October 6, 2020
I. PERSONAL INFORMATION
What Personal Information do we collect?
When browsing, engaging, or accessing the Platform; contacting us; creating an account; or purchasing and registering as a Member for Services as described in the Terms and Conditions (the “Terms”), you may be asked to enter various types of Personal Information, which may include, but is not limited to:
· Family Caregiver Profile: name, email address, postal address, telephone number, account username and password, business contact information, and any other similar information you may provide to us.
· Family Caregiver Identification and Demographics: date of birth, gender, interests, lifestyle information, social media credentials, contacts or referrals you provide.
· Patient Medical History and Information: relevant health information including medical diagnosis, health needs, current and previous use of certain medications, health insurance information, family history, and any other similar information you may provide us.
· Patient Identification and Demographics: date of birth, gender, address, telephone number, email address, and any other similar information you may provide us.
· Transactional: credit/debit card details, purchase history, billing address, and registration information.
· User Content: photos, videos, audio, reviews, payment information and other information you may submit to us or one of our trusted third party services or Service Providers, including Stripe, Backpack Health[SL1] [L2] , Mindcheck, Antidote, Facebook, Instagram, Google, and other online forums or social media platforms (“Third Party Platform(s)”).
· Research and Feedback: comments that you send us through our Platform, by email, over the phone, by mail, or in surveys.
· Device Information and Identifiers: IP addresses, cookie IDs, browser type and language, operating system, platform type, and device type.
· Connection and Usage: domain names; browsing activity; scrolling and keystroke activity; advertisements viewed; forms or fields you complete or partially complete; search terms; whether you open an email; content you view and duration; quality of the service and interaction with the content, logs, and other similar information. If these events occur while you are offline, they may be logged and uploaded to us when you next connect.
· Geolocation: city, state, and ZIP code associated with your IP address or derived through Wi-Fi triangulation. We will ask for your permission before using your precise location from GPS-based functionality on your mobile devices.
· Social Media Information: if you interact with us through a Third Party Platform, social media website, or log in to our Platform using social media credentials, depending on your social media settings, we may have access to your information from that social network such as your name, email address, friend list, photo, age, gender, location, birthday, social networking ID, current city, your comments, and the people and websites you follow.
When do we collect Personal Information?
We collect information from you when register as a Member on the Platform, contact us, fill out an online enrollment form, or otherwise enter any information on the Platform.
How do you get my consent?
When you provide us with any Personal Information while registering on the Platform, when you complete a transaction, verify or change your payment details, or anything of the like, you are automatically consenting to our collecting, storing, and using that information for your benefit, to improve our online offerings and your experience.
If we ask for your Personal Information for any other reasons, we will either ask you directly for your express consent or provide you with an opportunity to decline by contacting the Privacy Officer directly.
How do I withdraw my consent?
If you change your mind, you may withdraw your consent for the continued collection, use, or disclosure of your Personal Information at any time by contacting the Privacy Officer directly. We reserve the right to retain any information previously collected for the purposes of resolving any disputes, as well as for obtaining and/or analyzing our aggregated data analytics.
How do we use your Personal Information?
We may use such Personal Information in any of the following ways:
To personalize your experience and to allow us to deliver the type of content in which you are most interested in seeing on our Platform.
To improve our Platform in order to better serve you and provide a more seamless experience across all devices.
To allow us to better service you in responding to your service requests or other queries.
To administer a contest, promotion, survey or other feature.
To quickly process your transactions.
To send periodic e-mails regarding other products, subscriptions, or promotions as they become available.
Display content you generate, such as video, audio and comments.
To comply with laws, regulations, and ethical business conduct.
How do we protect Personal Information?
We implement a variety of security measures when you register or create an account; make a purchase; or otherwise enter, submit, or input your Personal Information on the Platform. Your Personal Information is accessible only to a limited number of persons who have the authority to access it.
How can you opt out, remove or modify the Personal Information provided?
You can request to have your Personal Information removed by contacting us or the Privacy Officer directly. Please note that we may maintain information about individual sales transactions or purchases in order to complete said transactions and for record keeping purposes.
Do we use 'cookies'?
Help remember and process your orders.
Understand and save your preferences for future visits.
