Helia Care Inc., Privacy Policy

Revision Date: November 5, 2018

Helia Care, Inc. Privacy Policy

For more information or if you have any questions about this privacy policy, please contact us at [email protected].

1. Personal Information. Your privacy is very important to all of us at Helia Care, Inc., a Delaware corporation (“Company”, “We”, or “Us”). We have established this privacy policy (“Privacy Policy”) to explain how and why the Company collects, protects, stores and uses the personal information (as defined below) which it encounters in the course of conducting its business on this website (the “Website”) and on Helia Connect (as defined in the Definitions document located http://www.heliacare.com/policies/definitions/, which is hereby incorporated by reference herein) (Helia Connect together with the Website, the “Sites”). Personal information is information about you, the company for whom you are an authorized user of the Sites, and your patients that is personally identifiable, such as names, email addresses, account information, billing and invoicing data, data about medical devices, and other information that is not otherwise publicly available (collectively “Personal Information”). Personal Information about the patients for whom you are recommending devices and procedures (the “Patient” or the “Patients”), including but not limited to names, birth dates and other vital statistics, surgical and medical data of all kinds, medical insurance data where applicable, and other information that is not otherwise publicly available (“PHI”) is protected under the Health Insurance Portability and Accountability Act (“HIPAA”). The privacy practices of this Privacy Policy apply to our Services (as defined in our Terms of Use) accessible through the Company Sites, and your use of the Sites. This Privacy Policy describes the types of information we may collect from users and about Patients or data that you may provide when you visit the Sites, and our practices for collecting, using, maintaining, protecting, and disclosing both Personal Information and PHI.

This policy applies to information we collect:

  • On this Website;
  • On Helia Connect;
  • In email, text, and other electronic messages between you and these Sites; and
  • From third party providers of Patient-related PHI.

It does not apply to information collected by the Company offline or through any other means, including on any other website operated by Company.

Please read this Privacy Policy carefully to understand our policies and practices regarding your and the Patients’ information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Sites. By accessing or using these Sites or using Company Services, you agree to be bound by the terms and conditions of this Privacy Policy. We reserve the right to change this Privacy Policy at any time, for example to stay updated on changing privacy laws. In the event you have provided your email to us, we will inform you of any changes to this Privacy Policy and when those changes go into effect. Your continued use of these Sites after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates. By submitting Personal Information and HIPAA-Protected Information to us through the Services, you expressly consent to our collection and use of that information, and to our disclosure of that information in accordance with this Privacy Policy. This Privacy Policy is incorporated into and subject to the terms of the Company Terms of Use.

2. Information Collection & Use. The Company collects Personal Information from you and the Patients through the Services, in order to allow us to provide the Services that will most likely meet your needs and preferences. We only collect Personal Information about you that we consider necessary for achieving this purpose. We only collect HIPAA-Protected Information in accordance with the Health Insurance Portability and Accountability Act.
In general, you can browse the Sites and “opt-out” from providing us with any Personal Information. Once you agree to provide us with Personal Information, you are no longer anonymous to us. If you choose to use and/or purchase certain Services we may require you to provide contact and identity information, billing information, and other Personal Information as indicated on the forms throughout the Sites. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use or purchase a particular service.

We collect several types of information from and about users of our Sites, including information:

  • Personal Information (as defined in the introductory paragraph of this Privacy Policy) by which you may be personally identified, such as name, postal address, e-mail address, telephone number, social security number or any other information the Sites collect that is defined as Personal or Personally Identifiable under an applicable law;
  • By which the Patients and their HIPAA-Protected PHI may be personally identified, such as those types of information detailed in the introductory paragraph of this Privacy Policy and labeled PHI;
  • That is about you but individually does not identify you; and/or
  • About your internet connection, the equipment you use to access our Sites and usage details.

We collect this information:

  • Directly from you when you provide it to us;
  • Automatically as you navigate through the Sites. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and/or
  • From third parties.

We may track certain information based upon your behavior on the Sites. We use this information to do internal research on our users’ demographics, interests, traffic patterns, usage of the Sites, and behavior to better understand our customers. This information may include, but may not be limited to, the URL that you just came from, which URL you go to next, your browser information, information about the mobile device you use, and your IP address. This information is used to improve the Sites and Services and to provide our users with a fulfilling experience.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Sites, we may collect and retain such information in a file specific to you.

