Effective date – May 19, 2022
This Managed Health Connections Privacy Policy relates to the collection, use, and disclosure of your Personal Data and PHI in your use of the Platform. You may disclose Personal Data and PHI in your use of the Platform and you consent to MHC’s collection, use, and disclosure practices related to such Personal Data and PHI specified in this Privacy Policy. You further agree to comply with Applicable Law related to the sharing of your Personal Data and your collection, use, and disclosure of Personal Data belonging any third parties. If you do not consent and agree to this Privacy Policy, you will immediately discontinue use of the Platform and uninstall all related downloads and applications.
SECTION 1 Definitions
(a) “Applicable Law” means all applicable (1) state, federal, and international laws and regulations, and (2) ethical, professional, and licensure requirements of your profession if you are a healthcare provider.
(b) “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and associated regulations, as amended.
(c) “Neowithdrawal” means MHC’s web and mobile application that makes available a tool to be accessed by you to assist in setting and meeting personal health goals.
(d) “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
(e) “PHI” means “Protected Health Information” as that term is used under HIPAA.
(f) “Platform” means the Website, the Neowithdrawal.com training or bedside application, and all other products or services provided by MHC.
(g) “Privacy Policy” means MHC’s policy related to the collection, use, and disclosure of Personal Data and PHI as specified in this Managed Health Connections Privacy Policy, the Platform, and any additional privacy statements provided to you in writing.
(h) “MHC” means Managed Health Connections, LLC, a Washington limited liability corporation located at 120 North Pine Street, Suite 256, Box 3, Spokane, WA 99202-5030.
(i) “User Account” means the account created by you to access and use the Platform.
(j) “Website” means the portion of MHC’s website accessible by you located at www.managedhealthconnections.com or www.neowithdrawal.com.
(k) “You” means the individual or entity visiting, installing, downloading, accessing, or otherwise using the Platform.
SECTION 2 Personal Data and PHI collected by MHC
(a) Information provided to MHC. This may include your first and last name, birthdate, email, phone number, PHI, screening measures and surveys, professional license, and other information when you create a User Account to access the Platform. You may at any time update such information on your User Account once it has been created.
(b) Information MHC collects from you automatically when you use the Platform. MHC and its partners and affiliates may automatically collect certain information about you when you use the Platform (“Usage Data”). Usage Data may include IP address, device identifier, browser type, operating system, information about your use of the Platform, and data regarding network connected hardware (e.g., computer or mobile device). The methods that may be used on the Platform to collect Usage Data include the following:
(1) Log information. Log information is data about your use of the Platform such as IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files;
(2) Information collected by tracking technologies. Location-identifying technologies, device tokens, and other tracking technologies now and hereafter developed may be used to collect information about interactions with the Platform;
(3) Location-identifying technologies. GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting content based on your location;
(4) Device tokens. A device token is a unique identifier issued by the operating system of your mobile device. You may sign up to receive “push notification” messages through the Platform. To ensure messages reach the correct devices, MHC relies on a device token unique to your mobile device. While MHC may be able to access a list of the tokens, the MHC Mobile App and tokens do not reveal your identity, unique device ID, or contact information to MHC.
(5) Cookies. Cookies are alphanumeric identifiers that MHC transfers to your computer’s (or other device’s) persistent storage medium (e.g., hard drive) through your browser to enable MHC’s systems to recognize your browser and tell MHC how and when pages on the Platform are visited and by how many people. MHC uses cookies to enhance visitors’ experiences, to learn more about their use of the Platform, and to improve quality. Cookies MHC collects does not collect Personal Data or PHI, but MHC may combine the general information collected through cookies with Personal Data to tell MHC who you are or what your screen name or email address is. Most browsers have an option for turning off the cookie feature which will prevent your browser from accepting new cookies, as well as (depending on the sophistication of your browser software) allowing you to decide on acceptance of each new cookie in a variety of ways. MHC strongly recommends that you leave the cookies activated because cookies enable you to take advantage of some of the Platform’s most attractive features. Ads appearing on the Platform may be delivered to users by MHC’s advertising partners who may set cookies. These cookies allow the ad server to recognize your computer or other device each time they send you an online advertisement to compile information about you or others who use your computer or device. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by MHC and does not cover the use of cookies by any advertisers. Some information about your use of the Platform may be collected using tracking technologies across time and services and used by MHC and third parties for delivering the Platform.