Compile aggregate data about traffic and interactions in order to offer better experiences and services in the future. We may also use trusted Service Providers that track this information on our behalf.
You can choose to have your computer or device warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through your browser or device settings. If you disable cookies, some features on the Platform may be disabled. Disabling cookies may also affect your experience, by decreasing the Platform’s efficiency or causing some of our services to not function properly.
Third Party and other Disclosures of Your Personal Information
We may also release your Personal Information under certain circumstances when we believe release is appropriate to comply with the law, enforce our policies, and/or protect ours or others member’s rights, property, or safety. We may also be required to disclose your Personal Information if required by law or in response to a valid request by a public authority (e.g., a court or governmental agency).
Retention of Your Personal Information
Third Party Links
Occasionally, at our discretion, we may include or offer third party advertisements, products, or services on our Platform. These third parties have separate and independent privacy policies. Therefore, we have no responsibility or liability for the content and activities of these third parties. Nonetheless, we seek to protect the integrity of our Platform and welcome any feedback about these other third-party links.
II. PROTECTED HEALTH INFORMATION (PHI)
Compliance with HIPPA and Related Health Regulations
HIPPA Privacy Rule- 45 CFR §164.500-534
I Ally is committed to complying with HIPPA regulations and will take the necessary steps to properly protect any PHI provided to us. As mentioned above, I Ally collects relevant health information including medical diagnosis, health needs, current and previous use of certain medications, health insurance information, family history, and any other similar information you may provide us.
Under HIPPA Privacy Rule 45 CFR § 164.502(e)(1)(i), “a covered entity may disclose PHI to a business associate and may allow a business associate to create, receive, maintain or transmit PHI on its behalf, if the covered entity obtains satisfactory assurances that the business associate will appropriately safeguard the information.” A satisfactory assurance must be documented through a written contract, written agreement, or other arrangement with the business associate, often referred to as a business associate agreement.
I Ally will enter into a business associate agreement with covered entity or business associate with which we transmit or receive PHI. A “business associate” is a person or entity that performs certain functions or activities that involve the use or disclosure of PHI on behalf of, or provides services to, a covered entity. A member of the covered entity’s workforce is not a business associate. The types of functions or activities that may make a person or entity a business associate include health care operations and business management or general administration activities.
Uses and Disclosure of your PHI:
· Uses and Disclosures for Treatment: We will make uses and disclosures of your PHI as necessary for your treatment with a Service Provider. Service Providers and health professionals involved in your care will use information in your patient record and documents that you provide about your symptoms and reactions to your course of treatment that may include procedures, medications, tests, medical history, etc.
· Uses and Disclosures for Payment: We will make uses and disclosures of your PHI as necessary for payment purposes. We may also use your information to prepare a bill to send to you or to the person responsible for your payment.
· Uses and Disclosures for Health Care Operations: We will make uses and disclosures of your PHI as necessary, and as permitted by law, for our health care operations, which may include clinical improvement, professional peer review, business management, accreditation and licensing, etc.
· Individuals Involved In Your Care: We may disclose your PHI to designated family, friends and others who are involved in your care or in payment of your care in order to facilitate that person's involvement in caring for you or paying for your care.
· Emergencies: If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited PHI with such individuals without your approval. We may also disclose limited PHI to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you.
· Appointments and Services: We may contact you to provide appointment updates or information about your treatment or other health-related benefits and services that may be of interest to you. You have the right to request and we will accommodate reasonable requests by you to receive communications regarding your PHI from us by alternative means or at alternative locations. For instance, if you wish appointment reminders to not be left on voice mail or sent to a particular address, we will accommodate reasonable requests. With such request, you must provide an appropriate alternative address or method of contact. You also have the right to request that we not send you any future marketing materials and we will use our best efforts to honor such request. You must make such requests in writing, including your name and address, and send such writing to the Privacy Officer at the address below.
· Any purpose required by law: We are permitted and/or required by law to make certain other uses and disclosures of your PHI without your consent or authorization for the following: public health activities such as required reporting of immunizations, disease, injury, birth and death, or in connection with public health investigations; if we suspect child abuse or neglect; if we believe you to be a victim of abuse, neglect or domestic violence; to the Food and Drug Administration to report adverse events, product defects, or to participate in product recalls; to your employer when we have provided health care to you at the request of your employer; to a government oversight agency conducting audits, investigations, civil or criminal proceedings; court or administrative ordered subpoena or discovery request; to law enforcement officials as required by law if we believe you have been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law; to coroners and/or funeral directors consistent with law; if necessary to arrange an organ or tissue donation from you or a transplant for you; if you are a member of the military, we may also release your PHI for national security or intelligence activities; and to workers' compensation agencies for workers' compensation benefit determination.
