CGI Privacy Policy 2017-09-13T21:08:05+00:00

CGI Privacy Policy

This Privacy Policy describes what information the Center for Genomic Interpretation (“CGI”) gathers from you as you use CGI Services and how we protect that information. By using the Services provided by CGI, you consent to the specifics of this Privacy Policy. Your use of these Services is governed by the privacy laws and regulations of The United States and the State of Utah, where CGI is physically located.

This Privacy Policy is wholly a part of the CGI Terms of Service. The word “Services” refers to your use of the CGI website, genetic test evaluation services, genetic counseling services, services to resolve or clarify genetic test results such as variants of uncertain significance, or any of the other services provided by CGI


What Information Do We Collect?

Account generation or submission of genetic test report or other information to CGI results in the collection, storage, and utilization of different categories of personal information. Additional information may also be requested by CGI. This information is de-identified:

  • Personally Identifiable Information (PII) — this may include, but is not limited to name, email address, mailing address, phone number, and credit card/billing information, date of birth, and geographic regions of residence.
  • Protected Personal and Family Health Information (PHI) —  this may include, but is not limited to ancestry and genealogical information; age and sex; personal and family health and medical history and any known genetic variants in yours or your family’s history.
  • Healthcare Provider Information — information about your specific healthcare providers patients and practices (NPI numbers; fax numbers; names, job titles, and contact information of providers involved in an individual’s care).
  • Client Support Information– this may include questions or comments directed to CGI via or via other communication.

Why Do We Collect This Information?

Your information is collected by CGI in order to provide the service that you have ordered, additional services or information that you request, and client support. Additionally, CGI may use information in its de-identified format in consulting situations and in research and development.  The information is used to improve CGI’s knowledge base and the quality of the variant classification science in general.

Use of Online Services

Information may be collected while using online services with CGI such as . This may include:

  • Cookies — One or more of these files, which are small strings of alphanumeric characters, may be sent to your device when you access Both session (deleted when you close your browser) and persistent cookies (remain during future visits to the site) may be used. Services may not function correctly if you have disabled cookies on your browser (visit the “Help” or “Settings” section of your browser to. “Do Not Track” requests supported by some browsers (safari, firefox, chrome, and internet explorer) may or may not be supported by .
  • “Analytics Information”– This is automatically collected information that may improve and/or customize your experience. It may include IP address or other device identification; web browser; information regarding other pages that you have visited; the dates and times at which you access the website or services.

Privacy of Children

If you are under the age of 13 years old you are NOT AUTHORIZED to access and if you are under the age of 18 years of age you are NOT AUTHORIZED to order any CGI services. If you become aware that your child has created an account on or contracted CGI services please contact and action will be taken to correct the problem.

Data Security

Any genetic test result information or other PII or PHI that is provided to CGI through the CGI website, data uploads, email communications, or other means is freely provided and therefore not subject to HIPAA guidelines (


In time, all data collected and stored by CGI will be stored by cloud-based, third-party services. CGI does not intend to store any information on internal services long term. CGI’s partnership for cloud computing and data security is based on decisions that prioritize your privacy and the effectiveness of data use.


Despite these security measures, the disclosure of information involved in the use of CGI’s website and services is not without risk. CGI is not liable for any information that you transmit and furthermore is not liable for any alteration, destruction, or breach of CGI data due to a physical or electronic intrusion. You acknowledge and agree that CGI cannot be held accountable for the safety of your information unless a lack of safety is due to gross negligence internally at CGI.


In the event of a security breach CGI will comply with all federal and state reporting requirements.

International Users

CGI services are hosted in the United States (US), but are not limited access only from within the US. If you are contracting services from another region of the world, then by your using the service you agree and acknowledge that:

  • Your information is transferred, processed, and stored outside the US.
  • US laws concerning data privacy, collection, use, processing, and storing are applicable to your information and your use of CGI services.
  • You permit your personal information to be used for the purposes outlined in the Terms of Service and Informed consent.
  • You verify that you are not violating any export ban or legal restriction in your country of residence and accept liability for to that effect.


If you reside outside the US in some jurisdictions you may have the option of requesting that your personal information be deleted from CGI storage at any time (depending on the applicable laws in the jurisdiction in which you reside). Such a deletion will effectively cancel your service with CGI and no result will be delivered. We are able to delete your personal information from active versions of our databases, archived versions will contain this information (per compliance with legal and regulatory obligations). Information that is de-identified may not be retrievable (i.e. during or after certain processing or storage of the information). If you elect to have your personal information deleted from our active databases, contact us at

Changes to this Policy

You are responsible to be aware of any changes made to this Policy, which may be periodically updated from time to time. If CGI modifies the policy, we will make an updated version available through the same communication with which we are delivering the service, clearly indicating the date the latest revision. If a modification would materially alter your rights or obligations hereunder, we will take reasonable measures to ensure that you are notified of the change. By using and continuing to use CGI services you indicate that you have read, understood, and agree to any updated service policy.


Additionally, you consent to the transfer of your data in the event of a business transaction in which the leadership or ownership of CGI. Any pre-existing privacy policy to such an event would dictate the use of your information.