Effective as of June 5th, 2023
Welcome to HealthHive
Few things are more important than controlling your data and the data and health information of others, and we take our stewardship of this data very seriously.
We are a service business, and our goal is to provide the best service and solution to our users. We believe patients should have control over their information and the freedom to decide how their data is used. We also believe that there is a significant public benefit to sharing certain anonymized health information that cannot be attributed back to the patient (the personal health information or “PHI”) for research, product development, and the development of clinical algorithms. Therefore, we make the option to share available to the patient. However, total control rests with the patient, allowing them to make the choice that is the best decision for them. Please see our HealthHive Privacy Notice for more information.
This Privacy Policy (“Policy”) describes how HealthHive, PBC (“HealthHive,” “we,” “us,” or “our”) collects, uses, and discloses information that we obtain through your use of the HealthHive.org website (the “Site”) and the HealthHive software (including web-based and mobile apps) (“the HealthHive Software”) (collectively “the Service”), including information that we collect from devices that are connected to the HealthHive Software.
Our Approach to Data Compliance. Our application is centered around patients,
and all data is stored and controlled under a patient-centered model. We have nonetheless designed our application to meet the requirements of healthcare providers subject to the laws and regulations governing the use and disclosure of PHI. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI.
All HealthHive enterprise customers are considered Covered Entities under HIPAA and, therefore, treated as subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. HIPAA requires Covered Entities to execute a “Business Associate Agreement” (”BAA”) with each of its Business Associates. As a Business Associate, HealthHive must use reasonable and appropriate measures to safeguard the confidentiality, integrity, and accessibility of PHI stored and processed on behalf of Covered Entities.
The Information We Collect About You. We collect information directly from you, from devices and third-party services and integrations to which you connect.
When You Create, Update, or add information. When you register to use our Service, we collect the personal information you provide us, including your name, email address, and password. We also collect any additional information you choose to add directly: (i) to your profile, (ii) to our application via direct input, email, or fax, and (iii) via integrations that you authorize to share information with us.
We collect additional information from Integrations and Devices you connect to the HealthHive Software:
Information Collected From Your Phone. In addition to the collection described above, we may collect basic information from your mobile device, including device model and operating system version, device ID, device language, device location, activities within the HealthHive Software, and how long the HealthHive Software is open.
You can connect your mobile device to a compatible third-party service. In that case, we may collect information including, but not limited to, username and email address, clinical vitals, health, social, legal, non-clinical exercise, and health data. We do this to be able to provide you with a better solution.
When you integrate third-party data sources or devices, we collect raw data and/or documents you choose to transfer to HealthHive via approved integrations. We may collect additional information from your mobile device at the time of recording information, including accelerometer data, local time, local time zone, and geographic location.
We may also collect information provided through the HealthHive Software and/or integrations, including any personal or sensitive information you choose to provide through this feature. All the information we collect is collected because it will directly or indirectly deliver greater value to you and other Hive members.
If you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information. However, we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
When You Contact Us. When you contact HealthHive directly, such as our Customer Support team, we will receive the contents of your message, any attachments you may send us, and any additional information you choose to provide.
How We Use Your Information
We process your information, including your personal information, for the following purposes:
- To provide our Service to you, to communicate with you about your use of our Service, to respond to your inquiries, and for other customer service purposes.
- To tailor the content and information we may send or display to you, offer location customization, localization, personalized help and instructions, and otherwise personalize your experiences while using the Service.
- To research and develop new products and features.
- For marketing purposes, to the extent permitted by law and, where required, with your consent. We may use your email address to send you news, newsletters, and promotions or contact you about products or information that interests you. We also may use the information we learn about you to assist us in advertising our services on third-party websites. You can opt out of receiving marketing anytime.
- To better understand how users access and use our Service, both on an aggregated and individualized basis, to improve our Service and respond to user desires and preferences, and for other analytical purposes.
- To administer surveys and questionnaires.
- To comply with legal obligations as part of our general business operations and for other business administration purposes.
- Where we believe necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use or this Privacy Policy.
