LifeOmic Data Protection FAQ

LifeOmic Data Protection FAQ

Data is stored in secure, virtually air-gapped production environments hosted in Amazon Web Services (AWS). This includes a combination of Amazon Simple Storage Service (S3), Amazon Relational Database Service (RDS), and Amazon DynamoDB (a NoSQL database service). All platforms and services are HIPAA compliant.

Yes, all data is encrypted in transit and at rest. All data stored on LifeOmic platform is encrypted using strong 256-bit AES encryption. All data sent to and from the LifeOmic platform is encrypted using Transport Layer Security (TLS / HTTPS). These are industry standards used by the largest financial institutes and technology firms around the world. LifeOmic internal employees have no access to customer data in production by default. All access to production is restricted via multiple gates enforced by the security team.

Each customer’s data is logically separated at the database/datastore level using a unique identifier for the customer account. The separation is enforced at the API layer where the client must authenticate with a chosen account and then the account unique identifier is included in the access token and used by the API to restrict access to data to the account. All database/datastore queries then include this account identifier.

Additionally, LifeOmic platform implements Attributed-Based Access Control (ABAC) to grant access to data within each customer account. ABAC allows stronger and more granular data access / authorization policies compared to simple Access Control Lists (ACLs) and Role-Based Access Control (RBAC).

Customer data is retained for as long as the account remains active. Data enters an expired state when the account is closed. Expired account data will be retained for 14 days. After 14 days, the project/account and related data will be removed. Customers that wish to close their account should download their data manually or via the API prior to closing their account.

LifeOmic platform uses Amazon Cognito for Simple and Secure User Sign-Up, Sign-In, and Access Control. Multi-factor authentication (MFA) / two-step verification is fully supported. Customers are responsible for enabling it for their user account. It is highly recommended that all customers enable MFA in addition to using a strong password. Additionally, LifeOmic supports sign-in with social identity providers, such as Facebook and Google, and enterprise identity providers via SAML 2.0.

Multi-factor authentication, or MFA, is a strong authentication mechanism that uses at least two factors from these three categories:
– Something you know (e.g. password)
– Something you have (e.g. a token or smart device)
– Something you are (biometrics, e.g. fingerprint, retina, or facial scan)

Two-factor authentication (2FA) is one type, or a subset, of MFA.

Two-step verification / authentication, in comparison, leverages smart phones to send an SMS text message or direct push notification to an app installed on the device. This also significantly improves account security, but it is not a true form of 2FA/MFA.

For more information see:

LifeOmic platform is validated against numerous internal and external security assessments/audits every year, including HIPAA compliance audit and HITRUST CSF Certification.

Yes, penetration testing is conducted continuously throughout the year and with each major application change by both internal and external penetration testers, white hat hackers and security researchers.

LifeOmic software conforms to the highest standard of security throughout its development lifecycle, including:
– Security considerations and/or threat modeling are included during software design phase;
– Each code commit must be peer reviewed and approved by an engineer other than the author;
– Open source vulnerability scanning and static application security testing;
– Dynamic application security scanning and penetration testing; and
– Each deployment to production must undergo a change management approval process.

This secure DevOps process ensures security is built-in, not bolt-on to every component of LifeOmic software. Additionally, LifeOmic applications and services in production are protected by AWS Web Application Firewall, API Gateway, and Cloudfront to protect against cyber threats such as SQL injection, cross-site scripting (XSS) and distributed denial-of-service (DDoS) attacks.

LifeOmic platform is designed on a Micro-services Architecture, heavily leveraging Docker containers and AWS Lambda functions. The containers and Lambda functions are short-lived – they are spun up as soon as a request comes in and are terminated right after their job is complete. Each Lambda function is active for no more than five minutes. Each container or function operates in an individually isolated processing environment.

The ephemeral nature of our computational instances not only makes our services extremely scalable, but also virtually impenetrable. This operating model minimizes persistent attack surface and blast radius, making it virtually impossible for any Advanced Persistent Threat (APT) – the main culprit of most high profile cyber attacks – to gain a foothold, replicate in the environment, and exfiltrate data.

Terms and Conditions


Version 1.0

LIFEOMIC, INC. (“LifeOmic” or “we”) provide subscriptions to our Precision Medicine Platform™, which includes the modules, functionality and features described on your Service Order, and including all new versions, updates, revisions, improvements and modifications of this platform (all together, the “Software”) as well as the Services described below, subject to the terms and conditions of this agreement (this “Agreement”).

