HealthHive Enterprise Privacy Policy
v06012020
EFFECTIVE DATE: June 1, 2020
Welcome to HealthHive.
We are a service business, and our goal is to provide the best service and solution to
our users. We believe that patients should have control over their information, and that
they should have the freedom to decide how their information is used. We also believe
that there is great public benefit to sharing certain anonymized health information which
cannot be attributed back to the patient (the personal health information of “PHI”) for
purposes of research, product development and the development of clinical algorithms.
Therefore, we make this option available to the patient, however, total control rests with
the patient to make the decision that best suits them.
This Privacy Policy (“Policy”) describes how HealthHive, PBC (“HealthHive,” “we,” “us,”
or “our”) collects, uses, and discloses information that we obtain about your use of the
HealthHive.org website (the “Site”) and HealthHive software (“the App”) (collectively “the
Service”), including information that we collect from devices that you connect to a
mobile device running the App.
Our Approach to Data Compliance. While our application is centered around patients,
and all data is stored and controlled under a patient-centered model, we have
nonetheless designed our application to meet the requirements of health care providers
subject to the laws and regulations governing the use and disclosure of PHI. The Health
Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information
Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the
regulations adopted under those statutes, and similar state laws (where those laws are
more stringent than HIPAA) govern the handling of PHI.
All HealthHive enterprise customers are considered Covered Entities under HIPAA and
therefore treated as subject to its rules regarding PHI. If a provider delegates some of
its work to a third party, and that party must access PHI in order to perform the work,
then such party is considered by HIPAA to be a Business Associate and is subject to the
same rules regarding the protection of PHI as the Covered Entity. HIPAA requires
Covered Entities to execute a “Business Associate Agreement” (”BAA”) with each of its
Business Associates. As a Business Associate, HealthHive is required to use
reasonable and appropriate measures to safeguard the confidentiality, integrity and
accessibility of PHI that is stored and processed on behalf of Covered Entities.
The Information We Collect About You. We collect information directly from you, from
devices and third-party services and integrations to which you connect.
When You Create, Update, or add information. When you register to use our Service,
we collect the personal information you provide us, including your name, email address
and password. We also collect any additional information you choose to directly add: (i)
to your profile; (ii) to our application via direct input, email, fax; and/or (iii) via
integrations which you authorize to share information with us.
We collect additional information from Integrations and Devices you connect to your App:
- Information Collected From Your Phone. In addition to the collection described above, we may collect basic information from your mobile device, including device model and OS version, device ID, device language, activities within the App and how long the App is open.
- When you integrate third party data sources or devices. We collect raw data and/or documents you choose to transfer to HealthHive via your approved integrations. We may collect additional information from your mobile device at the time of recording information, including accelerometer data, local time, local time zone, and geographic location.
We may also collect information provided through our app and/or integrations, including any personal or sensitive information you choose to provide through this feature. All of the information which we collect is collected because we believe that it will directly or indirectly deliver greater value to you and your other Hive members.
- Payments. When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
- When You Contact Us. When you contact HealthHive directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
How We Use Your Information
We process your information, including your personal information, for the following purposes:
- To provide our Service to you, to communicate with you about your use of our Service, to respond to your inquiries, and for other customer service purposes.
- To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Service.
- To research and develop new products and features.
- For marketing purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving marketing at any time as described below.
- To better understand how users access and use our Service, both on an aggregated and individualized basis, in order to improve our Service and respond to user desires and preferences, and for other analytical purposes.
- To administer surveys and questionnaires.
- To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
- Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.
How We Share Your Information. We may share your information, including personal information, as follows:
- With Your Consent. With your prior consent, we may share information from the Service with other third-party partners, including your personal information and data collected from your devices.
- Aggregate and De-Identified Information. We may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research or similar purposes.
- Health Researchers. We may share data collected through the Service with healthcare researchers and other research organizations, including de-identified profile information and data collected from your connected devices. We will never share your name or other information that could identify you.
- Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.
- In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena. Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
- To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which HealthHive is involved.
- Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our Service. We use these tools to help us improve our Service, performance, and user experiences.
Cookies
Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings. Because there is not yet a common understanding of how to interpret Do Not Track signals, we are unable to respond to Do Not Track requests from browsers, however we are monitoring for updates and will revisit this policy once a common standard is established.
Third-Party Links
Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Access to and Deleting My Personal Information
You may modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Service for a period of time.
We store information associated with your account until your account is deleted. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.
What Choices Do I Have Regarding Promotional Emails?
We may send periodic promotional emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. We may still send you emails about your account or any services you have requested or received from us.
Contact Us
If you have questions about our privacy practices, please contact us at support@HealthHive.org.
HealthHive, PBC
26 Broadway, 3rd floor
New York, New York 10004
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.
collect additional information from Integrations and Devices you connect toyour App:
Information Collected From Your Phone.
In addition to the collection described
above, we may collect basic information from your mobile device, including device
model and OS version, device ID, device language, activities within the App and how
long the App is open.
When you integrate third party data sources or devices.
We collect raw data
and/or documents you choose to transfer to HealthHive via your approved integrations.
We may collect additional information from your mobile device at the time of recording
information, including accelerometer data, local time, local time zone, and geographic
location.
We may also collect information provided through our app and/or integrations, including
any personal or sensitive information you choose to provide through this feature. All of
the information which we collect is collected because we believe that it will directly or
indirectly deliver greater value to you and your other Hive members.
Payments.
When you make payments through the Service, you may need to
provide your shipping address and financial account information, such as your credit
card number, to our third-party service providers. We do not collect or store financial
account information, though we may receive transaction identifiers and summary
information that does not include credit card or bank account numbers.
When You Contact Us.
When you contact HealthHive directly, such as when
you contact our Customer Support team, we will receive the contents of your message
or any attachments you may send to us, as well as any additional information you
choose to provide.
How We Use Your Information
We process your information, including your personal information, for the following
purposes:
To provide our Service to you, to communicate with you about your use of our
Service, to respond to your inquiries, and for other customer service purposes.
To tailor the content and information that we may send or display to you, to offer
location customization, and personalized help and instructions, and to otherwise
personalize your experiences while using the Service.
To research and develop new products and features.
For marketing purposes, to the extent permitted by law and, where required, with
your consent. For example, we may use your information, such as your email address,
to send you news and newsletters and promotions, or to otherwise contact you about
products or information we think may interest you. We also may use the information that
HealthHive Enterprise Privacy Policy
v. 06012020
Page
2
of
5
we learn about you to assist us in advertising our services on third party websites. You
can opt-out of receiving marketing at any time as described below.
To better understand how users access and use our Service, both on an
aggregated and individualized basis, in order to improve our Service and respond to
user desires and preferences, and for other analytical purposes.
To administer surveys and questionnaires.
To comply with legal obligations, as part of our general business operations, and
for other business administration purposes.
Where we believe necessary to investigate, prevent or take action regarding
illegal activities, suspected fraud, situations involving potential threats to the safety of
any person or violations of our Terms of Use or this Privacy Policy.
How We Share Your Information.
We may share your information, including personal
information, as follows:
With Your Consent.
With your prior consent
, we may share information from the
Service with other third-party partners, including your personal information and data
collected from your devices.
Aggregate and De-Identified Information.
We may share aggregate or de-
identified information—so that it cannot reasonably be used to identify an individual—
with third parties for marketing, advertising, research or similar purposes.
Health Researchers.
We may share data collected through the Service with
healthcare researchers and other research organizations, including de-identified profile
information and data collected from your connected devices. We will never share your
name or other information that could identify you.
Service Providers.