The information we collect on or through our Sites may include:

  • Information that you provide by filling in forms on our Sites. This includes information provided at the time of registering to use our Sites, subscribing to our service, posting material, entering information about surgeries or medical devices, or requesting further services. We may also ask you for information when you report a problem with our Sites;
  • Records and copies of your correspondence (including email addresses), if you contact us; and/or
  • Your search queries on the Sites.

3. Storage and Use of Your Personal Information. The Company may collect information under the direction of users of its Sites and has no direct relationship with the owners of any PHI that may be collected across its Sites. If you are Patient of one of the Company’s users and would no longer like to be contacted by – or have your PHI stored by – the user(s) of the Company’s Sites, please contact the user(s) that you interact with directly.

We use your Personal Information, and other information we obtain from your current and past activities on the Sites to: present our Sites and their respective contents to you; process orders, send order confirmations; provide customer services; resolve disputes; troubleshoot problems; inform you about updates; customize your experience on the Sites; detect and protect us against error, fraud and other criminal activity; provide you with notices about your account or subscription, including expiration and renewal notices; carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection; enforce our Terms of Use; and as otherwise described to you at the time of collection. We may compare and review your Personal Information for errors, omissions, and accuracy.

You agree that we may use your Personal Information, including your email address, to improve our internal marketing and promotional efforts, to analyze usage of the Sites, to improve the Services, and to customize Sites’ content, layout, and services. These uses improve the Sites and better tailor them to meet your needs, so as to provide you with a smooth, efficient, safe, and customized experience while using the Sites and/or the Services.

We may use third-party analytics companies (“Service Providers”), such as Google Analytics, to evaluate use of our Sites and Services. The Company or its Service Providers use these tools to help Us understand use of, and to improve, our Sites and Services, performance, and user experiences. These entities may use cookies and other tracking technologies, such as web beacons or local storage objects (“LSOs”), to perform their services by collecting certain anonymized data about our users. However, the Company does not share Personal Information and PHI collected on the Sites with any third parties. The Company stores Personal Information on a secure database, and where appropriate, stores PHI in compliance with HIPAA legislation.

4. Communications from Company. We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if access to our products is temporarily suspended for maintenance, we might send you an email or text message. Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, please do not submit your Personal Information through the Sites.

5. Information Sharing and Disclosure. As a matter of policy, we do not sell, rent, or share any of your Personal Information, including your email address, to third parties for their marketing purposes without your explicit consent. However, the following describes some of the ways that your Personal Information may be disclosed in the normal scope of business to provide our services and products to customers:

  • Purpose: We may disclose your Personal Information to fulfill the purpose for which you provide it. For example, when you create an account, we use that Personal Information to set up your account.
  • Buyers or Successors: To a buyer or other successor of the Company in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by Company about users of our Sites is among the assets transferred.
  • Legal Requests: The Company cooperates with law enforcement inquiries, as well as other third parties to enforce laws, such as: intellectual property rights, fraud and other rights, to help protect you, other users, and Company from bad actors. Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorize us to) disclose your name, city, state, telephone number, email address, username history, and fraud complaints without a subpoena. Without limiting the above, in an effort to respect your privacy, we will not otherwise disclose your Personal Information to law enforcement or other government officials without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss, or to report suspected illegal activity.
  • With Service Providers: The Company may share anonymized user data with Service Providers as noted above, for the purpose of improving the Sites and Our Services.
  • With Third Parties: The Company may transfer Personal Information to companies that help us provide our Services across our Sites. Transfers to subsequent third parties are covered by the services agreement in place with that third party and require those third parties to treat HIPAA-Protected Information in compliance with the HIPAA legislation.
  • Other Disclosures: We may also disclose your Personal Information: (1) to enforce or apply our terms of use and other agreements, including for billing and collection purpose; or (2) if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Company, our customers, or others.

Due to the existing regulatory environment, we cannot ensure that all of your private communications and other Personal Information will never be disclosed in ways not otherwise described in this Privacy Policy. By way of example (without limiting the foregoing), we may be forced to disclose Personal Information, including your email address, to the government or third parties under certain circumstances, third parties may unlawfully intercept or access transmissions or private communications, or users may abuse or misuse your Personal Information that they collect from Company. Therefore, although we use industry standard practices to protect your privacy, we do not promise, and you should neither rely upon nor expect, that your Personal Information or private communications will always remain private.

