Medical Record Privacy Notice v1.0

Medical Record Privacy Notice

Effective Date: Oct 4, 2023

Summary: 

23andMe, Inc. (“23andMe”) customers have an opportunity to participate in Telehealth Services coordinated through 23andMe and its service providers, subsidiaries, and affiliates, including Lemonaid Health, Inc., which contracts with LMND Medical Group healthcare providers (“we”, “our” and “us”) to provide the clinical services (“Telehealth Services”). As part of your telehealth experience, you will have a “Medical Record” that contains a limited set of your information (your “Medical Record Information”).  

This notice covers how your Medical Record Information is used, disclosed, and maintained, and the choices available related to your Medical Record Information. 

We encourage you to read the entire Medical Record Privacy Notice, but here are the key highlights: 

We Use or Disclose Information in Your Medical Record to: 

  • Provide treatment 
  • Provide Telehealth Services     
  • Communicate with you
  • Analyze and measure trends and usage 
  • Comply with your instructions
  • Comply with applicable law
  • Disclose threats to health or safety
  • Monitor, detect, prevent, investigate and mitigate violations to the Telehealth Terms of Service or other policies
  • Enhance safety, integrity, and security  
  • Comply with public health reporting requirements
  • Use for Research, only with your explicit consent
  • Market or advertise to you, only with your explicit consent 

You Can: 

  • Get a copy of and/or inspect your Medical Record Information
  • Request and/or provide corrections to your Medical Record Information if it is inaccurate or incomplete  
  • Request to limit disclosure or use of your Medical Record Information
  • Request deletion of your Medical Record Information (note that we retain all or part of your Medical Record for a limited period of time)   

Full Medical Record Privacy Notice 

Please read this document carefully to understand how your Medical Record Information is handled.  If you do not agree to the terms below, please do not use the Telehealth Services. All capitalized terms not defined in this Medical Record Privacy Notice have the respective meanings set forth in the Telehealth Terms of Service.

Why Do We Have a Medical Record Privacy Notice

Your healthcare treatment is personal to you and we understand the importance of protecting your Medical Record Information. This Medical Record Privacy Notice applies to all Medical Record Information used, disclosed, or maintained as part of your use of Telehealth Services, and what your choices are related to your Medical Record Information. 

What is Medical Record Information

Your Medical Record contains personal information that relates to the Telehealth Services we provide, including medical information that is created through a telehealth encounter. Medical Record Information may include your name, date of birth, contact information, laboratory data, medical diagnosis and treatment information, or communications with a provider, and certain medical information may have been pulled from third party service providers for treatment purposes. It also includes any 23andMe Personal Information you authorize to disclose to us, such as your contact information, self-reported health information, or your genetic information. As part of our identity verification process, you may also be asked to submit proof of identity. Medical Record Information does not include information that has been de-identified in accordance with applicable laws.

How Your Medical Record is Created and Maintained

We create your Medical Record when we provide Telehealth Services, even if you access the Telehealth Services through platform service providers, including 23andMe and Lemonaid Health, Inc., or a third party. To the extent 23andMe processes your Medical Record Information, it is doing so on our behalf as a service provider. This means that the 23andMe Privacy Statement does not apply to either the Telehealth Services, or your Medical Record. The 23andMe Privacy Statement only applies to Personal Information related to Services subject to the 23andMe Terms of Service, which may include information from your medical record per your authorization. 

How We Use and Disclose Your Medical Record Information

The following categories describe ways that we may use or disclose your Medical Record Information. 

