HealthCom.io - Privacy Policy
Effective Date: May 22, 2019
Introduction
This Privacy Policy describes the privacy practices of ChiroUp, Inc. and its affiliates (referred to collectively as the “Company,” “us,” “we” and “our”) related to the use, storage, and disclosure of personal information we collect from or about you when you interact with us in the course of our providing our Service. Our “Service” consists collectively of our HealthCom platform, including any content, functionality and Service offered on or through our website HealthCom.com (the "Website"), our Apps available on iTunes or Google Play (the “Apps”), and all content, functionality and Service offered on or through any of them. Except where noted, statements in this Privacy Policy with respect to the Website also apply to the Apps.
We reserve the right to modify this Privacy Policy at any time and without prior notice. We will post any changes to our Website and note the effective of the updated Policy.
If you are using the Service on behalf of a company, organization, government, or other legal entity, or through an association or affiliation with one of these entities, your use certifies to us that an authorized person from your organization has accepted this Privacy Policy on your behalf, that you are authorized to use the Service, and that your use is within the scope of that relationship.
As a condition to your access to and use of the Service, you must agree to our Terms of Use which includes this Privacy Policy. If you do not want us to collect and use information about you as described in this Privacy Policy, then you must not use the Service. Please be aware that the privacy laws and standards in certain countries may differ from those that apply in the country in which you reside. Unless otherwise specified herein, the Company is the controller of the personal information that we collect about you as described in this Privacy Policy. We will share your personal information with third parties only in the ways that are described in this Privacy Policy.
Privacy Laws
Some of the information we collect and use is subject to specific state and federal privacy laws. For example, many of our customers in the United States healthcare industry are subject to regulations issued under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Among other things, HIPAA outlines the ways health care providers, health plans, certain data processors, and companies they hire to perform certain functions on their behalf (such as ChiroUp) may use and share personally identifiable information about a patient. When we receive information that is subject to privacy laws, such as HIPAA, we may be legally or contractually obligated to follow those laws. If there is a conflict between this Privacy Policy and privacy laws to which we are bound, the privacy laws shall govern.
Information We Collect
We collect both personally identifiable and non-identifiable information as part of our Service. Personally, identifiable information means information that identifies you, such as your name, address, birthdate, phone number, e-mail address, social security number, medical or health record number, or other health or medical-related information about you.
Information you Provide
We collect information from you when you create an account with the Service, or provide information as part of our identity verification process. This information may include personally identifiable information, as well as account authentication information like username, password, and security questions.
We collect the information that you upload or enter when you use the Service. For example, you may enter information, which may include personally identifiable information, about you or others as part of:
• an individual care plan;
• a referral request; or
• a consultation with an outside health care provider.
Information We Collect When You Access our Service
We collect information about the Service you use and how you use them. This information includes:
Log Files and Device Information: Log files include information such as your IP address (a number that identifies your computer or other device connected to the internet), internet browser type, pages visited, and search terms. We may also collect information about the device you use to connect to our Service, including your device type and operating system.
Cookies. We use Cookies (small text files placed on your device) to provide our Service and help collect data. We use Cookies for four main purposes: (1) confirmation of your identity during sign-in to access your account; (2) security and Service integrity, (3) store your preferences and settings; and (4) analyzing how our Service are performing.
Information We Receive from Other Sources
We receive and store information, which may include information about you, including personally identifiable information, from your chiropractic provider and his or her staff and other third parties.
Your Provider: We may receive information about you from your chiropractic provider or other personnel in his or her office. For example, your provider may use our Service to help coordinate your care or treatment plan. We may receive information about you when your provider enters or uploads patient information into the Service. We execute a HIPAA-compliant Business Associate Agreement with each provider to safeguard your protected health information as required by law.
Third Parties: We may receive information about you from third parties. For example, we may receive information about you from:
• government agencies, such as the Centers for Medicare and Medicaid Services, that is used to improve health care decisions; or
• an identity provider/authenticator when you enable single sign-on to access your account (such as using your Google account to sign in to our Service).
