HealthUnity Privacy Policy
Effective Date: May 20th, 2022
About this Privacy Policy and Our Commitment to Your Privacy
HealthUnity Corporation (collectively, “HealthUnity”, “we”, “us”, “our”) provides products and services (collectively, the “Services”) that may, among other things, provide information regarding people’s behaviors and their health to and open consortium of patients, researchers, healthcare providers, and caregivers. We provide this privacy policy (“Privacy Policy”) to outline the information HealthUnity collects from users of the Services (“Users”, “you”) and how we may use and disclose this information. It also describes the choices available to you regarding our use of your information and how you can manage and update this information. All products and services that are governed by this Privacy Policy will include a link to and/or copy of this Privacy Policy on the home page of the applicable website.
Your Acknowledgment of the Applicability of this Privacy Policy by Using the Services
As described in this Privacy Policy, we may use and disclose your information to provide you with products and services and to improve your experience using those products and services. By using the Services, where this Privacy Policy is posted, you acknowledge that we will collect, use, disclose, and store information as described in this Privacy Policy.
The California Consumer Privacy Act (“CCPA”) sets forth certain obligations for businesses that “sell” personal information. Based on the definition of sell under CCPA and under current regulatory guidance, we do not engage in such activity. As described further in this Privacy Policy, we may share your information with your consent or at your direction.
The Information We Collect
We will collect information about you (“Information”) in a variety of ways, including directly from you, through automatic means, or from third parties. The Information that is collected depends on how you use the Services.
Information You Provide to Us
When you use the Services, you may provide certain information directly to us including where you use the Services to direct and authorize us to obtain information about you from other sources.
Open Data Consortium
When you use our Open Data Consortium Tools, you may provide us with information about yourself in connection with registering for the Services, responding to our surveys and care checklists, and entering information about yourself in other areas of the Services such as communities and your profile.
Other Information
You may provide us with additional information through the Services, such as when you participate in one of our consumer surveys, send us any feedback, questions, or comments, contact us through another online platform, like LinkedIn, or interact with us in any way. We also collect information from you if you apply for a job or inquire about a position with us.
Information We Collect from Third Parties
HealthUnity may enter business relationships with business partners including health plans and health insurers, healthcare providers and/or networks of healthcare providers and companies that contract with Health Plans or Healthcare Providers, and/or HealthUnity Contractors to make our products and services.
Information that is Automatically Collected
We and third parties may use automated means to collect information about you, your computer or other device that you used to access the Services, and your use of the Services. These automated means include common technologies such as cookies, tokens, tags, web logs, web beacons, or similar technologies. These technologies help us analyze trends, administer the Services, track Users’ movements around the Services, gather demographic information about our user base, and otherwise provide you with relevant content (e.g., by gathering your zip or postal code). We may receive reports on an individual as well as aggregated basis based on the use of these technologies by HealthUnity, and any third-party vendors acting on HealthUnity’s behalf.
Cookies and Tracking
Cookies are small files that websites send to your computer or other Internet-connected device to uniquely identify your browser or to store information or settings on your device. Our Services may use HTTP cookies, HTML5 cookies, and other types of local storage. Cookies may include “single-session cookies” that HealthUnity record information during only a single visit to a website and then are erased, and “persistent” cookies that are HealthUnity stored on a computer unless or until they are deleted or are set to expire. You may disable cookies by adjusting your browser preferences at any time. Please note, however, that without cookies you may not be able to use all the features of our Services.
Our cookies, tokens and similar technologies (collectively, “Tracking Technologies”) also are used for administering the Services, including without limitation, for authentication, to remember Users’ settings, to customize the content and layout of the Services for Users, to contact you about the Services, and to improve our internal operations, the content of our Services and our services. Users may be able to control the use of, or reject or disable, some Tracking Technologies at the individual browser level. If you reject or disable Tracking Technologies, you may still use our Services, but your ability to use some features or areas of our Services may be limited. We use Tracking Technologies to identify your device and keep track of your Internet session with our Services. Using these Tracking Technologies, we may automatically end your session on our Services after a period of inactivity (as determined by us in our sole discretion). We also use Tracking Technologies that allow us to recognize your device when you return to the Services within a certain period (as determined by us in our sole discretion) and automatically log you back into your account with us.
Web Logs
In conjunction with the gathering of data through cookies, Web servers may log records such as your device type, operating system type, device advertising identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. The Web server logs also may record the address of the Web page that referred you to our Services, the IP address (and associated city and state or province for the IP address) of the device you use to connect to the Internet, and data about your interaction with our Services, such as which pages you visit.
