Effective date – May 19, 2022
SECTION 1 Definitions
(a) “Applicable Law” means all applicable (1) state, federal, and international laws and regulations, and (2) ethical, professional, and licensure requirements of your profession if you are a healthcare provider.
(b) “HIPAA” means the Health Insurance Portability and Accountability Act of 1996 and associated regulations, as amended.
(c) “Neowithdrawal” means MHC’s web and mobile application that makes available a tool to be accessed by you to assist in setting and meeting personal health goals.
(d) “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by referencing an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
(e) “PHI” means “Protected Health Information” as that term is used under HIPAA.
(f) “Platform” means the Website, the Neowithdrawal.com training or bedside application, and all other products or services provided by MHC.
(h) “MHC” means Managed Health Connections, LLC, a Washington limited liability corporation located at 120 North Pine Street, Suite 256, Box 3, Spokane, WA 99202-5030.
(i) “User Account” means the account created by you to access and use the Platform.
(j) “Website” means the portion of MHC’s website accessible by you located at www.managedhealthconnections.com or www.neowithdrawal.com.
(k) “You” means the individual or entity visiting, installing, downloading, accessing, or otherwise using the Platform.
SECTION 2 Personal Data and PHI collected by MHC
(a) Information provided to MHC. This may include your first and last name, birthdate, email, phone number, PHI, screening measures and surveys, professional license, and other information when you create a User Account to access the Platform. You may at any time update such information on your User Account once it has been created.
(b) Information MHC collects from you automatically when you use the Platform. MHC and its partners and affiliates may automatically collect certain information about you when you use the Platform (“Usage Data”). Usage Data may include IP address, device identifier, browser type, operating system, information about your use of the Platform, and data regarding network connected hardware (e.g., computer or mobile device). The methods that may be used on the Platform to collect Usage Data include the following:
(1) Log information. Log information is data about your use of the Platform such as IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files;
(2) Information collected by tracking technologies. Location-identifying technologies, device tokens, and other tracking technologies now and hereafter developed may be used to collect information about interactions with the Platform;
(3) Location-identifying technologies. GPS (global positioning systems) software, geo-filtering, and other location-aware technologies locate (sometimes precisely) you for purposes such as verifying your location and delivering or restricting content based on your location;
(4) Device tokens. A device token is a unique identifier issued by the operating system of your mobile device. You may sign up to receive “push notification” messages through the Platform. To ensure messages reach the correct devices, MHC relies on a device token unique to your mobile device. While MHC may be able to access a list of the tokens, the MHC Mobile App and tokens do not reveal your identity, unique device ID, or contact information to MHC.
(c) Information MHC collects from its partners and other sources. MHC may collect Personal Data that you have provided to MHC and its subsidiaries, affiliates, business partners, and/or businesses related to MHC for purposes set out below. MHC is not responsible or liable for the accuracy of the information provided by third parties or for third party policies or practices. Generally, MHC collects Personal Data directly from you. If third parties hold information MHC requires, MHC will endeavor to ensure the information has been collected with your consent. MHC may collect and use Personal Data that is aggregated and anonymized (“Analytic Information”) from MHC subsidiaries, affiliates, business partners, and/or businesses related to MHC, for various business purposes, including enabling MHC to provide the Platform. Analytic Information, because it is aggregated and anonymized, is no longer Personal Data as it cannot be used, alone or in conjunction with other information, to identify an individual. MHC may use this Analytic Information in a variety of ways, including to help analyze site traffic, understand users’ needs and trends, and to improve MHC products and services. MHC may use this information by itself or aggregate it with information MHC has obtained from others. MHC may use, transfer, lease, sell, or otherwise commercialize Analytic Information for any and all purposes without notice or obligation to you, provided that the Analytic Information does not indicate your identity and cannot be used, alone or in conjunction with other information, to determine your identity. You will not have any rights arising from the creation, collection, or use of the Analytic Information.
