This policy was last updated December 10, 2021.
California Privacy Rights. The California Consumer Privacy Act (“CCPA”) of 2018 enhances privacy rights and consumer protection for residents of California. Under the CCPA, California residents have the rights to: 1) know what Personal Data are being collected about them; 2) know whether their Personal Data are sold or disclosed, and to whom; 3) say ‘no’ to the sale of their Personal Data; 4) access their Personal Data; and 5) not be discriminated against for exercising their privacy rights under the CCPA. California law allows California residents to request information regarding our disclosures in the prior calendar year, if any, of their PII to third parties. To make such a request, please contact us at firstname.lastname@example.org. Please include enough detail for us to locate your file; at a minimum, your name, email and username, if any. We will attempt to provide you with the requested information within thirty (30) days of receipt. We reserve our right not to respond to requests sent more than once in a calendar year, or requests submitted to an address other than the one posted in this notice. Please note that this law does not cover all information sharing. Our disclosure only includes information covered by the law.
Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rights. HIPAA (as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 and the HIPAA Omnibus Final Rule) protects your rights to privacy with respect to your healthcare-related Personal Data. We have the duty and responsibility to protect the privacy and security of your Protected Health Information (“PHI”) and Electronic Health Records (“EHR”) (as defined in the HIPAA Regulations) that we access or that come into our possession. We will take commercially reasonable steps to maintain compliance with HIPAA requirements. We support and facilitate the timely and unimpeded flow of health information for lawful and appropriate purposes.
Use of Services
Your access to and use of our Services are subject to certain terms and conditions, which are set forth in our Terms of Service.
Collection of Information
Information You Provide
We collect information you provide, such as when you email us, sign up for the Services, or submit information through the Services. We may collect, but are not limited to collecting:
Personally Identifiable information (“PII”), such as your name, email address, residence and mailing address, phone number, sex, date of birth, other demographic information and sensitive PII, such as race, and ethnicity;
Protected Health Information (“PHI”), such as your symptoms and exposure to infectious disease, diagnostic test results and related information, your medical history, and elevated temperature readings, and your questions regarding medical issues.
Information We Collect from Your Use of the Services
We collect information about you when you use our Services, including, but not limited to the following:
Information from Third Parties
We may obtain additional information about you from third parties, such as healthcare entities or laboratory providers of testing and analytics services, researchers, and others. We may combine information that we collect from you with information about you that we obtain from such third parties and information derived from any other service we provide.
Aggregate or De-identified Data
Use of Information
We use the information that we collect for the following purposes:
To personalize your experience with the Services by informing you of products, programs, events, services, and promotions of ours, our partners and/or third parties that we believe may be of interest to you (see the “Opt-In Policy” below);
To provide, maintain, administer, improve, or expand the Services, perform business analysis, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
To contact you when necessary or requested;
To customize and tailor your experience of the Services;
To send mobile notifications (you may opt-out of this service);
To send emails and other communications that display content that we think will interest you and according to your preferences;
To send you news and information about our Services;
To track and analyze trends and usage in connection with our Services;
To better understand who uses the Services and how we can deliver a better user experience;
To use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts;
To prevent, detect, and investigate security breaches, fraud, and other potentially illegal or prohibited activities;
To enforce the legal terms that govern your use of the Services;
To protect our rights or property;
To administer and troubleshoot the Services; and
For any other purpose disclosed to you in connection with our Services.
We may use third-party service providers to process and store personal information in the United States and other countries.
Sharing of Information
We may share personal information about you as follows:
With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf;
If we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce applicable user agreements or policies; to protect the security or integrity of our Services; and to protect us, our users or the public from harm or illegal activities; and
With your consent, we may also share aggregated, non-personally identifiable information with third parties.
We take reasonable measures, including administrative, technical, and physical safeguards, to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, although we take industry-standard steps to protect your information (e.g., strong encryption), we cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.
For PHI and EHR data subject to HIPAA, we securely store and maintain such data and records in compliance with the HIPAA Privacy and Security Rule Standards. We or our service providers maintain all HIPAA-related documentation in electronic form on HIPAA-compliant, HITRUST-certified data storage facilities.
If you are using the Services from outside of the USA, you understand that your connection will be through and to servers located in the USA, and the information you provide will be securely stored in our web servers and internal systems located within the USA. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer and storage of information in and to the USA, where you may not have the same rights and protections as you do under your local law.
General. We store your Personal Data for as long as reasonably required for its purpose or for any additional period required by law. We will delete your account information and Personal Data when you terminate your use of the Services, or when we delete your account. We may store information longer for legitimate business reasons (for example, Personal Data may remain in backups for a reasonable period of time), or as legally required. Otherwise, we store your Personal Data until you request us to remove it from our servers. We store our logs and other technical records indefinitely.
HIPAA-Related Data. For PHI and EHR data subject to HIPAA, our data retention policy is as follows:
We retain all HIPAA-related data and records for a minimum period of six (6) years from the date of creation or modification, or the date when such data were last in effect, whichever is later.
In the event that local/state laws require a longer duration for retention of healthcare records, we retain such data for the duration specified by law, but no less than six (6) years.
When deleting HIPAA-related data, we use a soft-delete functionality wherever possible, so that the data can be accessed or recovered by a system administrator. If you require permanent deletion of your Personal Data, you may send a written request to us for approval before the data can be deleted by an administrator.
We may delete HIPAA-related PHI or EHR in a verifiable manner only when required or permitted by applicable laws and regulations, and we maintain a record of such deletions for a minimum period of six (6) years from the date of the deletion.
We ensure that all HIPAA-related data and documentation are available to members of our workforce only on a need-to-know basis, and as required by their job functions via user-specific account access restrictions.
Your Privacy Choices
How You Can Access and Update Your Information
You may update or correct information about yourself at any time or by emailing us at email@example.com
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies; however, our Services may not function properly if you do so.
Options for Opting out of Cookies and Mobile Device Identifiers
If you are interested in more information about how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link or TRUSTe’s Advertising Choices Page to opt-out of receiving tailored advertising from companies that participate in those programs.
How We Respond to Browser “Do Not Track” Signals
We do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations and solutions. For more information about DNT signals, visit http://allaboutdnt.com.
Links to Other Websites
Our Services may contain links to other websites and those websites may not follow the same privacy practices as we do. We are not responsible for the privacy practices of third-party websites. We encourage you to read the privacy policies of such third parties to learn more about their privacy practices.
We do not knowingly collect or maintain personally identifiable information from persons under 18 years of age without verifiable parental consent. If you are under 18 years of age, then please do not use the Services without a parent or legal guardian present. If we learn that personally identifiable information of persons less than 18 years of age has been collected without verifiable parental consent, then we will take the appropriate steps to delete this information. To make such a request, please contact us at firstname.lastname@example.org.
No Rights of Third Parties
How to Contact Us
Safe Health Systems, Inc.
1475 N. Scottsdale Rd. Suite 200
Scottsdale, AZ 85257