Privacy Policy

This Privacy Policy applies to personal information collected by PatientOne, Inc., (“PatientOne”, “we”, “us” and/or “our”) from users of our platform, tools or other services, the PatientOne website www.patientone.health (the “website”), and our mobile application (the “application”) (together, the “services”). “Personal Information” includes any information that can be used on its own or with other information to identify or contact a single person or to identify an individual in context. If we can link particular information (directly or indirectly) to an individual, we will consider this information “Personal Information,” and we will protect it.

The Personal Information we collect and transmit may include healthcare information, including billing, insurance, and medical information. Therefore, our privacy practices are intended to comply with the Health Insurance Portability and Accountability Act (“HIPAA”). We will maintain the privacy of your health information as required by HIPAA and the regulations promulgated under that Act. For additional information related to your healthcare information, please contact info@patientone.health.

We believe that transparency about the use of your Personal Information is important. in this Privacy Policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your Personal Information. The policy explains what kind of information we collect, when and how we might use that information, how we protect the information, and your rights regarding your personal information.

Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it. For the purposes of Applicable Data Protection Laws including the European Economic Area Data Protection Law (the “Data Protection Law”), please note the following:

Non-Provider Users: The data controller is: PatientOne, Inc., 259 W. Front, Suite B, Missoula, MT 59802 

Provider Users: The data controllers are YOUR healthcare provider and PatientOne, Inc., 259 W. Front, Suite B, Missoula, MT 59802 

Data Protection Officer: Erik Guzik, erik.guzik@patientone.health

BY SUBMITTING YOUR PERSONAL INFORMATION THROUGH THIS APPLICATION, YOU ARE ACKNOWLEDGING THAT YOU HAVE READ AND AGREE TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE, PLEASE DO NOT LOG INTO OR ACCESS THE APPLICATION OR SERVICES AND DO NOT SUBMIT ANY INFORMATION TO US.

Access to and use of the Services by a Healthcare Provider who is a PatientOne customer (a “Customer”) and such Customer’s authorized users is subject to and governed by the agreement between PatientOne and the applicable Customer as executed by authorized representatives of each party (the “Customer Agreement”). PatientOne may collect, use and disclose information from a Customer and such Customer’s authorized users as set forth in the Customer Agreement. If you would like more information about the Services or becoming a Customer, please contact us at info@patientone.health.

Changes to this Privacy Policy

PLEASE NOTE THAT WE OCCASIONALLY UPDATE THIS PRIVACY POLICY AND THAT IT IS YOUR RESPONSIBILITY TO STAY UP TO DATE WITH ANY AMENDED VERSIONS. IF WE MODIFY THIS PRIVACY POLICY, WE WILL NOTIFY YOU OF THE CHANGES THROUGH EITHER A POP-UP NOTICE IN THE APPLICATION, AN EMAIL NOTIFICATION, AN IN-SERVICE NOTICE OR OTHER REASONABLE MEANS. YOU CAN STORE THIS POLICY AND/OR ANY AMENDED VERSION(S) DIGITALLY, PRINT IT, OR SAVE IT IN ANY OTHER WAY. ANY CHANGES TO THIS PRIVACY POLICY WILL BE EFFECTIVE IMMEDIATELY UPON PROVIDING NOTICE, AND SHALL APPLY TO ALL INFORMATION WE MAINTAIN, USE AND DISCLOSE. IF YOU CONTINUE TO USE THE APPLICATION FOLLOWING SUCH NOTICE, YOU ARE AGREEING TO THOSE CHANGES.

What Information Do We Collect and Why?

Personal Data that You Provide Through the Services

We collect Personal Information (e.g. demographic information) from you when you voluntarily provide such information, such as when you create a profile on the Services, use the Devices in connection with the Services (including, without limitation, the software featured on the Devices and/or platforms made available by the third-party providers of the Devices (collectively, the “Integrated Services”)), contact us with inquiries, enter information into our Website contact form, respond to one of our surveys, or use certain features of the Services. We use this information to create your account and provide you with the Services.