SECTION 3 Personal Data use
MHC collects Personal Data for purposes related to managing and developing its businesses and operations, including (a) establishing, managing, and terminating business relations with you, (b) reviewing the products and services that MHC provides to you, (c) communicating and sending curated healthcare related information of interest to you, including newsletters, alerts, and notifications, (d) informing you of MHC’s products and services other than those that you have specifically requested, (e) tracking and analyzing trends and patterns related to MHC’s businesses and operations for market research related purposes, (f) providing you with the Platform, (g) creating aggregated information or Analytic Information that does not individually identify you, (h) complying with Applicable Law, (i) any other reasonable purpose to which you consent, (j) for other purposes which MHC will disclose to you before the time of collection, (k) to investigate security breaches or cooperate with government authorities pursuant to a legal matter, or (l) sending you transactional or informational emails such as customer service communications in connection with the products you have registered to use or changes to the Platform or policies.
SECTION 4 Personal Data and PHI disclosure
Personal Data and PHI may be disclosed to third parties
(b) that are third party service providers, affiliates, and business associates, including an organization or individual retained by MHC to perform functions on its behalf,
(c) where you have provided your consent for such disclosure or where disclosure is required or permitted by Applicable Law,
(e) where MHC is permitted or required by Applicable Law, even without your knowledge or consent,
(f) when MHC shares or sells aggregated, de-identified data that does not identify you with partners and the public. When MHC provide this information, it ensure that the data does not identify you and cannot be associated back to you, or
SECTION 5 Consent to collect, use, and disclose Personal Data and PHI
(c) You may change or withdraw your consent at any time, subject to legal or contractual restrictions and reasonable notice, by emailing the email address specified in Section 10(c). In some circumstances, a change or withdrawal of consent may limit MHC’s ability to provide products or services to you.
(d) In the case of personal contact information provided in conjunction with any newsletter or other marketing initiatives, you may withdraw your consent to receiving those communications and unsubscribe from any MHC subscriptions at any time by emailing the email address specified in Section 10(c). In addition, commercial electronic communications sent by MHC to which you have subscribed will further contain an unsubscribe mechanism.
(e) You can stop all collection of data generated by use of the MHC Mobile App by uninstalling it. You may also be able to exercise specific privacy choices, such as enabling or disabling push notifications, by adjusting the permissions in your mobile device.
SECTION 6 Personal Data and PHI storage and retention
(a) MHC endeavors to safeguard Personal Data using methods that are appropriate to the sensitivity of the information, including using industry standard methods for managing risks to the security of information, protecting the confidentiality of all Personal Data and PHI when doing business internally or externally with other organizations, and protecting all Personal Data and PHI with appropriate and effective security safeguards, including physical, administrative, and technology safeguards, against such risks as loss or theft, unauthorized access, disclosure, copying, use, or destruction, regardless of the format in which it is held. MHC collects and stores your information on secure servers meeting the requirements of Applicable Law.
(b) MHC retains your Personal Data and PHI for up to 3 years after you cease to be an active Platform user. You will be considered an inactive user after 1 year with no activity on the Platform, starting from the date of your last access. Once the Personal Data or PHI is no longer required to fulfill the purpose for which it was collected and no longer required or permitted to be retained for legal or business purposes, it is securely destroyed or made anonymous pursuant to MHC’s data retention schedule.
SECTION 7 Accessing your Personal Data and PHI
(a) Any Personal Data or PHI you provide to MHC can be accessed and modified from your User Account. If you remove Personal Data or PHI from your User Account, it will no longer appear to you on the Platform. Backups of that Personal Data or PHI will remain in association with your User Account and in MHC’s archive servers until deleted in accordance with MHC’s data retention schedule.
(b) You may also ask to see the Personal Data and PHI that MHC holds about you. If you want to review, verify, or correct your Personal Data or PHI, please email the email address specified in Section 10(c).
