What is HealthHive's Privacy Policy for Portal Users?

EFFECTIVE DATE: June 1, 2020

We are a service business, and our goal is to provide the best service and solution to

our users. We believe that patients should have control over their information, and that

they should have the freedom to decide how their information is used. We also believe

that there is great public benefit to sharing certain anonymized health information which

cannot be attributed back to the patient (the personal health information of “PHI”) for

purposes of research, product development and the development of clinical algorithms.

Therefore, we make this option available to the patient, however, total control rests with

the patient to make the decision that best suits them.

 

This Privacy Policy (“Policy”) describes how HealthHive, PBC (“HealthHive,” “we,” “us,”

or “our”) collects, uses, and discloses information that we obtain about your use of the

HealthHive.org website (the “Site”) and HealthHive software (“the App”) (collectively “the

Service”), including information that we collect from devices that you connect to a

mobile device running the App.

 

Our Approach to Data Compliance. While our application is centered around patients,

and all data is stored and controlled under a patient-centered model, we have

nonetheless designed our application to meet the requirements of health care providers

subject to the laws and regulations governing the use and disclosure of PHI. The Health

Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information

Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the

regulations adopted under those statutes, and similar state laws (where those laws are

more stringent than HIPAA) govern the handling of PHI.

All HealthHive enterprise customers are considered Covered Entities under HIPAA and

therefore treated as subject to its rules regarding PHI. If a provider delegates some of

its work to a third party, and that party must access PHI in order to perform the work,

then such party is considered by HIPAA to be a Business Associate and is subject to the

same rules regarding the protection of PHI as the Covered Entity. HIPAA requires

Covered Entities to execute a “Business Associate Agreement” (”BAA”) with each of its

Business Associates. As a Business Associate, HealthHive is required to use

reasonable and appropriate measures to safeguard the confidentiality, integrity and

accessibility of PHI that is stored and processed on behalf of Covered Entities.

 

The Information We Collect About You. We collect information directly from you, from

devices and third-party services and integrations to which you connect.

When You Create, Update, or add information. When you register to use our Service,

we collect the personal information you provide us, including your name, email address

and password. We also collect any additional information you choose to directly add: (i)

to your profile; (ii) to our application via direct input, email, fax; and/or (iii) via

integrations which you authorize to share information with us.

 

• Information Collected From Your Phone. In addition to the collection described above, we may collect basic information from your mobile device, including device model and OS version, device ID, device language, activities within the App and how long the App is open.
• When you integrate third party data sources or devices. We collect raw data and/or documents you choose to transfer to HealthHive via your approved integrations. We may collect additional information from your mobile device at the time of recording information, including accelerometer data, local time, local time zone, and geographic location.

We may also collect information provided through our app and/or integrations, including any personal or sensitive information you choose to provide through this feature. All of the information which we collect is collected because we believe that it will directly or indirectly deliver greater value to you and your other Hive members.

• Payments.  When you make payments through the Service, you may need to provide your shipping address and financial account information, such as your credit card number, to our third-party service providers. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
• When You Contact Us. When you contact HealthHive directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.

How We Use Your Information

We process your information, including your personal information, for the following purposes:

• To provide our Service to you, to communicate with you about your use of our Service, to respond to your inquiries, and for other customer service purposes.
• To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the Service.
• To research and develop new products and features.
• For marketing purposes, to the extent permitted by law and, where required, with your consent. For example, we may use your information, such as your email address, to send you news and newsletters and promotions, or to otherwise contact you about products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving marketing at any time as described below.
• To better understand how users access and use our Service, both on an aggregated and individualized basis, in order to improve our Service and respond to user desires and preferences, and for other analytical purposes.
• To administer surveys and questionnaires.
• To comply with legal obligations, as part of our general business operations, and for other business administration purposes.
• Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Use or this Privacy Policy.

How We Share Your Information. We may share your information, including personal information, as follows:

