healthPrecision, Inc. | Medical Brain^®
Privacy Policies

Revised December 13, 2019

healthPrecision, Inc. (“hP”) provides software and related services known as the Medical Brain^® Program, intended to assist patients and their healthcare providers in the management of information related to the patient’s health. The software is intended to be used by patients, authorized representatives or care givers, as well as their healthcare providers, healthcare workers, care coordinators, care givers, healthcare practices, health systems, facilities, hospitals and other healthcare organizations, to assist in recognizing when (i) information may potentially be missing about the patient’s health; or (ii) the approach to the patient’s health may potentially deviate from widely accepted and recognized clinical guidelines and policies.

Definitions

“Privacy Policy” means this policy which describes the hP’s policies for protection, use and disclosure of PHI.

“Audit Files” are hP’s records of when data is created, accessed, modified, deleted or released from and/or within the Product.

“EULA” means the End User License Agreement which governs the end user.

“hP” means healthPrecision, Inc. and all its controlled affiliates and subsidiaries.

“Product” means the Medical Brain^® Program including the software application and any accompanying services.

“Account” means your user account in the Product.

“Authorized Individual” means an individual whom you authorize or who has legal authority to setup, manage and use your Account. Authorized Individual may include a parent, guardian, family member, personal caregiver or legal representative.

“PHI” means Protected Health Information which may include but is not limited to your name and contact information such as your address, phone number or email address; your demographic information, such as your age, gender, ethnicity; and your medical information such as medical history, conditions, treatments and medications.

“Personal Information” means any information in addition to the PHI, which is of a personal nature, and hence, subject to the same high standards of privacy and security as PHI.

“Provider” means a healthcare provider, a healthcare practice, facility or hospital; or any healthcare organization where you receive healthcare and to whom you provide PHI to receive such care.

“HIPAA” means the Health Insurance Portability and Accountability Act of 1996. This Act was revised and expanded in the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 and in the HIPAA Omnibus Rule of 2013. HIPAA, and its modifications, define the requirements for the Privacy and Security of health data/information, notifications of security breaches and enforcement procedures.

“Security Measures” means various technical and procedural safeguards involved in protecting data which may include but are not limited to secure servers, firewalls, encryption, employee security training, notification procedures and various related processes and activities.

“Using“ information refers to processing information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, normalizing, aggregating, disclosing and transferring information.

Overview

hP takes its obligation to protect Personal Information and PHI from unauthorized use or disclosure very seriously. This Privacy Policy covers:

• Information hP collects about you when you register for and use the Product
• How that information is used
• Ways in which hP protects the security of your information
• Ways in which you control the sharing of your information with others
• The very limited circumstances in which hP may disclose your information to others without a direction from you to do so;
• What happens to your information when you choose to close an Account
• Ways in which you can further protect your information
• How this privacy policy can change and its scope

This Privacy Policy does not apply to non-personal Information or information which is not PHI.

Information hP collects and how hP uses it

hP will not use, sell, rent, lease or disclose any of your Personal Information or PHI for the purpose of allowing third parties to advertise to you or otherwise attempt to sell you products or services or solicit you for business of any kind. hP uses your Personal Information and PHI strictly for the following purposes:

• To provide the Product to you which helps your Provider and you to monitor your health status and to deliver better healthcare to you
• To provide assistance or technical support in connection with your use of the Product
• To safeguard, audit, monitor, improve and further develop the Product

hP reserves the right to use your Personal Information to investigate possible violations of the EULA that governs your use of the Product, to protect hP’s property and rights, to investigate potential fraud or security issues, and to communicate with you regarding the Product.

The Product is not intended for use by children younger than 18 years old. hP will not knowingly collect information from users who are younger than 18 years. However, Authorized Individuals including parents or guardians of children younger than 18 years of age, who establish an Account, expressly consent to hP gathering and using such information.

Account setup and profile information

When you register to create an Account, you are required to provide and verify certain Personal Information such as your name, your date of birth, phone number and a valid email address. You are also required to select a username and password for the Account, and in some instances you are required to provide other security information (such as answers to security questions and a security phrase).

hP uses this information to confirm your eligibility to establish an Account, to protect against unauthorized access to the Account you create, and to communicate with you regarding the Product.

Information collected when you use the Product

Each time you use the Product, hP collects and records certain information from your smart device (mobile phone or tablet) such as your IP address, device type and date, time and duration of your connection, and the actions that you perform in the Product.

That information becomes part of hP’s Audit Files, which hP uses only in connection with safeguarding, providing, monitoring or improving the performance of the Product, and in offering any technical support or assistance in connection with use of the Product.

Personal Information and PHI

In general, hP collects from your healthcare Providers information that you provide directly to them. hP assists your Providers in their medical operations to help deliver better healthcare to you. Therefore, by authorizing a Provider to collect information regarding you, you also authorize hP to collect information regarding you from your Provider's software systems. PHI and other data may be entered into the Product directly by you or via data transfer from a data repository, such as your Provider's electronic health records or similar sources of your data.

Personal Information and PHI may include, without limitation, certain medical/health, data; gender, date of birth, personal contact information, photographs, medical diagnosis, medication information, notes on your symptoms and other journal information, medical treatment instructions, medical appointments, insurance information, your doctor's contact information, prescription refill information and so on. Personal Information and PHI will be updated as you interact with the Product (for example by uploading data from wearable devices, or sending a message to your Provider) and as new data about your clinical status is uploaded from your Providers (for example, from a hospital or doctor’s office).

