Health Care Originals (HCO) Health Notice of Privacy Practices and Privacy Policy
THIS NOTICE DESCRIBES HOW INFORMATION YOU PROVIDE TO HEALTH CARE ORIGINALS, INC. MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Health Care Originals, Inc. (“HCO”) is committed to keeping your health information safe. To help you understand your rights to your health information, please review this policy. HCO is required by law to have this privacy policy and maintain your health information in a manner consistent with this policy and law. This notice is in five parts to describe our privacy practices. We hope through this policy that we answer any questions you have about how HCO maintains your health information.
The sections are as follows:
1) What is Protected Health Information (“PHI”)?
2) What PHI does HCO collect?
3) Who does HCO share my PHI with and why?
4) What are my rights to my PHI?
5) What should I do if I have a question or concern about my collected PHI?
What is Protected Health Information?
Like many health care service providers, HCO receives and maintains certain personal information about all our members. Some of this personal information is protected by federal and state laws. This type of information is known as “protected health information” or “PHI.” PHI is health information that can identify a specific person.
What PHI does HCO collect?
When you voluntarily give your PHI to HCO through our online website and/or through your use of our HCO programs we maintain such PHI in our secure systems. Examples of PHI you may provide to HCO include:
- When you choose to register for the HCO programs, you provide your personal information such as your name, address, medical history, and/or insurance information.
- We may collect information when you contact us with questions or concerns and when you voluntarily respond to questionnaires, surveys or requests for market research seeking your opinion and feedback. Providing communication information is optional to you.
- When you use the HCO programs, we will receive health information from you such as your height, weight, cough rate, wheeze, heart rate, skin temperature, respiration rate, peak flow data, spirometry data, medication usage and exhalation pressure and any other health information that you choose to share with us.
- We may also collect your prescription, lab and claims data from available information sources to provide a more personal experience in the HCO programs.
Who does HCO share my PHI with and why?
We use or disclose your PHI for treatment, payment, or healthcare operations purposes and other purposes permitted or required by law. By registering for the HCO program, you authorize HCO to use or disclose your PHI for such purposes, listed below.
HOW WE USE PERSONAL INFORMATION
We may use personal information for the following purposes:
- To provide you with the Service, including sleep coaching and cognitive behavior therapy for improving sleeping habits.
- To respond to your inquiries, comments, feedback, or questions.
- To send administrative information to you, for example, information regarding the Service and changes to our terms, conditions, and policies.
- To analyze how you interact with our Service.
- To maintain and improve the Service.
- To develop new products and services.
- To prevent fraud, criminal activity, or misuses of our Service, and to ensure the security of our IT systems, architecture, and networks; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
We need your written authorization to use or disclose your health information for any purpose not covered by one of the categories below.
We will not use or disclose your PHI for marketing purposes or sell your PHI, unless you have agreed to this use or disclosure.
You can inform us at any time that you no longer allow us to use or disclose your PHI for the reasons shown below, but this will not stop any disclosure that we made based on your prior authorization.
The law permits us to use and disclose your health information for the following purposes:
- Treatment: We may use or disclose your PHI to healthcare professionals for treatment purposes. This includes the clinical teams at your employer, health plan, and/or pharmacy benefits managers to the extent such group sponsors your use of the HCO program (i.e., the HCO benefit paid by your employer, health plan, etc.).
- Payment – We may use or disclose your PHI for purposes of billing and payment for the HCO programs. For example, we may disclose your PHI to your pharmacy benefits manager, health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to get payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner, or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.
- Healthcare Operations – We may use or disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our services, internal audits, arranging for legal services, data analysis or developing reference ranges for our services. We also disclose your PHI to your health plan, employer’s clinical team, health care benefits consultant, or benefits manager clinical team, if your use of the HCO services is available and paid for by one of those groups. We provide only the minimal PHI to accomplish the intended purpose of the use and disclosure of the PHI. These entities are required to keep the PHI confidential and secure.
- Business Associates – We may disclose your PHI to other companies or individuals that need the information to provide services to us. These other entities, known as “business associates,” are required to also keep the PHI confidential and secure. For example, we may provide information to companies that assist us with support services or billing of our services.
- De-identifiable and Aggregated Format – We may use and disclose your PHI in a de-identifiable and aggregated manner to review our impact on all our members health and in hopes of making the HCO programs even more effective to help you with your management of your chronic condition.
