PRIVACY POLICY
Last updated May 1, 2024
We know that you value your privacy. Smart Health helps you coordinate your medical care with your healthcare providers and health plans while seeking to protect your privacy. To help you understand how Smart Health does this, we created this privacy policy, which covers:
1. INTRODUCTION AND AGREEMENT
2. WHAT INFORMATION DO WE COLLECT?
3. HOW DO WE USE AND SHARE YOUR INFORMATION?
4. HOW LONG DO WE KEEP YOUR INFORMATION?
5. HOW DO WE KEEP YOUR INFORMATION SAFE?
6. DO WE USE AUTOMATED COLLECTION TECHNOLOGIES?
7. CONTROLS FOR DO-NOT-TRACK FEATURES
8. DO WE COLLECT INFORMATION FROM MINORS?
9. WHAT DO CALIFORNIA RESIDENTS NEED TO KNOW?
10. WHAT DO WASHINGTON RESIDENTS NEED TO KNOW?
11. DO WE UPDATE THIS POLICY?
12. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
INTRODUCTION AND AGREEMENT
This Privacy Policy for Smart Health Network PBC (“Smart Health,” "we," "us," or "our") describes how and why we might collect, store, use, and share ("process") information when you visit or use any of our websites or apps that link to this Privacy Policy ("Services").
By using our Services, you agree to the terms of this Privacy Policy. If you do not agree to these terms, please do not use our Services. If we make changes to this Privacy Policy, your continued use of the Services means you agree to the changes.
Questions or concerns? If you have any questions or concerns about this Privacy Policy or the Services, please contact us at privacy@smartpbc.net.
WHAT INFORMATION DO WE COLLECT?
In Short: We collect information that you and third parties, including health plans and healthcare providers, provide to us.
Personal Information: We collect information that you voluntarily provide to us when you use the Services (“personal information”). This information may include identifying and contact information, such as your name, address, phone number and email address, a copy of your driver’s license or state ID, and a selfie.
We partner with Persona Identities, Inc. to (a) verify your identity when you establish an account and (b) re-verify your identity if you seek to update your identifying information. This partnership helps us prevent unauthorized use of your identity and our Services. To verify your identity, Persona will ask you to submit a copy of your driver’s license or state ID and a selfie, and we may send to Persona other identifying information that you enter into our System. Persona will collect, use, and store this information in accordance with its Privacy Policy. By using our Services, you are agreeing to Persona’s Privacy Policy. If you do not agree to the terms of Persona’s Privacy Policy, you are prohibited from using our Services.
Personal information may also include information about your healthcare providers, such as their names; health plans, such as your member ID number; and health-related information such as your medications, conditions, and allergies.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information through the Services or by emailing us at support@smartpbc.net.
Personal Health Information: Depending on how you use the Services, we may collect information about you from your health plans and health care providers (“covered entities”). This could include information about topics such as your medical conditions, treatment history, medications, lab results, vitals, health care providers, health insurance information, and claims history. This information is Personal Health Information (“PHI”) and may be protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), our and the covered entities’ business associate agreements, and the covered entities’ Notices of Privacy Practices.
We abide by the HIPAA Privacy and Security Rules, and we encourage you to read them to learn more about how and when these rules protect your information.
HOW DO WE USE AND SHARE YOUR INFORMATION?
In Short: We process your information to help you get and share your health information, communicate with you, for security and fraud prevention, and to comply with law. We only share your information when you want us to. And we only process it in the ways described in this Privacy Policy.
We may use or share your personal information and/or PHI in the following ways. We always keep your information encrypted, and we de-identify it whenever possible.
To help you get and share your health information. When you ask us to, we connect your Smart Health account to your health plans and providers so that you can see all of the information in one place. This may require us to securely share your personal information and PHI with them.
When you connect your Smart Health account to your health plans and providers, your providers won’t have to ask you for it when you register or check in for an appointment. This information includes your insurance coverage information, driver’s license, contact information, and other information you may have entered such as your emergency contact, medication, allergies, and preferred pharmacy.
You can disconnect your Smart Health account from any health plan or provider through the Connections section of your account.
For support. We may use your information to respond to solve any issues you might have with the Services.
To send you information. We may use your contact information to send you details about the Services, changes to our terms and policies, and other similar information, or to request your feedback.
Service Providers. We may share your information with service providers that support our business, such as hosting companies, customer support services, and communications vendors. They are obligated to keep your information private.
Legal Compliance. We may share your information as necessary to comply with an applicable law, regulation, legal process, or government request.