(c) Information MHC collects from its partners and other sources. MHC may collect Personal Data that you have provided to MHC and its subsidiaries, affiliates, business partners, and/or businesses related to MHC for purposes set out below. MHC is not responsible or liable for the accuracy of the information provided by third parties or for third party policies or practices. Generally, MHC collects Personal Data directly from you. If third parties hold information MHC requires, MHC will endeavor to ensure the information has been collected with your consent. MHC may collect and use Personal Data that is aggregated and anonymized (“Analytic Information”) from MHC subsidiaries, affiliates, business partners, and/or businesses related to MHC, for various business purposes, including enabling MHC to provide the Platform. Analytic Information, because it is aggregated and anonymized, is no longer Personal Data as it cannot be used, alone or in conjunction with other information, to identify an individual. MHC may use this Analytic Information in a variety of ways, including to help analyze site traffic, understand users’ needs and trends, and to improve MHC products and services. MHC may use this information by itself or aggregate it with information MHC has obtained from others. MHC may use, transfer, lease, sell, or otherwise commercialize Analytic Information for any and all purposes without notice or obligation to you, provided that the Analytic Information does not indicate your identity and cannot be used, alone or in conjunction with other information, to determine your identity. You will not have any rights arising from the creation, collection, or use of the Analytic Information.
SECTION 3 Personal Data use
MHC collects Personal Data for purposes related to managing and developing its businesses and operations, including (a) establishing, managing, and terminating business relations with you, (b) reviewing the products and services that MHC provides to you, (c) communicating and sending curated healthcare related information of interest to you, including newsletters, alerts, and notifications, (d) informing you of MHC’s products and services other than those that you have specifically requested, (e) tracking and analyzing trends and patterns related to MHC’s businesses and operations for market research related purposes, (f) providing you with the Platform, (g) creating aggregated information or Analytic Information that does not individually identify you, (h) complying with Applicable Law, (i) any other reasonable purpose to which you consent, (j) for other purposes which MHC will disclose to you before the time of collection, (k) to investigate security breaches or cooperate with government authorities pursuant to a legal matter, or (l) sending you transactional or informational emails such as customer service communications in connection with the products you have registered to use or changes to the Platform or policies.
SECTION 4 Personal Data and PHI disclosure
Personal Data and PHI may be disclosed to third parties
(a) if there is a change in ownership of all or a part of MHC through some form of merger, purchase, sale, lease, or amalgamation or other form of business combination, provided that the parties are bound by appropriate agreements or obligations which require them to use or disclose your Personal Data or PHI in a manner consistent with the use and disclosure provisions of this Privacy Policy, unless you indicate otherwise,
(b) that are third party service providers, affiliates, and business associates, including an organization or individual retained by MHC to perform functions on its behalf,
(c) where you have provided your consent for such disclosure or where disclosure is required or permitted by Applicable Law,
(d) to whom you directed us to share Personal Data or PHI. Once you direct us to share your Personal Data or PHI with a third party, such Personal Data or PHI is governed by the third-party’s privacy policy,
(e) where MHC is permitted or required by Applicable Law, even without your knowledge or consent,
(f) when MHC shares or sells aggregated, de-identified data that does not identify you with partners and the public. When MHC provide this information, it ensure that the data does not identify you and cannot be associated back to you, or
(g) in connection with the performance of certain technological or administrative functions, such as data management. Prior to making this disclosure, MHC will take appropriate steps to ensure that the third party service providers safeguard the Personal Data and use the Personal Data only for authorized purposes set out in this Privacy Policy and in accordance with Applicable Law.
