PathAI® Policies and Notices

PathAI Privacy Policy

Cookie Policy

PathAI Notice of Health Information Privacy Practices

PathAI Diagnostics Billing & Patient Payment Policy

PathAI Privacy Policy

Effective July 14, 2022

PathAI takes your privacy seriously. We created this Privacy Policy because individuals using our online platform and other digital tools should know what information we collect, store, and use, and your rights related to that information.

This Privacy Policy applies to PathAI (“PathAI, Inc.,” “PathAI Diagnostics,” “Poplar Healthcare LLC,”) and its affiliate Poplar Healthcare PLLC, (together “PathAI,” “we”, “us” or “our”) and explains to all individuals (“you,” “your”):

The Privacy Policy applies to information that is collected on our websites including pathai.com and poplarhealthcare.com, their subdomains, and other websites operated by us and that include a link to this Privacy Policy (“Websites”). This Privacy Policy also covers other apps and online digital tools of PathAI that direct you to this Privacy Policy (together with the Websites, the “Platform”), and applies solely to information collected by or in connection with the Websites and the Platform, and not those websites, apps, tools, or companies that PathAI does not operate.

Acceptance of Privacy Policy

Please read this Privacy Policy carefully. In addition, please review the Platform’s Terms of Use, which govern your use of the Platform. If you elect to engage in additional registrations or services offered by PathAI, you may be asked to agree to additional terms regarding our use of your information. If you do not agree with our policies and practices or this Privacy Policy or the Terms of Use, you should not use the Platform including any of the Websites.

BY USING THE PLATFORM, YOU CONSENT TO THIS PRIVACY POLICY AND TERMS OF USE AND OUR COLLECTION, USE AND SHARING OF YOUR INFORMATION AND DATA, AND OTHER ACTIVITIES, AS DESCRIBED BELOW.

Changes to Privacy Policy

We may change this Privacy Policy from time to time. All changes are effective immediately when we post them. Your continued use of the Platform following the posting of the revised Privacy Policy means that you accept and agree to the changes. We will not, however, use information collected prior to such change in a manner materially different than described in the Privacy Policy as it existed at the time the information was collected without your consent.

Information We Collect

While using our Platform, we may ask you to provide us with certain personally identifiable information (“Personal Information”). Personal Information is information that identifies, relates to, describes, can reasonably be associated with, or can reasonably be linked to a particular individual or household.

We collect information from you both when you provide it voluntarily and also automatically when you access our Platform. We also may collect Personal Information from other sources, as described below.

We collect Personal Information from you and any devices (including mobile devices) you use when you: use our Platform, contact PathAI via email or other means, connect with PathAI’s social media pages, or respond to PathAI’s communications to you such as surveys or requests for feedback.

In addition, we also collect Personal Information about you from third parties in connection with our Platform, including from the following sources:

If we combine or associate information from other sources with Personal Information that we collect through the Platform, we will treat the combined information as Personal Information in accordance with this Privacy Policy.

You are under no obligation to provide Personal Information, but if you elect not to provide it, you may be unable to use certain features of the Platform, receive certain services, or communicate with us via the Platform.

Protected Health Information

When accessing our Platform, we may obtain and process Protected Health Information (“PHI”) as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Certain of our affiliated entities are required to comply with applicable federal and state health care privacy and security rules, including HIPAA, and similar rules in other countries, when receiving and processing your PHI. PHI should only be submitted through the Platform as permitted or required for use of the Platform. For more information about HIPAA and our use of PHI, please see our Notice of Health Information Privacy Practices.

Platform Usage Information

When you visit the Platform, we and our service providers may use a variety of technologies that automatically or passively collect or store certain information related to your activities on the Platform (“Platform Usage Information”). Platform Usage Information may include Personal Information. Platform Usage Information may include:

We and our service providers may use a variety of technologies to collect or store Platform Usage Information. These technologies may set, change, alter or modify settings or configurations on your device. These technologies may include, without limitation, cookies, tracking pixels, embedded scripts or similar technologies.

Cookies are small pieces of data stored and managed by your web browser that enable certain Platform features and functionality. Cookies and similar technologies can be used to recognize you and your device when you visit the Platform, remember your preferences, and make your interactions with the Platform faster and more secure. Cookies are a built-in feature of the Web, but they can generally be managed, disabled, or removed using most commercial web browsers. Each browser you use will need to be set separately and different browsers offer different functionality and options for cookies. Please be aware that if you disable or remove cookies on your device, some parts of the Platform may not function properly, and that when you revisit our Platform your ability to limit cookies is subject to your browser settings and limitations. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit allaboutcookies.org or aboutcookies.org.