How We Share Your Information. We may share your information, including personal information, as follows:
- With Your Consent. With your explicit consent, we may share information from the Service with other third-party partners, including your personal information and data collected from your devices.
- Healthcare Providers, Family, or Others. With the consent of Hive owners, we may share certain information you have shared with them, including information collected from your connected devices, with other healthcare providers, family members, or others designated to receive that information.
- Aggregate and De-Identified Information. With your explicit and/or the consent of Hive owners, we may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research, or similar purposes.
- Health Researchers. With your explicit and/or the consent of Hive owners, we may share data collected through the Service with healthcare researchers and other research organizations, including de-identified profile information and data collected from your connected devices. We will never share your name or other information that could identify you.
- Service Providers. We may disclose the information we collect from you to third-party vendors, service providers, contractors, or agents who perform functions on our behalf, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures.
- In Response to Legal Process. We may disclose the information we collect from you to comply with the law, a judicial proceeding, a court order, or other legal process, such as in response to a court order or a subpoena. Our policy is to notify you of legal processes seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are legally prohibited. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when an emergency involves a danger of death or serious physical injury to a person.
- To Protect Us and Others. We may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use, or this Policy, or as evidence in litigation in which HealthHive is involved.
- Third-Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate the usage of our Service. We also may use other analytic means to evaluate our Service. We use these tools to help us improve our Service, performance, and user experiences.
Impact on Third Parties. We want to ensure that you understand that any data-sharing decisions you make could impact third parties. For instance, sharing information may indirectly affect the relatives of others, as certain information may be genetic or otherwise reflect the health history of family members.
Cookies
Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings. Because there is not yet a common understanding of how to interpret Do Not Track signals, we cannot respond to Do Not Track requests from browsers; however, we are monitoring for updates and will revisit this policy once a common standard is established.
Third-Party Links
Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy but by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee complete security. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your login and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Access to and Deleting My Personal Information
You may modify the personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of the information you have updated, modified, or deleted may remain viewable in cached and archived pages of the Service for a period of time.
We store information associated with your account until your account is deleted. Deleting your account information may take some time, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
Breaches of Unsecured PHI
If HealthHive finds that a “Breach of Unsecured PHI” has occurred, HealthHive will provide notification of a breach or a suspected breach by any applicable Business Associate Agreements, and, in all events, without unreasonable delay, and in no case later than 60 calendar days after discovery of a breach. Further, we follow the requirements of the Federal Trade Commission Health Breach Notification Rule.
In the event of a Breach, HealthHive’s Privacy Officer, in consultation with HealthHive’s outside counsel, will be responsible for determining what steps should be taken to mitigate the effects of any Breaches and what remedial measures should be taken to avoid similar future events (e.g., retraining of staff, instituting new procedures, engaging alternative Subcontractors).
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. If we make any changes to this Policy that materially affect our practices regarding the personal information we have previously collected from you, we will work to provide you with notice in advance of such change. We will post any changes to this Policy on our Service.
HealthHive, PBC Change of Control
In the event of a sale or change of control of HealthHive, we would expect that any purchaser would maintain policies similar to those in place at the time of such change. Further, we would request that you be notified of any changes to these policies no less than sixty days before any changes. However, if a change of control were to occur, it would be within the buyer’s exclusive discretion whether to honor our recommendation.
Dormant or Closed Accounts
We currently allow accounts to remain dormant without limitation. However, this policy will likely evolve. Unless the law requires, HealthHive will never delete inactive accounts without providing at least three months' notice to the account holder. If an account is dormant and in payment default, we will allow the account owner to access and export their data, but we may turn off all new activity within the account.
What Choices Do I Have Regarding Promotional Emails?
We may send periodic promotional emails to you. You may opt out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. We may still email you about your account or any services you have requested or received from us.
Contact Us
If you have questions about our privacy practices, please contact us at support@HealthHive.org.
HealthHive, PBC
830 Morris Turnpike, Suite 401
Short Hills, NJ 07078
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change. Our policy previous to this was effective as of December 1st, 2018, please contact us for a copy.