Last updated: November 2, 2018
2. Personal Information. We automatically track certain basic information about our users and their in-App and Website actions. We use this information to do internal research on our members’ usage patterns, interests and general behavior to better understand and serve you and our community. We collect information about you and your use of the Platform, which may include the following (and which may change from time to time):
3. Protected Health Information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper or orally, are kept properly confidential. This Act gives you significant rights to understand and control how your health information is used. HIPAA provides penalties for covered entities that misuse Protected Health Information. Examples of Protected Health Information are:
4. Other Information. We may collect information such as:
5. App and Website analytics partner. We currently contract with online partners to help manage and optimize our business and communications. We use the services of App and Website analytics partners to help us measure the effectiveness of our advertising, and how visitors use the App and Website.
6. Use of Personal Information. We use the information we collect about you:
8. Collection of Personal Information and Other Information. We and our third-party service providers may collect information about you in a variety of ways, including:
9. Use and Disclosure of Protected Health Information. We may use and disclose your Protected Health Information in the following ways:
For purposes of treatment, payment and healthcare operations. For example:
We may disclose your protected health information to another physician or healthcare provider for purposes of a visit or in connection with the provision of follow-up treatment;
We may use and disclose your protected health information to your health insurer or health plan in connection with the processing and payment of claims and other charges;
We may use and disclose your protected health information in connection with its healthcare operations, such as providing customer services and conducting quality review assessments. We may engage third parties to provide various services for us. If any such third party must have access to your protected health information in order to perform its services, we will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice;
• Upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time;
• To the extent required by law;
• Under the following unique circumstances:
To public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. We may, in certain circumstances disclose protected health information to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition;
As authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries;
To a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the healthcare system or government benefit programs;
As permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request;
To a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person;
To coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents;
For the purposes of organ donation and transplantation;
For research purposes;
If necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public;
Of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits;
To federal officials for intelligence and national security purposes.
10. Your Rights Regarding Your Protected Health Information. You have the following rights regarding the Protected Health Information maintained by us:
• Confidential Communication. You have a right to receive confidential communications of your Protected Health Information. You may request that we communicate with you through alternate means or at an alternate location, and we will accommodate your reasonable requests. You must submit your request in writing to us;
• Restrictions. You have a right to request restrictions on certain uses and disclosures of Protected Health Information for treatment, payment or healthcare operations. You also have a right to request that we restrict its disclosures of Protected Health Information to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to us. We are not required to comply with your request. However, if we agree to comply with your request, we will be bound by such agreement, except when otherwise required by law or in the event of an emergency;
• Inspection and Copies. You have a right to inspect and copy your Protected Health Information. You must submit your request in writing to us. We may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. We may deny your request to inspect and/or copy your protected health information in certain limited circumstances. If that occurs, we will inform you of the reason for the denial, and you may request a review of the denial.
• Amendment. You have a right to request that we amend your protected health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by us. You must submit your request in writing to us and provide a reason to support the requested amendment. We may, under certain circumstances, deny your request by sending you a written notice of denial. If we deny your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
• Accounting of Disclosures. You have a right to receive an accounting of all disclosures we have made of your Protected Health Information. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to us and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, we may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. We will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
• Breach Notification. You have a right to be notified in the event that we discover a breach of Protected Health Information.
14. Your choice regarding our use of your Personal Information for marketing purposes. If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out from receiving these marketing-related emails by contacting us by sending us a written request. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you do opt-out of receiving marketing-related emails from us, we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
15. How you can change or suppress your Personal Information. You may request to correct, update, suppress, or otherwise modify any of your Personal Information that you have previously provided to us through the Platform, or object to the use or processing of such Personal Information by us. In your request, please make clear what Personal Information you would like to have changed, whether you would like to have your Personal Information that you have provided to us suppressed from our database or otherwise let us know what limitations you want to place upon your Personal Information which you have provided to us. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably possible. Please note that we may need to retain certain information for recordkeeping purposes, and there may also be residual information that will remain within our databases and other records, which will not be removed.
17. Use of electronic communication by minors. The Platform is not directed to individuals under the age of eighteen (18), and we request that these individuals not provide Personal Information through the Platform.
18. Cross-border transfer. The Platform is controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your Personal Information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Platform you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have different data protection rules than those of your country.
(a) At WeHealth, we recognize the sensitive nature of the personal data we collect and the importance of protecting it. The GDPR requires us to obtain consent from European Union (“EU”) residents before using their data in any way. It also entitles them to access their data and ask for it to be removed and forgotten from any databases on request.
(b) Below is a list of privileges and how you can exercise these privileges and rights included with GDPR.
(c) You have a right to consent to how WeHealth uses your data. Below is a list of the data points we collect and how they are used. We never abuse your information. Along with consenting, you also have the right to withdraw your consent.
(d) We collect data, including:
• First Name – used as a contact point reference
• Last Name – used as a contact point reference
• Email Address – used as a contact point
• Phone Number – used as a contact point
• Interest – used to track the brand(s) you’re interested in
• Source – used to track how you found WeHealth
• Other Text Field Box – collects any information you wish to provide us
(e) Your data is used for marketing emails and marketing promotions such as newsletters, informational updates about WeHealth, and invitations to special events, webinars, and conferences.
(f) Your data is stored for an indefinite matter of time if you don’t notify WeHealth via the below methods to remove it. In the case that WeHealth tries to contact you and your email address and/ or phone number are no longer viable, your information will be declared inactive and WeHealth will not continue to attempt contact. If your contact information is updated with viable information, our records will be declared active as long as you haven’t exercised your right to revoke consent or be forgotten.
(g) Under GDPR you have the right to ask for all the data collected on you. Your data is stored in a secure database. It will take up to 72 hours to retrieve and send you collected data. The data will be provided in the form on a spreadsheet and sent via personal email.
(h) Your right to be forgotten refers to your right to have your information wiped from our database. If you wish for your information to be removed please call us at 1-800-WeHealth and we’ll confirm your information is removed via email within 72 hours.
(i) If you wish to submit a formal complaint against how your data is being used, collected, or stored by WeHealth, call us at 1-800-WeHealth.
(j) If you’ve consented to receive messages from us and need to revoke that consent, please contact us at 1-800-WeHealth and we’ll update our records and ensure your data is not stored. We’ll confirm your withdrawal via email within 72 hours.
20. Sensitive information. Please do not send us, and do not disclose, any sensitive Personal Information (e.g., Social Security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, criminal background or trade union membership) on or through the Platform or otherwise to us.
24. ADA Compliance, Disabilities, Accessibility. WeHealth attempts to make its information accessible to all individuals. If you use special adaptive equipment and encounter problems when using our Platform, please report them using the following contact information: 1-800-WeHealth. We will let you know if the information is available in an alternate format. We strive to meet World Wide Web Consortium (W3C) Recommendations and other web industry standards, specifically conforming to HTML 5, CSS Level 3, WAI-ARIA, and the U.S. Access Board’s Section 508 guidelines.
WeHealth is committed to making its Platform available to as many people as possible and makes every effort to ensure its communications are accessible to those with special needs, including those with visual, hearing, cognitive and motor impairments.
If you come across a page you find difficult to use, please contact us at 1-800-WeHealth.
25. Violation of Privacy Rights. You may notify us and the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with us, you must submit a statement in writing to WeHealth, Attn: Compliance Officer, 2071 Flatbush Ave, Brooklyn NY 11234. WeHealth will not retaliate against you for filing a complaint.
All materials © 2018 WeHealth unless otherwise noted. All rights reserved.