How We Use the Information Collected

We may use your Personal Information, Platform Usage Information and other information about you for various purposes as described in the chart below. Specific uses may include:

Where you have provided us with Personal Information or Demographic Information as part of an online application to provide services for us, we may use that information in order to allow us to make an informed decision about whether to proceed with your application. We may, as part of this recruitment process, collect information about your education, employment history and similar matters. However, we will not sell or rent your Personal Information to anyone.

The following chart sets out some of the types of Personal Information we collect, from where we collect it, how we use the information, the legal basis for such use where required by local law and third parties with whom it is shared:

Type of InformationCategories of SourcesBusiness or commercial purposesLegal BasisThird parties with whom shared
Identifiers such as a name, address, unique personal identifier, Internet Protocol address, email, account name, and identifying numbers such as Social Security number, insurance number, driver’s license number, or passport number, telephone number, bank account and other financial informationName, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, password, credit card information, or related system user details.Provision of products or services, research, or to engage parties in commercial relationships.Consent or contract.Third party firms contracted to provide specialized data services.
Other information related to you such as signature, physical characteristics or description, education, employment, employment history, medical information, or health insurance informationGender, age, medical information, physical characteristics, health insurance information, medical database identification numbers, employee records, compensation and benefits information, signature.Provision of products or services, including, but not limited to, the provision of health care or the participation in research.Consent or contract.Health care providers authorized to receive information about you.  Third party firms contracted to provide specialized data services. Third parties who receive protected health information or personally identifiable information operate under special contractual terms to protect these types of information.
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendenciesRecords related to business arrangements including personal contact information, business contact details, contracts to provide services to PathAI, invoices, purchasing agreements, or other standard business documentsProvision of products or services, research, or to engage parties in commercial relationshipsConsent or contract.Third party firms contracted to provide specialized data services.
Internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding interactions with a website, application or advertisements.IP addresses.Provision of products or services, research, or to engage parties in commercial relationshipsConsent or contract.Third party firms contracted to provide specialized data services.

Do Not Track Signals

Some web browsers may transmit “do not track” signals. At this time, we do not take steps to respond to such signals.

Third Party Tracking

Third parties, including service providers, may use technologies that integrate with the Platform and may collect information about you, including Personal Information, without notice to you.

By using the Platform, you consent to potentially encountering third party tracking technologies and accept that this Privacy Policy does not apply to the tracking technologies or practices of such third parties. We are not responsible for any such third party technologies or activities arising out of them. We are not responsible for the effectiveness of or compliance with any third party’s opt-out options.

Interactions with Third Party Sites

The Platform may include functionality that allows certain kinds of interactions between the Platform and your account on a third party web site or application. The use of this functionality may involve the third party operator providing certain information, including Personal Information, to us. For example, you may have an option to use your Facebook, Google or other account provided by a third party site or application to facilitate the registration and log-in or transaction process on the Platform. If we offer and you choose to use this functionality to access the Platform, the third party site or application may send Personal Information about you to the Platform. If so, we will then treat it as Personal Information under this Privacy Policy. You should review the applicable third party privacy policies before using such third party tools on our Platform, and we are not responsible for these parties’ practices.

Some social networking services may facilitate registration or enhance or personalize your experience on our Platform. This includes if you “follow,” “like,” or link your social networking account to our Website. Your decision to use a social networking service in connection with our Platform is voluntary. You should make sure you are comfortable with the information your third-party social networking services may make available by reviewing the privacy policies of those providers and/or modifying your privacy settings directly with those networking services.

Children

The Platform does not offer products or services to children and we do not knowingly collect any Personal Information from children younger than the age of thirteen (13). We will delete any Personal Information collected that we later determine to be from a person younger than the age of 13. If you believe that we may have inadvertently collected personal information from or about a child under the age of thirteen 13, please send us an email at privacy@pathai.com or call us at (617) 500-8457.

Sharing of Personal Information with Third Parties

We may share Personal Information with third parties under various circumstances, including as described in the chart above or elsewhere in this Privacy Policy. We do not, however, share your Personal Information with third parties for those third parties’ marketing purposes.

