We divided this document into three sections:
• The first, “Platform Privacy”, deals with privacy on the platform, such as the information you share when you setup an account and interact with your Provider.
• The second section, “Rights Regarding Healthcare Records”, addresses user rights with respect to a healthcare record.
• And the third section, “General Internet Privacy”, covers issues that apply to any website and our company communications.
Personal Information. When you sign up to the Platform, update your account details, provide your billing information, provide your emergency contact information, and/or make other use of our services, we may ask you for certain personally identifiable information ("Personal Information"). The Personal Information can be used to contact and/or identify you, and it may include, but is not be limited to, your name, email, phone number, address, and credit card information. We may use the Personal Information, either by itself or in conjunction with other information, for the following purposes:
• Create your account on the Platform, let you log in to the account, administer your account, monitor your account, provide Personal Information to customer service, and/or contact you with information, alerts, and/or suggestions related to your account.
• Billing, payment processing, and/or other billing-related issues.
• Reach out to you, if either we and/or a Provider has a good reason to believe that you are involved in a situation that seriously endangers you and/or others. If we need to reach out, we might do so directly, through your Provider, and/or through the appropriate authorities.
• Find a Provider qualified to provide services in your state.
We may ask you questions about yourself and your needs ("Profile Information"). We may use the Profile Information, either by itself and/or in conjunction with other information, for the following purposes:
• Match you with a Provider
• Help your Provider to get to know you and your needs
• Collect and analyze statistical or aggregated information which is not personally identifiable
Assessment and Progress Monitoring
When you sign up on the Platform, and periodically thereafter, you will be asked to complete various assessments and questionnaires that give you and your Provider information about how you are doing ("Assessments”). The Assessments may be used, either by themselves and/or in conjunction with other information, for the following purposes:
• Give the Provider a better understanding of your concerns so they can provide you with better services
• Enable the Provider to evaluate your progress
• Allow us to evaluate the overall effectiveness of online treatment
• Help us make online therapy more effective
While using the Platform, you and your Provider may communicate through text-based messages, audio/video communication, and/or other media ("Session Content"). The Session Content may be used, either by itself and/or in conjunction with other information, for the following purposes:
• Enable you and your Provider to develop a therapeutic relationship
When you use the Platform, our servers and/or servers of third party service providers acting on our behalf, automatically record information that your browser sends ("Log Data"). This Log Data may include, but is not limited to, information such as your computer, Internet Protocol address ("IP"), pages that you visit, the time spent on those pages, actions that you take, and/or other statistics. We may use this information, either by itself and/or in conjunction with other information for the following purposes:
• Monitor, analyze, and/or improve the use and functionality of the Platform, the Platform's technical operation, and/or the match of the Platform functionality to your needs and preferences
We do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to become our users. The Platform is not directed toward and not intended to be used by children under the age of 18.
HIPAA Protection of Personal Health Information
Personal Information, Profile Information, Assessments, and Session Content is considered Personal Health Information for the purposes of the HIPAA law (45 CFR Part 160 and 164).
Rights Regarding Healthcare Records
The Personal Information, Profile Information, Assessments, Session Data, and/or other information your Provider may add to the Platform are part of your health and the healthcare services you receive (“Healthcare Record”). You have specific rights and your Provider has specific responsibilities regarding your Healthcare Record. We maintain these Healthcare Records for you and your Provider. If you want to exercise any of your rights regarding your Healthcare Record, you should contact your Provider.
Your rights include:
• Getting a copy of your Healthcare Record. You may ask your provider to see or get an electronic or paper copy of your Healthcare Record. The Provider should respond within 30 days. A reasonable, cost-based fee can be charged for this.
• Ask your Provider to correct your record if you think it has information that is incorrect and/or incomplete. The Provider should respond within 60 days. If the Provider cannot comply with your request, he or she will give you a written explanation.
• Request confidential communications. You can ask the Provider to contact you in a specific way.
• Ask the Provider to limit what he or she uses or shares
• Get a list of those with whom the Provider has shared information with
• Choose someone to act for you. If you have given someone medical power of attorney or have a legal guardian, they can exercise your rights and/or make choices regarding health information.
• If you feel your rights regarding your healthcare information have been violated you may (1) contact your Provider, (2) contact us, or (3) you can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
Your Provider will not retaliate against you and we will not retaliate.
General Internet Privacy
Social & General Information Tools
Online identity theft and account hacking, including the practice currently known as "phishing", are of great concern. You should always be careful when you are asked for your account information and should only provide such information in our secure system. We will never request your login information, your credit card information, in a non-secure or unsolicited communication (e-mail, phone or otherwise.
Aggregate Information & Non-Identifying Information
We may share aggregated information that does not include any Personal Information with third parties for purposes, including but not limited to industry analysis, research, business transactions, and/or public relations. We will not sell or disclose any Personal Information or information that can be identified as coming from you.
Transfer of Business
We may sell or transfer some or all of our assets, including your Personal Information, in connection with a merger, acquisition, consolidation, joint venture, reorganization, and/or sale of assets. Such transactions would be covered by a confidentiality agreement.
We may employ third party companies or individuals to perform certain tasks which are related to the Platform or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. When needed we may disclose information, including Personal Information, to such third parties but we will try to limit the Personal Information disclosed to the minimum necessary to perform their task. All service providers are required to comply with HIPAA law (45 CFR Part 160 and 164) and acknowledge that responsibility by signing a business associate agreement.
Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information, including Personal Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ourselves or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable. You should also be aware that Providers may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult, (b) serious suicidal potential, (c) threatened harm to another person, and/or (d) court-ordered presentation of treatment.
Personally identifiable information (such as your name, email address, and/or other demographic information) that you voluntarily give to us when you register as a practitioner for our software products (or demos) might be used for company communications. Company communications are not sent to care recipients or users of our software products, with exceptions described in the aforementioned “Platform Privacy” and/or “Rights Regarding Healthcare Records” policy sections. You are under no obligation to provide us with any information of any kind. However, your refusal to do so may prevent you from using certain features of our site and/or obtain company communications. To opt-out of receiving all company communications, please contact firstname.lastname@example.org.