You may also give us permission to import certain data from your third party wearable activity devices (like Fitbit) (each, a “Device”). We are not responsible for the accuracy of the Device’s data or the data practices of third party manufacturers of the Device from which you may elect to import data, and you are advised to consult their privacy policies separately. You may choose not to import these data types and to still use the Site, App and Services.
Wyllness provides Patients and Providers with the Site, App and Services to support the multi-disciplinary management of patient chronic pain. Wyllness uses proprietary technology to analyze Personal Information through the Patient’s use of the Site, App and Services in real-time and then we prepare an individualized data report for each Patient. This Patient data report is then shared, as directed, with the Patient’s designated Providers to assist the Provider with preparing personalized recommendations and treatment plans for the Patient.
Other than information gathered through the Site, App and the Services, Wyllness acts as a service provider for Providers and does not own or control the information that is submitted to us through the Services. The information that is submitted through the Services will be held subject to the requirements specified by our health service provider clients and applicable law, such as the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009, and the related regulations promulgated thereto (collectively, “HIPAA”).
“Personal Information” means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: contact data (such as your address, e-mail address and phone number); demographic data (such as your gender, your date of birth and your zip code); payment data (such as credit card, shipping and billing information); insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); medical data (such as your doctors or other health care providers, your medical history, and other medical and health information you choose to share with us); and other information that you voluntarily choose to provide to us, including without limitation, data, your SSN, your unique identifiers such as passwords, and information in emails or letters that you send to us.
If you are a physician or other healthcare or medical provider (“Provider”), or an individual who is authorized by a Provider to access and use the Services (“Designee”), we collect Personal Information about the Provider and Designee when the Provider registers to use the Services. The Personal Information about Providers and Designees that we collect includes, without limitation, the Provider’s and Designee’s name, specialty, email address, phone number, and business postal address.
If you are a patient of a Provider who has subscribed to the Services (“Patient”), we collect Personal Information about you when you register to use the Services and through your or your Authorized Caregiver’s use of the Site, App and the Services, including when you, your Authorized Caregiver and your Provider communicate with each other. If you are an individual authorized by a Patient to use the Services to communicate with such Patient’s Provider (“Authorized Caregiver”), we collect Personal Information about you, including, without limitation, your name, email address, phone number and your relationship to the Patient. When communicating with the Provider in using the Services, the Patient, Authorized Caregivers, Provider and its Designees may disclose Personal Information about the Patient, which may include Protected Health Information.
We may use Personal Information, as follows:
We may disclose Personal Information, including Protected Health Information (defined below) as follows:
We may use and/or disclose Protected Health Information in the same manner as Personal Information, described above, except our use and disclosure of Protected Health Information is further limited as provided by HIPAA.
Specifically, as described above, all uses or disclosures of PHI shall require Patient authorization or a valid authorization on the Patient’s behalf, except: (a) uses or disclosures by or to the Patient; (b) uses or disclosures for treatment, payment or healthcare operations; (c) as part of any valid use or disclosure; or (d) in compliance with and pursuant to applicable law.
Wyllness may disclose PHI for most other purposes only pursuant to a Patient’s valid authorization, including as follows: (i) for most uses and disclosures of psychotherapy notes; (ii) for use or disclosure of PHI for marketing purposes; (iii) for disclosures that constitute a sale of PHI; or (iv) for other uses or disclosures that are not exempt from the authorization requirement.
We will enter into business associate agreements with the Patient’s Providers who are “Covered Entities” when we are a “Business Associate,” as those terms are defined by HIPAA. We will use and disclose Protected Health Information only for those uses and disclosures permitted by HIPAA and under the applicable business associate agreement. We may use or disclose Protected Health Information to provide Services to the Patient or the Provider. We may also use Protected Health Information for our proper management and administration or to carry out our legal responsibilities.
We use reasonable organizational, technical and administrative measures to protect Personal Information under our control, consistent with our obligations under HIPAA. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below.
“Non-Personal Information” is any information that does not reveal, on its own, your specific identity, such as: browser log data, App usage data, location information, aggregated information, and your IP addresses. While Non-Personal Information may not necessarily identify you, if we have your Personal Information, we may link any Non-Personal information with your Personal Information in our records.
We and our third party service providers may collect Non-Personal Information in a variety of ways, including:
If you would like to review, correct, update, delete or otherwise limit our use of your Personal Information that has been previously provided to us, you may contact us in accordance with the “Contact Us” section below.
In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit use of your Personal Information we may need to terminate your account with us and your ability to access and use the Services, and you agree that we will not be liable to you for such termination or for any refunds of prepaid fees paid by you. Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Information. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
The Services are not permitted for use by individuals under the age of eighteen (18) unless they have provided the written consent of their parents or legal guardians, and we request that these individuals do not provide Personal Information to us.