Disclosure of PHI requiring authorization:
Psychotherapy Notes: We must obtain your specific written authorization prior to disclosing any psychotherapy notes unless otherwise permitted by law. However, there are certain purposes for which we may disclose psychotherapy notes, without obtaining your written authorization, including the following:
· To carry out certain treatment, payment or healthcare operations;
· To the Secretary of the Department of Health and Human Services to determine our compliance with the law,
· As required by law;
· For health oversight activities authorized by law,
· To medical examiners or coroners as permitted by state law; or
· For the purposes of preventing or lessening a serious or imminent threat to the health or safety of a person or the public.
Genetic Information: We must obtain your specific written authorization prior to using or disclosing your genetic information for treatment, payment, or health care operations purposes. We may use or disclose your genetic information, or the genetic information of your child, without your written authorization only where it would be permitted by law.
Marketing: We must obtain your authorization for any use or disclosure of your PHI for marketing, except if the communication is in the form of: a) face-to-face communication with you; or b) a promotional gift of nominal value.
Sale of Protected Information: We must obtain your authorization prior to receiving direct or indirect remuneration in exchange for your health information; however, such authorization is not required where the purpose of the exchange is for:
· Public health activities: Research purposes, provided that we receive only a reasonable, cost-based fee to cover the cost to prepare and transmit the information for research purposes; treatment and payment purposes; health care operations involving the sale, transfer, merger or consolidation of all or part of our business and for related due diligence; payment we provide to a business associate for activities involving the exchange of PHI that the business associate undertakes on our behalf (or the subcontractor undertakes on behalf of a business associate) and the only remuneration provided is for the performance of such activities; or providing you with a copy of your health information or an accounting of disclosures.
· Disclosures required by law: Disclosures of your PHI for any other purpose permitted by and in accordance with the HIPAA, as long as the only remuneration we receive is a reasonable, cost-based fee to cover the cost to prepare and transmit your PHI for such purpose or is a fee otherwise expressly permitted by other law; or any other exceptions allowed by the Department of Health and Human Services.
Rights you have regarding PHI:
Access to Your PHI: You have the right to copy and/or inspect much of the PHI that we retain on your behalf. For PHI that we maintain in any electronic designated record set, you may request a copy of such PHI in a reasonable electronic format, if readily producible. Requests for access must be made in writing and signed by you or your legal representative. You may obtain a "Patient Access to Health Information Form" by calling the Privacy Officer at (803)422-7692[SL3] . You will be charged a reasonable copying fee and actual postage and supply costs for your PHI. If you request additional copies you will be charged a fee for copying and postage.
Amendments to Your PHI: You have the right to request in writing that PHI that we maintain about you be amended or corrected. We are not obligated to make requested amendments, but we will give each request careful consideration. All amendment requests, must be in writing, signed by you or legal representative, and must state the reasons for the amendment/correction request. If an amendment or correction request is made, we may notify others who work with us if we believe that such notification is necessary. You may obtain an "Amendment Request Form" by calling the Privacy Officer at (803) 422-7692.Accounting for Disclosures of Your PHI: You have the right to receive an accounting of certain disclosures made by us of your PHI after April 14, 2003. Requests must be made in writing and signed by you or your legal representative. "Accounting Request Forms" are available from the front office person or individual responsible for medical records. The first accounting in any 12-month period is free; you will be charged a fee for each subsequent accounting you request within the same 12-month period. You will be notified of the fee at the time of your request.