Security of your Personal Information

hP employs a wide variety of technical and procedural Security Measures to protect the confidentiality, integrity, and availability of your Personal Information. For example:

• Only hP employees who have a need, such as those assigned to operate and provide support for the Product, are provided electronic access to the secured servers on which your Personal Information or PHI are stored
• Those servers are kept in secure locations and physical as well as digital access to them is highly controlled, secured and tracked
• Account passwords are stored in an encrypted format
• hP provides you guidance on how to create secure passwords
• The Product is made available to you in the form of an iOS or Android mobile app which can be setup and accessed only when you download it from the Apple App Store or Google Play Store
• All transfers of data between systems made via the Internet in connection with your use of the Product occur in encrypted form (for example using SSL protocol or similar industry-standard technology)
• No PHI is transferred to your mobile device. Your PHI stays in the secured server and is accessed by you and viewed through the Product.
• Firewalls and Audit Files are used to safeguard your information further

Please note that when the Product re-directs you to web sites operated by other organizations (such as a healthcare organization), you no longer are connected to hP’s Product. At that point, the nature of your connection is governed and controlled by the technology adopted and put into place by the organization operating the web site to which you’ve been re-directed.

Pursuant to applicable law, hP may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information. In the unlikely event that hP must provide you a notice of a security breach, hP will send the notice to the email address contained in your Account information unless hP is otherwise require by law. Please note that many email systems have built-in SPAM filters. If you have one in place, you should check with your system administrator or the available instructions to confirm that e-mails from hP are not blocked by the filter.

Your control over the information

Managing your account

There are several ways in which you can manage your Account. For example,

• You can change your password at any time
• You can also contact hP at any time to have errata corrected
• Get an electronic copy of your PHI
• Ask us to limit what hP uses or shares
• Get a list of your Providers from whom hP gather your PHI
• You may revoke access you may have provided in the past to an Authorized Individual

Closing an Account

You can close your Account at any time. In addition, hP will automatically close an Account within thirty (30) days of receipt of a death certificate certifying your death or death of an Authorized Individual.

Your Personal Information when you close an Account

When you close an Account, hP will offer you the opportunity to retain your Personal Information and Account information for a 90-day period during which you can easily re-activate the Account. If you do not opt for this option, hP will deactivate your Account and delete all your Personal Information immediately. If you choose to use the 90-day period then hP will deactivate your Account immediately, but hP will delete all your Personal Information at the end of the 90-day period.

Please note that closing an Account affects only your Personal Information in the Product. It does not affect, alter or accomplish the deletion of any Personal Information that is stored or maintained on other systems, such as those of your healthcare providers or the organizations.

Your Personal Information may persist in Backup Files for up to a year and in hP’s Audit Files for longer periods of time based upon government, industry and best practices guidelines and recommendations that pertain to analogous categories of data and information.

hP’s disclosure of Personal Information

There are very few instances in which Personal Information will be disclosed by hP. hP will disclose information only when, in good faith, hP considers disclosure necessary or appropriate:

• To comply with any applicable law compelling a disclosure of the information such as to comply with legal process served on us, or in response to the request of a law enforcement or government regulatory agency in circumstances that hP believes warrant the disclosure;
• In order to protect the personal safety or health of the public or users of the Product;
• To protect and defend hP’s rights and property, including the enforcement of the EULA that govern your use of the Product;
• To protect against or address fraud or security breaches.

In addition, hP may at times engage other companies or individuals to perform certain activities on hP’s behalf and related to hP’s provision of the Product, such as assistance in correcting hardware problems, off-site storage of information for disaster recovery, mobile app hosting, or technical assistance regarding operating systems, mobile apps, or other non-hP software with which the Product might interact. hP will provide such third parties access to your Personal Information only

• when such access is necessary to accomplish the activity for which hP has engaged the third party; and
• when the third-party is contractually bound to us to use the information only in connection with accomplishment of the activity for which they’ve been engaged and to provide administrative, physical and technical safeguards to protect the confidentiality and security of the information

Ways in which you can further protect your Personal Information

hP strongly advises being very careful and guarded with your Personal Information and PHI. There are many steps you can take to prevent unauthorized access to or disclosure of the information in your Account. For example:

• Never share your username and password with anybody
• Do not identify shared devices as being private when logging into the Product
• Immediately change your password if you believe any unauthorized access to your Account has occurred
• Always log out of your Account when you’ve completed the actions for which you logged in
• Never leave a device on which you’ve logged into your Account unattended while it is in an active session
• Store any screenshots, printouts or media you generate using your Account only in secure locations

Changes to this Privacy Policy

hP may change this Privacy Policy at any time by posting a subsequent version in the Product. You are responsible for periodically reviewing the Privacy Policy in the Product. You agree that your continued use of the Product following any such changes constitutes your acceptance of the new terms Privacy Policy, regardless of whether we’ve provided any notification to you that those terms have changed. hP will make reasonable efforts to notify you of any significant changes hP might make.

More Information

If you have additional questions, please contact hP any time or write to:

healthPrecision,

6 Abbotts Ln

Westport, CT 06880