  1. Acceptance. By executing a Service Order with LifeOmic, you also accept the terms of this Agreement.  You should read this Agreement carefully for the terms and conditions that govern your use of the Software and your receipt of the Services.  The individual executing the Service Order on your behalf represents and warrants to us that he or she is fully and duly authorized to agree to be bound by this Agreement on your behalf.
  2. Our Services.
    1. Services. During the Term, we will use commercially reasonable efforts to provide to you and your Authorized Users the following services (the “Services”): (i) the hosting, management and operation of the Software for remote electronic access and use by you and your Authorized Users; (ii) the Support Services described in Section 5; and (iii) any other services we agree to provide in your Service Order.
    2. Changes. We may make any changes to the Software that we deem necessary or useful to improve the Software or for any other reason.  If you do not agree with the changes we make to the Software, you may exercise your right not to renew our contract as described below in Section a.
    3. Subcontractors. We may, in our discretion, engage subcontractors to perform Services under this Agreement, but we will remain liable for any act or omission by such subcontractors that would be a breach or violation of this Agreement.
    4. Suspension of Services. We may suspend or deny your or any Authorized User’s access to or use of all or any part of the Services or Software, without any liability to you or others, if (i) we’re required to do so by law or court order, (ii) you or any Authorized User have accessed or used our Services or Software beyond the scope of the rights granted to you under this Agreement, (iii) you or any Authorized User are or have been involved in any fraudulent, misleading or unlawful activities relating to or in connection with the Software or any of the Services, (iv) you or any Authorized User have failed to comply with the limitations and restrictions described in Section b, (v) you have failed to cooperate or otherwise comply with the further assurances required of you in Section 8.d, or (vi) you or any Authorized User have otherwise failed to comply with this Agreement and have failed to cure such breach within 10 days after we provide written notice to you.  Our remedies in this Section are in addition to, and not in lieu of, our termination rights in Section 10.
  1. Right to Access and Restrictions.
    1. Authorization. So long as you and your Authorized Users comply with this Agreement, we hereby authorize you to access and use, during the Term, the Services and the Software (including any provided Third-Party Materials) for your internal business purposes (the “Permitted Use”), by and through your Authorized Users, in accordance with the documentation we provide with the Software (the “Documentation”).  This authorization is non-exclusive and non-transferable (except as described in Section 14(f)).
    2. Limitations and Restrictions. You must not, and you must not permit any other person or entity to, access or use the Services or the Software except as we’ve specifically allowed in this Agreement and, in the case of any third-party materials (including open source components) we provide to you (“Third-Party Materials”), as allowed in the applicable third-party license agreement.  You and your Authorized Users must not do any of the following:
      1. copy, modify or create derivative works or improvements of our Software;
      2. make our Software or Services available (e.g., sublicense, distribute or transfer) to any other person or entity, including through any time-sharing, service bureau or software as a service arrangement;
      3. reverse engineer, disassemble, decompile, decode, adapt or otherwise attempt to derive or gain access to the source code of our Software;
      4. input, upload, transmit or otherwise provide to or through the Software or Services any information or materials that are unlawful or injurious, or contain, transmit or activate any Harmful Code;
      5. damage, destroy, disrupt, disable, impair, interfere with or otherwise impede or harm in any manner our Software or Services or our ability to provide services to any third party;
      6. access or use our Software or Services in any way that infringes, misappropriates or otherwise violates any intellectual property right, privacy right or other right of any third party, or that violates any applicable law or regulation; or
      7. access or use our Software or Services for the development or provision of a competing software service or product.
  1. Service Level Commitment. We will use commercially reasonable efforts to keep the Software available and operating in accordance with its Documentation at least 99.9% of the time (measured on a month-by-month basis), except for unavailability due to any Scheduled Downtime or Exceptions.  “Scheduled Downtime” means pre-scheduled downtime for routine maintenance between 10:00 p.m. and 6:00 a.m. Eastern time where we’ve given you at least 48 hours prior notice of such downtime.  “Exceptions” means any downtime or failure of the Software due, in whole or in part, to any (a) access or use of the Software not in accordance with this Agreement or the Documentation, (b) your or your Authorized User’s internet connectivity issues, (c) Force Majeure Event, (d) failure, interruption, outage or other problem with any software, hardware, system, network, or other technology infrastructure that is not ours, or (e) suspension of your access to the Software or Services as described in Section d above.  If we fail to meet the availability commitment described above, we will credit you 10% of your Monthly Fee for the month when the failure occurred.  If you are unhappy with the service availability, you may also exercise your right not to renew our contract as per Section 10.a.
  2. Support Services. Your subscription comes with our standard support (“Support Services”), which includes: (a) e-mail support (or other online support made available to our customers from time to time) to: (i) provide technical and operational assistance for the use of the Software, including assistance with initial configuration of the Software, and (ii) attempt to correct any reproducible failure of the Software to perform in accordance with its Documentation; and (b) case management to help track the status of any failures reported to us.  You must provide all information and assistance that we reasonably request in connection with providing such Support Services.  To be sure, our Support Services do not include: (i) support for software or hardware that is not ours, (ii) on-site training or assistance; or (iii) performance of any professional, consulting or advisory services.
  1. Security and Data.
    1. Security Program. We will develop, implement, maintain and monitor a written data security program that contains commercially reasonable administrative, technical, and physical safeguards to protect against anticipated threats or hazards to the security, confidentiality or integrity of Your Data, including the unauthorized or accidental acquisition, destruction, loss, alteration or use of, and the unauthorized access to, Your Data, in a manner that is consistent with applicable federal and state laws and regulations, including HIPAA.  We will review and, as appropriate, revise our security program at least annually or whenever there is a material change in our business that may reasonably affect the security or integrity of Your Data.
    2. Physical and Environmental Security. We will ensure that our information processing facilities that handle, process, and store Your Data are housed in secure areas and protected by perimeter security, such as barrier access controls that provide a physically secure environment from unauthorized access, damage, and interference.
    3. Security Breaches. We will promptly report to you any unauthorized acquisition, access, use or disclosure of Your Data maintained on servers owned or otherwise licensed by us from a third party (g., AWS) (each, a “Security Breach”).  We will also use diligent efforts to remedy any such Security Breach in a timely manner and deliver to you a root cause assessment and future incident mitigation plan with regard to each Security Breach.
    4. Data Backup and Disaster Recovery. Throughout the Term, we will maintain or cause to be maintained commercially reasonable disaster avoidance procedures designed to safeguard Your Data, our processing capability and the availability of the Software.  Without limiting the foregoing, we will conduct or have conducted daily backups of Your Data and perform or cause to be performed other periodic backups of Your Data and store such backups in a commercially reasonable location and manner.
    5. Reputable Hosting Provider. We may provide our hosting services using Amazon Web Services (“AWS”) or such other hosting provider that implements and maintains commercially reasonable security programs, policies, procedures, controls and technologies.
  1. Confidentiality.
    1. Treatment of Confidential Information. If you and we already have a nondisclosure agreement in place that will continue to apply during the Term of this Agreement, then you and we will indicate this in your Service Order.  Otherwise, the following confidentiality provisions will apply: During the Term and for a period of five years thereafter, each receiving party (each, a “Recipient”) will hold in strict confidence any proprietary or confidential information (collectively, “Confidential Information”) of the other party (the “Discloser”) and will not disclose Discloser’s Confidential Information to any third party nor use the Discloser’s Confidential Information for any purpose except for carrying out its obligations or exercising its rights under this Agreement.  To be clear, our Software, all information related to our Software, and the terms and existence of this Agreement are all our Confidential Information, and Your Data is your Confidential Information.  These restrictions will not restrict the use or disclosure of information disclosed by one party to the other that (i) is or becomes publicly known other than as a result of any act by the Recipient, (ii) is lawfully received by the Recipient from a third party not in a confidential relationship with the Discloser, (iii) was already rightfully known by the Recipient prior to receipt thereof from the Discloser, or (iv) after notice and an opportunity to object, is required by law to be disclosed.  Notwithstanding the foregoing, each party’s confidentiality obligations will survive with respect to the other party’s Confidential Information that is a trade secret for so long as such Confidential Information continues to be a trade secret under applicable law.
    2. Protected Health Information. With respect to handling any Protected Health Information, we will comply with the applicable provisions of HIPAA to the same extent as you are required to comply with HIPAA.  We will not use or further disclose any Protected Health Information other than as permitted by this Agreement and the requirements of HIPAA pertaining to you.  To the extent we are a “business associate” of yours under HIPAA, we will execute a business associate agreement with you, in a form that you and we agree upon, and we will comply with such agreement.
  1. Fees and Payment.
    1. Fees. You will pay to us the Monthly Fees and other fees and charges described in your Service Order (the “Fees”) in accordance with your Service Order and this Section.  All Fees once paid are non-refundable.
    2. Taxes. Our Fees do not include taxes and similar assessments.  We will pass along to you the cost of all sales and excise (and other similar) taxes, duties and charges of any kind imposed by a governmental authority on amounts payable under this Agreement, other than taxes imposed on our income.  If any such amounts are owed to a governmental authority, we will calculate the amount of the obligation and include this on your bill or invoice, and we will remit those amounts to the applicable authority.
    3. Payment. You will make all payments in US dollars.  You will, upon our request, establish and maintain valid and updated credit card information or a valid ACH auto debit account (in each case, the “Automatic Payment Method”).  Upon establishment of an Automatic Payment Method, we may charge the Fees using that Automatic Payment Method.  If instead we invoice you for the applicable Fees, invoiced amounts are due net 30 days from the invoice date.  You are responsible for providing complete and accurate billing and contact information and notifying us of any changes to that information.
    4. Further Assurances. If at any time, through your usage of the Software and our Services or otherwise, you incur an aggregate balance owed to us of $5,000 or more, we reserve the right, in our reasonable discretion, to take any reasonable action to ensure and confirm your ability to pay, including, but not limited to, processing a D&B report, processing a credit report, requiring written validation that the individual who has executed this Agreement on your behalf was duly authorized, processing a nominal charge to your Automatic Payment Method for validation purposes, or requiring you to immediately deposit an amount equal to a commercially reasonable percentage of the balance owed.  You will provide all reasonable cooperation and assistance we request in connection with our actions under this Section.
  1. Intellectual Property Rights.
    1. Software and Services. We (or the respective rights holders in any Third-Party Materials) own all right, title and interest in and to the Services and our Software, including all related intellectual property rights.  We are not granting you any right, license or authorization with respect to any of the Services, our Software, or any Third-Party Materials except as we’ve specifically provided in Section 3.a above (and subject to the limitations and restrictions in Section 3.b above).  We and the respective rights holders in any Third-Party materials reserve all other rights in and to the Services, our Software, and any Third-Party Materials.
    2. Your Data. As between you and us, you are and will remain the sole and exclusive owner of all right, title and interest in and to all of Your Data, including all intellectual property rights relating to Your Data, subject to the rights you grant to us in Section 9.c.
    3. Right to Use Your Data. During the Term, you hereby grant all such rights and permissions in or relating to Your Data: (i) to us and our subcontractors as are necessary to perform the Services and provide our Software to you; (ii) to us as are necessary to enforce this Agreement and exercise our rights and perform our obligations under this Agreement; (iii) to us as are necessary or useful for our internal research purposes, to improve the quality of our services, software, and analytics, and to improve our algorithms.
    4. AI Model Improvements. To the extent we make any improvements to our algorithms (“Improvements”) based upon our Software’s processing of Your Data and the resulting “machine learning” or “training” of our algorithms, you agree that we own all right, title and interest in and to the Improvements, including all related intellectual property rights.  You specifically acknowledge and agree that any Improvements based upon processing of Your Data may be used for the benefit of our other customers.
  1. Term and Termination.