When You Request Information from or Provide Information to Third Parties

You may be presented with an option on the Platform to receive certain information directly from third parties or to have us send certain information to third parties or give them access to it. In these instances, your Personal Information and other information may be disclosed to third parties and all the information you disclose will be subject to the privacy policies and practices of such third parties. In addition, third parties may store, collect or otherwise have access to your information when you interact with their tracking technologies, content, tools, apps, or advertisements on the Platform or link to them from our posting or content sharing tools. We are not responsible for the privacy policies and practices of such third parties, and therefore you should review their privacy policies prior to providing information to, or otherwise interacting with, them.

Customers and Third Parties Who Perform Services on Our Behalf

We may share Personal Information with our service providers or contract partners in connection with the products or services we provide or when you have agreed to provide services to us. We also may share Personal Information with third parties who are part of a network of providers or who perform services on our behalf. This includes, without limitation, third parties that: provide direct services to you; host the Platform; operate certain functions or features of the Platform; archive data; send communications; analyze data; provide other services or functions on our behalf, including payment processing, business analytics, credential verification services, customer service, marketing, employment or hiring-related activities, data security functions, and fraud prevention.

Affiliates, Business Transfers and Corporate Changes

We may share Personal Information, Demographic Information and Platform Usage Information with our affiliates and in connection with a merger, consolidation, or restructuring, the sale of substantially all of our ownership interests and/or assets, or other corporate change.

Administrative and Legal Reasons

We also may disclose and transfer Personal Information to third parties if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

Sharing of Non-Personal Information

We also may share information that is not Personal Information, such as aggregated user statistics and de-identified information derived from Personal Information, with third parties for any purpose.

In addition, we may share information we have collected about you, including Personal Information, with your consent or as disclosed at the time you provide the information or as otherwise described in this Privacy Policy.

Third Party Content and Links on the Platform

The Platform may contain content that is supplied by third parties, and those third parties may collect Platform Usage Information when pages from the Platforms are served to you. In addition, when you are on the Platform, you may be directed to other sites operated and controlled by third parties that we do not control. We are not responsible for the data collection and privacy practices used by any of these third parties or their sites. We encourage you to note when you leave the Platform and to review the third party privacy policies of all third party locations and exercise caution in connection with them.

Your Access to and Control over Personal Information

You are responsible for maintaining the accuracy of the information you submit to us, such as your contact information provided as part of registration. The Platform may allow you to review, modify, correct or update Personal Information you have provided through the Platform’s settings interface or otherwise, and you may provide registration updates and changes by contacting us at the email address or phone number below. At any time, you also may contact us at the email address or phone number below to ask that we remove your name, contact information and email address from our databases. We will make good faith efforts to make any requested changes or removals in our then active databases as soon as reasonably practicable.

It is not always possible to completely remove or delete all of your information from our databases, and residual data may remain on backup media or we may retain it for other reasons as permitted by law. When you edit your Personal Information, information that you remove may persist internally for our administrative purposes. Note that if you request us to delete or remove any data, you may be unable to use certain features of the Platform or to communicate with us via the Platform. Further, we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect or if we cannot confirm the identity of the person making a request. We also may retain, and not delete, information for internal reasons such as to provide a service, perform obligations under, or receive the benefit of, a contract, for evidentiary purposes, to protect against fraud or improper attack, or if we need the information for internal purposes such as keeping records of any medical services or devices.

NOTICE TO CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS

This section is applicable to residents of California. Please note that the following only applies to permanent residents of California:

California Civil Code Section 1798.83

A California resident who has provided personal data to a business with whom he/she has established a business relationship for personal, family, or household purposes (a “California Customer”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal data, upon receipt of a request by a California Customer, the business is required to provide a list of all third parties to whom personal data was disclosed in the preceding calendar year, as well as a list of the categories of personal data that were disclosed. California Customers may request further information about our compliance with this law by mailing us at the physical address or email address set out in the “Contact Us” section below. Please note that we are only required to respond to two requests per California Customer each year under Code Section 1798.83.