- Research – We may also use and disclose PHI for research purposes when an Institutional Review Board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of your PHI and determined that the researcher does not need to obtain your authorization prior to using your PHI for research purposes.
- Social Media Information – We have pages on social media sites like Instagram, Facebook, Medium, Twitter, and LinkedIn (“Social Media Pages”). When you interact with our social media pages, we will collect personal information that you elect to provide to us, such as your contact details. In addition, the companies that host our social media Pages may provide us with aggregate information and analytics regarding the use of our social media pages.
- As Required by Law – We may use or disclose your PHI as required by law.
- Law Enforcement Activities, Legal Proceedings and Court Orders – We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we believe an individual to be a victim of abuse, neglect, or domestic violence. We may disclose your PHI if required to do so with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status, and location.
- Family and Friends: At your request, we may disclose PHI to a family member, friend, or anyone else you inform us to provide the information to.
- Other Uses and Disclosures: As permitted by HIPAA, we may disclose your PHI to:
- Public Health Authorities
- The Food and Drug Administration
- Health Oversight Agencies
- Military Command Authorities
- National Security and Intelligence Organizations
- Correctional Institutions
- Organ and Tissue Donation Organizations
- Coroners, Medical Examiners and Funeral Directors
- Workers Compensation Agents
What are my rights to my PHI?
You have rights to your PHI that we collect. You can request HCO restrict the use and disclosure of your PHI by sending a written request to the address below.
You can access your PHI we logged or PHI you provided us online at any time by logging in to your user account or you can request we send your health information by alternative means to an alternative address. Once you review your PHI, if you see any problems with your PHI, you may request amendments to your PHI by making a written request to us at the address below. We may deny the request in some cases. If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and additional information regarding further actions that you may take.
You also have the right to receive a list of certain disclosures of your PHI made by us in the past six years from the date of your written request to us at the address below. Under the law, this does not include disclosures made for purposes of treatment, payment, or healthcare operations or certain other purposes we have stated above. Please be aware that we are required as stated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to notify you in the event of a breach involving your PHI and will do so as required by law.
You have the right to obtain a paper copy of this Privacy Policy by written request to the address below.
Para recibir una copia de este aviso en español, llame a Asistencia para miembros de HCO al (585) 471-8215 o envíe un mensaje por correo electrónico a info@healthcareoriginals.com.
What should I do if I have a question or concern about my collected PHI?
If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against any individual for filing a complaint.
To file a complaint with us, or should you have any questions about this Privacy Policy and Notice of Privacy Practices, send an email to us at info@healthcareoriginals.com , or write to us at the following address:
Health Care Originals, Inc.
260 E Main St, Suite 2200
Rochester, NY 14604
You can also call us at 585.471.8215.
HCO Privacy Policy – Mobile Applications and Wearable Devices Non-Health Information
THIS NOTICE DESCRIBES HOW NON-HEALTH INFORMATION YOU PROVIDE TO HEALTH CARE ORIGINALS, INC., MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Health Care Originals, Inc. (“HCO”) is committed to keeping your general information safe. To help you understand your rights please review this policy. This privacy policy governs your use of the software application ADAMM-RSM (“Application”) for mobile devices that was created by Health Care Originals, In. (HCO). The Application allows data from the HCO wearable that forms part of the ADAMM-RSM system to pass through your phone or authorized Wi-Fi service to the server, where the data is stored.
What information does the Application obtain and how is it used?
User Provided Information
The Application obtains the information you provide when you download and register the Application.
When you register with us and use the Application, you generally provide (a) a name, email address, password and other device registration information; (b) transaction-related information, such as when you make purchases, respond to any offers, or download or use applications from us; (c) information you provide us when you contact us for help; (d) credit card information for purchase and use of the Application, and; (e) information you enter into our system when using the Application, such as contact information and project management information.
We may also use the information you provide to us to contact you from time to time and to provide you with essential information about device functions.
Automatically Collected Information
In addition, the Application may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browsers you use, and information about the way you use the Application.
The application also collects diagnostics information which is governed by this privacy policy. All health formation flowing from the wearable and app, such as cough count, respiration rate, skin temperature, wheezing, activity level, heart rate, medication tracking, peak flow data and journal entries are covered under our Privacy Policy specifically for health information.