    1. Term. The initial term of this Agreement is as indicated in your Service Order (the “Initial Term”).  After the Initial Term, this Agreement will automatically renew for successive one-month periods (each a “Renewal Term” and, together with the Initial Term, the “Term”) unless one of us gives the other written notice of non-renewal at least seven days before the end of the then-current term.
    2. Termination. In addition to any other termination rights described in this Agreement, this Agreement may be terminated at any time:
      1. By us, effective when we provide written notice to you, if you fail to pay any Fees when due and if you do not cure this failure within 10 days after our written notice regarding your late payment;
      2. By either party, effective when that party provides written notice to the other, if the other party materially breaches this Agreement and such breach (A) is incapable of cure, or (B) being capable of cure, remains uncured 30 days after the non-breaching party provides the breaching party with written notice regarding such breach; and
      3. By either party, effective immediately, if the other: (A) is dissolved or liquidated or takes any corporate action for such purpose; (B) becomes insolvent or is generally unable to pay its debts as they become due; (C) becomes the subject of any voluntary or involuntary bankruptcy proceeding under any domestic or foreign bankruptcy or insolvency law; (D) makes or seeks to make a general assignment for the benefit of its creditors; or (E) applies for, or consents to, the appointment of a trustee, receiver or custodian for a substantial part of its property.
    3. Effect of Termination. If this Agreement is terminated or expires, then, except as specifically described below in Section d: (i) all rights, licenses and authorizations granted by one party to the other will immediately terminate, (ii) we may disable your and your Authorized Users’ access to the Software, and (iii) we each will cease all use of the other party’s Confidential Information and promptly destroy or (at such other party’s request) return all of the other party’s Confidential Information, except that each party may retain Confidential Information in its backups, archives and disaster recovery systems until such Confidential Information is deleted in the ordinary course (so long as it remains subject to all confidentiality, security and other applicable requirements of this Agreement)
    4. Post-Termination Retrieval of Your Data. During the 30 days after termination or expiration of this Agreement, we will not destroy or remove any of Your Data as a result of the termination or expiration.  During that period, we will allow you continued access to the Software and our Services for the sole purpose of retrieving any of Your Data, unless (i) doing so is prohibited by law or is reasonably likely to subject us to liability, or (ii) we would otherwise have the right to suspend your access as described above in Section d.  For any use of our Software or Services during such period, the terms of this Agreement will continue to apply.
    5. Surviving Terms. Sections 3.b (Limitations and Restrictions), 7 (Confidentiality), 9 (Intellectual Property Rights), 10.c (Effect of Termination), 10.d (Post-Termination Retrieval of Your Data), 11.b (Your Assurances), 12 (Indemnification), 13 (Limitations of Liability), 14 (Miscellaneous), 15 (Definitions) and this Section will survive any expiration or termination of this Agreement.
  2. Assurances.
    1. Mutual. Each party represents and warrants to the other that: (i) it has the full right, power and authority to enter into and perform its obligations and grant the rights, licenses and authorizations it grants and is required to grant under this Agreement; and (ii) it will comply with all applicable federal and state laws, statutes, rules and regulations in the performance of its obligations hereunder.
    2. By You. You represent, warrant and covenant that: (i) your collection and use of all of Your Data (including as contemplated in this Agreement) is consistent with your own privacy policy, with any applicable IRB-approved patient or research subject informed consent document, and with all applicable federal and state laws, rules and regulations, including but not limited to HIPAA, the Common Rule and GINA; (ii) to the extent any patient or research subject has withheld consent for the use of any of their data, information or materials for the purposes described in Section c, you have notified us in writing and have complied with our reasonable requirements for you to segregate the applicable patient or research subject data, information or materials at the time it is delivered to us; and (iii) to the extent any patient or research subject has withdrawn consent for the use of any of their data, information or materials for any purpose contemplated under this Agreement, you will immediately notify us in writing and reasonably cooperate with us in our efforts to return or destroy such patient’s or research subject’s data, information or materials to the extent required by applicable law.  You will indemnify, defend and hold us and our subcontractors and personnel harmless from any third party claim arising from allegations that you or your Authorized Users have breached any provision in this Section.
    3. By Us Regarding Our Services. We warrant that we will perform all Services in a timely, professional and workmanlike manner, using adequate resources and appropriately qualified personnel, and consistent with the highest standards of quality in our industry.
    4. By Us Regarding Our Software. We warrant that: (i) the Software will at all times during the Term substantially conform in all material respects to the specifications set forth in your Service Order and its Documentation, (ii) we have used and will continue to use all reasonable efforts consistent with industry best practices to ensure that the Software does not contain (and will not introduce) any Harmful Code into any of your devices, software, systems or telecommunications equipment, (iii) we have all necessary rights to possess, use, and authorize you and your Authorized Users to use in accordance with this Agreement our Software, (iv) our Software as provided to you under this Agreement complies with all applicable federal, state and local laws, rules and regulations.
    5. Warranty Limitations. The warranties in Section d above do not apply to any non-conformance resulting from: (i) your use of the Software in a manner inconsistent with this Agreement or its Documentation, (ii) the operation of or access to your or a third party’s system or network, or (iii) any Third-Party Materials.  Additionally, if we breach the warranty in Section 11.d(i) above, we will, within a commercially reasonable period of time, at our sole option, and at our sole cost and expense, either (x) modify, fix or correct the Software to remedy such non-conformity, or (y) replace the non-conforming portion of the Software, in each case without causing a material loss of features or functionality of the Software.  If we do not cure the breach as provided in the preceding sentence within a commercially reasonable period of time after our receipt of written notice from you regarding the breach, then you may, effective upon your written notice, terminate this Agreement.  THE REMEDIES DESCRIBED IN THIS SECTION 11.e ARE YOUR SOLE REMEDIES AND OUR ENTIRE OBLIGATION AND LIABILITY TO YOU OR ANY OTHER PERSON OR ENTITY FOR ANY BREACH OF THE WARRANTY PROVIDED IN SECTION 11.d(i).
  3. Indemnification.
    1. By Us. We will indemnify, defend and hold you and your officers, directors, employees, agents, successors and permitted assigns (each, including you, an “Indemnitee”) from and against any and all Losses incurred by the Indemnitee arising out of or relating to any Claim by a third party (other than an affiliate of an Indemnitee) to the extent that such Losses arise from any allegation that your use of the Services or Software (excluding Your Data and Third-Party Materials) in accordance with this Agreement and the Documentation infringes any intellectual property right of such third party.  This obligation does not apply to the extent that such Claim arises from your or your Authorized Users’ failure to timely implement any upgrades or enhancements we make available or from any Claims for which you are obligated to indemnify pursuant to Section 11.b above.  Additionally, this obligation does not apply unless the Indemnitee (a) promptly gives us written notice of the Claim, (b) gives us sole control of the defense and settlement of the Claim (provided that we may not settle any Claim that imposes liability on or contains any admission of fault by the Indemnitee without the Indemnitee’s consent), (c) provides us (at our sole cost and expense) with all available information and reasonable assistance necessary for us to defend or settle the Claim; and (d) has not compromised or settled the Claim without our prior written approval.
    2. Mitigation. If the Services or Software are, or in our opinion are likely to be, claimed to infringe any intellectual property right, we may, at our option and our sole cost and expense: (i) obtain the right for you to continue to use the Services and Software as contemplated by this Agreement, (ii) modify or replace the Services and Software to make the Services and Software (as so modified or replaced) non-infringing, without causing a material loss of features or functionality, or (iii) if the remedies in clauses (i) and (ii) are not feasible within commercially reasonable standards, then we may terminate this Agreement upon written notice and without any liability to you.
  4. Limitations of Liability.
    3. Exceptions to Limitations. The exclusions and limitations in this Section 13 will not apply to a party’s confidentiality obligations, a party’s indemnification obligations, liability for a party’s infringement or misappropriation of the other’s intellectual property rights, liability for a party’s fraud, gross negligence or willful or intentional misconduct, or our commitments under the policy cross-referenced in Section 6.c.
  5. Miscellaneous. (a)  Entire Agreement. This Agreement and the Service Order constitute the entire agreement, and supersede all prior negotiations, understandings or agreements (oral or written), between the parties regarding the subject matter of this Agreement (and all past dealing or industry custom).  (b)  Counterparts.  Any Service Order may be executed in one or more counterparts, each of which will be an original, but taken together will constitute one and the same instrument.  Execution of a facsimile copy (including PDF) or execution through electronic means will have the same force and effect as execution of an original.  (c)  Amendment, Severability and Waiver.  No change, consent or waiver under this Agreement will be effective unless in writing and signed by the party against which enforcement is sought. Any delay or failure of either party to enforce its rights, powers or privileges under this Agreement, at any time or for any period, will not be construed as a waiver of such rights, powers and privileges, and the exercise of one right or remedy will not be deemed a waiver of any other right or remedy.  If any provision of this Agreement is determined to be illegal or unenforceable, that provision will be limited or eliminated to the minimum extent necessary so that this Agreement will otherwise remain in full force and effect and enforceable.  (d)  Governing Law and Venue.  This Agreement will be deemed to have been made in, and will be governed by and construed in accordance with the laws of, the State of Indiana, without regard to its conflicts of law provisions.  The sole jurisdiction and venue for actions related to this Agreement will be the state or federal courts located in Indianapolis, Indiana, and both parties consent to the exclusive jurisdiction of such courts with respect to any such action.  (e)  Notices.  All notices under this Agreement will be in writing and may be delivered by electronic mail in portable document format (.pdf), certified or registered mail, overnight courier, or personal delivery, in each case to the address or e-mail address specified in the Service Order.  (f)  Assignment.  Neither party may assign, delegate or otherwise transfer its rights or obligations under this Agreement without the prior written consent of the other party; provided that either party may assign this Agreement in its entirety without the other party’s consent to its affiliates or to an entity that acquires all or substantially all of the business or assets of such party to which this Agreement pertains, whether by merger, reorganization, acquisition, sale or otherwise.  This Agreement will be binding upon, and inure to the benefit of, the successors and permitted assigns of the parties.  (g)  No Third Party Beneficiaries.  This Agreement is for the sole benefit of the parties hereto and their respective successors and permitted assigns and nothing herein, express or implied, is intended to or will confer on any other person or entity any legal or equitable right, benefit or remedy of any nature whatsoever under or by reason of this Agreement.  (h)  Relationship of the Parties.  The relationship between the parties is that of independent contractors. Nothing contained in this Agreement will be construed as creating any agency, partnership, joint venture or other form of joint enterprise, employment or fiduciary relationship between the parties, and neither party will have authority to contract for or bind the other party in any manner whatsoever.  (i)  Publicity Rights.  We may, without your consent, include your name, trademarks and/or logos on our website and/or in other sales and marketing materials in order to factually identify you as a current or former customer (as the case may be).  (j)  Force Majeure.  Neither party will be liable for any delays or non-performance of its obligations (excluding the obligation to pay fees due hereunder) arising out of causes not within such party’s reasonable control, including, without limitation, actions or decrees of governmental authorities, criminal acts of third parties, earthquakes, flood, and other natural disasters, war, terrorism, acts of God, or fire (a “Force Majeure Event”), except to the extent that the delay or non-performance was not reasonably safeguarded against (in accordance with industry standards) or the party had notice.  (k)  Equitable Remedies.  Each party acknowledges and agrees that a breach or threatened breach by such party of any of its obligations under Section b (Limitations and Restrictions), Section 7 (Confidentiality) or Section 9 (Intellectual Property Rights) of this Agreement would cause the other party irreparable harm for which monetary damages would not be an adequate remedy and that, in the event of such breach or threatened breach, the other party will be entitled to equitable relief, including in a restraining order, an injunction, specific performance and any other relief that may be available from any court of competent jurisdiction, without any requirement to post a bond or other security, or to prove actual damages or that monetary damages are not an adequate remedy. Such remedies are not exclusive and are in addition to all other remedies that may be available at law, in equity or otherwise.
  6. Other Definitions. Capitalized terms that are used in this Agreement have the meanings described below, or as otherwise defined in your Service Order.