How We Use Information We Collect
We may use the information we receive to:
• provide, operate, maintain, improve, extend, and test the Service;
• provide and create documentation, training, and professional services related to the Service; • fulfill our legal and contractual obligations;
• create and deliver analyses of data; and
• develop de-identified data analyses for our own, or providers’ quality improvement purposes. Examples of ways we use the information for the reasons described above include:
• to display your account information;
• to ensure that Service users only see the information they are authorized to see; • monitoring our systems to ensure that they are working as intended and to detect and fix errors; • accessing log information to investigate problems or unauthorized use; and
• analyzing data and usage patterns to make the Service easier to use.
We may use the information we collect to contact you. For example, we may send you:
• notifications and reminders when you are mentioned or assigned an action in the Service; • appointment reminders;
• news and information about the Service or your account;
• information about exercise plan updates, exercise reminders, automated feedback on compliance; educational topics;
• requests for online reviews;
• requests for information and feedback on clinical outcome and satisfaction surveys; and • news and information about your provider’s practice, including services and marketing materials.
We may also use the information we collect to:
• protect our rights or property, or the security or integrity of our Service;
• enforce the terms of the Terms of Service;
• verify your identity;
• protect us, users of our Service, or the public from harm or potentially prohibited or illegal activities;
• investigate, detect, and prevent fraud, security breaches; or
• interact with law enforcement authorities and comply with any applicable law, regulation, legal process, or governmental request.
In addition, we may use personal information about you for other purposes that are disclosed to you at the time we collect the information and/or with your consent.
We may share your information with our subsidiaries, affiliates and entities acquired by or merged with us and our affiliates. In the event of a corporate change in control resulting from, for example, a sale to, or a merger with, another entity, or in the event of a sale of assets or a bankruptcy, we reserve the right to transfer your personal information to the new party in control or the party acquiring assets. In the event of such a change, your personal information will continue to be treated in accordance with this Privacy Policy unless any changes to the Privacy Policy are made in accordance with the section above that discusses our right to modify this Privacy Policy.
Provider Access
Your chiropractic provider’s office has the ability to track and review various metrics – limited to that practice’s patients – including:
• who downloaded the App;
• message open rates;
• exercise video views;
• patient-reported exercise compliance; and
• clinical outcome and satisfaction survey results.
Your Choices
Your Account Information
If you have an account, you may access, change, or correct your personal account information at any time by logging into your account. You may also make the request to us using the contact details below, in which case we may need to verify your identity before granting access or otherwise changing or correcting your information.
Interest-Based Ads
You can opt-out of interest-based advertising on our Website by rejecting cookies as described above and through preferences manager or, if you are located in the European Economic Area (EEA), you may also opt-out at http://www.youronlinechoices.eu/. Please note that even if you reject cookies and opt-out of interest-based advertising, you will continue to receive generic advertisements through the Service. Note that our Website does not respond to web browser “do not track” signals. You can learn more about managing your preferences for ads online, particularly for many third-party advertising networks, through resources made available by the Digital Advertising Alliance at https://www.aboutads.info or the Network Advertising Initiative at https://optout.networkadvertising.org. Note that if you delete cookies, use a different device, or change web browsers, you may need to opt-out again.
Mobile Opt-out
You may control interest-based advertising on your mobile device by enabling the “Limit Ad Tracking” setting in your iOS device’s settings or “Opt out of Ads Personalization” in your Android device’s settings. This will not prevent you from seeing advertisements but will limit the use of device advertising identifiers to personalize ads based on your interests. You also may disable the transmission of precise location information through your device settings.
Email Communications
You may manage your newsletter subscriptions within the newsletter subscriptions area within your account settings. Note that certain email communications that we send to members are service-related and as long as you are a user of the Service, you may not unsubscribe from such emails. Also, if you have provided us more than one email address, we may continue to contact you using the other email address not associated with the emails from which you have unsubscribed, until you unsubscribe from emails sent to that other address.
Push Notifications
We may send you push notifications from time to time to notify you of upcoming events or promotions we think may be relevant to you. If you no longer wish to receive these types of notifications, you may turn them off at the device level.