The California Consumer Privacy Act

This section of our Privacy Policy provides California residents with a comprehensive description of PathAI’s online and offline practices regarding the collection, use, disclosure, and sale of personal information and the rights of California consumers regarding their personal information under the California Consumer Privacy Act (“CCPA”). “Personal information,” for purposes of this section regarding the rights of California residents, does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. This section applies to all California residents (but not including legal entities, such as companies). The section will not apply, however, if PathAI does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CCPA does not protect information that is already protected by certain other privacy laws, and it does not protect information that is already publicly available).

1. You have a Right to Know about Personal Information Collected, Disclosed, or Sold. 

California residents have the right to request that PathAI disclose what personal information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request a listing of the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you.

If you would like the above information, you may contact us through our webpage or customer service. Contact information is at the bottom of this Privacy Policy. When you make a request under your Right to Know, you can expect the following:

a. We will verify your identity. You may need to provide us with the following information – your name, your email, your address, name of institution where you have received medical services or participated in research – in order for us to verify that you are who you say you are.

b. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.

c. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

d. In certain cases, a Request to Know may be denied, for example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

In the last 12 months, PathAI has collected the categories of personal information from individuals from the sources set forth in the chart above.

PathAI does not sell the personal information of minors under 16 years of age.

2. You have a Right to Request Deletion of Personal Information about You.

California consumers have a right to request the deletion of their personal information collected or maintained by PathAI. If you would like information about you to be deleted, you may contact us through our webpage or customer service. Contact information is at the bottom of this Privacy Policy. When you make a request for deletion, you can expect the following:

a. After you request deletion, you will need to confirm that you want your information deleted.

b. We will verify your identity. You will need to provide us the following information – your name, your email, your address, name of institution where you have received medical services or participated in research.

c. We will confirm our receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.

d. We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.

e. In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity, the law requires that we maintain the information (e.g., in case of a recall) or if we need the information for internal purposes such as keeping records for potential recalls. If we deny your request, we will explain why we denied it and delete any other information that is not protected from deletion.

f. Right to Opt-Out of the Sale of Personal Information

California consumers have a right to opt-out of the sale of their personal information by covered businesses. PathAI does not sell personal information, however.

3. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have a right not to receive discriminatory treatment by PathAI for exercising any of your privacy rights conferred by the CCPA. PathAI will not discriminate against any California consumer because such person exercised any of the consumer’s rights under CCPA including, but not limited to:

a. Denying goods or services;
b. Charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties;
c. Providing a different level or quality of goods or services;
d. Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.

PathAI may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided by your data.

4. Authorized Agents
If you would like, you may designate an authorized agent to make a request under the CCPA on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.

5. Contact Information
To request additional information, or make any of the requests described above, you may call us or contact us through our website as described in the “Contact Us” section below.

NOTICE TO RESIDENTS OF THE EUROPEAN UNION (“EU”), UNITED KINGDOM (“UK”) AND OTHER NATIONS WITH SIMILAR PRIVACY LAWS

Individuals residing in the EU are protected by the General Data Protection Regulation (“GDPR”) and individuals residing in the UK and certain other countries enjoy similar rights under the Data Protection Act 2018 (as amended) and other local UK laws (together with the GDPR, “International Privacy Laws”). In the event that we collect “Personal Data” (as defined in relevant International Privacy Law) that is subject to International Privacy Law, this section will apply. Terms in this section are to be understood in a manner consistent with International Privacy Law including the definition of such term in such law. Such term may have a different definition or meaning in other portions of this Privacy Policy because International Privacy Law may not apply to those sections.

Identification of Data Controller

The GDPR makes a distinction between organizations that process personal data for their own purposes (known as “Data Controllers”) and organizations that process personal data on behalf of other organizations (known as “Data Processors”). PathAI acts as a Data Controller for information where PathAI determines the nature and purpose of the processing, e.g., for information you enter when you register an account on our website or the information you submit when purchasing a service directly from PathAI. PathAI may be a Data Processor if it acts on behalf of a third party.

Identification of Data Protection Officer and Contact Details:

Christian Krautkramer, Chief Compliance Officer, PathAI

Identification of Primary Member State Supervisory/Data Protection Authority

You have the right to lodge a complaint regarding the processing of your Personal Data with us by contacting our Data Protection Officer listed above. You also may lodge a complaint with the Data Protection Authorities in the Member State where you habitually reside, work, or where an infringement occurred. You can find a list of Data Protection Authorities here.