SECTION 5 Consent to collect, use, and disclose Personal Data and PHI
(a) It is important to MHC that it collects, uses, or discloses your Personal Data and PHI only where MHC has your consent to do so or as provided in this Privacy Policy. Depending on the sensitivity of the Personal Data or PHI, your consent may be express, implied, or deemed (using an opt-out mechanism). Express consent can be given electronically or in writing. Implied consent is consent that can reasonably be inferred from your action or inaction (e.g., when you accept this Privacy Policy, MHC will assume your consent to the collection, use, and disclosure of your Personal Data for purposes related to your acceptance and use of the Platform, or for other purposes identified to you at the relevant time). Deemed consent is consent MHC assumes if you do not exercise an opt-out mechanism offered to you.
(b) By submitting your Personal Data and PHI to MHC or obtaining its services via the Platform or otherwise, you consent to the collection of and use of your Personal Data and PHI in the manner described in this Privacy Policy. To the extent that MHC is required by Applicable Law to obtain your explicit consent for the collection, use, or disclosure of your Personal Data or PHI in accordance with this Privacy Policy, such consent will be requested at the appropriate time. If MHC plans to use or disclose your Personal Data or PHI for a purpose not previously identified (either in this Privacy Policy or separately), MHC will endeavor to advise you of that purpose before such use or disclosure. MHC may collect, use, or disclose your Personal Data or PHI without your knowledge or consent where MHC is permitted or required to do so by Applicable Law.
(c) You may change or withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by emailing the email address specified in Section 10(c). In some circumstances, a change or withdrawal of consent may limit MHC’s ability to provide products or services to you.
(d) In the case of personal contact information provided in conjunction with any newsletter or other marketing initiatives, you may withdraw your consent to receiving those communications and unsubscribe from any MHC subscriptions at any time by emailing the email address specified in Section 10(c). In addition, commercial electronic communications sent by MHC to which you have subscribed will further contain an unsubscribe mechanism.
(e) You can stop all collection of data generated by use of the MHC Mobile App by uninstalling it. You may also be able to exercise specific privacy choices, such as enabling or disabling push notifications, by adjusting the permissions in your mobile device.
SECTION 6 Personal Data and PHI storage and retention
(a) MHC endeavors to safeguard Personal Data using methods that are appropriate to the sensitivity of the information, including using industry standard methods for managing risks to the security of information, protecting the confidentiality of all Personal Data and PHI when doing business internally or externally with other organizations, and protecting all Personal Data and PHI with appropriate and effective security safeguards, including physical, administrative, and technology safeguards, against such risks as loss or theft, unauthorized access, disclosure, copying, use, or destruction, regardless of the format in which it is held. MHC collects and stores your information on secure servers meeting the requirements of Applicable Law.
(b) MHC retains your Personal Data and PHI for up to 3 years after you cease to be an active Platform user. You will be considered an inactive user after 1 year with no activity on the Platform, starting from the date of your last access. Once the Personal Data or PHI is no longer required to fulfill the purpose for which it was collected and no longer required or permitted to be retained for legal or business purposes, it is securely destroyed or made anonymous pursuant to MHC’s data retention schedule.
SECTION 7 Accessing your Personal Data and PHI
(a) Any Personal Data or PHI you provide to MHC can be accessed and modified from your User Account. If you remove Personal Data or PHI from your User Account, it will no longer appear to you on the Platform. Backups of that Personal Data or PHI will remain in association with your User Account and in MHC’s archive servers until deleted in accordance with MHC’s data retention schedule.
(b) You may also ask to see the Personal Data and PHI that MHC holds about you. If you want to review, verify, or correct your Personal Data or PHI, please email the email address specified in Section 10(c).
(c) When making an access request, MHC may require specific information from you to confirm your identity and right to access, as well as to search for, and provide you with, the Personal Data and PHI that MHC holds about you. If you need help in preparing your request, please email the email address specified in Section 10(c).
(d) For any Personal Data or PHI shared with your consent, you may ask MHC to provide you with a copy of such Personal Data or PHI in a commonly used and machine-readable format. You may also request of MHC, if technically feasible, to send this information to other data processors.
(e) MHC may not be able to provide you with access to your Personal Data or PHI in situations where such refusal is permitted or required by Applicable Law. MHC will inform you of the reasons why, subject to any legal or regulatory restrictions, access has been denied.
(f) You must keep us informed of changes to your Personal Data. You can correct any inaccuracies by accessing and modifying the information provided in your User Account. You acknowledge and agree that MHC will have no liability associated with or arising from your failure to maintain accurate contact or other information, including your failure to receive critical information about the Platform or your User Account.