For Patients

In addition to demographic information, if you are a Patient, we may ask you to provide your contact preferences, certain contact information, such as your email address, mobile telephone number, and physical address, and other Health and Activity Data to us in order to create your account and provide you with the Services. Such Health and Activity Data may include your information about your health conditions, age, gender, weight, and height. You will also be asked to create a unique PIN to enter when signing into your profile. We collect this information to provide you more customized Services and to communicate information to your healthcare provider.

Wherever PatientOne collects Personal Information, we make an effort to provide a link to this Privacy Policy.

Users of the PatientOne Android application are asked for permission to access location services. Bluetooth medical device connections in Android 11 require location background access permission. PatientOne does not use location services for any other purpose other than supporting Bluetooth device connections on Android devices.

Primarily, the collection of your Personal Information assists us in creating your user login/profile, tailoring interventions to your healthcare needs, providing a means to track your treatments and symptoms for communication to your healthcare providers, and assessing treatment outcomes. Another primary purpose of collecting this information is to allow PatientOne to aggregate de-identified data that other providers and research institutions can use to better understand the symptoms associated with certain treatments. We may also use your Personal Information to (1) communicate with you about and manage your user profile; (2) store data; (3) comply with the law; (4) respond to requests from public and government authorities; (5) to enforce our terms and conditions; (6) manage and improve our operations and applications; (7) provide additional functionality; (8) protect our rights, privacy, safety or property, and/or that of yours or others; and (9) allow us to pursue available remedies or limit the damages we may sustain.

 

Failure to Provide Information

Providing your Personal Information is not statutorily or contractually mandated. If you choose not to provide this information, we cannot create a user profile for you, and you will be unable to use our Services.

 

Support Information

If you contact PatientOne for support or to lodge a complaint, we may collect technical or other information from you. Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Services in accordance with this Privacy Policy. Calls with PatientOne may be recorded or monitored for training, quality assurance, customer service, and reference purposes.

IP Address; Device ID Information: The requests you make to PatientOne may contain your IP address (the Internet address of your computer or device). We may use Patients’ and other visitors’ IP addresses for various purposes, including to analyze and report upon usage of the Services; to diagnose and prevent service or technology problems affecting the Services; and to monitor and prevent fraud and abuse. If you access the Services on a mobile device, we may also collect your device identification number and request access to settings and location information for similar purposes.

Non-Identifiable Data Related to Operation of the Service: When you interact with PatientOne through the Services, we receive and store certain personally non-identifiable information. Such information, which we collect passively using various technologies, cannot presently be used to specifically identify you. We may store such information ourselves or such information may be included in databases owned and maintained by PatientOne affiliates, agents or service providers. The Services may use such information and pool it with other information to track, for example, the total number of users of the Services, the number of visitors to each page of our Website, and the domain names of our visitors’ Internet service providers. It is important to note that PatientOne does not use Personal Information for this process. The Services currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Privacy Policy whether or not a DNT signal is received.

Aggregated Personal Data: In an ongoing effort to better understand and serve our Customers, other users of the Services and communities of patients with chronic health conditions, PatientOne conducts research on its user demographics and behavior based on the Personal Information we collect from you and the other information provided to us. This research may be compiled and analyzed on an aggregate basis, and PatientOne may share this research and related information in aggregated, de-identified and/or anonymized format with its affiliates, agents and other healthcare research and services entities, including without limitation insurance and pharmaceutical companies. For the avoidance of doubt, this aggregate information does not identify you personally. PatientOne may also disclose aggregated, de-identified and/or anonymized information in order to describe our business and the Services to current and prospective business partners and Customers, and to other third parties for other lawful purposes.