Identification of Data Protection Representative

PathAI takes the protection of personal data seriously, and has appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries, the UK, and Norway & Iceland in the European Economic Area (EEA), so that PathAI’s customers can always raise the questions they want with them. DataRep has locations in Dublin, Ireland and London, UK.

If you want to raise a question to PathAI, or otherwise exercise your rights in respect of your Personal Data, you may do so by contacting our Data Protection Officer listed above or by:

Austria: DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Belgium: DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium

Bulgaria: DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria

Croatia:  DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia

Cyprus:  DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus

Czech Republic:  DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic

Denmark:  DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark

Estonia:  DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia

Finland:  DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland

France:  DataRep, 72 rue de Lessard, Rouen, 76100, France

Germany:  DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany

Greece:  DataRep, 24 Lagoumitzi str, Athens, 17671, Greece

Hungary:  DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary

Iceland:  DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland

Ireland:  DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Italy:  DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy

Latvia:  DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia

Liechtenstein:  DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria

Lithuania:  DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania

Luxembourg:  DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg

Malta:  DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta

Netherlands:  DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands

Norway:  DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway

Poland:  DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland

Portugal:  DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal

Romania:  DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania

Slovakia:  DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia

Slovenia: DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia

Spain: DataRep, Calle de Manzanares 4, Madrid, 28005, Spain

Sweden: DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden

United Kingdom: DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

Processing Categories, Purposes and Recipients

PathAI processes the categories of Personal Data for the lawful purposes set forth in the chart above. We also may disclose your Personal Data as set forth in the above chart.

The purposes/lawful bases for our processing of data, as listed in the chart, may include the following:

  1. With Your Consent: We may process your Personal Data with your consent. If we are processing Personal Data based on your consent, you have the right to withdrawal that consent at any time.
  2. To Perform a Contract: We may process Personal Data to provide a service to you in furtherance of your choices and to fulfill the terms of a contract of which you are a party or to take steps in response to your interest in entering into an agreement with PathAI.
  3. Compliance with a Legal Obligation: If we are under a legal obligation, we may process your Personal Data as is necessary to comply with the obligation.
  4. Vital interests: We may process Personal Data if needed to protect your vital interests or those of another individual, e.g., where needed in order to protect individuals from harm.
  5. Public Interest: We may process Personal Data as necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in PathAI.
  6. Legitimate Interests: We may process Personal Data where necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of Personal Data.

Recipients of Personal Data

As set out in the chart above, we share your Personal Data with our service providers on the basis set forth in the chart, e.g., based on your consent or in order to provide our services. The recipients of your Personal Data include our third party data processors, which include but are not limited to laboratory subcontractors and data administrators or cloud providers. When we share your Personal Data with these third party vendors, we do so subject to a Data Protection Agreement to ensure that they are in compliance with the requirements of International Privacy Laws.

These recipients may process Personal Data for the following purposes:

  1. Subject to your choices, in order to offer you products from our affiliates, strategic partners, agents, or from third-party marketers and other unaffiliated parties that we believe may be of interest to you.
  2. Subject to the execution of a Data Protection Agreement, to unaffiliated third-party service providers, agents, or independent contractors who help us maintain our services and with other administrative services (including, but not limited to, order processing and fulfillment, providing customer service, maintaining and analyzing data and sending customer communications on our behalf).
  3. To comply with law, or in the good faith belief that such action is necessary to conform to the requirements of law, or to comply with legal process served on us, and to protect and defend our rights or property, or to act in urgent circumstances to protect the personal safety of you and our other visitors.
  4. To third parties as part of a corporate reorganization process including, but not limited to, mergers, acquisitions, and sales of all or substantially all of our assets.
  5. To track and analyze non-identifying, aggregate usage and volume statistical information from our visitors and customers and provide such information to third parties.

Onward transfer

When we transfer Personal Data from the EU, UK, Norway, Iceland, or similar jurisdictions to entities within our organization located outside of the source country, we rely on either standard contractual clauses or a privacy shield to help establish adequate safeguards. If we transfer Personal Data from such a country to another party located outside the source country, we will rely on a legal framework that provides appropriate safeguards, which could include standard contractual clauses or privacy shields.