Restrictions on Use and Disclosure of Your PHI: You have the right to request restrictions on uses and disclosures of your PHI for treatment, payment, or health care operations. We are not required to agree to most restriction requests, but will attempt to accommodate reasonable requests when appropriate. You do, however, have the right to restrict disclosure of your PHI to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or someone other than the health plan on your behalf, has paid your Service Provider or health care provider in full. If we agree to any discretionary restrictions, we reserve the right to remove such restrictions as we appropriate. We will notify you if we remove a restriction imposed in accordance with this paragraph. You also have the right to withdraw, in writing or orally, any restriction by communicating your desire to do so to the individual responsible for medical records.Right to Notice of Breach: We take very seriously the confidentiality of our patients’ information, and we are required by law to protect the privacy and security of your PHI through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself.
Complaints: If you believe your privacy rights have been violated, you can file a complaint in writing with the Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services at the US Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, Washington, D.C. 20201, calling 1-877-696-6775 or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. There will be no retaliation for filing a complaint.For Further Information: If you have questions, need further assistance regarding or would like to submit a request pursuant to this Notice, you may contact the Mobile Medical Health Privacy Officer by phone at (803) 422-7692 or at the following address: Mobile Medical Health LLC, 25419 Kinsale Place, Aldie, VA 20105.
Acceptance of Terms
Depending on where you live, you may have certain rights with respect to your information. For example, under local laws, including in the European Union, you may be able to ask us to:
Provide access to certain information we hold about you, in some cases in a portable format, if technically feasible.
Update or correct your information.
Delete certain information.
Restrict the use of your information.
We will respond within the time period prescribed by applicable law. Please note that many of the above rights are subject to exceptions and limitations.
Some services can only be provided if we have your Personal Information, therefore deletion of your Personal Information will result in termination of such services. We will take reasonable steps to verify your identity, including authenticating you through the email address. We may require further documentation such as a password and user ID before granting access to your information.
III. STATE SPECIFIC DATA POLICIES
Calif. Bus. & Prof. Code §§ 22580-22582; Calif. Bus. & Prof. Code §§ 22580-22582; and Del. Code § 1204C
I Ally shall not market or advertise to minors specified products or services that minors are legally prohibited from buying. We shall not market or advertise any products based on the Personal Information provided that is specific to any minor, nor shall we knowingly use, disclose, compile, or allow a third party to do so. Under California's Privacy Rights for California Minors in the Digital World Act, any minor may request and obtain removal of Personal Information posted on our Platform.
Special Notice for California Residents
Your California Privacy Rights. California residents are entitled once a year, free of charge, to request and obtain information regarding our disclosure, if any, of certain categories of Personal Information to third parties for their direct marketing purposes in the preceding calendar year. To obtain this information, please send an email to us directly.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (“CCPA”) provides California residents with rights to receive certain disclosures regarding the collection, use, and sharing of Personal Information, as well as the right to know/access, delete, and limit sharing of Personal Information. The CCPA defines “Personal Information” to mean “information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.
“Do Not Sell My Personal Information” (California Residents only)
California residents may opt out of the “sale” of their Personal Information. California law broadly defines “sale” in a way that may include allowing third parties to receive certain information such as cookies, IP address and/or browsing behavior to add to a profile about your device, browser, or you.
Depending on how you use the Platform, we may share the following categories of information for such advertising which may be considered a sale (as defined by California law):
Identification and demographics; device information and identifiers, such as IP address, and unique advertising identifiers and cookies; connection and usage information, such as browsing history; geolocation information, such as city; and inference data.
If you would like to opt out of the use of your Personal Information for such purposes (to the extent this is considered a sale), you may do so as by contacting us directly.
Third Parties’ List – Shine the Light (California Residents only)
California residents can also request a list of all the third parties to which we have disclosed certain personal information (as defined by California’s Shine the Light law) during the preceding year for those third parties’ direct marketing purposes. You will need to attest to the fact that you are a California resident. We will not accept requests by telephone, e-mail, or facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
Special Notice for Nevada Residents
Nevada law requires us to post the following: certain Nevada consumers may opt out of the sale of “Covered Information” for monetary consideration to a person for that person to license or sell such information. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online.
Mobile App and Connected Devices
Depending on the device you use, you may be able to manage your advertising and location preferences through your device settings. Many operating systems provide their own instructions on how to prevent the delivery of tailored in-application advertisements. We do not control how the applicable platform operator allows you to manage personalized in-application advertisements. You should review your device manufacturer’s support materials and/or the device settings for the respective operating systems for more detail on how to manage such preferences. You can stop all collection of information by a mobile app by uninstalling the web app.