Last Updated: January 15, 2025

Introduction

CaseGenetics is committed to protecting the privacy and security of your personal information and healthcare data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our pathology case management platform and services.

As a healthcare technology provider serving pathology laboratories, we understand the critical importance of maintaining the confidentiality and security of protected health information (PHI) and other sensitive data.

Information We Collect

Account Information

• Name, email address, and contact information
• Professional credentials and laboratory affiliation
• User account credentials and authentication data
• Billing and payment information

Healthcare Data

• Patient case information and specimens data
• Laboratory test results and analytical data
• Pathology reports and diagnostic information
• Quality control and audit trail data

Usage Information

• System access logs and user activity
• Feature usage and performance metrics
• Device information and IP addresses
• Browser type and operating system data

How We Use Your Information

Service Delivery

• Provide case management services
• Process and analyze laboratory data
• Generate reports and insights
• Maintain audit trails and compliance

Security & Support

• Monitor system security and access
• Provide technical support
• Improve platform performance
• Ensure regulatory compliance

HIPAA Compliance

Protected Health Information

CaseGenetics serves as a Business Associate under HIPAA and maintains appropriate safeguards to protect protected health information (PHI). We enter into Business Associate Agreements (BAAs) with covered entities to ensure compliance with HIPAA requirements.

Key Protections: Encryption at rest and in transit, access controls, audit logging, staff training, and incident response procedures.

Data Security Measures

Encryption

AES-256 encryption for data at rest and TLS 1.3 for data in transit

Access Control

Multi-factor authentication and role-based access permissions

Monitoring

24/7 security monitoring and comprehensive audit logging

Information Sharing

We Do Not Sell Your Data

CaseGenetics does not sell, rent, or lease your personal information or healthcare data to third parties. We only share information in the following limited circumstances:

Service Providers

Trusted third-party vendors who assist in providing our services (cloud hosting, payment processing)

Legal Requirements

When required by law, court order, or government regulation

Business Transfers

In connection with a merger, acquisition, or sale of business assets

Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations. Healthcare data retention periods are determined by:

• Applicable healthcare regulations and requirements
• Your laboratory's data retention policies
• Business Associate Agreement terms
• Legal and regulatory compliance needs

Your Rights and Choices

Account Access

• Update your account information
• Request data access or portability
• Correct inaccurate information
• Deactivate your account

Privacy Controls

• Manage notification preferences
• Control data sharing settings
• Request data deletion (subject to retention requirements)
• Report privacy concerns

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Email: privacy@casean.com

Privacy Officer: Available through our main contact form

Mailing Address: Available upon request

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.