Data Integrity

PathAI is responsible for ensuring that: (a) Personal Data collected is accurate, complete, current and reliable for its intended uses; and (b) Personal Data is retained only for as long as is necessary to accomplish the legitimate business purposes disclosed to the Data Subject and for any compatible purposes. PathAI will cooperate with reasonable requests for assistance in meeting these obligations.

Retention of Personal Data

PathAI works to assure that Personal Data obtained by PathAI is adequate, relevant and not excessive in relation to the purposes described in this Privacy Policy. The Personal Data is processed for purposes specified herein and will only be processed consistent with these purposes described herein. PathAI will request only the minimum amount of information required to perform the applicable services and will retain such information only for as long as necessary to provide the services or for compatible purposes, such as to provide additional services, to comply with legal requirements, or to preserve or defend PathAI’s legal rights.

Right of Access to your Personal Data

Data Subjects have the right to access the Personal Data an organization holds about them. If such Personal Data is inaccurate or processed in violation of International Privacy Laws, a Data Subject may also request that Personal Data be corrected, amended or deleted. To request access to, or correction, amendment or deletion of, Personal Data, Data Subjects should contact PathAI’s Data Protection Officer (listed above). PathAI will cooperate with all reasonable requests to assist Data Subjects to exercise their rights as required under International Privacy Laws.

Choice

To the extent that processing of Personal Data is based on your consent, you have the right to withdraw that consent at any time, though any processing before you withdraw your consent will still be considered lawful.

Automated Decision-Making

PathAI utilizes machine learning and other types of artificial intelligence as part of its services. It does not, however, undertake decisions about individuals based on automated processing, and such artificial intelligence is utilized only to perform its services and/or based on your consent.

Security

We incorporate commercially reasonable safeguards to help protect and secure your Personal Information. All communications between our servers are encrypted in transit, and we take measures to protect the integrity of our servers and the data they collect, including but not limited to firewalls, access control lists, logging and monitoring, network isolation, and a variety of host hardening techniques.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for choosing a secure password and keeping this password confidential. We ask you not to share your password with anyone.

However, no data transmission over the Internet, mobile networks, wireless transmission, or electronic storage of information can be guaranteed to be completely secure. Please consider this prior to submitting Personal Information to us via the Platform.

Platform Operated in the United States

The Platform is operated in the United States. If you are located outside of the United States, please be aware that information we collect, including Personal Information, will be transferred to, and processed, stored and used in the United States. The data protection laws in the United States may differ from those of the country in which you are located, and your Personal Information may be subject to access requests from governments, courts, or law enforcement in the United States or elsewhere according to local laws. By using the Platform or providing us with any information, you consent to the transfer to, and processing, usage, sharing and storage of your information, including Personal Information, in the United States as set forth in this Privacy Policy.

Contact Us 

If you have questions about the Platform or this Privacy Policy, or wish to make a request regarding your data, you may contact us at:

PathAI, Inc.

Attn:  Chief Compliance Officer & Privacy Officer
1325 Boylston St., Suite 10000
Boston, MA  02215

privacy@pathai.com

(617) 500-8457

PathAI Notice of Health Information Privacy Practices

This Notice applies to PathAI (“PathAI, Inc.,” “PathAI Diagnostics,” “Poplar Healthcare LLC,”) and its affiliate Poplar Healthcare PLLC, (together “PathAI,” “we”, “us” or “our”) and explains to all individuals (“you,” “your”) your rights, your choices, our uses and disclosures, and our responsibilities related to how information about you and your health care status may be used in order to provide you, your physician, or other members of your health care team with products and services, including but not limited to, diagnostic anatomical pathology, cytology, molecular and genetic pathology, clinical chemistry, microbiology, hematology, coagulation, flow cytometry, cytogenetics, biochemical genetics, surgical and anatomic pathology, cytology, tissue typing, transfusion medicine, and blood donor services (“Services”) as well as engaging in research related to how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.  

• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

• The State of Tennessee requires us to provide a you or your representative a copy of your test report within 10 working days of a request made to us in writing.

• We will comply with any applicable state laws that require greater limits on disclosures.

Ask us to correct your medical record• You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.

• We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.

•We will make every effort to fulfill reasonable requests.