Deactivating Your Account
If you wish to deactivate your account, you may make the request to us using the contact details below. We generally retain information about you only as long as reasonably necessary to provide you with the Service. However, even after you deactivate your account, we may retain archived copies of information about you for a period of time that is consistent with applicable law, or as we believe is reasonably necessary to comply with applicable law, regulation, legal process, or governmental request, to prevent fraud, to collect fees owed, to resolve disputes, to address problems with our Service, to assist with investigations, to enforce our Terms of Service, for analytics purposes, or to take any other actions consistent with applicable law.
Your Personal Information
If you believe that we have information about you that should be changed or corrected, you may make the request to us using the contact details below, in which case we may need to verify your identity before granting access or otherwise changing or correcting your information. However, due to legal, contractual, and technical restrictions, we may not be able to make the change or correction. For example,
• If we received the information about you from one of our customers, and that information is subject to HIPAA, then we are both legally and contractually required to refer your request to the customer.
• In the event of legal action or dispute, we may be prohibited from altering any information. • We maintain regular backups and archives of our data, and changing archived data may be impracticable.
Cookies
Most web and mobile device browsers are set to accept cookies automatically by default. However, you can change your browser settings to prevent the automatic acceptance of cookies, or to notify you each time a cookie is set.
You also can learn more about cookies by visiting http://www.allaboutcookies.org, which includes additional information on cookies and how to block cookies on different types of browsers and mobile devices. Blocking or deleting cookies used in the Service, however, may prevent you from being able to use, or take full advantage of the Service.
Do Not Track
Do Not Track ("DNT") is an optional browser setting that allows you to express your preferences regarding tracking across websites. We currently do not respond to DNT signals. We may continue to collect information in the manner described in this Privacy Policy from web browsers that have enabled DNT signals or similar mechanisms.
Security
We work hard to maintain the security, reliability, accuracy, and completeness of our Service and the information we hold. In particular, we:
• Implement administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. • Encrypt the transmission of personal information (including personal health information) you provide through the Service or use SSL connections (Secure Socket Layer) technology.
• Review our information collection, storage, and processing practices, including physical security measures, to guard against unauthorized access to systems.
• Restrict access to personal information to employees, contractors and agents who need to know that information to process it for us, and who are subject to contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
• Require our third-party service providers to store and transmit personal information in compliance with this Policy, require them to agree to appropriate confidentiality and security measures, and undergo industry-recognized independent third-party data security audits.
• Provide our employees job-specific training on how to protect and respect your personal information, including protecting your health information as required by HIPAA.
Since much of the information we collect is provided by our Users, we cannot guarantee the authenticity or accuracy of any data that these Users provide.
Despite our efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet may be intercepted.
We will retain your personal information as long as your account is active or as needed to provide you Service. At any time you can remove your personal information or instruct us to remove it, but you should be aware that it is not technologically possible to remove each and every record of the information you have provided to us from our servers. We will also retain your personal information as necessary to comply with legal obligations, resolve disputes and enforce our agreements.
Links to Other Websites
While using the Service, you may be directed through links to third-party websites or Services. For example, you may be linked to:
• A site maintained by your chiropractic provider
• A third-party authentication site;
We are not responsible for the terms of service or privacy policies of those websites or Services. You are responsible for reading and understanding the third-party terms of service and policies before using their Service.
Children
We protect and limit the collection of information from children under the age of 18 in accordance with applicable laws. Our Service, including our Website, are not targeted or directed at children under 18. Any information we receive about children under 18 must come from someone authorized pursuant to legally effective consent to treat minor documentation or other legal authority, such as parents, guardians, legal representatives, health care clinicians or providers, hospitals, and insurance companies.
California Residents
Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and have provided your personal information to us, you may request information about our disclosures of certain categories of personal information to third parties for direct marketing purposes in the preceding calendar year. You can submit such request by sending an email to support@chiroup.com or by writing to our Data Protection Officer at the address provided under Contact at the end of this Privacy Policy.
Location of Data
We and our technical infrastructure are located in the United States. The personal information that you provide to us is stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that in order to provide the Service to you, we must transfer your personal information to the United States where it will be stored and processed in accordance with this Privacy Policy.
