Notice of Patient Privacy Practices

Notice of Patient Privacy Practices of DermTech Operations, Inc.


DermTech Operations, Inc. (“DERMTECH”) is required, by law, to maintain the privacy and confidentiality of your protected health information (“PHI”) and to provide our patients with notice of our legal duties and privacy practices with respect to your protected health information.


Treatment – We may use your PHI to provide you with health treatment and services.

Payment – We may use and disclose your PHI so that the treatment and services you receive may be billed to and payment collected from you, your insurance company or a third party.

Worker’s Compensation – We may release your PHI in order to comply with the laws related to worker’s compensation or similar programs.

Emergencies – We may disclose your PHI to a friend or family member who is involved in your medical care in the event of an emergency.

Public Health Activities – We may disclose your PHI for the purposes of preventing or controlling disease, injury, disability, or death; reporting child abuse or neglect; reporting domestic violence; or to report problems or other adverse events with products and/or services to the U.S. Food and Drug Administration.

Lawsuits and Disputes – We may disclose your PHI in the course of any administrative or judicial proceeding.

Coroners, Medical Examiners and Funeral Home Directors – We may disclose your PHI to a coroner or medical examiner.

Organ Donation – We may disclose your health information to organizations involved in procuring, banking, or transplanting organs and tissues.

Research – Under certain circumstances, we may use or disclose your PHI for research purposes within DERMTECH and with research collaborators outside of the company who are under contract and are also obligated to protect PHI. All research projects at DERMTECH are subject to review by a committee responsible for ensuring the protection of individual research subjects, appropriate patient authorization, and an adequate plan to safeguard PHI.

Public Safety – We may use and share your PHI with persons who may be able to prevent or lessen a serious imminent threat to you, the public or another person’s health or safety.

Health Oversight Activities – We may release your health information to government agencies authorized to conduct audits and investigations. These government agencies monitor the operation of the health care system, government benefit programs such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.

Lawsuits and Disputes – We may disclose your health information if we are ordered to do so by a court or administrative tribunal that is handling a lawsuit or other dispute. We may also disclose your information in response to a subpoena, discovery request, or other lawful request by someone else involved in the dispute, but only if required judicial or other approval or necessary authorization is obtained.

Law Enforcement – We may disclose your health information to law enforcement officials for certain reasons, such as complying with court orders.

Business Associates – There are some services provided in our organization through contracts with business associates. Examples of business associates include independent sales representatives working with your doctor, accreditation agencies, quality assurance reviewers, and third parties equipped to deidentify and mask information.

Legal Requirements – We will disclose your PHI without your permission when required to do so by federal, state, or local law.

Clinical Trials and Other Research Involving Your Treatment – When a research study involves your specific treatment, we may disclose your PHI to researchers only after you have signed a specific written informed consent for research and a written authorization to conduct research. You do not have to sign the authorization in order to get treatment from DERMTECH, but if you do refuse to sign the authorization, you cannot be part of the research study.

Marketing – We cannot share your PHI with third parties for their own marketing purposes without your written authorization. However, in order to better serve you, we can provide you with marketing materials in a face-to face encounter without obtaining your authorization. We are also permitted to give you a promotional gift of nominal value if we so chose, without obtaining your authorization. In addition, we may communicate with you about products or services relating to your treatment, case management, or care coordination, or alternative treatments, therapies, providers or care settings without your authorization.

Sale – We will not sell your PHI to third parties. The sale of PHI, however, does not include a disclosure for public health purposes, for research purposes where we will only receive remuneration for our costs to prepare and transmit the health information, for treatment and payment purposes, for the sale, transfer, merger or consolidation of all or part of our company.


As part of your normal medical care, healthcare professionals may require access to your PHI. In the event of such a request, we will confirm that the healthcare provider is involved in your care by asking them to provide your full name and birth date.

You have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care. We are not required by law to agree to your request.

You may access a copy of this Notice on DERMTECH’s website.  You have a right to obtain an additional paper copy of this Notice of Patient Privacy Practices upon request.

You have a right to limit disclosure of your PHI to your health plan if you pay for DERMTECH’s services in full and request that your PHI not be disclosed to your health plan.

You may request access to your DERMTECH medical record and billing records maintained by DERMTECH in order to inspect and request copies of the records. All records will be maintained for a period of time mandated by applicable state and/or federal law. If you request copies, we may charge you a reasonable fee consistent with applicable law and may charge you for our postage costs. You have the right to request an amendment to your health record if you feel the information is incorrect or incomplete. Please note that even if we accept your request, we are not required to delete any information from your health record.

You have a right to obtain an accounting of disclosures of your personal health information made by DERMTECH.

You have a right to request your personal health information be communicated by alternative means or at alternate locations.

You have the right to be notified of a breach of your unsecured health information if the breach compromises the privacy and security of your information within sixty (60) days of the discovery of the breach. The notice will include a description of what happened, including the date, the type of information involved in the breach, steps you should take to protect yourself from potential harm, a brief description of the investigation into the breach, mitigation of harm to you and protection against further breaches and contact procedures to answer your questions.


DERMTECH reserves the right to amend this Notice of Patient Privacy Practices at any time in the future and will make the new provisions effective for all information that it maintains. Until such amendment is made, DERMTECH is required by law to comply with this Notice.

If you have questions about any part of this Notice or if you want more information about your privacy rights, please contact the Privacy Officer at DERMTECH by calling 1-866-450-4223.

If you believe your privacy rights have been violated, you may file a complaint with DERMTECH by calling 1-866-450-4223 or you may file a complaint with the Secretary of the Department of Health and Human Services, the California Department of Public Health, the College of American Pathologists at 1-866-236-7212, or the Centers for Medicare & Medicaid Services (CMS Central Office, Division of Laboratory Services (CLIA) at 1-877-267-2323 extension 63531. Within five (5) calendar days of receiving a patient’s complaint, DERMTECH shall notify the patient, using telephone, e-mail, fax, or letter format that it has received the complaint and that it is investigating. Within 14 days, DERMTECH shall provide written notification to the patient of the results of its investigation and response. DERMTECH shall maintain documentation of all complaints that it receives copies of the investigations and responses to beneficiaries. You will not be penalized for filing a complaint.


When communicating to us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Officer using the following contact information:

DermTech Operations, Inc.
ATTN: Privacy Officer
12340 El Camino Real
San Diego, CA 92130

The effective date of this DERMTECH Notice of Patient Privacy Practices is January 1, 2020.