Skip navigation
Pay Bill Portals
Ver en Español

Natera’s Notice of Privacy Practices

Effective: December 2024

Your Information. Your Rights. Our Responsibilities.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
As a global leader in cell-free DNA testing, dedicated to oncology, women’s health, and organ health, Natera (“Natera,” “we” or “us”) is bound by a number of laws, regulations and requirements, to include the Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. Under HIPAA, Natera is required by law to maintain the privacy of health information that identifies you, called protected health information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI.
Protecting the privacy of PHI is an important part of Natera’s business, and we are committed to ensuring your confidentiality. Some state laws may offer more protection of your information than federal law while some federal law gives more protection than state law. In either case, we will apply the laws that protect your information the most.
Natera does not sell patient’s “Protected Health Information” (i.e., information protected by HIPAA, and processed by Natera as part of Treatment, Payment or Healthcare Operations), nor do we sell “Personal Information” of our customers as defined under state privacy laws (i.e., personally identifiable Information collected outside of Natera’s provision of healthcare services and not covered by HIPAA, such as an IP address collected when visiting our website, or information provided by a healthcare provider when they sign up to attend a Natera webinar).
Likewise, Natera does not share your “Protected Health Information” for marketing purposes unless you have given us your permission to do so.
What is Protected Health Information?
“Protected Health Information,” or “PHI,” is any information about you that may identify you and relates to your physical or mental health or condition, the provision of healthcare services to your, and/or payment for those services. Examples of PHI include your name, home address, date of birth, email address, phone number, insurance identification number, medical history, and laboratory test results. We receive PHI about you from healthcare providers who order our laboratory tests for you, and we create PHI when we provide and bill for our laboratory testing and other services. We retain your PHI as part of your medical record to continue to provide our services and to comply with legal requirements.
Our Responsibilities
  • We are required by law to give you notice of our legal duties and privacy practices concerning your PHI. This Notice describes your rights, as well as our rights and obligations to include disclosure of your PHI.
  • We are required by law to maintain the privacy and security of your protected health information, and utilize technical, physical and administrative safeguards to fulfill those requirements.
  • In most cases, when we make a disclosure of your PHI, we are required to adhere to HIPAA’s “Minimum Necessary” standard, which means that we must make “reasonable efforts” to limit the disclosure of your PHI to the “minimum necessary” needed to accomplish the intended purpose of the use or disclosure.
  • We will notify you in accordance with all applicable laws and timelines if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this Notice and give you a copy of it.
  • We will not use or share your health information other than as described here unless you tell us we can in writing. If you tell us we can, you may still change your mind at any time. Please let us know, in writing, if you change your mind.
Uses or Disclosures of your PHI.

We may use or disclose your PHI for certain purposes without your authorization, as set out in more detail below. In reading the purposes set out below, however, please keep the following in mind:

  • Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below.

      • Some of the uses and disclosures described below may be limited or restricted by state laws or other legal requirements, for example, the Clinical Laboratory Improvement Amendments of 1988 (CLIA). Please contact our Privacy Office, using the contact information provided at the end of this Notice, for specific information regarding your state.

Uses or Disclosures Without Your Authorization

Treatment, Payment and Healthcare Operations: The primary purpose for which we use and disclose your PHI without authorization are for your treatment, for billing, for collecting payment for services rendered and for healthcare operations.

  • Treatment. We may use or disclose your PHI to physicians, clinics, nurses, labs, and other health care professionals who provide you with health care services and/or are involved in the coordination of your care, such as providing your physician with your laboratory test results.
    • Example: Your health information may be provided to a health care provider to whom you have been referred so as to ensure that the health care provider has appropriate information regarding your previous treatments and diagnoses.
  • Payment. We may use or disclose of your PHI to bill and collect payment for laboratory or genetic counseling services that we provide.
    • For example, Natera may provide PHI to your health plan to receive payment for the health care services provided to you.
  • Healthcare operations. We may use or disclose your PHI when necessary to operate our organization and provide our services. Natera may also disclose PHI to other health care providers or health plans that are involved in your care for their health care operations.
    • For example, to evaluate the quality of our labs or testing, validating the accuracy of results, obtaining or maintaining our accreditation and for Natera’s operation and management purposes.
    • For example, Natera may provide PHI to manage disease, or to coordinate health care or health benefits.

Business Associates. We may provide your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are subject to specific written contracts, referred to as “business associate agreements”, which require them to maintain the privacy and security of health information.

  • Example: we may provide information to companies that assist us with billing for our services. We may also use an outside collection agency to obtain payment when necessary.

Compliance with law. We may share your PHI if state or federal laws require it, including with the Department of Health and Human Services or your state health regulator, in order to validate that we’re complying with all applicable privacy laws. We will share your information with health oversight agencies for activities authorized by law and for special government functions such as military and national security purposes.