(g) When your User Account is deactivated or terminated for any reason, your Personal Data and PHI will be removed from the User Account. Backup copies of your Personal Data and PHI will be removed from MHC’s servers based on MHC’s data retention schedule, which means it may persist in MHC’s archive for up to 3 years, during which MHC may continue to use your de-identified data.
SECTION 8 Security
MHC values your trust in providing us your Personal Data and PHI. We use industry standard security measures intended to help protect against the loss, misuse, unauthorized access, or alteration of information under our control both during transmission and once the information is received. But remember that no method of transmission over the internet or method of electronic storage is 100% secure and reliable and we cannot guarantee its absolute security. MHC puts the following safeguards in place to ensure security of your data:
(a) MHC does not sell, rent, disclose, or use your Personal Data or PHI without your authorization or unless permitted or required by law;
(b) Personal Data and PHI is secured through password protection and can only be accessed by authorized users.
(c) Personal Data and PHI is firewall-protected and under electronic surveillance 24 hours a day, 7 days a week.
(d) Personal Data and PHI is only temporarily stored on tablets or mobile devices accessing the Platform until submitted before such Personal Data or PHI is immediately deleted. All temporarily stored data is encrypted so that if a session ends unexpectedly, or if a tablet or mobile device is lost or stolen, no Personal Data or PHI can be accessed.
(e) Personal Data or PHI transmitted between the Platform and MHC’s data centers is protected using industry-standard TLS (256-bit AES keys).
(f) Personal Data and PHI is stored in a highly-secured data center, protected by multi-layer protocols. This means
(1) the servers housing the Personal Data and PHI are stored in a secured building with multiple layers of physical security,
(2) at the network level, servers are placed in a secure subnet protected by firewalls,
(3) front-end servers and database servers are on physically different networks and have limited connectivity,
(4) the security of all server networks is monitored by an intrusion detection system that is staffed 24/7 by trained security professionals,
(5) within the database server, Personal Data and PHI are stored in encrypted form, and
(6) Personal Data and PHI are stored using AES 256-bit encryption.
SECTION 9 Disclaimers
(a) MHC does not assume any responsibility for your use or misuse of Personal Data or PHI, or your healthcare providers’ or patients’ use or misuse of Personal Data or PHI, as applicable, whether intentional or inadvertent, while using the Platform. MHC may amend or delete any content (along with the right to revoke any access rights to the Platform) that MHC determines in its sole discretion violates this section.
(b) All users of the Platform, including healthcare providers, are independent persons and not partners, agents, or employees of MHC. You acknowledge and agree that MHC has no control over the quality, knowledge, legality, or actions of such users. All information found on the Platform and recommendations or instructions to use the Platform are to be followed at your own risk. MHC is not liable for the acts, errors, omissions, representations, warranties, conditions, breaches, or negligence of any user of the Platform, including healthcare providers, or for any personal injuries, death, property damage, or other resulting damages or expenses.
SECTION 10 Miscellaneous
(a) Contacting MHC. To change or withdraw your consent or make a complaint, or direct questions or concerns about this Privacy Policy, please email the email address specified in Section 10(c).
(b) Updates to this Privacy Policy. MHC may update this Privacy Policy from time to time. Use of Personal Data or PHI MHC collects now is subject to this Privacy Policy in effect at the time such Personal Data or PHI is used. If MHC makes changes in the way it uses Personal Data or PHI, it will notify you by emailing the address in your User Account, or posting to the Platform. You are bound by any changes to this Privacy Policy when you use the Platform after you have been notified or such changes have been first posted.
(c) Notices. Notice from MHC to you will be given by email to the email address specified in your User Account. You acknowledge and agree that MHC will have no liability associated with or arising from your failure to maintain accurate contact or other information on your User Account, including your failure to receive critical information about this Privacy Policy or the Platform. Notice from you to MHC may be given by email to info@managedhealthconnections.com, or physical mail at Managed Health Connections, LLC, 120 North Pine Street Suite 256 Box 3, Spokane, WA 99202.