Ask us to limit what we use or share•  You can ask us not to use or share certain health information for treatment, payment, or our operations.
• We are not required to agree to your request, and we may say “no” if it would affect your care.
• We are not required, and may be limited by law, to provide you with physical materials related to our products or services (including tissue, specimens, or other biological materials). We may provide certain physical materials as part of legal proceedings (see below).
•  If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer.
•  We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information•  You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.  
•  We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice•  You can ask for a copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.  
•  We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you think your rights are violated•  We take any concerns about the way your health information is used, including if you believe if your rights have been violated. In many cases, we may be able to provide you with additional information.  We encourage you to contact us to discuss your concerns.
• While we encourage you to contact us first, you may also file a complaint with the US Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
• We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:• Share information with your family, close friends, or others involved in your care

• Share information in a disaster relief situation• Include your information in a hospital directory •Contact you for fundraising efforts If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:• Marketing purposes

•Sale of your information• Most sharing of psychotherapy notes • Some research (see below).

In the case of fundraising:• We may contact you for fundraising efforts, but you can tell us not to contact you again.

Our Uses & Disclosures

How do we typically use or share your health information? We typically use or share your health information in the following ways.

Treat you•  We can use your health information and share it with other professionals who are treating you.Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Run our organization• We can use and share your health information to run our practice, improve your care,

 

and contact you when necessary.

Example: We use health information about you to manage your treatment and services.
Bill for your services•  We can use and share your health information to bill and get payment from health plans or other entities.Example: We give information about you to your health insurance plan so it will pay for your services.

How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and

research. We comply with legal obligations before we share your information for these purposes. For more information visit the US Department of Health and Human Services Health Information Privacy site.

Help with public health and safety issues•  We can share health information about you for certain situations such as:

•  Preventing disease •  Helping with product recalls •  Reporting adverse reactions to medications •  Reporting suspected abuse, neglect, or domestic violence •  Preventing or reducing a serious threat to anyone’s health or safety

Do research•  We may use or share your information for health research, including research conducted within PathAI, Inc, Poplar Healthcare LLC, or Poplar Healthcare PLLC.  

•  When we use or share your information, we comply with all applicable laws. •  Unless you have provided specific consent, or we are otherwise permitted under a waiver of consent, we will not provide personal health information about you to a third party for the purpose of conducting research. •  We will not share personally identifiable information about you with any organization outside of PathAI, Inc., or its affiliates or subsidiaries, including Poplar Healthcare LLC, or Poplar Healthcare PLLC.

Comply with the law•  We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests•  We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director•  We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests• We can use or share health information about you:  

•  For workers’ compensation claims •  For law enforcement purposes or with a law enforcement official, subject to individual federal or state laws, and only as required by law •  With health oversight agencies for activities authorized by law •  For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions•  We can share health information about you in response to a written court or administrative order. A court or administrative order is signed by a judge or similar officer, or by an official of an administrative body, and compels us to provide certain information to them. We may also provide your sample, tissues, or specimen for evaluation or analysis, although all original samples, tissues, or specimens remain our property.  

•  We may also share information in response to a subpoena. A subpoena is a written document issued by a county clerk or an attorney who is representing a party to a lawsuit or potential lawsuit. However, before responding to a subpoena, we must receive evidence that there were reasonable efforts to notify you so you may object to the disclosure, or to seek a qualified protective order for the information from the court. •  In both cases, we will only disclose the information specifically described in writing,

Our Responsibilities

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to this Notice

We can change the terms of this notice at any time, and the changes will apply to all information we have about you. The new notice will be available upon request.

If you have questions about this Notice you may contact us at:

For PathAI

Chief Compliance Officer & Privacy Officer
1325 Boylston St Suite 10000
Boston, MA 02215
privacy@pathai.com
(617) 500-8457

For PathAI Diagnostics

Compliance Manager
3495 Hacks Cross Road
Memphis, TN  38125
dxcompliance@pathai.com
(901) 473-0606

PathAI Diagnostics Notice of Patient Billing Practices

This Notice applies to PathAI Diagnostics (“PathAI Diagnostics,” “Poplar Healthcare LLC,”) and its affiliate Poplar Healthcare PLLC, (together “PathAI Diagnostics,” “we”, “us” or “our”) and explains to all individuals (“you,” “your”) your rights, your choices, our uses and disclosures, and our responsibilities related to how information about you and your health care status may be used in order to bill and collect payment for related services. PathAI Diagnostics participates in most major health plans in the United States. PathAI Diagnostics, by being an in-network provider, reduces the cost of healthcare to patients and their employers, while providing a high level of quality and service.