Authorized User” means each of your employees that has been granted valid access credentials for the Software.

Claim” means any claim, suit, action or proceeding.

Common Rule” means the Federal Policy for the Protection of Human Subjects, 45 C.F.R. Part 46 (as modified from time to time).

Your Data” means information, data and other materials that are collected, uploaded or otherwise received, directly or indirectly, from you or an Authorized User by or through the Software or Services.

GINA” means the Genetic Information Nondiscrimination Act of 2008, Public Law 110-233, and all regulations promulgated thereunder, 29 C.F.R. Part 1635 (collectively, and as modified from time to time).

Harmful Code” means any software, hardware or other technology, device or means, including any virus, worm, malware or other malicious computer code, the purpose or effect of which is to permit unauthorized access to, or to destroy, disrupt, disable, distort, or otherwise harm or impede in any manner any (a) computer, software, firmware, hardware, system or network or (b) any application or function of any of the foregoing or the security, integrity, confidentiality or use of any data processed thereby.

HIPAA” means the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, as amended by the Health Information Technology for Economic and Clinical Health Act, 42 U.S.C. § 17931, and all regulations promulgated thereunder, 45 C.F.R. Parts 160 through 164 (collectively, and as modified from time to time).

Loss” means any and all losses, damages, liabilities, deficiencies, claims, actions, judgments, settlements, interest, awards, penalties, fines, costs or expenses of whatever kind, including reasonable attorneys’ fees and the costs of enforcing any right to indemnification hereunder and the cost of pursuing any insurance providers.

Monthly Fee” has the meaning given to such term in the Service Order.

Protected Health Information” has the meaning given to it under HIPAA.

Service Order” means the Service Order executed by you and us, which is incorporated into this Agreement for all purposes.


Data-centric model; Zero-trust architecture

Granular segregation and policy enforcements with no “keys to the kingdom” and therefore no single points of compromise.

Strong yet flexible user access

Our platform supports OpenID Connect, SAML and multi-factor authentication, combined with fine-grain attribute-based authorization.

“Air-Gapped” environments meet short-lived processes

No direct administrative or broad network connectivity, such as VPN or SSH access, into production. Processes are short-lived and killed after use. This ensures minimal persistent attack surface and makes it virtually impenetrable.

Watch everything, even the watchers

All environments are monitored, all events are logged, all alerts are analyzed, all assets are tracked. No privileged access without prior approval or full auditing. We even have multiple systems to “watch the watchers’.

Immutable builds

Infrastructure as code. Security scan of every build. Full traceability from code commit to production. “Hands-free” deployment ensures each build is free from human error or malicious contamination.

Usable security

All employees receive security awareness training not annually, but monthly. Combined with simplicity and usability, we ensure our security policies, processes, and procedures are followed without any need to get around them. No “Shadow IT”.

Need-based temporary access

Access to critical systems and resources are closed by default, granted on demand, and protected by strong multi-factor authentication.

Centralized and automated operations

API-driven cloud-native security fabric that centrally monitors security events, automates compliance audits, and orchestrates near real-time risk management and remediation.

End-to-end data protection

Data is safe both at rest and in transit, using strong encryption and key management.

Regulatory compliant and hacker verified

The Precision Health Cloud is fully compliant with HIPAA / HITECH and HITRUST CSF Certified. Verified by white-hat hackers.

The PHC is HITRUST CSF Certified
The PHC is HIPAA Compliant

Read our security FAQ

Read More

Learn about our HIPAA compliance

Read More

Report a security issue



Privacy Policy

LifeOmic, Inc. (“LifeOmic,” “we” or “us”) is committed to protecting your privacy. This Privacy Policy informs you how LifeOmic collects, uses, secures and shares your information. It applies to information we receive both offline and through the websites we control and operate, including and others we may choose to activate for Healthcare Organization, Physician, and Patient Portals in the future (all collectively, our “Websites”).  By accessing our Websites, by transmitting information to us electronically or in hard copy, or by otherwise using our genetic testing services (“Services”), you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Websites or use our Services. This Privacy Policy is in addition to and does not replace our  Notice of Privacy Practices, which explains what we do with your personally-identifiable health information.