 

Monitoring

PatientOne and its affiliates and agents are permitted, but not obligated, to review and/or retain information and/or communications stored and/or transmitted using the Services (“User Content”). We may monitor User Content for data collection purposes and/or to evaluate the quality of service you receive, your compliance with the Terms of Use, the security of the Services, or for other reasons. Your authorized healthcare providers may also monitor User Content in order to monitor your progress and overall condition and to follow up with you, as they deem appropriate in their independent judgment as your healthcare providers.

You agree that such monitoring activities, if in compliance with applicable privacy laws, will not entitle you to any cause of action or other right with respect to the manner in which PatientOne or its affiliates or agents monitor your communications and enforces or fails to enforce the Terms of this agreement. In no event will PatientOne or any of its affiliates or agents be liable for any costs, damages, expenses, or any other liabilities incurred by you as a result of monitoring activities by PatientOne or its affiliates or agents.

 

 

 

Device and ISP Data

 

Where Is My Personal Information Stored And/Or Processed?

Information PatientOne collects through the Services will be stored on secure third party cloud-based servers. All of the information you share with us through the Services is encrypted during transmission using a public-key interface (PKI).

 

Will You Share My Personal Information with Anyone Else?

We consider your information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Information with certain third parties without further notice to you. Those circumstances are described below:

With Our CustomersIf you are a Patient, we will share your Personal Information and Health and Activity Data with our Customer(s) that provide healthcare services to you. This will enable your Provider to track your Health and Activity Data and combine such Health and Activity Data with other information about you that your Provider obtains in providing healthcare services to you.

With Patient-Authorized Persons: If you are a Patient, you may have the option of identifying family and/ or friends in the PatientOne application to view certain of your information and receive alerts regarding your health and/or activities (“Permissions”). If you designate Permissions, we may make available certain of your Personal Information and Health and Activity Data, and related alerts, to the people you designate.

In the Event of a Business Transfer: We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Information may be part of the transferred assets.

With Related Companies: We may also share your Personal Information with PatientOne-Related Companies for purposes consistent with this Privacy Policy.

With Our Agents, Consultants and Related Third Parties: PatientOne, like many businesses, sometimes hires other companies to perform certain business-related functions. Examples of such functions include data hosting and billing management. When we employ another entity to perform a function of this nature, we only provide the entity with the information that it needs to perform its specific function.

To Meet Our Legal Requirements: We may disclose your Personal Information if required to do so by law or if we have a good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of you, us, other users of the Services or the public, or (iv) protect against legal liability.

NOTE: We may, from time to time, rent or sell aggregated data and/or other information that does not contain any personal identifiers (i.e., if the information has been anonymized by stripping out identifiers such as name, address, phone number, etc.). The purpose of this type of disclosure is to allow research institutions to learn more about symptoms associated with your medical condition(s).

 

How Long Will You Retain my Information?

We store your Personal Information for as long as you maintain an account and up to five (5) years after the account is closed. At the end of this five-year period, we will remove your Personal Information from our databases and will request that our business partners remove your Personal Information from their databases. However, once we disclose your Personal Information to third parties, we may not be able to access that Personal Information any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures. Written requests for deletion of Personal Information other than as described should be directed to info@patientone.health. We retain anonymized data indefinitely.

 

How Do You Protect My Personal Information?

PatientOne is committed to protecting the security and confidentiality of your Personal Information. We use a combination of reasonable physical, technical, and administrative security controls to maintain the security and integrity of your Personal Information, to protect against any anticipated threats or hazards to the security or integrity of such information, and to protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm or inconvenience to you. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot ensure the security of information you transmit to us. By using the Services, you are assuming this risk.

 

Safeguards

The information PatientOne collects and stores on secure servers is protected by a combination of technical, administrative, and physical security safeguards, such as authentication, encryption, backups, and access controls. If PatientOne learns of a security concern, we may attempt to notify you and provide information on protective steps, if available, through the e­mail address that you have provided to us or by an in­-app notification. Depending on where you live, you may have a legal right to receive such notices in writing.