We may disclose Aggregated Data (as defined in the Definitions document located here), that does not identify any individual, without restriction.

You can review and change your Personal Information by logging into the Sites and visiting your account profile page. You may also send us an email at [email protected] to request access to, correct or delete any Personal Information or PHI that you have provided to us. Note however, that the Company cannot delete your Personal Information and PHI except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from the Sites, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Sites’ users. Proper access and use of information provided on the Sites, including User Contributions, is governed by our terms of use.

6. Your California Privacy Rights. California Civil Code Section § 1798.83 permits users of our Sites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: Attn: Chief Operating Officer, Helia Care, Inc., 14301 N. 87th Street, Suite #116, Scottsdale, Arizona 85260.

7. Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the Sites, to track users’ movements around the Sites and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information. We track trends in users’ usage and volume statistics to create more efficient and usable Sites and Services, and to determine areas of the Sites or Services that could be improved to enhance the user experience. Log files are used on the Sites, and in any link to the Sites from an email.

8. Cookies and Related Technologies. When you use the Sites, we collect certain information by automated electronic means, which may include:

  • Browser Cookies – A cookie is a small file placed on the hard drive of your computer or mobile device. “Session Cookies” are temporary cookies used for various reasons, such as managing page views, and are usually erased by your browser when you exit it. “Persistent Cookies” are used for a number of reasons, such as storing your preferences and retrieving certain information you have previously provided. Persistent Cookies are stored on your devices after you exit your browser.
  • Flash Cookies – Certain features of our Sites may use locally stored objects called Flash Cookies to collect and store information about your preferences and navigation to, from, and on our Sites. Flash Cookies are not managed by the same browser settings as are used for Browser Cookies.
  • Web Beacons – Our emails and certain pages of our Sites may contain small electronic files known as Web Beacons that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). Web Beacons are sometimes also referred to as clear gifs, pixel tags, and single-pixel gifs.
  • Throughout the Company’s Privacy Policy, we use the term “Cookies” to include Browser Cookies, Flash Cookies, Web Beacons, Session Cookies, and Persistent Cookies.

The information from Cookies is also stored in web server logs, which are then transmitted back to the Sites by your computers or mobile devices. These servers and Cookies are operated and managed by us. As you use the Sites and Services, your browsers communicate with servers operated by the Company to coordinate and record the interactivity and fill your requests for services and information.

Cookies are also used to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Sites, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Sites; and
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect is statistical and may include Personal Information, and we may maintain it or associate it with Personal Information we collect in other ways or receive from third parties. Cookies help us improve our Sites and Services and help Us deliver better Sites and Services, including by enabling us to:

  • Estimate our audience size and usage patterns.
  • Store information about your preferences, allowing us to customize our Sites according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Sites.
  • Manage Your Security Settings

You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Refer to your browser’s instructions to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at http://www.networkadvertising.org/choices/.

10. Rights to Access and Control Your Personal Information. Any personal data that we collect is based upon your consent as detailed in this Privacy Policy. You have many choices concerning the collection, use, and sharing of your data, including the ability to:

  • Delete Data: You may request that we delete your Personal Information. Please note that in some cases we cannot delete your Personal Information except by also deleting your user account.
  • Change or Correct Data: You can also ask us to change, update, or fix your data in certain cases, particularly if it’s inaccurate.
  • Object to, or Limit or Restrict, Use of Data: You may request that we do not use your Personal Information, but keep in mind that this will terminate our ability to provide any Service(s) to you.
  • Right to Access and/or Take Your Data: You can ask us for a copy of your Personal Information.

You may send us an email at [email protected] to request access to, obtain copies of, correct, or delete any Personal Information that you have provided to us. Your email message must include (i) your identifying information (including your IP address, if applicable), (ii) your contact information, and (iii) information about the specific changes, deletions, or other action(s) you are requesting. We require this information so we can determine which information in our control is your Personal Information and complete the actions you requested. We may not accommodate a request to delete or change information if we believe the deletion would violate any law or legal requirement.