LifeOmic may revise this Privacy Policy from time to time. All updates to this Privacy Policy will be posted on this web page. If we make significant changes, LifeOmic will notify you by posting a notice on the Websites. Please check the Websites for the most current version of our Privacy Policy. Your continued use of the Websites after we have posted a notice on the website constitutes your acceptance of such changes.


LifeOmic tracks visits to our Websites and uses visitor logs to compile anonymous aggregate statistics. This aggregate information is collected sitewide, and includes anonymous website statistics. In addition, when you browse our Websites, our system automatically collects information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, domain names, referring and exit pages and URLs, platform type, pages viewed and the order of these page views, the amount of time spent on particular pages, the date and time of your request and one or more cookies that may uniquely identify your browser. This information is used to analyze trends, administer the Websites, improve the design of our Websites, and otherwise enhance the services we provide.


Certain pages of the Websites and/or html email correspondence may use session cookies, persistent cookies or web beacons to anonymously track unique visitors, save website preferences and to allow us to recognize visits from the same computer and browser. Some cookies are essential for the operation of our Site (“Essential Cookies”). These cookies enable services you have specifically asked for.  These cookies remain on your device only until you close your browser after visiting our websites. Some cookies are used to collect anonymous information on the pages visited (“Performance Cookies”). For example, we might use Performance Cookies to keep track of which pages are most popular, which method of linking between pages is most effective, and to determine why some pages are receiving error messages.  These cookies remain on your device only until you close your browser after visiting our website. Some cookies remember choices you make to improve your experience (Functionality Cookies”).  These Functionality Cookies remain on your device for an extended period of time.  When you revisit our Websites we recognize Functionality Cookies and remember your preferences or can automatically log you on to the website.  Personal information on our system may be associated with Functionality Cookies but the cookies themselves do not contain any of your personal information.  Finally we may use “Behaviorally Targeting Advertising Cookies” which collect information about your browsing habits to make advertising relevant to you and your interests. You have the option to reject the Websites’ cookies and still use the Websites. However, your access to the Website may be limited.  Further general information about cookies and how they work is available at

We may from time to time allow selected third parties to place cookies through the Websites to provide us with better insights into the use of the Websites or user demographics or to provide relevant advertising to you.  These third parties may collect information about a consumer’s online activities over time and across different websites when he or she uses our Websites. We may also permit third party service providers to place cookies through our Websites to perform analytic or marketing functions where you are notified of them and you have consented to the usage.   We do not control the use of such third-party cookies or the resulting information and we are not responsible for any actions or policies of such third parties.

We do not use technology that recognizes a “do-not-track” signal from your web browser.


LifeOmic may collect, store and use personally identifiable information that you provide or we receive from others, such as:

  • Registration information when you create an account with us (such as name, email address, postal address, telephone number and email preferences). In the registration form, you may have an opportunity to elect to receive certain communications from us.
  • Information you submit when contacting us (such as your name, contact information and any other information you choose to submit).
  • Information from third parties (such as information submitted by a physician or job references or background checks if you apply for a job).
  • Order information when you place an order with us (such as your name or contact information).
  • Payment information if you make a payment through our Websites (such as payment card, billing and shipping information in addition to your contact information).
  • Job application information if you choose to apply for a position with LifeOmic through our Jobs Page (such as your resume, contact information, employment and education history, and other related information; we may also receive information from references your identify and other third parties (for instance background checks)).

We may use third party services for processing payments or job applications through the Websites. Information you provide may be linked to other information that we have about you including data we automatically collect when you visit our Websites and information we have received from third parties.


We may use your personal information for our general commercial purposes such as to improve our Websites and to offer you information which LifeOmic believes may be of interest to you. This may include the following purposes, for example:

  • to contact you,
  • to improve this site and expand our business,
  • to provide you with information that you have requested,
  • If you are a healthcare provider or patient ordering our Services, to contact you about research opportunities, clinical trials, or clinical treatments for you or your patients when appropriate,
  • to provide information about our Websites and related clinical and research information,
  • to respond to your inquiries,
  • to provide you with technical support,
  • to enforce our Terms and Conditions and other policies governing use of the Websites,
  • to alert you to new features or enhancements to our services,
  • to communicate with you about your transactions or potential transactions with us,
  • to administer your account including processing of payments,
  • to ensure that our Websites and our Services function in an effective manner for you,
  • to keep our Websites safe and secure, and
  • to measure or understand the effectiveness of advertising and outreach.

We may combine your information with other information about you that is available to us, including information from other sources. LifeOmic will keep resumes confidential and will use them only for employment purposes. Use for any other purpose will be with your explicit consent.


LifeOmic will not sell or rent your personally identifiable information to any other company or organization for direct marketing purposes. We may reveal information about you to unaffiliated third parties:

  • if you request or authorize it;
  • if the information is provided to help complete a transaction for you;
  • if the information is provided to comply with the law, applicable regulations, governmental and quasi-governmental requests, court orders or subpoenas, to enforce our Terms of Use or other agreements, or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g., to a consumer reporting agency for fraud protection etc.);
  • if the disclosure is done as part of a purchase, transfer or sale of services or assets (e.g., in the event that substantially all of our assets are acquired by another party, customer information may be one of the transferred assets);
  • if the information is provided to our agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing assistance, providing customer service, processing orders, etc.); or
  • as otherwise described in this Privacy Policy.

We require our agents, vendors and service providers to limit their use of information but do not otherwise guarantee that any entity receiving such information in connection with one of these transactions will abide by this Privacy Policy. Agents, vendors and service providers who may have access to protected health information are contractually obligated to protect the privacy and security of such information. We may disclose aggregate statistical information to third parties for any purpose.


“De-identified” means that we have removed, or rendered unreadable through complex computational algorithms, your personally-identifiable information, such as your name, address, or birthdate. We may use de-identified information that we have obtained from our Services for various purposes, including for example:

  • In accordance with regulatory requirements, we may de-identify, store and use patients’ samples and information for internal quality control, validation, and research and development. This is important for LifeOmic to maintain high quality genetic testing and to develop new genetic tests. We may use de-identified information as permitted by law.
  • In accordance with regulatory requirements, we may also share de-identified patients’ samples and information with other laboratories for quality assurance and validation purposes. Such sharing is essential to having high quality genetic testing within the community of testing laboratories.
  • We may contribute de-identified genetic variants that we have observed in the course of providing our Services to publicly available databases such as ClinVar. We do this to increase understanding and raise awareness of the significance of genetic variants within the medical and scientific communities.
  • We may use or disclose de-identified patient information for general research purposes. This may include research collaborations with third parties, such as universities, hospitals or other laboratories, in which we utilize de-identified clinical cases, at the individual level or in the aggregate, in accordance with our study protocols, and we may present or publish such information. This may also include commercial collaborations with private companies for purposes such as to determine the prevalence of particular disorders or variants among the patients we have tested, or to determine whether any of the patients we have tested might be suitable for potential recruitment for research, clinical trials, or clinical care; however, we will not directly contact these patients about these opportunities without their prior written consent.


We use reasonable technical, administrative and physical measures to protect information contained in our system against misuse, loss or alteration. Information that you provide to LifeOmic through these Websites is encrypted using industry standard Secure Sockets Layer (SSL) technology, with the exception of information you send via email. Your information is processed and stored on controlled servers with restricted access. Unfortunately, no method of electronic transmission is 100% secure, so we cannot ensure or warrant the security of any information you transmit to our Websites, and you do so at your own risk. Please keep your user name, password, ID numbers, or other special access credentials secure; if we receive instructions using your log-in information we will consider that you have authorized the instructions.


