Privacy | TapGenes
Select Page

What are TapGenes’ PHR data practices for

Family Health Tree and Personal Health Portraits?

Use this page to understand how TapGenes and our service providers release and secure your PHR Data.

Printable Version [PDF: 53 KB]

The TapGenes Privacy Policy describes how TapGenes treats Personal Information when you use its software, including information provided when you use TapGenes online at or when you use TapGenes from a mobile web browser or mobile application. In addition, the following describes our privacy practices that are specific to TapGenes, a service that helps you store, organize and share your personal health information.


You may use TapGenes to control which third parties can access your Personal Information through TapGenes. By default, you are the only user who can view and edit such information. If you choose to, you can share your information with others.

TapGenes will not sell, rent, or share your information (identified or de-identified), except with your permission or as described in this Privacy Policy, such as when TapGenes believes it is required to do so by law.

You can completely delete your Personal Information at any time. Deletion will be initiated immediately, and your information will be purged from your account shortly thereafter. Additional backup copies of deleted information may persist for a short time. Since deleted data will not be restored, you may want to print information before deleting it.


TapGenes uses information, including Personal Information, for internal and service-related purposes.

To store your information in TapGenes,  you will need a TapGenes Account. When you create a TapGenes Account, TapGenes asks for your email address and a password, which is used to protect your account from unauthorized access. You can use an existing TapGenes Account or create a new TapGenes Account specifically for this purpose.

TapGenes’ servers automatically record information about your use of TapGenes using logs, cookies, and other similar methods. Such information will be used to operate and improve the service and will not be correlated with your use of other TapGenes services.

TapGenes may de-identify Personal Information from your account and use it as part of an aggregated data set, called Statistical Data, when generating and publishing statistics. Statistical Data does not contain Personal Information.


If you share your Personal Information with others using TapGenes, you can view a list of who has access to such information and you can revoke sharing privileges at any time. When you revoke someone’s ability to read your Personal Information, that party will no longer be able to read your information, but may have already seen or may retain a copy of the information.

Through TapGenes, you can approve access for PHR Service Providers to view and copy your health information. If a PHR Service Provider accesses your health information and stores a copy of your information, that copy will be governed by that PHR Service Provider’s privacy policy. Others at that facility – like an on-call doctor – may be able to view your information. TapGenes is not responsible for the content, performance, or privacy policies of PHR service providers.

All entities covered by HIPAA are required to comply with HIPAA’s rules related to collection, use, and sharing of your information. All other third-party service providers used by TapGenes are contractually required to abide by the TapGenes policies, which require that they comply with strict privacy standards for how they collect, use, or share your information.



Do we release your PHR Data for these purposes?
We release… Personal DataStatistical Data
For marketing and advertising

For medical and pharmaceutical research

For reporting about our company and our customer activity

For your insurer and employer

For developing software applications

Do we require Limiting Agreements that restrict what third parties can do with your Personal Data?
Do we stop releasing your Personal Data if you close or transfer your PHR?


We have security measures
that are reasonable and appropriate to protect personal information, such as PHR Data, in any form, from unauthorized access, disclosure, or use.

Do we store PHR Data in the U.S. only?
Do we keep PHR Data activity logs for your review?

List of Terms

(Show all definitions)


“PHR” stands for a web-based Personal Health Record. A web-based PHR is an electronic health data application that can help you collect, manage, and share your health information. Web-based PHRs may be offered by a hospital, insurance company, employer, or a commercial vendor.

Back to Top


When you sign up for a PHR, you provide, or the PHR company or its service providers, import information about you that becomes the PHR Data. Any information in your PHR is considered PHR Data. PHR Data might include, but is not limited to:

  • Your name and contact information, such as your address, phone number, or email address
  • Your medical history, conditions, treatments, and medications
  • Your healthcare claims, health plan account numbers, bills, and insurance information
  • Demographic information, such as your age, gender, ethnicity, and occupation
  • Computer information, such as your IP address and “cookie” preferences

A PHR company (and its service providers) may use your PHR Data to:

  • Operate and manage its PHR platform, software, and website
  • Maintain and protect its computer systems
  • Comply with the law, such as responding to subpoenas and search warrants

Back to Top


Personal Data is any PHR Data that connects to you as an individual such as names, health conditions, and other identifiers.

Back to Top


Statistical Data is de-identified PHR Data that is 1) grouped so it does not connect to you as an individual and 2) has names and other identifiers removed or altered.

Back to Top


Personal Information includes your PHR Data, as well as any other information about you, that can be reasonably linked to you. Personal Information can also include but is not limited to your financial information or social security number.  Personal Information does not include data that cannot be reasonably linked to you.

Back to Top


Companies and their services providers might report about their business activities and their customers (you) to others, such as investors, auditors, potential business partners, or public communities.

Back to Top


Limiting Agreements are legally binding agreements that prohibit certain third parties, which are not the PHR Service Providers, from releasing your Personal Data or re-identifying individuals. Third parties can include advertisers, researchers, and others who receive PHR Data.

Back to Top


A service provider is an entity that is hired to perform certain functions for and operate under the direction and control of the PHR company. Service providers may include software or website designers and data storage providers.

Back to Top


Security measures can include computer safeguards, secured files, and employee security training. PHR companies may be required by law to notify you about particular data breaches.

Back to Top


When PHR Data is stored in the United States, U.S. law enforcement agencies may be able to prosecute if the data is stolen or breached.

Back to Top


Activity logs are the PHR company and its service providers’ records of when PHR Data is created, accessed, modified, deleted, released, or exported in the PHR program.

Back to Top
Contact TapGenes:

312.620.2395     |

The practices described in this notice only apply to TapGenes and its service providers. These practices do not apply to any other organizations, links, websites, programs, or applications that may be available through TapGenes or its service providers. Always read the policies of any company, website, application, or service where you provide your Personal Information.

We encourage you to learn more about our security policy by visiting our full security policy page.

Rev. February 29, 2016

Pin It on Pinterest

Share This