We may charge your insurer, or you, when providing diagnostic health care services. We may share information about your health status, or the services we provide, with your physician, insurer, or other members of your health care team in order to perform (and bill for) services including diagnostic anatomical pathology, cytology, molecular and genetic pathology, clinical chemistry, microbiology, hematology, coagulation, flow cytometry, cytogenetics, biochemical genetics, surgical and anatomic pathology, cytology, tissue typing, transfusion medicine, and blood donor services (“Services”). Please review this Notice carefully.

PathAI Diagnostics Patient Self-Pay Fee Schedule

Your Rights and Protections Against Surprise Medical Bills

When you get emergency care or are treated by an out-of-network provider at an in-network hospital or ambulatory surgical center, you are protected from balance billing. In these cases, you shouldn’t be charged more than your plan’s copayments, coinsurance and/or deductible.

What is “balance billing” (sometimes called “surprise billing”)?

When you see a doctor or other health care provider, you may owe certain out-of-pocket costs, like a copayment, coinsurance, or deductible. You may have additional costs or have to pay the entire bill if you see a provider or visit a health care facility that isn’t in your health plan’s network. “Out-of-network” means providers and facilities that haven’t signed a contract with your health plan to provide services.

Out-of-network providers may be allowed to bill you for the difference between what your plan pays and the full amount charged for a service. This is called “balance billing.” This amount is likely more than in-network costs for the same service and might not count toward your plan’s deductible or annual out-of-pocket limit.

“Surprise billing” is an unexpected balance bill. This can happen when you can’t control who is involved in your care—like when you have an emergency or when you schedule a visit at an in-network facility but are unexpectedly treated by an out-of-network provider. Surprise medical bills could cost thousands of dollars depending on the procedure or service.

You’re protected from balance billing for:

You’re never required to give up your protections from balance billing. You also aren’t required to get out-of-network care. You can choose a provider or facility in your plan’s network.

Please note that certain states, including the one where you reside or receive health care, may also have balance billing laws or requirements or state-developed language regarding applicable state law requirements.

When balance billing isn’t allowed, you also have these protections:

Refunds

If you have made a payment via the online web portal and it has been found that an overpayment has been made, PathAI Diagnostics will issue a refund to the original credit/debit card used to make the initial payment. All credit refund request must be made by contacting PathAI Diagnostics billing department.

Refunds may result from the following:
• Overpayment
• Duplicate payment received
• Additional payments issued by the insurance carrier

Please allow 7 days for the processing of all refunds to be issued.

Commitment to Privacy
PathAI Diagnostics is committed to honoring the privacy of the individuals using the online payments portal. Your Personal Information is covered by the PathAI Privacy Policy and the PathAI Notice of Health Information Privacy Practices.

The Information We Collect
This notice applies to all information collected or submitted via the website for the purposes of billing for and collecting payments related to the services we provide to you. You can make request, pay bills, and register. We collect personal information that uniquely identifies such as: name, address, billing information, email address, phone number, and credit/debit card information. We protect your information and will not disclose, rent, sell or share any information used to process your payments related to the services we provide to any third parties for marketing purposes.

Medical Information
We may use and disclose medical information to ensure treatment and services you receive may be billed to and payment may be collected from you, an insurance company, or a third party. We may share your information with other health care providers that may treat you.

Using Data for Payment Processing
We use the personal and health information we collect to process your request, authenticate you, and inform you of relevant services or information.

Delivery and Timing

PathAI Diagnostics readily accepts payment for service bills using any of the following methods: Visa, or MasterCard, personal check, or money order.

You may mail any payments to:

PathAI Diagnostics
PO Box 1000
Department 461
Memphis, TN 38148

For questions about this Notice, or the bill you have received, or the payment you have been charged by PathAI Diagnostics, please contact us at:

PathAI Diagnostics Billing Collections
3495 Hacks Cross Road
Memphis, 38125
dxbilling@pathai.com
(888) 274-7956

If you believe you have been wrongly billed, we recommend you call our Billing team at (888) 274-7956. We can help explain your charges and, where appropriate, quickly resolve any errors or address other concerns. You also have the right to contact your state health agency responsible for enforcing your state’s balance or surprise billing protection laws. You may also visit www.cms.gov/nosurprises/consumers for more information about your rights under federal law, or may call 1-800-985-3059.