When LifeOmic has Healthcare Organization, Physician and/or Patient Portals activated at a future time, you can update, amend or delete your account information and preferences at any time by visiting the My Account page after logging in.

LifeOmic email correspondence will include instructions on how to update certain personal information and how to unsubscribe from our emails and postal mail correspondence. Please follow the instructions in the emails to notify LifeOmic of changes to your name, email address and preference information. LifeOmic will take reasonable steps, such as confirmation emails, to verify your identity before granting access to your personal information.

If you choose to unsubscribe from our email and/or postal mail services, you will no longer receive this type of promotional correspondence. We will still be able to communicate with you about your account and your transactions with us. LifeOmic may retain your information for a period of time to resolve disputes, troubleshoot problems or for other valid business or legal reasons.

You can choose to delete or block cookies by setting your browser to either reject all cookies or to allow cookies only from selected sites. If you block cookies performance of the Site may be impaired and certain features may not function at all.


You agree that you have provided notice to, and obtained consent from, any third party individuals whose personal information you supply to us, including with regard to: (a) the purposes for which such third party’s personal information has been collected; (b) the intended recipients or categories of recipients of the third party’s personal information; (c) which of the third party’s information is obligatory and which information, if any, is voluntary; and (d) how the third party can access and, if necessary, rectify the information held about them.


Our Websites are controlled and operated by LifeOmic. By choosing to visit our Websites or otherwise provide information to LifeOmic, you agree that any dispute over privacy or the terms contained in this Privacy Policy will be governed by the laws of the State of Indiana. If you are accessing our Websites from any location with regulations or laws governing personal data collection, use or disclosure that differ from United States laws or regulations, please note that through your continued use of our Websites, which is governed by the laws of the State of Indiana and the United States of America and this Privacy Policy, you are transferring personal information to the United States of America and you consent to that transfer and to the collection and processing of such information in the United States. You also consent to the adjudication of any disputes arising in connection with our Websites in the federal and state courts of Marion County in the State of Indiana. You also agree to attempt to mediate any such disputes.


The LifeOmic Websites are directed toward adults. If you are under the age of 13, you must obtain the authorization of a responsible adult (parent, legal custodian, or teacher) before using or accessing our Websites. We will not knowingly collect or use any personal information from any children under the age of 13. If we become aware that we have collected any personal information from children under 13, we will promptly remove such information from our databases.


The LifeOmic Websites may contain links to external websites. LifeOmic does not maintain these sites and is not responsible for the privacy practices of sites that it does not operate. Please refer to the specific privacy policies posted on these sites.


Some LifeOmic services provide the ability for users to connect and share certain types of data with other users of that service. This is generally accomplished by providing users the ability to find and “Follow” other users. Users who “Follow” another user are able to view the activity and history of activities of the user whom they are following.  All users of such services who accept the Terms of Service are automatically opted in to a “Public” mode where they can be discovered and followed by any other user. In all cases, however, these services provide the ability to change an Account Setting to move into a “Private” mode in which the user cannot be discovered or followed and under which all of the user’s activity is hidden from all other users of the service. These services also notify users every time they are “Followed” and provide the ability to “Block” specific other users from following them or viewing their activity within the service.


In addition to the other terms of this Privacy Policy, the following terms concern how medical information concerning our patients is used or disclosed through our Physician’s Portal.

  • Users – The Physician’s Portal is only for the use of physicians and their authorized representatives as stated in the Terms and Conditions of Use for the Physician Portal.
  • Protected Health Information – The Physician’s Portal is used for the storage and transmission of Protected Health Information between LifeOmic and physicians and their authorized representatives. Protected Health Information is used in accordance with the Health Information Portability and Accountability Act (HIPAA) and applicable federal and state laws governing patient privacy. Protected Health Information available on the Physician’s Portal may only be used or disclosed for treatment and other authorized purposes as stated in the  Notice of Privacy Practices.
  • Security Measures – Information accessed through this Physician’s Portal, including Protected Health Information, is secured using administrative, physical and technical safeguards. For example, the transfer of information is encrypted using industry standard Secure Sockets Layer (SSL) technology and information is stored on controlled servers with restricted access. All access is password protected and each individual user has his/her own user name and password. All access is tracked at LifeOmic for security purposes.


These  Websites are  owned and operated by LifeOmic, Inc. You can contact us using the  Contact Us page or by mail at 351 West 10th Street, Indianapolis, IN 46202.

Notice of Privacy Practice

Notice of Privacy Practices

Revision 2017-2


LifeOmic, Inc. has the following legal duties and privacy practices for your medical information. This Notice describes the privacy practices of LifeOmic, its employees and other personnel (“LifeOmic,” “we” or “us”).

I. Our responsibility

LifeOmic and the members of its workforce are committed to protecting the privacy and confidentiality of your personal information, genetic information, and laboratory test results, together called Protected Health Information (PHI).

LifeOmic is also required by law, by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to keep your PHI confidential. This Notice describes our legal duties and privacy practices, and explains your patient privacy rights. When we use or disclose your PHI we are required to abide by the terms of this Notice.

II. What is protected health information (PHI)

Protected Health Information (PHI) is your demographic information, medical history, laboratory results, insurance information and other health information that is collected, generated, used, and communicated by LifeOmic to produce genetic testing results and to bill for our testing services. Examples of PHI include your name, date of birth, medical record number, social security number, insurance beneficiary number, and genetic information.

III. How we use and disclose your health information

Your PHI may be used and disclosed for treatment, payment, healthcare operations and other purposes permitted or required by law. LifeOmic may use and disclose your PHI for the following purposes:


We may use or disclose your PHI for treatment purposes. For example, we may use your PHI to perform our testing services and disclose your genetic testing results to your physician and other healthcare providers involved in your care.


We may use or disclose your PHI to obtain payment for healthcare services we provide. For example, we may use and disclose your information to send a bill to your insurance company or health plan to receive payment for the services provided to you.


We may use and disclose your PHI for our healthcare operations. For example, we may use your PHI to monitor the quality of our testing services and review the competence and qualifications of our laboratory professionals.


We may disclose your PHI to persons involved in your care or payment for your care, such as a parent or a family member, relative, or close friend that you have designated as a personal representative to have access to your information.


We may disclose PHI about you to your authorized personal representative, such as a lawyer, administrator, executor or other authorized person responsible for you or your estate.


We may disclose PHI about minors to their parents or legal guardians.


While LifeOmic does not anticipate having access to your psychotherapy notes, LifeOmic may use or disclose your psychotherapy notes as required by law; for treatment, payment, or health care operations; to defend itself in a legal action or other proceeding brought by you; or to avert a serious threat to health or safety. Any other use and disclosure of your psychotherapy notes requires your written authorization.


We may use and disclose your PHI to contact you about other LifeOmic products and services which we believe may be of interest to you. Otherwise, any use or disclosure of PHI for marketing purposes requires your written authorization.


LifeOmic will never sell your PHI to third parties unless you provide written authorization.


We may disclose your PHI to other companies or individuals (i.e. “Business Associates”) who provide services to us. For example, we may use a company to perform billing services on our behalf. Our Business Associates are required to protect the privacy and security of your PHI and notify us of any improper disclosure of information.


We must disclose your PHI when required to do so by any applicable federal, state or local law.


We may disclose your PHI for public health-related activities. Examples include: reporting diseases to authorized public health authorities; public health investigations; or notifying a manufacturer of a product regulated by the U.S. Food and Drug Administration of a possible problem encountered when using the product in our testing process.


We may disclose your PHI to a healthcare oversight agency for activities that are authorized by law, such as audits, investigations, inspections and licensure activities. For example, we may disclose your PHI to agencies responsible for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.


Under certain circumstances, we may use or disclose your PHI for research purposes. All research projects at LifeOmic are subject to review by a committee responsible for ensuring the protection of individual research subjects, appropriate patient authorization, and an adequate plan to safeguard Protect Health Information. In preparation for research, we may review limited PHI to draft research protocols, to identify prospective research participants, or for similar purposes provided the information remains secured and accessible only to LifeOmic authorized parties.