Creation and Use of Combined Data, De-Identified Data, and Aggregated Data
As permitted by law and by HealthUnity’s agreements with applicable third parties acting on HealthUnity’s behalf, may aggregate and/or de-identify your Information and/or combine your Information with other information maintained or available to HealthUnity and use or disclose such information as follows:
We may use aggregated or combined data to communicate with you about our products and services and disclose such aggregated or combined data to HealthUnity Partners in connection with providing the Services.
We may also use and disclose de-identified data, de-identified aggregated data, and/or de-identified combined data for improving our products and services, conducting analytics such as evaluating our Services and developing additional benefits, programs, and services, and disclosing to HealthUnity Partners for analytics purposes.
How We Protect Your Information
The security of your Information is important to us. We follow security standards to protect the Information submitted to us from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction, both during transmission and once we receive it. These safeguards vary based on the sensitivity of the Information that we collect, process and store and the current state of technology. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. We also maintain procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current. If you have any questions about data security and integrity on our Services, you can contact us at security@healthunity.com
How We Share Information
We may disclose your Information in the following circumstances.
Disclosures to HealthUnity Service Providers and Partners
HealthUnity, and third party vendors acting on our behalf, may disclose your Information to HealthUnity Partners, third party service providers, or vendors acting on our behalf for the purpose of providing the Services and related services to you or other Users. Third party service providers or vendors acting on our behalf are authorized to use your Information to provide us services or as required by law, and they are also permitted to aggregate or de-identify your Information such that it is not identifiable to you.
Safety, Security and Compliance with Law
Your Information and the contents of your communications through the Services may be disclosed to third parties as required by law, such as to comply with a subpoena or similar legal process, or when we reasonably believe disclosure is necessary to protect our rights (including to enforce our Terms), protect your safety or the safety of others, investigate fraud, report improper or unlawful activity, or respond to a government request.
Aggregate/De-Identified Information
We may create and share Aggregate/De-identified information about use of the Services, such as by creating reports on usage trends.
Uses and Disclosures as Required or Permitted by Law, Including for Research, Health Care Operations, and Public Health
To the extent not prohibited by law or precluded by HealthUnity’s agreements with the applicable partners, and any third party vendors acting on HealthUnity’s behalf, may use and disclose your Information: (a) as required or permitted by law, including, where applicable, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which may include disclosures to the applicable HealthUnity Partner; (b) for Research purposes; (c) for purposes of Health Care Operations of the applicable HealthUnity Partner; and (d) for Public Health, as each is defined and in accordance with HIPAA.
Third Party Websites and Services
Our Services may contain links that enable you to visit or use other third party websites, resources or programs. However, we do not have control over the other websites, resources, or programs that you choose to visit, so this Privacy Policy does not apply to information collected or that you provide while visiting such other websites, resources, or programs. You should refer to the privacy policies, if any, applicable to the other websites, resources, or programs.
Our Data Retention Practices
Personal data will be retained only for so long as reasonably necessary for the purposes set out above, considering criteria such as applicable rules on statute of limitations and at least the duration of your use of our Services. Information may persist in copies made for backup and business continuity purposes for additional time.
California Do-Not-Track Disclosure Requirements
We are committed to providing you with meaningful choices about the information collected on our Services for third-party purposes. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations, and solutions.
Children (applies only to U.S. Users)
Protecting the privacy of children is very important to us. Except as explicitly described below, we do not collect Information from people we actually know are under 18 years of age, and no part of the Services are designed to attract people under 18 years of age. If we later learn that an individual has provided us with their information through the Services in violation of this provision, we will take steps to remove that User’s Information from our databases and to prevent the User from utilizing the Services.
Modifications to this Privacy Policy
From time to time, we may update this Privacy Policy to reflect changes to our information practices. If we make changes to this Privacy Policy, they will be reflected in an updated Privacy Policy that will be posted on the Services, and all changes will be effective upon such posting or upon any later date specified by us in writing. We encourage you to periodically review this page for the latest information on our privacy practices. You can determine when this Privacy Policy was last revised by referring to the “Effective Date” legend at the top of this Privacy Policy. By continuing to use the Services or any services following the effective date of any updated Privacy Policy, you understand the applicability of the terms and conditions of such updated Privacy Policy.
How to Contact Us
Please read this Privacy Policy carefully. If you have questions or complaints regarding our Privacy Policy or privacy practices, please contact us at: Attn: Privacy, HealthUnity Health, privacy@healthunity.com