You are solely responsible for protecting information entered or generated via the Application or Website that is stored on your device and/or removable device storage. We have no access to or control over your device’s security settings, and it is up to you to implement any device level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our Application or Website.

NOTWITHSTANDING ANY OF THE STEPS WE TAKE, IT IS NOT POSSIBLE TO GUARANTEE THE SECURITY OR INTEGRITY OF DATA TRANSMITTED OVER THE INTERNET. THERE IS NO GUARANTEE THAT YOUR INFORMATION WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. THEREFORE, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY INFORMATION YOU TRANSMIT TO US AND YOU TRANSMIT SUCH INFORMATION AT YOUR OWN RISK.

 

How Can I Protect My Personal Information?

We will NEVER send you an e-mail requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any e-mail requesting such information. If you receive such an e-mail purportedly from PatientOne, DO NOT RESPOND to the e-mail and DO NOT CLICK on any links and/or open any attachments in the e-mail, and notify PatientOne support at info@patientone.health.

You are responsible for taking reasonable precautions to protect your user ID, password, and other User Account information from disclosure to third parties, and you are not permitted to circumvent the use of required encryption technologies. You should immediately notify PatientOne at info@patientone.health if you know of or suspect any unauthorized use or disclosure of your user ID, password, and/or other User Account information, or any other security concern.

 

EU DATA SUBJECT RIGHTS

If you are an EU data subject, you have the following rights under certain circumstances:

  • to receive communications related to the processing of your personal data that are concise, transparent, intelligible and easily accessible;
  • to be provided with a copy of your personal data held by us;
  • to request the rectification or erasure of your personal data held by us without undue delay;
  • to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example);
  • to object to the further processing of your personal data, including the right to object to marketing;
  • to request that your personal data be moved to a third party;
  • to receive your personal data in a structured, commonly used and machine-readable format;
  • to lodge a complaint with a supervisory authority.

Where our processing of your Personal Information is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us at info@patientone.health. You can also exercise the rights listed above at any time by contacting us at info@patientone.health.

 

How Can I Update, Correct or Delete My Personal Information?

You can change your e-mail address and other contact information by editing your profile in the Application or on the Website. If you need to make changes or corrections to other information, you may e-mail info@patientone.health. If you remove data from your account, it will no longer appear to you in your profile. Backups of that data will remain associated with your account and in our archive servers. You can deactivate your account by writing to info@patientone.health.

 

Can I “Opt-Out” Of Receiving Communications From Company?

We pledge not to market third party services to you. We only send e-mails to you regarding your PatientOne account and services. You can choose to filter these e-mails using your e-mail client settings, but we do not provide an option for you to opt out of these e-mails. We consider these e-mails very important to maintaining your account.

 

SMS Services

By requesting communication via the PatientOne SMS messaging service, you acknowledge that you agree to receive text messages as part of the PatientOne Connect Program, with an estimated message frequency of 1 message per day relating to your care plan protocol.  The PatientOne Connect protocol is meant to keep you on track for your health care objectives and provide a way for you to communicate directly with your care team.

You may use the following as part of your communication: reply HELP for help and reply STOP to stop.

Message and data rates may apply.

Carriers are not liable for delayed or undelivered messages

 

Location Services

Users of the PatientOne Android application are asked for permission to access location services. Bluetooth medical device connections in Android 11 require location background access permission. PatientOne does not use location services for any other purpose other than supporting Bluetooth device connections on Android devices.

 

Information Submission by Minors

We do not knowingly collect personal information from individuals under the age of 18 and the Services are not directed to individuals under the age of 13. We request that these individuals not provide personal information through the Services. If you are aware of a user under the age of 13 using the Services, please contact us at info@patientone.health.

 

How Can I Contact PatientOne?

If you have any questions or comments about this Privacy Policy or the practices of our Application, please feel free to e-mail us at info@patientone.health.