We may disclose PHI to coroners, medical examiners, or funeral directors to identify a deceased patient, to determine cause of death, or other duty authorized by law.


Under certain circumstances, we may disclose your PHI in the course of a judicial or administrative proceeding in response to a court order, subpoena or other lawful process.


We may disclose your PHI to the police or other law enforcement officials as required by law or in compliance with a court order, warrant, subpoena, summons, or other legal process for locating a suspect, fugitive, witness, missing person, or victim of a crime.


We may disclose PHI to prevent or reduce the risk of a serious and imminent threat to the health or safety of an individual or the general public.


If required or authorized by law, we may disclose PHI to a government agency, such as social services or a protective services agency, if we reasonably believe that an individual adult or child is the victim of abuse, neglect, or domestic violence.


Under certain circumstances, we may disclose your PHI to units of the government with special functions, such as the U.S. Military or the U.S. Department of State.


We may disclose your PHI as necessary to comply with requirements of workers’ compensation or similar programs that provide benefits for work-related injuries or illness.


We will ask for your written authorization before using or disclosing your PHI for any purpose not described above. You may revoke your authorization, in writing, at any time, except for disclosures that the company has already acted upon. A revocation of authorization must be submitted to the Privacy Officer at the address listed in Section VIII below.


LifeOmic will keep a detailed record of all disclosure of you PHI.

IV. Your rights regarding your medical information

You have the following rights with respect to your PHI. To exercise any of these rights, please contact our Privacy Officer using the contact information provided at the end of this Notice.


You, or your authorized or designated personal representative, have the right to inspect and receive a copy of the PHI maintained by us. We may deny access to certain information for specific reasons, for example, where Federal and state laws regulating laboratories prohibit us from disclosing testing results directly to a patient.


You have the right to request restrictions on our use and disclosure of your PHI. While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction except for Payment or Operations restrictions where payment has been made “out-of-pocket” and paid-in-full. If we do agree to a requested restriction, we will notify you in writing.


You have the right to request that we communicate with you about your PHI by alternative means or to an alternative address. Your request must be in writing and must specify the alternative means or location. We will accommodate reasonable requests for confidential communications.


If you believe the PHI we maintain about you contains an error, you may request that we correct or update your information. Your request must be in writing and must explain why the information should be corrected or updated. We may deny your request under certain circumstances and provide a written explanation.


You may request a list, or accounting, of certain disclosures of your PHI made by us or our business associates for purposes other than treatment, payment, healthcare operations and certain other activities. The request must be in writing and the list will include disclosures made within the prior six years.

V. Information breach notification

We are required to notify you following the discovery a breach of unsecured PHI, unless there is a demonstration, based on a risk assessment, that there is a “low probability” that the PHI has been compromised. You will be notified in a timely fashion no later than 60 days after discovery of the breach.

VI. Questions and complaints

If you have questions or concerns about our privacy practices or would like a more detailed explanation about your privacy rights, please contact our Privacy Office using the contact information below.

If you believe that we may have violated your privacy rights, you may submit a complaint to our Privacy Office.

You may also call, write or e-mail your complaint to any of the following:

directly to the laboratory management,
Centers for Medicare & Medicaid Services (CMS) Central Office, Division of Laboratory Services (CLIA),
CMS Regional Office,
the State Agency (SA) or State Department of Health where the laboratory is located,
the laboratory’s accreditation organization, if applicable or known,
the laboratory’s exempt State office or State licensure program, if applicable or known, or
U.S. Department of Health and Human Services.
LifeOmic will not take retaliatory action against you and you will not be penalized in any way if you choose to file a complaint with us or with an agency.
VII. Changes to our notice of privacy practices

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We will promptly post any changes to this Notice on our website at Please review this website periodically to ensure that you are aware of any updates.

VIII. Contact information

When communicating with us regarding this Notice, our privacy practices, or your privacy rights, please contact the Privacy Officer using the following contact information:

LifeOmic, Inc.
Attention: Privacy Officer
351 West 10th Street
Indianapolis, IN 46202

Agency contact information for filing a complaint:

Centers for Medicare & Medicaid Services (CMS) Central Office Division of Laboratory Services (CLIA), in Baltimore, Maryland

410-786-3531 locally or 1-877-267-2323 (toll free) extension 63531

U.S. Department of Health and Human Services Office of Civil Rights


Current Openings

Product Manager – Mobile Apps
Salt Lake City, Indianapolis or Raleigh-Durham

Senior Software Engineer (multiple)
Indianapolis, Salt Lake City or Raleigh-Durham

Senior Data Engineer (multiple)
Indianapolis, Salt Lake City or Raleigh-Durham

Software Engineer – Web UI (multiple)
Indianapolis, Salt Lake City or Raleigh-Durham

Mobile Software Engineer (multiple)
Indianapolis, Salt Lake City or Raleigh-Durham

Don’t see a role that suits your skills? We’d still love to hear from you! Email us at

Apply Today

Our Mission

To help turn precision health into a reality with a world-class team of scientists, clinicians and software developers

Our Vision

To combine cloud software, genomics, artificial intelligence and clinical experience to create a platform capable of ushering in the age of precision health

Our Promise

To work with healthcare systems, pharmaceutical companies and individuals to enable the best health outcomes.

Calling all biomedical informatics rock stars, front-end and back-end cloud developers, health IT experts. We’re constantly building a world-class team to power precision medicine. See what our team has to say about working at LifeOmic on Glassdoor.

"I get to work with amazing people on challenging projects with a mission that I truly believe in."

Our Locations

Indianapolis, IN

Research Triangle Park, NC

Silicon Slopes, UT

Open Positions

Product Manager – Mobile Apps

Want to work on a team of talented and collaborative engineers, designers, machine learning architects, scientists and marketers building platforms and apps that will help people live longer and healthier?

Our mission at LifeOmic is to help turn precision health into a reality. We have very ambitious goals but don’t worry, this isn’t our first rodeo. This is our founder’s fourth successful company and you will be surrounded by a team who have built high-growth software startups before.

Mobile apps are a key part of our strategy since patient reported data is one of the most important components of precision health.

We are releasing our first mobile app in early May, and have started on a second, much more encompassing mobile app.

We are looking for an experienced, data driven, consumer mobile product manager to own our portfolio of mobile apps.

This includes bridging the market with our product development and design teams to ensure we are delivering the most value to our users and thus driving the best engagement. You will own actualizing the vision around our application strategy and driving user engagement measurement and optimization.

We truly feel like we can change the world – do you?

Key Qualifications

  • 3+ years in consumer facing mobile or web app product management.
  • Insatiable curiosity and passion to build society changing applications.
  • Deep experience in driving engagement via data. This includes the creation, activation and analysis of tests. We want our users in our apps multiple times every day and we want to optimize virality coefficient.
  • Experience working in Agile software development environments.


  • Knowledge of healthcare IT
  • Organic mobile user acquisition
  • Experience in B2B environments (B2C is most important)
  • Experience in working in a distributed team (we are spread across three offices)


  • BS/BA – technical degree a plus
  • MBA is a plus


This role can be based in Salt Lake City, Indianapolis or Raleigh-Durham.

To apply, email your resume and cover letter to

Senior Software Engineer

LifeOmic is seeking a talented engineer who will be responsible for defining, developing, and deploying services for our cloud platform focused on our scalable Precision Health Cloud. We operate within the focus of APIs, serverless/batch implementations and continuous delivery.

We are looking for someone with a history of innovation that loves to explore new technology. Because we are a small development team, you will be expected to work independently during these early stages but you will have a team of high performers to lean on when necessary. You’ll have the opportunity to shape the technology choices for the LifeOmic platform.

Key Qualifications

  • Builder who can implement solutions across diverse tech stacks and fit into a team who has embraced continuous delivery.
  • Experience building service-oriented APIs and cloud services.
  • Demonstrable experience with a cloud infrastructure provider (preferably AWS) building services.
  • Fully understands the concepts of “infrastructure as code”.
  • Able to communicate complex concepts clearly and accurately.
  • Able to iterate with new technologies and approaches as their respective open source communities push them forward.
  • Experience maintaining a complex system after it’s deployed to production.