We may transfer your information outside the United States to service providers with operations in other countries. By using the Service, you consent to such collection, storage and processing in the United States and elsewhere, though the United States and other jurisdictions may not afford the same level of data protection as considered adequate in your own country. We will take reasonable steps to protect your personal information. Note that your personal information may be available to the United States government or its agencies under legal process made in the United States.
Additional Information for Visitors from the European Economic Area (“EEA”)
When you use the Service, we collect, store, use and otherwise process your personal information as described in this Privacy Policy. We rely on a number of legal bases to process your information, including where: (i) necessary for our legitimate interests in providing and improving the Service including offering you content and advertising that may be of interest to you; (ii) necessary for our legitimate
interest in keeping the Service, Sites and Apps secure; (iii) necessary for the legitimate interests of our service providers and partners; (iv) necessary to perform our contractual obligations in our Terms of Use; (v) you have consented to the processing, which you can revoke at any time (however a revocation does not affect the lawfulness of processing of your personal data that occurred prior to the date of revocation); (vi) you have expressly made the information public, e.g., in a Company message board or other public forums; (vii) necessary to comply with a legal obligation such as a law, regulation, search warrant, subpoena or court order or to exercise or defend legal claims; and (viii) necessary to protect your vital interests or those of others.
If you are a user of our Service in the EEA, you can: (i) access personal information we have about you (we will try to provide information within 30 days of your request); (ii) have your personal information corrected or deleted (in most cases you can correct personal information you have submitted to us by going back to the specific Service, logging-in and making the desired change); (iii) in certain circumstances, you can object to our processing of your personal information, and we will discontinue such processing unless we have compelling legitimate grounds to continue; (iv) withdraw consent previously provided (however a withdrawal does not affect the legality of our processing your personal data that occurred prior to the date of withdrawal); or (v) if you believe that we have not complied with applicable data protection laws, you may lodge a complaint with your local supervisory authority. If you wish to inquire as to whether we maintain any of your personal information and if so, whether you wish to exercise any of those rights that are available to you with respect to such personal information, you may contact us. Any request you make must be in writing and include your name and address and any other information that may identify you. Where we do not carry out your request, we will tell you without delay and in any event within one month of receipt of the request, and we will explain our reasons for not taking the action requested.
Please send your written requests to our Data Protection Officer at support@chiroup.com or contact us at the following address:
ChiroUp, Inc.
4460 North Illinois Street, Suite 8
Swansea, IL 62226
Attention: Data Protection Officer
Where we process your personal information for direct marketing purposes, you can opt-out through the unsubscribe link in the email communications we send to you, by changing your subscription preferences in your account settings or as otherwise specified in this Privacy Policy.
We will retain your personal information for as long as necessary to provide the Service to you and fulfill the purposes described in this Privacy Policy. This is also the case for third parties within whom we share your information to perform Service on our behalf. When we no longer need to use your personal information, and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or anonymize it. If you have registered with us and you no longer want us to use your registration information to provide the Service to you, you may close your account.
Some of the countries where we provide Service may not have the equivalent level of data protection laws as those in your location. If we need to transfer personal data outside the EEA, we will take steps to make sure your personal information is protected and safeguarded once it leaves the EEA. In particular, we require third parties to whom we transfer your data to agree to abide by the Model Clauses approved by the European Commission and permitted under Article 46 of the European Union General Data Protection Regulation ("GDPR"). If you would like to obtain the details of such safeguards, you can request them from the Data Protection Officer at support@chiroup.com. In some limited circumstances, we may also transfer your information outside the EEA if the GDPR (under Article 49) allows this. This includes where it is necessary for the performance of a contract between us and you and where the transfer is necessary in connection with legal proceedings.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us as indicated below.
Contact Us
If you have any questions regarding this Privacy Policy, please contact our Data Protection Officer at support@chiroup.com or contact us at the following address:
ChiroUp, Inc.
4460 North Illinois Street, Suite 8
Swansea, IL 62226
Attention: Data Protection Officer