We may disclose the information we collect from you to third
party vendors, service providers, contractors or agents who perform functions on our
behalf, such as
providers of hosting, email communication, customer support services,
analytics, marketing, and advertising,
based on our instructions, and in compliance with
this policy and any other appropriate confidentiality and security measures.
Business Transfers.
If we are acquired by or merged with another company, if
substantially all of our assets are transferred to another company, or as part of a
bankruptcy proceeding or reorganization, we will give affected users notice before
transferring any personal information to a new entity.
In Response to Legal Process.
We also may disclose the information we
collect from you in order to comply with the law, a judicial proceeding, court order, or
other legal process, such as in response to a court order or a subpoena. Our policy is to
notify you of legal process seeking access to your information, such as search warrants,
court orders, or subpoenas, unless we are prohibited by law from doing so. In cases
where a court order specifies a non-disclosure period, we provide delayed notice after
HealthHive Enterprise Privacy Policy
v. 06012020
Page
3
of
5
the expiration of the non-disclosure period. Exceptions to our notice policy include
exigent or counterproductive circumstances, for example, when there is an emergency
involving a danger of death or serious physical injury to a person.
To Protect Us and Others.
We also may disclose the information we collect
from you where we believe it is necessary to investigate, prevent, or take action
regarding illegal activities, suspected fraud, situations involving potential threats to the
safety of any person, violations of our Terms of Use or this Policy, or as evidence in
litigation in which HealthHive is involved.
Third Party Analytics.
We use automated devices and applications, such as
Google Analytics, to evaluate usage of our Service. We also may use other analytic
means to evaluate our Service. We use these tools to help us improve our Service,
performance, and user experiences.
Cookies
Cookies are small text files stored on your device and used by web browsers to deliver
personalized content and remember logins and account settings. In addition to
improving user experience, we use cookies and similar technologies for analytic and
advertising purposes. You can manage your cookies locally by adjusting your browser
settings. Because there is not yet a common understanding of how to interpret Do Not
Track signals, we are unable to respond to Do Not Track requests from browsers,
however we are monitoring for updates and will revisit this policy once a common
standard is established.
Third-Party Links
Our Service may contain links to third-party websites. Any access to and use of such
linked websites is not governed by this Policy, but instead is governed by the privacy
policies of those third-party websites. We are not responsible for the information
practices of such third-party websites.
Security of My Personal Information
We have implemented reasonable precautions to protect the information we collect from
loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please
be aware that despite our best efforts, no data security measures can guarantee
security.
You should take steps to protect against unauthorized access to your password, phone,
and computer by, among other things, signing off after using a shared computer,
choosing a robust password that nobody else knows or can easily guess, and keeping
your log-in and password private. We are not responsible for any lost, stolen, or
compromised passwords or for any activity on your account via unauthorized password
activity.
HealthHive Enterprise Privacy Policy
v. 06012020
Page
4
of
5
Access to and Deleting My Personal Information
You may modify personal information that you have submitted by logging into your
account and updating your profile information. Please note that copies of information
that you have updated, modified or deleted may remain viewable in cached and
archived pages of the Service for a period of time.
We store information associated with your account until your account is deleted. Please
note that it may take a bit of time to delete your account information, and we may
preserve it for legal reasons or to prevent harm, including as described in the How
Information Is Shared section.
What Choices Do I Have Regarding Promotional Emails?
We may send periodic promotional emails to you. You may opt-out of such
communications by following the opt-out instructions contained in the email. Please note
that it may take up to 10 business days for us to process opt-out requests. We may still
send you emails about your account or any services you have requested or received
from us.
Contact Us
If you have questions about our privacy practices, please contact us
at
support@HealthHive.org
.
HealthHive, PBC
26 Broadway, 3rd floor
New York, New York 10004
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this
Policy from time to time, so please be sure to check back periodically. We will post any
changes to this Policy on our Service. If we make any changes to this Policy that
materially affect our practices with regard to the personal information we have
previously collected from you, we will endeavor to provide you with notice in advance of
such change.