  • Bachelor’s degree in CS
  • 3+ years of demonstrable experience


This role can be based in Indianapolis, Raleigh-Durham or Salt Lake City.

To apply, email your resume and cover letter to

Senior Data Engineer

LifeOmic is seeking a talented data engineer who will be responsible for defining, developing, and deploying services for our cloud platform.

We are looking for someone with a history of innovation that loves to explore new technology. Because we are a small development team, you will be expected to work independently during these early stages but you will have a team of high performers to lean on when necessary. You’ll have the opportunity to shape the technology choices for the LifeOmic platform that is just getting off the ground.

Key Qualifications

  • An empowered builder who can implement big data solutions, such as Apache Spark, Hadoop, and Presto, across a cloud tech stack and fit into a team who has embraced continuous delivery.
  • Demonstrable experience with relational, NoSQL, and columnar databases.
  • Able to communicate complex concepts clearly and accurately.
  • Able to iterate with new technologies and approaches as their respective open source communities push them forward.
  • Experience maintaining a complex system after it’s deployed to production.



  • Bachelor’s degree in CS
  • 3+ years of demonstrable experience


This role can be based in Indianapolis, Raleigh-Durham or Salt Lake City.

To apply, email your resume and cover letter to

Software Engineer – Web UI

Do you love Web UI development? LifeOmic is seeking a talented web engineer who will be responsible for defining, developing and deploying our web applications. We are looking for someone with a history of innovation that loves to explore new technology. Because we are a small development team, you will be expected to work independently during these early stages but you will have a team of high performers to lean on when necessary. You’ll have the opportunity to shape the technology choices for the LifeOmic platform.

At LifeOmic we are dedicated to automation and rapid deployment to our cloud infrastructure. We are looking for people who are comfortable working at many layers of the stack and supporting systems after they have been deployed. Help us deliver software that improves patient care.

Key Qualifications

  • Builder who can implement user interfaces against REST APIs and fit into a team who has embraced continuous delivery.
  • Demonstrable experience with building modern web interfaces and incrementally improving the user experience.
  • Collaborate in REST API design and convey how those impact the overall experience.
  • Able to communicate complex concepts clearly and accurately.
  • Able to iterate with new technologies and approaches as their respective open source communities push them forward.



  • Bachelor’s degree in CS
  • 3+ years of demonstrable experience


This role can be based in Indianapolis, Raleigh-Durham or Salt Lake City.

To apply, email your resume and cover letter to

Mobile Software Engineer

Want to work on a team of smart, experienced software engineers building patient facing mobile applications that are powered by genome sequencing, machine learning, predictive analytics and connected devices to customize health care in ways never before possible?

At LifeOmic we are also on a mission to make building parallel iOS and Android native apps more efficient and less aggravating. We are exploring ways to use new team structures, product management patterns, automation and cutting edge technologies to advance this mission. GraphQL and React Native are part of our technology stack, but quality is also a HIGH priority, so native mobile app development experience is a requirement for this role. We’re an inclusive team, dedicated to creating a diverse environment and proud to be an equal opportunity employer.

Key Qualifications

  • 2+ years experience developing native apps (proficient in Swift, Kotlin or React Native)
  • 2+ years experience creating applications that consume RESTful or GraphQL API’s
  • Experience designing and writing unit and functional tests
  • Experience working in Agile software development environments 


  • Experience with React, React Native, Redux, Functional Reactive Programming
  • Knowledge of healthcare systems or Machine Learning techniques
  • A passion for DevOps, automation and Continuous Improvement


  • Bachelor’s degree in CS or equivalent work experience


This role can be based in Indianapolis, Raleigh-Durham, or Salt Lake City.

To apply, email your resume and cover letter to


Learn more
about LifeOmic Solutions

Learn More


Resources and News

Read More

the team

Join Us


Clinicians and researchers who need an integrated solution to develop and deploy precision medicine treatments

Pharmaceutical researchers who want to accelerate discovery

Software companies who want to achieve compliance and certifications faster and easier

Individuals who want to be more involved in their health outcomes

Develop Personalized Treatments

Ensuring the most effective treatments requires a full view of a patient's genetic, phenotypic and behavioral data. This requires a platform that can easily combine disparate data from a variety of systems. Clinicians and clinical researchers can truly realize the potential of personalized medicine.

More Info

Accelerate Pharmaceutical Research

LifeOmic's Precision Health Cloud (PHC) accelerates the pharmaceutical discovery process by seamlessly integrating data from many sources, including genomic, clinical and trial data so you can uncover new associations in ways not otherwise possible.

More Info

Deliver Secure Cloud Software

IT organizations in healthcare are increasingly stretched thin, trying to deliver solutions that serve customers' and constituents' needs and are cost effective, secure and easy to maintain.

LifeOmic's PHC enables your IT teams to build innovative applications that serve your organization's needs while not needing to have large capital expenditures, hire expensive consultants, install problematic software upgrades, or support security patching.

More Info

Enable Healthier Lifestyles

with Mobile Apps

The LIFE suite of mobile apps empowers individuals to adopt, manage and share healthier lifestyle choices such as intermittent fasting, personalized nutrition, exercise, stress reduction techniques and more. Leveraging the Precision Health Cloud (PHC), the LIFE applications empower patients to take control to live healthier and longer.

As a LIFE Fasting App user, you can track and share your experiences with intermittent fasting. The LIFE Extend App will help you benchmark your biological or health-adjusted age and enable you to make lifestyle choices to improve your health and wellness. As a user, you can optionally share your experiences and data with healthcare providers and researchers to advance precision health.

More Info

Powering Precision Health


Develop and deliver precision medicine treatments to improve patient outcomes.

Learn More


Accelerate drug and treatment discovery.

Learn More

Healthcare IT

Improve time to market to deliver secure, compliant and highly available cloud software.

Learn More


Adopt, manage and share healthy lifestyle choices using mobile apps.

Learn More

Precision Health Cloud

As a researcher or clinician, you need a software platform that removes data silos to enable you to get more out of your datasets and focus on patient-oriented treatments.

Your progress is being held back by legacy electronic health record systems that trap data in proprietary databases and don’t integrate genomic and other valuable types of data.

LifeOmic’s Precision Health Cloud (PHC) is the cloud platform that integrates and indexes disparate sources including genomic, clinical, imaging and population data. All of this data is added to a searchable and flexible repository for each patient. The PHC includes machine learning algorithms that help you surface critical interrelationships between data, for example across genotypic and phenotypic data. With the PHC, you are able to focus on your research and analysis – not software setup, configuration and updates.

Data Driven Applications

The PHC includes a set of applications including the Patient Viewer that delivers a rich, interactive experience to explore individual patients, cohorts, and entire populations. Additionally, REST API’s, including support for standards such as FHIR (Fast Healthcare Interoperability Resourcesand GA4GH (Global Alliance for Genomics and Health), makes working with the apps you use today like R Studio, Jupyter Notebook, Tableau and Spotfire seamless. You can also quickly and easily build custom analysis, mobile apps and web applications.

Usage Based Model

Our usage-based pricing model ensures you are only paying for what you need – whether for an individual project or across your entire organization. You retain all ownership of your data. The PHC is both HIPAA compliant and HITRUST CSF Certified, ensuring that your patient data is always protected.

LIFE Mobile Apps

Leveraging the Precision Health Cloud (PHC), the LIFE applications empower patients to take control of their healthspans. Our apps don’t just enable you to leverage interventions shown to help humans live healthier for longer but also allow these behaviors to be tracked and documented in the PHC platform.

The LIFE Fasting App helps you track and share your experiences with intermittent fasting. The LIFE Extend application will help you benchmark your biological age and enables you to make lifestyle choices to improve your health and wellness.

Learn More


JupiterOne enables SaaS companies to dramatically shorten the time and effort required to achieve compliance and certifications like HIPAA and HITRUST. Additionally, JupiterOne facilitates a true DevSecOps culture and delivers the orchestration in software to ensure you manage your operational environment as it evolves.

Learn More at