• With Your Consent. With your prior consent, we may share information from the Service with other third-party partners, including your personal information and data collected from your devices.
• Aggregate and De-Identified Information. We may share aggregate or de-identified information—so that it cannot reasonably be used to identify an individual—with third parties for marketing, advertising, research or similar purposes.
• Health Researchers. We may share data collected through the Service with healthcare researchers and other research organizations, including de-identified profile information and data collected from your connected devices. We will never share your name or other information that could identify you.
• Service Providers. We may disclose the information we collect from you to third party vendors, service providers, contractors or agents who perform functions on our behalf, such as providers of hosting, email communication, customer support services, analytics, marketing, and advertising, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures.
• Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding or reorganization, we will give affected users notice before transferring any personal information to a new entity.
• In Response to Legal Process. We also may disclose the information we collect from you in order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena. Our policy is to notify you of legal process seeking access to your information, such as search warrants, court orders, or subpoenas, unless we are prohibited by law from doing so. In cases where a court order specifies a non-disclosure period, we provide delayed notice after the expiration of the non-disclosure period. Exceptions to our notice policy include exigent or counterproductive circumstances, for example, when there is an emergency involving a danger of death or serious physical injury to a person.
• To Protect Us and Others. We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms of Use or this Policy, or as evidence in litigation in which HealthHive is involved.
• Third Party Analytics. We use automated devices and applications, such as Google Analytics, to evaluate usage of our Service. We also may use other analytic means to evaluate our Service. We use these tools to help us improve our Service, performance, and user experiences.

Cookies

Cookies are small text files stored on your device and used by web browsers to deliver personalized content and remember logins and account settings. In addition to improving user experience, we use cookies and similar technologies for analytic and advertising purposes. You can manage your cookies locally by adjusting your browser settings. Because there is not yet a common understanding of how to interpret Do Not Track signals, we are unable to respond to Do Not Track requests from browsers, however we are monitoring for updates and will revisit this policy once a common standard is established.

Third-Party Links

Our Service may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Security of My Personal Information

We have implemented reasonable precautions to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee security.

You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.

Access to and Deleting My Personal Information

You may modify personal information that you have submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the Service for a period of time.

We store information associated with your account until your account is deleted. Please note that it may take a bit of time to delete your account information, and we may preserve it for legal reasons or to prevent harm, including as described in the How Information Is Shared section.

What Choices Do I Have Regarding Promotional Emails?

We may send periodic promotional emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. We may still send you emails about your account or any services you have requested or received from us.

Contact Us

If you have questions about our privacy practices, please contact us at support@HealthHive.org.

HealthHive, PBC

26 Broadway, 3rd floor
New York, New York 10004

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Service. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change.

collect additional information from Integrations and Devices you connect to

your App:



Information Collected From Your Phone.

In addition to the collection described

above, we may collect basic information from your mobile device, including device

model and OS version, device ID, device language, activities within the App and how

long the App is open.



When you integrate third party data sources or devices.

We collect raw data

and/or documents you choose to transfer to HealthHive via your approved integrations.

We may collect additional information from your mobile device at the time of recording

information, including accelerometer data, local time, local time zone, and geographic

location.

We may also collect information provided through our app and/or integrations, including

any personal or sensitive information you choose to provide through this feature. All of

the information which we collect is collected because we believe that it will directly or

indirectly deliver greater value to you and your other Hive members.



Payments.

When you make payments through the Service, you may need to

provide your shipping address and financial account information, such as your credit

card number, to our third-party service providers. We do not collect or store financial

account information, though we may receive transaction identifiers and summary

information that does not include credit card or bank account numbers.



When You Contact Us.

When you contact HealthHive directly, such as when

you contact our Customer Support team, we will receive the contents of your message

or any attachments you may send to us, as well as any additional information you

choose to provide.

How We Use Your Information

We process your information, including your personal information, for the following

purposes:



To provide our Service to you, to communicate with you about your use of our

Service, to respond to your inquiries, and for other customer service purposes.



To tailor the content and information that we may send or display to you, to offer

location customization, and personalized help and instructions, and to otherwise

personalize your experiences while using the Service.



To research and develop new products and features.



For marketing purposes, to the extent permitted by law and, where required, with

your consent. For example, we may use your information, such as your email address,

to send you news and newsletters and promotions, or to otherwise contact you about

products or information we think may interest you. We also may use the information that

HealthHive Enterprise Privacy Policy

v. 06012020

Page

2

of

5

we learn about you to assist us in advertising our services on third party websites. You

can opt-out of receiving marketing at any time as described below.



To better understand how users access and use our Service, both on an

aggregated and individualized basis, in order to improve our Service and respond to

user desires and preferences, and for other analytical purposes.



To administer surveys and questionnaires.



To comply with legal obligations, as part of our general business operations, and

for other business administration purposes.



Where we believe necessary to investigate, prevent or take action regarding

illegal activities, suspected fraud, situations involving potential threats to the safety of

any person or violations of our Terms of Use or this Privacy Policy.

How We Share Your Information.

We may share your information, including personal

information, as follows:



With Your Consent.

