Privacy Policy
This Privacy Policy is designed to inform users of the Curewell Medical Center Website, and services (collectively, the “Service”). This Privacy Policy covers how Curewell Medical Center treats your Personally Identifiable Information (“PII”), Protected Health Information (“PHI”), and other data that you may share when you use the Service (“Data”) (PII, PHI and Data collectively hereafter “Personal Information”). We established this Privacy Policy to let you know the kinds of information we may gather, why we gather your information, what we use your information for, how you can manage your information, and under what circumstances, if any, it is disclosed. By using the Service, you are accepting the practices described in this Privacy Policy.
You may have been invited to register for, install or use the Service from a third party as part of a research or clinical care initiative. We are not responsible for the actions, privacy policies, or other legal notices of these third parties, their websites, or applications. This Privacy Policy does not apply to information that you may share with us offline or with third-parties, including websites or applications that may be linked to the Service.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time by posting a new version online. You should check this page occasionally to review any changes. If we make material changes affecting you as determined by Curewell we will notify you by posting the revised Privacy Policy on our websites and, if you are a user of our platform, by providing notice through email. This helps you always be aware of what information we collect, how we use it and under what circumstances if any, it is disclosed. Your continued use of the Service and/or continued provision of Personal Information to us will be subject to the terms of the then-current Privacy Policy.
Types of Information Collected
Curewell Medical Center collects Personal Information when you register for the Service, when a third party registers you for the Service on your behalf, or when you use the Service. Depending on how you use the Service, we collect different kinds of information about you. This information may include:
Personal Health Information (PHI)
If you are using the Service as part of your treatment from a health care provider or membership with a health insurance plan, then any information that identifies you as a patient of the health care provider or regarding your health may be PHI. If you are not a patient but are using the Service on behalf of a health care provider or health insurance company, then information about others that is accessible through the Service may be PHI. We will only use or disclose PHI as permitted or required under the Health Insurance Portability and Accountability Act, as amended, and implementing regulations (collectively, “HIPAA”). If your use of the Service is for purposes of a research protocol or is not through a health care provider, then HIPAA may not be applicable.
Personally Identifiable Information (PII)
PII is any information that can individually identify you and includes your name, and contact information, such as e-mail address, telephone number, or postal address.
Non-Personally Identifiable Information
Non-personally identifiable information includes information that does not personally identify you but may be linkable to you. If non-personally identifiable information is directly linked to personally identifiable information, it will be considered PII while it is linked. Aggregate and de-identified information is not considered PII.
Personal Data
Among the types of Personal Data that the Service may collect from you, by itself or through third parties, there are geographic position, general activity data, movement activity, Cookies, Usage Data, first name, last name, email address, body measurements & indexes, sleeping activity, phone number, and picture. Some information regarding phone and SMS usage may be obtained from your device in the case that you choose to contact an emergency hotline.
Personal Data may be freely provided by the user of the Service, or, in case of Usage Data, collected automatically. Failure to provide the requested Personal Data may make it impossible for Curewell to provide its Service to you. In cases where the Service specifically states that some Data is not mandatory, you are free to withhold this Data without any consequences on the availability or the functioning of the Service.
Whenever you visit our websites or applications, Curewell Medical Center receives and records information on our server logs from your browser, including your IP address, Curewell’s cookie information, and the pages you request, and relates it to the Personal Information you provide. Any use of Cookies – or of other tracking tools – serves the purpose of providing, customizing, or improving the Service.
Users are responsible for any third-party Personal Data obtained, published, or shared through the Service and confirm that they have the third party’s consent to provide the Data to Curewell.
Collection and Combination of Information from Other Sources
We also may collect information about you that we may receive from other sources or from our offline interactions with you to, among other things, enable us to verify or update the information contained in our records and to better customize the Service for you. We may combine information gathered from multiple parts of the Service into a single record.
Uses and Disclosures of Protected Health Information
Your Protected Health Information may be used and disclosed by your physician, our office staff, and others outside of our office that are involved in your care and treatment to provide health care services to you, to pay your health care bills, to support the operation of the practice, and any other use required by law.
Treatment
We will use and disclose your Protected Health Information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the health care professional has the necessary information to diagnose or treat you.
Payment
Your protected health information will be used, as needed, to obtain payment for health care services. For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to the health plan to obtain approval for the hospital admission.
Healthcare Operations
We may use or disclose, as-needed, your protected health information to support the business activities of your physician’s practice. These activities include, but are not limited to, quality assessment activities, employee review activities, and conducting or arranging for other business activities. We may use or disclose, as needed, your protected health information to support the business activities of this practice. Besides, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment. We may call your home and leave a message (either on an answering machine or with the person answering the phone) to remind you of an upcoming appointment, the need to schedule a new appointment or to call our office. We may also mail a postcard reminder to your home address. If you would prefer that we call or contact you at another telephone number or location, please let us know.
We may use or disclose your protected health information in the following situations without your authorization. These situations include: as Required By Law, Public Health issues required by law, Communicable Diseases: Health Oversight: Abuse or Neglect: Food and Drug Administration requirements: Legal Proceedings: Law Enforcement: Coroners, Funeral Directors, and Organ Donation: Research: Criminal Activity: Military Activity and National Security: Workers’ Compensation: Inmates: Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of HIPAA.
Other Permitted and Required Uses and Disclosures Will Be Made Only With Your Consent, Authorization, or Opportunity to Object unless required by law.
You may revoke this authorization, at any time, in writing, except to the extent that your physician or the physician’s practice has taken an action in reliance on the use or disclosure indicated in the authorization.
Confidentiality and Security
We have taken reasonable and necessary steps to ensure that all Personal Information collected will remain secure. These steps include physical, electronic, and administrative procedures to safeguard and help prevent unauthorized access or disclosure, maintain data security, and correctly use the Personal Information that we collect.
The processing of the Personal Information we collect is carried out using computers and/or IT-enabled tools, following organizational procedures and modes appropriate and necessary to provide the Service. Personal Information is processed at Curewell’s operating offices and in any other places where the parties involved with the processing are located.
It is important that you help protect the privacy of your own information. We strongly recommend that you take precautions to protect the security of any Personal Information that you transmit by using device security features, encryption, and other techniques to prevent unauthorized interception of your Personal Information. You are responsible for the security of your information when using unencrypted, public, or otherwise unsecured networks.
Please understand, that while we try our best to safeguard your Personal Information once we receive it, no transmission of data over the Internet or any other public network can be guaranteed to be 100% secure.
Your Rights
The following is a statement of your rights concerning your protected health information.
You have the right to inspect and copy your protected health information. Under federal law, however, you may not inspect or copy the following records; psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and protected health information that is subject to law that prohibits access to protected health information.
You have the right to request a restriction of your health information. This means you may ask us not to use or disclose any part of your protected health information for treatment, payment, or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes described in this Notice of Privacy Practices. Your request must state the specific restriction and to whom you want the restriction to apply.
Your physician is not required to agree to a restriction you may request. If your physician believes it is in your best interest to permit the use and disclosure of your protected health information, your protected health information will not be restricted. You then have the right to use another Healthcare Professional.
You have the right to request to receive confidential communications from us by alternative means or at an alternative location. You have the right to obtain a paper copy of this Notice from us, upon request, even if you have agreed to accept this Notice alternatively (i.e. electronically)
You may have the right to have your physician amend your protected health information. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information.
We reserve the right to change the terms of this Notice and will inform you of any changes. You then have the right to object or withdraw as provided in this Notice.
Complaints
You may complain to us or the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our privacy officer of your complaint at our office and main telephone number. We will not retaliate against you for filing a complaint.