We divided this document into three sections. The first, Platform Privacy, deals with privacy on the online therapy platform, such as the information you share when you setup an account and interact with your Provider. The second section, Rights Regarding Healthcare Records, addresses your rights with respect to a healthcare record. And the third section, General Privacy, covers issues that apply to any website.
Personal Information. When you sign up to the Platform, update your account details, provide your billing information, provide your emergency contact information or make other use of our services, we may ask you for certain personally identifiable information ("Personal Information"). The Personal Information can be used to contact you or identify you and it may include, but is not be limited to, your name, email, phone number, address and credit card information. We may use the Personal Information, either by itself or in conjunction with other information, for the following purposes:
• Create your account on the Platform, let you log in to the account, administer your account, monitor your account, provide Personal Information to customer service and contact you with information, alerts and suggestions that are related to your account.
• Billing, payment processing and other billing-related issues.
• Reach out to you, if either we or a Provider has a good reason to believe that you are involved in a situation that seriously endangers you or others. If we need to reach out we might do so directly, through your Provider or through the appropriate authorities.
• Find a Provider qualified to provide services in your state.
We may ask you questions about yourself and your needs. ("Profile Information"). We may use the Profile Information, either by itself or in conjunction with other information, for the following purposes:
• Match you with a Provider.
• Help your Provider to get to know you and your needs.
• Collect and analyze statistical or aggregated information which is not personally identifiable.
Assessment and Progress Monitoring
When you signup on the Platform and periodically thereafter you will be asked to complete various assessments and questionnaires that give you and your Provider information about how you are doing ("Assessments”). The Assessments may be used, either by themselves or in conjunction with other information, for the following purposes:
• Give the Provider a better understanding of your concerns so they can provide you with better service.
• Enable the Provider to evaluate your progress.
• Allow us to evaluate the overall effectiveness of online treatement.
• Help us make online therapy more effective.
Session ContentWhile using the Platform you and your Provider may communicate through text-based messages, audio or video communication and other media ("Session Content"). The Session Content may be used, either by itself or in conjunction with other information, for the following purposes:
• Enable you and your Provider to develop a therapeutic relationship.
When you use the Platform, our servers or servers of third party service providers acting on our behalf automatically record information that your browser sends ("Log Data"). This Log Data may include, but is not limited to, information such as your computer, Internet Protocol address ("IP"), pages that you visit and the time spent on those pages, actions that you take and other statistics. We may use this information, either by itself or in conjunction with other information for the following purposes:
• Monitor, analyze and improve the use and functionality of the Platform, the Platform's technical operation and the match of the Platform functionality to your needs and preferences.
We do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to become our user. The Platform is not directed toward and not intended to be used by children under the age of 18.
HIPAA Protection of Personal Health Information
Personal Information, Profile Information, Assessments and Session Contest is considered Personal Health Information for the purposed of the HIPAA law(45 CFR Part 160 and 164).
Rights Regarding Healthcare Records
The Personal Information, Profile Information, Assessments and Session Data and other information your Provider may add to the Platform are part of your health and the healthcare services you receive(“Healthcare Record”). You have specific rights and your Provider has specific responsibilities regarding your Healthcare Record. We maintain these Healthcare Records for you and your Provider. If you want to exercise any of your rights regarding your Healthcare Record, you should contact your Provider. Your rights include:
• Get a copy of your Healthcare Record. You may ask your provider to see or get an electronic or paper copy of your Healthcare Record. The Provider should respond within 30 days. A reasonable, cost-based fee can be charged for this.
• Ask your Provider to correct your record if you think it has information that is incorrect or incomplete. The Provider should respond within 60 days. If the Provider cannot comply with your request he or she will give you a written explanation.
• Request confidential communications. You can ask the Provider to contact you in a specific way.
• Ask Provider to limit what he or she uses or shares.
• Get a list of those with whom the Provider has shared information.
• Choose someone to act for you. If you have given someone medical power of attorney or have a legal guardian, they can exercise your rights and make choices regarding health information.
• If you feel your rights regarding your healthcare information have been violated you may (1) contact your Provider, (2) contact us or (3)You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. Your Provider will not retailiate against you and we will not retaliate.
General Internet Privacy
Social and General Information Tools
Online identity theft and account hacking, including the practice currently known as "phishing", are of great concern. You should always be careful when you are asked for your account information and should only provide such information in our secure system. We will never request your login information, your credit card information, in a non-secure or unsolicited communication (e-mail, phone or otherwise).
Aggregate Information and Non-Identifying Information
We may share aggregated information that does not include any Personal Information with third parties for purposes, including but not limited to industry analysis, research, business transactions and public relations. We will not sell or disclose any Personal Information or information that can be identified as coming from you.
Transfer of Business
We may sell or transfer some or all of our assets, including your Personal Information, in connection with a merger, acquisition, consolidation, joint venture, reorganization or sale of assets. Such transactions would be covered by a confidentiality agreement.
We may employ third party companies or individuals to perform certain tasks which are related to the Platform or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. When needed we may disclose information, including Personal Information, to such third parties but we will try to limit the Personal Information disclosed to the minimum necessary to perform their task. All service providers are required to comply with HIPAA law(45 CFR Part 160 and 164) and acknowledge that responsibility by signing a business associates agreement.
Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information, including Personal Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ourselves or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable. You should also be aware that Providers may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult. (b) serious suicidal potential. (c) threatened harm to another person. (d) court-ordered presentation of treatment.