Fueling discovery with data.

GENOMA BIOINFORMATICS LLC
COMPLIANCE POLICIES
Last Updated: February 26, 2025

1. GDPR Compliance Policy

  1. Scope: This policy applies to all personal data processed by Genoma Bioinformatics LLC that is subject to the General Data Protection Regulation (GDPR).
  2. Data Protection Principles:
    • Lawfulness, fairness, and transparency.
    • Purpose limitation (data is collected for specified, explicit, and legitimate purposes).
    • Data minimization (only necessary data is collected).
    • Accuracy (data is kept accurate and up to date).
    • Storage limitation (data is retained only as long as necessary).
    • Integrity and confidentiality (data is protected against unauthorized access or disclosure).
  3. Data Subject Rights:
    • Right to access, correct, and delete personal data.
    • Right to restrict or object to processing.
    • Right to data portability.
  4. Data Protection Officer (DPO):
    • Data Protection Officer

2. HIPAA Compliance Policy

  1. Scope: This policy applies to all Protected Health Information (PHI) processed by Genoma Bioinformatics LLC that is subject to the Health Insurance Portability and Accountability Act (HIPAA).
  2. Business Associate Agreement (BAA):
    • We will sign BAAs with clients who provide PHI.
    • BAAs outline our responsibilities as a Business Associate under HIPAA.
  3. Safeguards:
    • Administrative safeguards (e.g., employee training, risk assessments).
    • Physical safeguards (e.g., secure facilities, access controls).
    • Technical safeguards (e.g., encryption, audit controls).
  4. Breach Notification:
    • Notify affected clients within 60 days of discovering a breach involving PHI.

3. Data Protection Policy

  1. Technical Measures:
    • Encryption of data during transmission and storage.
    • Regular security audits and vulnerability assessments.
    • Firewalls and intrusion detection systems.
  2. Organizational Measures:
    • Access controls to limit data access to authorized personnel.
    • Regular employee training on data protection.
    • Incident response plans for data breaches.

4. Data Breach Response Policy

  1. Incident Identification:
    • Monitor systems for unusual activity.
    • Investigate potential breaches promptly.
  2. Containment and Assessment:
    • Isolate affected systems.
    • Assess the scope and impact of the breach.
  3. Notification:
    • Notify affected clients and regulatory authorities as required by law.
  4. Remediation:
    • Implement measures to prevent future breaches.

5. Employee Training Policy

  1. Training Requirements:
    • All employees must complete annual training on GDPR, HIPAA, and data protection.
  2. Topics Covered:
    • Data protection principles.
    • Handling sensitive data.
    • Recognizing and reporting data breaches.
  3. Documentation:
    • Maintain records of employee training sessions.