Safety. We may share your information where we reasonably believe that doing so is necessary to protect your safety or the safety of others, to protect our rights or property, to address fraud, or to address a security or technical issue.
HOW LONG DO WE KEEP YOUR INFORMATION?
In Short: We keep your information for as long as you have a Smart Health account or as required by law.
We will keep the personal information you entered into your account, and the PHI you retrieved through Smart Health from covered entities, for as long as you have a Smart Health account. If you would like to delete your account, sign into your Smart Health account and choose Delete Account in the Settings section. Please note that deleting your account may not completely purge all of your information from our system
If you delete your account, we may need to keep certain records of how you used your account, such as when you retrieved and shared your personal information and PHI. We will purge those records as soon as our document retention policy allows.
In some instances, we may need to retain some or all of your personal information for legal reasons such as tax, accounting, or other legal requirements. If so, we will anonymize this information to the fullest extent possible and isolate it from active accounts until we are allowed to delete it.
If you do not log into your Smart Health account for one year, we will lock access to your account as an additional security measure. To unlock your account, email us at support@smartpbc.net.
HOW DO WE KEEP YOUR INFORMATION SAFE?
In Short: We aim to protect your personal information through a system of administrative, technical, and physical security measures.
We have implemented robust administrative, technical, and physical security measures designed to protect the security of any personal information and PHI we process. We always keep your information encrypted, and the PHI we get for you from covered entities is de-identified whenever possible. And we regularly undergo security audits and penetration testing to keep our Services secure.
However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will be unable to defeat our security and improperly collect, access, steal, or modify your information. As such, transmission of personal information to and from our Services is at your own risk. If we suspect any unauthorized access to your information, we will take all appropriate steps required by law and best practices to notify you and prevent any further unauthorized access.
You should only access the Services from secured devices, not from public or shared devices. Make sure that nobody else can access your username and password or unlock your device. If you know or suspect that anyone else has accessed any of the information in your account, notify us immediately at privacy@smartpbc.net.
DO WE USE AUTOMATED COLLECTION TECHNOLOGIES?
In Short: We may use cookies and other tracking technologies, IP addresses, device certificates, and telecom and other data to collect, store, secure, and verify information. These technologies help us provide you with the Services.
We may use cookies and similar tracking technologies (like web beacons and pixels) to help us provide, improve, and protect the Services. For example, these technologies help us study traffic patterns on the Services so we can make suitable improvements to the Services and provide you with a better user experience. A cookie can be used to uniquely identify you, but it cannot retrieve data from your hard drive, pass on computer viruses, or directly capture your email address. In general, cookies can securely store a user’s ID and password specific to a website, personalize home pages, identify which parts of a website have been visited, or keep track of selections in a form or shopping cart.
Most browsers automatically accept cookies, and you may manually disable them. For more information on disabling cookies, go to the “Help” menu on your browser or to www.networkadvertising.org/choices/ or www.youronlinechoices.com. The Services may still be viewed if you choose to disable cookies, but your use and enjoyment of the Services may be adversely affected.
We may also use your Internet protocol address, device certificates and other device information, and telecom and other data to determine who is accessing and using the Services and to keep the Services secure.
CONTROLS FOR DO-NOT-TRACK FEATURES
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.
DO WE COLLECT INFORMATION FROM MINORS?
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of a minor and consent to your minor dependent’s use of the Services. If we learn that we have collected information from a minor without the consent of the minor’s parent or guardian, we will deactivate the account and take reasonable measures to promptly delete the data from our records.
If you become aware of any data we may have collected from a minor, please contact us at privacy@smartpbc.net.
WHAT DO CALIFORNIA RESIDENTS NEED TO KNOW?
In Short: We do not share your information for marketing purposes, and we do not track you.
We do not share your information with anyone else for marketing purposes. We do not track you across third party websites to provide targeted advertising or knowingly allow anyone else to track you while you use the Services, so we do not respond to DNT signals.
California Civil Code Section 1798.83, also known as the "Shine the Light" law, may permit consumers who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at support@smartpbc.net.
WHAT DO WASHINGTON RESIDENTS NEED TO KNOW?
Washington residents, please review our Washington Consumer Health Data Privacy Policy.
DO WE UPDATE THIS POLICY?
In Short: Yes, we will update this notice from time to time.
We may update this Privacy Policy from time to time. The updated version will be indicated by “last updated” date, and the updated version will be effective as soon as it is accessible. If we make important changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes on the Services or by sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are processing and protecting your information.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this notice, you may email us at privacy@smartpbc.net.