Inscyte Corporation's Privacy and Security Program is implemented and administered by its agent Inspirata, under contract to Inscyte Corporation for the day-to-day operations of CytoBase. Inspirata is responsible for ensuring compliance with the Act and its regulation in this regard and for implementing and ensuring compliance with Inscyte's privacy policies and procedures.

The privacy governance and accountability framework is as follows:

Organization Chart of Inscyte

The governance framework stipulates that the President of Inscyte Corporation is ultimately accountable for ensuring that Inscyte and its agents comply with the Act and its regulation and comply with its Privacy Code and its Privacy Policies and Procedures. The President of Inscyte is accountable to the Board of Directors of Inscyte Corporation, which is comprised of representatives from the member laboratories (health information custodians) that provide personal health information to CytoBase.

The Privacy and Security Officers of Inscyte's agent Inspirata have been delegated day-to-day authority to manage the privacy/security program. The CEO of Inspirata is accountable to the President of Inscyte Corporation regarding fulfilling Inspirata's obligations with respect to implementing and administering Inscyte's privacy/security program.