11. Links to Other Company Platforms. The Sites may contain links that are not owned or controlled by the Company. Please be aware that we are not responsible for the privacy practices of such third parties. We encourage you to read the privacy statements of each and every third-party platform that collects personally identifiable information. This Privacy Policy applies only to information collected by the Company.

12. Security. We follow generally accepted industry standards to protect Personal Information and Patient PHI, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Information and Patient PHI, we cannot guarantee its absolute security. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Sites.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Sites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Sites like message boards. The information you share in public areas may be viewed by any user of the Sites.

13. Notice to Residents of Countries outside the United States of America. Company is headquartered in the United States of America. Personal Information and Patient PHI may be accessed by us or transferred to us in the United States or to our affiliates, business partners, or service providers elsewhere in the world. By providing us with Personal Information or Patient PHI, you consent to this transfer. We will protect the privacy and security of Personal Information and Patient PHI in accordance with this Privacy Policy, regardless of where it is processed or stored.

14. Children Under the Age of 18. Our sites and Services are intended for and directed towards adults. Our Services are not directed to minors and we do not knowingly collect Personal Information or Patient PHI from minors without verified parental consent. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, or without verifiable reasons to believe that person under 18 is legally allowed to provide their own consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

15. How We Comply with HIPAA and Protect Your PHI. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of your Personal Information, such as demographic, health and/or health-related information that we collect as part of providing the Services, may be considered “protected health information” or “PHI.” Specifically, when we receive identifiable information about you, such as identifiable health information, including without limitation, information about your past, present, or future physical or mental health condition, the name and license number of your recommending physician, contact information of that physician, the method to verify the recommendations authenticity, the expiration date of the recommendation, and the details of orders placed through the website is considered PHI. Further, a healthcare provider’s medical data is considered PHI and includes information provided by doctors or other healthcare specialists, professionals, or providers (collectively, “Healthcare Providers”) you have visited, the reasons for your visit, the dates of your visit, your medical history, and other medical and health information you choose to share with us.

HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. We may only use and disclose your PHI in the ways permitted by you and your Healthcare Providers and such permission may be revoked at any time.

The following describes the circumstances in which we may use or disclose your PHI:

  • Treatment, Payment and Healthcare Operations. We are permitted to use and disclose your PHI for purposes of treatment, payment and healthcare operations. For example:
  • Treatment. We may disclose your PHI to another physician or healthcare provider for purposes of a visit or in connection with the provision of follow-up treatment.
  • Healthcare Operations. We may use and disclose your PHI in connection with our healthcare operations, such as providing customer services, storing your purchase and delivery history, and conducting quality review assessments. We may engage third parties to provide various services for us. If any such third party must have access to your PHI in order to perform its services, we will require the third party enter into an agreement that binds the third party to the use and disclosure restrictions outlined in this Policy.
  • Authorization. We are permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
  • As Required by Law. We may use and disclose your PHI to the extent required by law.
  • Research and Marketing. We may under certain circumstances, use or disclose PHI that is necessary for research or marketing purposes. Such disclosure will de-identify you from your PHI.

You have the following rights regarding the PHI maintained by us:

  • Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that we communicate with you through alternate means or at an alternate location, and we will accommodate your reasonable requests. You must submit your request in writing.
  • Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment, or healthcare operations. You also have the right to request that we restrict its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing. We are not required to comply with your request.
  • Inspection and Copies. You have the right to obtain a paper copy of this Policy from us at any time upon request. We may charge a fee for the costs of copying, mailing, or other supplies associated with your request. To obtain a paper copy of this notice, please contact the Company by emailing [email protected]. We may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, we will inform you of the reason for the denial, and you may request a review of the denial.
  • Amendment. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You must provide a reason that supports your request. We may deny your request if: (i) it is not in writing or does not include a reason to support your request; (ii) information is not part of the medical information stored by us; (iii) the information was not created by us; (iv) information is not part of information you are permitted to inspect and copy; or (v) the information is complete and accurate.
  • Breach Notification. You have the right to be notified in the event that the Company (or one of our business associate) discovers a breach of unsecured PHI.
  • Accounting of Disclosures. You have a right to receive an accounting of all disclosures we have made of your PHI. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, we may charge you for the costs involved in fulfilling any additional request made within a period of 12 months.

© 2019 Helia Care, Inc.