De-Identified Information. We may use your PHI to create “de-identified” information, which means removing certain identifiers (as specified in HIPAA) so that it is unlikely that you could be identified. There are specific rules under the law about how to de-identify data, and what types of information need to be removed before information is considered de-identified. Once de-identified as required by law, information is no longer considered to be PHI, and we may use it for any lawful purpose.

Organ and tissue donation. We may share PHI about you with organ procurement organizations.

Public health and Safety. We may share PHI about you in order to protect you or the public, such as (note: we generally have to meet a number of conditions under the law before we are permitted to share your information for these purposes):

  • Preventing disease;
  • Helping with product recalls;
  • Disaster relief;
  • Reporting adverse reactions to medications;
  • Reporting suspected abuse, neglect, or domestic violence; and
  • Preventing or reducing a serious threat to anyone’s health or safety.

Respond to lawsuits and legal actions. We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Sale, Merger, etc. We may disclose your PHI if all or part of Natera is sold, merged, dissolved, acquired, or involved in a similar transaction.

Workers Compensation. We can use or share your PHI for workers’ compensation claims.

Work with a medical examiner or funeral director. We can share your PHI with a coroner, medical examiner, or funeral director, if you are deceased. Please note that HIPAA continues to provide your health information for up to 50 years after the date of your death.

Uses or Disclosures With Your Authorization

Highly Sensitive Information. Some types of medical information are particularly sensitive. Federal or state law may require us to obtain your written permission or, in some cases, a court order, to disclose that information. Examples include information dealing with matters such as genetic testing, HIV/AIDS, mental health (including psychotherapy notes), alcohol and substance abuse, or sexual assault.

Research (as defined by law). We may use or disclose your PHI for research purposes, as authorized by HIPAA. Natera may further use your PHI in preparation for conducting research, such as to develop a research plan or by reviewing records internally to identify qualified participants. Research is carried out in such a way that protects the confidentiality of your PHI, and may be conducted internally at Natera, or in collaboration with external researchers who are obligated by contract and/or HIPAA to protect your PHI. Natera may use or disclose PHI of deceased individuals for research purposes.

As a general rule, your written authorization is required before your PHI is used and disclosed for research purposes. Under certain conditions, however, your authorization may not be needed. For example, where an Institutional Review Board or Privacy Board with oversight of the research determines that the research poses minimal risk to your privacy, and that there is an adequate plan in place to safeguard your PHI. Likewise, your authorization may not be needed when the disclosure is in the form of a “limited data set” (a set of PHI that excludes certain identifiers).

We do not sell your protected health information, nor do we use or share your PHI for marketing purposes unless you have given us your permission to do so.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Right to Access Your PHI

  • You have the right to request an electronic or paper copy of your medical record and other health information we have about you. If you wish to exercise this right, please send an email to Customer Experience at support@natera.com or call us at 650-249-9090. You can also make such request by completing our Patient Medical Records Release Form and sending that Form to the appropriate email address identified at the bottom of the Form.
  • We will provide a copy of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
  • You can also request that your records be sent to a third party, including requesting that we share your PHI with a Health Information Exchange (HIE). If you make such request, we may charge reasonable expenses incurred with copying and mailing the records.

Right to Amend (Correct) Your PHI/Medical Record

  • You can ask us to correct health information that we hold about you, if you think it is incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing.

Right to Request How You are Contacted

  • You can ask us to contact you in a specific way (for example, home or office phone, physical mail to your address, electronic communication to your email account) or to contact you at an alternate address/location.
  • We will say “yes” to all reasonable requests.

Right to Limit What or How We Use or Share

  • You can request restrictions on how we use or share PHI for treatment, payment, or health care operations, and for other reasons as permitted by law (as discussed further below).
  • We are not required to agree to your request, and we may say “no” if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Right to an Accounting of Disclosures (i.e., a list of those with whom we’ve shared your PHI)

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations (i.e., routine disclosures not independently tracked since they are expressly intended by HIPAA), and certain other disclosures, such as any disclosures you directly asked us to make.
  • We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Right to a Copy of this Privacy Practices Notice

  • You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Right to Choose Someone to Act on Your Behalf

  • If you have given someone medical power of attorney or if someone has been appointed as your legal guardian, that person can access your PHI, exercise your rights, and make choices about the use and disclosure of your PHI.
  • We will make sure the person has this authority and can act for you before we take any action.
  • Your PHI continues to be protected by HIPAA for up to 50 years after death. As such, you have the right to designate a person (e.g., next of kin or a personal representative) to whom all communications, notifications and decisions regarding your PHI will be directed upon your death.

Right to File a Complaint if you Feel Your Rights Have Been Violated

  • You can complain by contacting us using the information below if you feel we have violated your rights.
  • You can also file a complaint with the Secretary of the U.S. Department of Health and Human Services (HHS). For more information about filing a complaint with HHS, you can visit their website at https://www.hhs.gov/ocr/complaints/index.html
  • We will not retaliate against you for filing a complaint.