  • Treatment.  We use and disclose your Medical Record Information in the course of providing medical treatment or in coordinating or managing any Telehealth Services you’ve received or requested. For example, we may disclose your Medical Record Information with service providers involved in your care to fill a prescription. 
  • Providing Telehealth Services. We may use and disclose your Medical Record Information to carry out business operations and to provide the Telehealth Services. These uses or disclosures are related to things like billing, quality of care, compliance activities, credentialing, administrative purposes (which may include use of artificial intelligence tools by 23andMe or other third parties working on 23andMe’s behalf), contractual obligations, or grievances. For example, we may use Medical Record Information to review the treatment and services provided or to evaluate our performance, including any personnel, staff, service providers, and contractors caring for you. 
  • Third Parties. Certain Telehealth Services may involve your registration with third parties whose privacy practices and terms may differ from ours.  The collection, use, and disclosure of your information will be subject to the policies and terms of those third party websites or services.
  • Communicating With You. We may use your Medical Record Information to  communicate with you via email, text, phone, in-app notifications, in writing, or other methods about various topics, including, but not limited to, your treatment and the Telehealth Services, feedback and testimonials, order tracking, shipment, and other confirmations, relevant offers to inform you of Telehealth Services, updates to the Telehealth Services, and any other questions applicable to your engagement with us.  You understand that you are not required to provide this consent for mobile alerts as a condition of purchasing any property, goods or services.
  • Analyzing and Measuring Trends and Usage. We are constantly testing, measuring, and analyzing data to deliver improvements in the Telehealth Services and your healthcare.  We also use information about how you use and interact with the Telehealth Services to perform research and development activities. For example, this can include activities like data analysis to develop new or improve existing products and services, and performing quality control activities.
  • Complying with Your Instructions. We may disclose your Medical Record Information to other parties if you direct us to do so.
  • Comply with Applicable Law.  We will disclose your Medical Record Information when required to do so by federal, state, or local law. In certain circumstances, we may be required by law to comply with a valid court order, subpoena, or search warrant for Medical Record Information. We require all law enforcement inquiries to follow a valid legal process, such as a court order or search warrant, and are prepared to exhaust available legal remedies to protect your privacy. If we are compelled to disclose your Medical Record Information to law enforcement, we will try our best to provide you with prior notice, unless we are prohibited from doing so under the law.
  • Disclosure for Threats to Health and Safety.  In certain circumstances, we are required to disclose your Medical Record Information to help protect you or someone else’s health and/or safety. For example, we may ask local law enforcement to perform a health and welfare check if, in our professional judgment as healthcare providers, a welfare check is necessary.
  • Violations to the Telehealth Terms of Service or Other Policies. We use information to monitor, detect, prevent, investigate and mitigate any suspected or actual fraud, prohibited or illegal behaviors on the Telehealth Services, to combat spam, and other behaviors or actions that break the promises we outline in the Telehealth Terms of Service.
  • Enhancing Safety, Integrity, and Security. We implement physical, technical and administrative measures to prevent unauthorized access or disclosure of your Medical Record Information. Note, however, no method of data transmission or storage can guarantee security.  Accordingly, we cannot guarantee the security of your Medical Record Information.  
  • Genetic Information. This is any information about your genetic tests, including results. Unless we have received your specific authorization, we will not disclose any of your genetic information as part of your Medical Record Information to third parties.
  • Research. As a 23andMe customer, your Medical Record Information may be used for research purposes, but only with your explicit consent. You may review your 23andMe Research consent status at any time by navigating to your 23andMe Account Settings.
  • Marketing and Advertising. Your Medical Record Information may be used to advertise or market to you only with your explicit consent. 

Choices Related To Your Medical Record Information

You have choices regarding your Medical Record Information. You can request the following by navigating to your 23andMe Account Settings or by contacting privacy@23andme.com.

  • Inspect and/or Obtain a Copy of your Medical Record Information. With certain exceptions, you may receive copies of your Medical Record Information, which may include information such as your Genetic Information, diagnosis, healthcare provider notes, and treatment plan.
  • Correction.  If you believe that information in your Medical Record is incorrect or incomplete, you may ask us to correct the information or provide us with a short statement correcting the information. 
  • Request Us to Limit How We Use or Disclose Your Medical Record. You can request that we limit how we disclose your Medical Record with your family members or others involved in your care. If you provide any written authorization to disclose your Medical Record, you are free to revoke your authorization at any time in writing. After receiving the request, we will stop any further use or sharing of your Medical Record, except in cases where we have already acted based on your previous permission. We are unable to undo any disclosure already made with your permission.
  • Request Confidential Communications Through Alternative Means. You can request that we communicate with you about certain conditions, such as substance abuse, or other healthcare matters in a specific way. We’ll do our best to accommodate any reasonable written request in accordance with the requirements of state law but may be unable to if it causes significant operational or administrative burdens.
  • 23andMe Account and Medical Record Deletion: You may close the 23andMe account through which you accessed the Telehealth Services at any time. However, all or part of your Medical Record Information will be retained in accordance with applicable law, contractual obligations, and/or as necessary for the establishment, exercise or defense of legal claims and for audit and compliance purposes. The remainder of your 23andMe account information will be deleted in accordance with the 23andMe Privacy Statement.  

In some circumstances, we may not be able to accommodate your request if it conflicts with legal obligations, or the request is manifestly burdensome, unfounded or excessive.

Changes to this Notice

We may make changes to this Medical Record Privacy Notice from time to time. We’ll let you know about those changes here or by reaching out to you via email or some other contact method, such as through in-app notification, or on another website page or feature.

Contact Us 

If you have any questions about the use or disclosure of your Medical Record, please contact:

Privacy Administrator
23andMe, Inc.
349 Oyster Pt. Blvd
South San Francisco, CA 94080
Phone: 1.800.239.5230
Email:  privacy@23andme.com