(c) When making an access request, MHC may require specific information from you to confirm your identity and right to access, as well as to search for, and provide you with, the Personal Data and PHI that MHC holds about you. If you need help in preparing your request, please email the email address specified in Section 10(c).
(d) For any Personal Data or PHI shared with your consent, you may ask MHC to provide you with a copy of such Personal Data or PHI in a commonly used and machine-readable format. You may also request of MHC, if technically feasible, to send this information to other data processors.
(e) MHC may not be able to provide you with access to your Personal Data or PHI in situations where such refusal is permitted or required by Applicable Law. MHC will inform you of the reasons why, subject to any legal or regulatory restrictions, access has been denied.
(f) You must keep us informed of changes to your Personal Data. You can correct any inaccuracies by accessing and modifying the information provided in your User Account. You acknowledge and agree that MHC will have no liability associated with or arising from your failure to maintain accurate contact or other information, including your failure to receive critical information about the Platform or your User Account.
(g) When your User Account is deactivated or terminated for any reason, your Personal Data and PHI will be removed from the User Account. Backup copies of your Personal Data and PHI will be removed from MHC’s servers based on MHC’s data retention schedule, which means it may persist in MHC’s archive for up to 3 years, during which MHC may continue to use your de-identified data.
SECTION 8 Security
MHC values your trust in providing us your Personal Data and PHI. We use industry standard security measures intended to help protect against the loss, misuse, unauthorized access, or alteration of information under our control both during transmission and once the information is received. But remember that no method of transmission over the internet or method of electronic storage is 100% secure and reliable and we cannot guarantee its absolute security. MHC puts the following safeguards in place to ensure security of your data:
(a) MHC does not sell, rent, disclose, or use your Personal Data or PHI without your authorization or unless permitted or required by law;
(b) Personal Data and PHI is secured through password protection and can only be accessed by authorized users.
(c) Personal Data and PHI is firewall-protected and under electronic surveillance 24 hours a day, 7 days a week.
(d) Personal Data and PHI is only temporarily stored on tablets or mobile devices accessing the Platform until submitted before such Personal Data or PHI is immediately deleted. All temporarily stored data is encrypted so that if a session ends unexpectedly, or if a tablet or mobile device is lost or stolen, no Personal Data or PHI can be accessed.
(e) Personal Data or PHI transmitted between the Platform and MHC’s data centers is protected using industry-standard TLS (256-bit AES keys).
(f) Personal Data and PHI is stored in a highly-secured data center, protected by multi-layer protocols. This means
(1) the servers housing the Personal Data and PHI are stored in a secured building with multiple layers of physical security,
(2) at the network level, servers are placed in a secure subnet protected by firewalls,
(3) front-end servers and database servers are on physically different networks and have limited connectivity,
(4) the security of all server networks is monitored by an intrusion detection system that is staffed 24/7 by trained security professionals,
(5) within the database server, Personal Data and PHI are stored in encrypted form, and
(6) Personal Data and PHI are stored using AES 256-bit encryption.
SECTION 9 Disclaimers
(a) MHC does not assume any responsibility for your use or misuse of Personal Data or PHI, or your healthcare providers’ or patients’ use or misuse of Personal Data or PHI, as applicable, whether intentional or inadvertent, while using the Platform. MHC may amend or delete any content (along with the right to revoke any access rights to the Platform) that MHC determines in its sole discretion violates this section.
(b) All users of the Platform, including healthcare providers, are independent persons and not partners, agents, or employees of MHC. You acknowledge and agree that MHC has no control over the quality, knowledge, legality, or actions of such users. All information found on the Platform and recommendations or instructions to use the Platform are to be followed at your own risk. MHC is not liable for the acts, errors, omissions, representations, warranties, conditions, breaches, or negligence of any user of the Platform, including healthcare providers, or for any personal injuries, death, property damage, or other resulting damages or expenses.
SECTION 10 Miscellaneous