You have a Right to Privacy in your Reproductive Healthcare

  • In some cases, and when required by law, before disclosing reproductive health care information Natera will require a requestor to attest that the use or disclosure of such information is not intended for a purpose prohibited by federal law.
  • For example, if Natera received a request from a police investigative agency seeking the PHI and test results of a previously pregnant patient who took Natera’s Panorama test (the Panorama test checks a baby’s risk for chromosomal abnormalities, such as Down syndrome), Natera would be prohibited from disclosing the requested PHI unless (and until) the law enforcement agency provided Natera with a signed attestation that the requested PHI is not being requested for purposes of conducting a criminal, civil, or administrative investigation into that patient relating to her reproductive healthcare choices.

Right to Request the destruction of your leftover sample(s), opt-out of the use of your sample for research and development

  • Although HIPAA does not cover biologic material such as sample(s), Natera does permit you to request that your sample(s) be destroyed after testing has been completed. If you wish to exercise this right, please send an email to researchoptout@natera.com
  • You also have the right to opt-out of the use of your sample for research and development. If you wish to exercise this right, please send an email to researchoptout@natera.com
  • Please note that any opt-outs received will only be effective on a going-forward basis and will not be effective for any disclosures made prior to the data of Natera’s receipt of the opt-out.

Your Choices

For certain PHI, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions for all reasonable requests, unless the law requires us to do otherwise.

For any uses or disclosures of your protected health information not otherwise described in this Notice (below), we will only make those uses/disclosures after securing your written authorization (and you may revoke that authorization at any time).

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in your care. If you wish for us to share your health information with others you will need to complete a written and signed Patient Medical Records Release Form setting forth those choices
    • Download form
    • Natera is proud to offer a Patient Portal where you can access your test results at any time. If you’d like to share your records on your own, you can download your results in the Patient Portal and share at your convenience. You can access the Patient Portal at: https://my.natera.com/

    If you are not able to tell us your preference, we may go ahead and share your PHI information if we believe it is in your best interest. We may also share your PHI information when needed to lessen a serious and imminent threat to health or safety.

Contacting You

Calling, Texting and Emailing.

  • We may contact you via e-mail, cellular or home phone, by text message, automatic telephone dialing system, pre-recorded or synthetic voice messages, or computer assisted technology, about your testing, results, treatment options, billing/collection matters, health-related products, services, or studies, or other information relating to your healthcare. When we contact you in this manner, you will be given the opportunity to opt out of receiving similar communications going forward.
  • Consent to receive text messages is not required as a condition of purchasing any goods or services. Natera does not impose a separate charge for our texting programs, but your mobile carrier’s message and data rates may apply.
  • Our messages may include, but are not limited to, information about appointment reminders, billing, research opportunities, our products and services, treatment alternatives, your general health, and regulatory notices provided in lieu of first-class mail. To the extent that texts and emails may not be encrypted, there is a risk that someone else could read or access those messages. We therefore take steps to limit the amount of PHI that they contain.

Opt-Out Options

  • Opting-Out of Communications (i.e., email, SMS or automated phone calls):
    • If You have a Patient Portal Account, you can update your communication preferences, including opting out of receipt of text messages, emails and automated phone calls for all purposes (i.e. to include appointment reminders, billing, research opportunities, marketing communications relating to our products and services, treatment alternatives, etc.). You can access the Patient Portal at: https://my.natera.com/
    • If you don’t have a Patient Portal account, you can opt-out of receipt of text messages, emails and automated phone calls for all purposes (i.e. to include appointment reminders, billing, research opportunities, marketing communications relating to our products and services, treatment alternatives, etc.), by emailing us at: patientoptout@natera.com.
  • Please note: Even if you opt-out of the above communication channels:
    • Natera may still communicate with you through either phone calls or letters with regard to the provision of our services and/or billing for such services.
    • Natera reserves the right to determine the form and means of providing notifications to you for legally required notifications.
    • To the extent you initiate a communication with Natera using a particular communication medium (i.e., email, SMS or phone), Natera reserves the right to respond through that same medium. However, such transactional engagement will not alter your previous opt-out of that particular communication medium for future communications.

Fundraising.

  • We may contact you for fundraising efforts, but you can tell us not to contact you again.

Other communications.

  • We may contact you to tell you about other treatment options.
  • We may contact you to tell you about other health-related products and services.

For more information: click here.

Changes to the Terms of This Notice

We reserve the right to change the terms of this Notice, and those changes will apply to all health information we have about you. The new Notice will be available upon request, in our office, and on our web site.

Our Address and Other Contact Information

Privacy Officer
Natera, Inc.
201 Industrial Road, Suite 410
San Carlos, CA 94070
Tel: (877) 869-3052

icon-angle icon-bars icon-times