With your prior consent

, we may share information from the

Service with other third-party partners, including your personal information and data

collected from your devices.



Aggregate and De-Identified Information.

We may share aggregate or de-

identified information—so that it cannot reasonably be used to identify an individual—

with third parties for marketing, advertising, research or similar purposes.



Health Researchers.

We may share data collected through the Service with

healthcare researchers and other research organizations, including de-identified profile

information and data collected from your connected devices. We will never share your

name or other information that could identify you.



Service Providers.

We may disclose the information we collect from you to third

party vendors, service providers, contractors or agents who perform functions on our

behalf, such as

providers of hosting, email communication, customer support services,

analytics, marketing, and advertising,

based on our instructions, and in compliance with

this policy and any other appropriate confidentiality and security measures.



Business Transfers.

If we are acquired by or merged with another company, if

substantially all of our assets are transferred to another company, or as part of a

bankruptcy proceeding or reorganization, we will give affected users notice before

transferring any personal information to a new entity.



In Response to Legal Process.

We also may disclose the information we

collect from you in order to comply with the law, a judicial proceeding, court order, or

other legal process, such as in response to a court order or a subpoena. Our policy is to

notify you of legal process seeking access to your information, such as search warrants,

court orders, or subpoenas, unless we are prohibited by law from doing so. In cases

where a court order specifies a non-disclosure period, we provide delayed notice after

HealthHive Enterprise Privacy Policy

v. 06012020

Page

3

of

5

the expiration of the non-disclosure period. Exceptions to our notice policy include

exigent or counterproductive circumstances, for example, when there is an emergency

involving a danger of death or serious physical injury to a person.



To Protect Us and Others.

We also may disclose the information we collect

from you where we believe it is necessary to investigate, prevent, or take action

regarding illegal activities, suspected fraud, situations involving potential threats to the

safety of any person, violations of our Terms of Use or this Policy, or as evidence in

litigation in which HealthHive is involved.



Third Party Analytics.

We use automated devices and applications, such as

Google Analytics, to evaluate usage of our Service. We also may use other analytic

means to evaluate our Service. We use these tools to help us improve our Service,

performance, and user experiences.

Cookies

Cookies are small text files stored on your device and used by web browsers to deliver

personalized content and remember logins and account settings. In addition to

improving user experience, we use cookies and similar technologies for analytic and

advertising purposes. You can manage your cookies locally by adjusting your browser

settings. Because there is not yet a common understanding of how to interpret Do Not

Track signals, we are unable to respond to Do Not Track requests from browsers,

however we are monitoring for updates and will revisit this policy once a common

standard is established.

Third-Party Links

Our Service may contain links to third-party websites. Any access to and use of such

linked websites is not governed by this Policy, but instead is governed by the privacy

policies of those third-party websites. We are not responsible for the information

practices of such third-party websites.

Security of My Personal Information

We have implemented reasonable precautions to protect the information we collect from

loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please

be aware that despite our best efforts, no data security measures can guarantee

security.

You should take steps to protect against unauthorized access to your password, phone,

and computer by, among other things, signing off after using a shared computer,

choosing a robust password that nobody else knows or can easily guess, and keeping

your log-in and password private. We are not responsible for any lost, stolen, or

compromised passwords or for any activity on your account via unauthorized password

activity.

HealthHive Enterprise Privacy Policy

v. 06012020

Page

4

of

5

Access to and Deleting My Personal Information

You may modify personal information that you have submitted by logging into your

account and updating your profile information. Please note that copies of information

that you have updated, modified or deleted may remain viewable in cached and

archived pages of the Service for a period of time.

We store information associated with your account until your account is deleted. Please

note that it may take a bit of time to delete your account information, and we may

preserve it for legal reasons or to prevent harm, including as described in the How

Information Is Shared section.

What Choices Do I Have Regarding Promotional Emails?

We may send periodic promotional emails to you. You may opt-out of such

communications by following the opt-out instructions contained in the email. Please note

that it may take up to 10 business days for us to process opt-out requests. We may still

send you emails about your account or any services you have requested or received

from us.

Contact Us

If you have questions about our privacy practices, please contact us

at

support@HealthHive.org

.

HealthHive, PBC

26 Broadway, 3rd floor

New York, New York 10004

Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this

Policy from time to time, so please be sure to check back periodically. We will post any

changes to this Policy on our Service. If we make any changes to this Policy that

materially affect our practices with regard to the personal information we have

previously collected from you, we will endeavor to provide you with notice in advance of

such change.