers, firewalls, user identifiers and passwords to control access to our computer system.
We will disclose your personal information, typically in the form of a genomic pathology report, to your requesting clinician, as well as to other medical practitioners and health care practitioners that your requesting clinician specifically asks us to inform.
Where a Genome.One test identifies clinically relevant information, Genome.One may provide your personal information to another laboratory for further specialist analysis (this is called "confirmation" or “further testing”).
In certain circumstances, Genome.One is required by law to disclose your personal information to public health authorities (for example, diagnosis of cancer).
Genome.One uses highly-advanced technology to provide its services. In order to utilise that technology safely and effectively, our technology suppliers' technicians may have incidental access to your personal information in the course of providing calibration, maintenance and support services.
We may also use or disclose your personal information for the administration, management and operation of Genome.One including safety and quality assurance activities; accreditation activities; testing and maintenance of information technology systems; risk management and management of legal liabilities and claims (for Page 4 of 5 example, liaising with our insurers); responding to complaints or inquiries; and responding to subpoenas or other legal orders and obligations.
We may also disclose your personal information to third parties where you have consented or we are required or entitled to do so by law.
Genome.One does not typically or routinely disclose personal information to overseas recipients, unless your clinician is located overseas. These databanks are used to improve genomic pathology services to other individuals; to further clinical research; and may be used by researchers and industry to develop new drugs, treatments and therapies.
Genome.One works with DNAnexus, Inc, a specialist provider of information technology and technical services located in the United States of America. DNAnexus stores genetic data derived from the specimen you provide to Genome.One on our behalf and provides highly-specialised processing and analysis of that data. However, before your data is transmitted to DNAnexus for storage and processing, information which identifies you is removed and replaced with a secure code. Only we have the ability to link the code with your name and other personal information.
Unless we have your consent, or an exception under the Australian Privacy Principles applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.
If you would like further information or do not understand any aspect of the genomic pathology services you have received from Genome.One, we would encourage you to speak to your requesting clinician so that information can be explained in the context of your treatment.
However, you have a right to request to access the personal information that we hold about you using the contact details provided in the "How to contact us" section below. In limited circumstances, access to your personal information may be declined in accordance with privacy laws. In those circumstances, we may give you access through a mutually agreed intermediary (for example, an appropriate health professional). We will provide you with access free of charge.
We endeavour to ensure that your personal information is accurate, complete and upto- date whenever we use it. You can assist us with this by letting us know if your details change or if you notice errors or discrepancies in information we hold about you. If you consider any personal information we hold about you is not accurate, or is incomplete or out-of-date, you may request we amend our records. Please note that it is generally not possible to make changes to clinical information, however, you may be entitled to request that we associate a statement with your record.
You may make a complaint about privacy to the Privacy Officer using our contact details. The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within two weeks.
If your complaint requires more detailed consideration, we will acknowledge receipt of your complaint within two weeks and endeavour to respond to your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking.
In most cases, we will consider and respond to a complaint within 30 days. If the matter is complex and we require more time to consider and respond to your complaint, we will let you know.
If you are not satisfied with our response, or your consider that we may have breached the Australian Privacy Principles or the Privacy Act, you are entitled to make a complaint to the Office of the Australian Information Commissioner. The Office of the Australia Privacy Commissioner can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.