Does the Application collect precise real time location information of the device?
This Application does not collect precise information about the location of your mobile device.
Do third parties see and/or have access to information obtained by the Application?
Only aggregated, anonymized data is periodically transmitted to external services to help us improve the Application and our service. We will share your information with third parties only in the ways that are described in this privacy statement.
We may disclose User Provided and Automatically Collected Information:
- as required by law, such as to comply with a subpoena, or similar legal process.
- to comply with the terms of the agreement of Health Care Originals, Inc.
- When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
- with our trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this privacy statement.
- if Health Care Originals, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of this information, as well as any choices you may have regarding this information.
What are my opt-out rights?
You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. You can also request to opt-out via email, at [INFO@HEALTHCAREORIGINALS.COM].
Data Retention Policy, Managing Your Information
We will retain User Provided data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected information for up to 24 months and thereafter may store it in aggregate. If you’d like us to delete User Provided Data that you have provided via the Application, please contact us at info@healthcareoriginals.com and we will respond in a reasonable time. Please note that some or all 44of the User Provided Data may be required for the Application to function properly.
Children
We do not use the Application to knowingly solicit data from children under the age of 13, unless authorized to do so by a parent or guardian. If a parent or guardian becomes aware that his or her child/ward has provided us with information without their consent, he or she should contact us at info@healthcareoriginals.com. We will delete such information from our files within a reasonable time.
Security
We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect the information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information to operate, develop or improve our application. Please be aware that, although we endeavor to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
Changes
This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy here and informing you via email or text message. You are advised to consult this Privacy Policy regularly for any changes, as continued use is deemed approval of all changes.
YOUR RIGHTS AS A DATA SUBJECT
Whenever HCO processes your personal data, you have certain rights that enable you to control how your personal data is being processed. This section provides you with information about each of those rights. If you wish to exercise your rights as a data subject, please contact info@healthcareoriginals.com with your request to do so.
Our mailing address is as follows:
Health Care Originals, Inc.
260 E Main St, Suite 2200
Rochester, NY 14604
You can also call us at 585.471.8215.
- Right to access data
You have the right to know what personal data is processed about you. You may contact us to request access to the personal data we have collected about you, and we will confirm whether we are processing your data and provide you with information about the personal data we have collected and processed.
Please note that by using the ADAMM App, you can easily access the respiratory charts, readiness, and activity data that we process about you. You can also access your data via the web portal based on your RSM instance number.
- Right to erasure
You have the right to request the deletion of your personal data in certain circumstances. We will comply with such requests unless we have a valid legal basis not to do so, or a legal obligation to preserve the data.
- Right to rectification (of inaccurate data)
You have the right to request correction of any incorrect or incomplete personal data we have stored about you.
Please note that you can correct and update some of your basic information directly within our Services.
- Right to data portability
You have the right to request receipt of the personal data you have provided to us in a structured and commonly used format. The right to data portability only applies when we process your personal data for certain reasons, such as by contract or by your consent.
Please note that ADAMM on the Web provides you with the ability to export your own data.
- Right to object to processing
You have the right to object to the processing of your personal data under certain circumstances. If we do not have legitimate grounds to continue processing such personal data, we will no longer process your personal data after we have received and verified your objection. You also have the right to object to the processing of your personal data for direct marketing purposes at any time.
- Right to restrict processing
You have the right to request that we restrict processing some types of personal data under certain circumstances. For example, if you contest the accuracy of your data, you can make a restriction request that we do not process your data until HCO has verified the accuracy of your data.
- Right to withdraw consent
If we have requested your consent to process your personal data, you have the right to withdraw your consent for such processing at any time where this right is provided by local law. It should be noted, however, that withdrawing your consent may lead to issues or restrictions on your ability to fully utilize HCO Services.
Please note that you can always unsubscribe from receiving our newsletter and other marketing emails by using the ‘Unsubscribe’ link provided in the emails you receive from us.
Note: We reserve the right to amend the terms of this Privacy Policy and Notice of Privacy Practices to reflect changes in our privacy practices, and to make the new terms and practices applicable to all PHI that we maintain about you, including PHI created or received prior to the effective date of the Privacy Policy and Notice of Privacy Practices revision. Our Privacy Policy and Notice of Privacy Practices is displayed on our website and a copy is available upon request. Accordingly, please check back periodically.
July 7th 2024