Aila Health, Inc.
Last Updated: April 13, 2020
WHAT WE COLLECT
We collect information about you in a range of ways.
Information You Give Us. We collect your name, email address, phone number, username, password, demographic information (such as your gender and occupation), health information as well as other information you directly give us on our App. We collect data about health, DNA, medical records, sensor data; data held by a hospital or doctor; and other similar data.
Information We Get From Others. We may get information about you from other sources. We may add this to information we get from this App.
Information Automatically Collected. We automatically log information about you and your computer. For example, when visiting our App, we log your phones operating system type, browser type, browser language, the website you visited before browsing to our Site, pages you viewed, how long you spent on a page, access times and information about your use of and actions on our Site.
Geo-Location Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device's settings.
Push Notifications. We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device's settings.
Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device's sensors, storage, camera, calendar, social media accounts, and other features. If you wish to change our access or permissions, you may do so in your device's settings.
Cookies. We may log information using "cookies." Cookies are small data files stored on your hard drive by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Site. This type of information is collected to make the Site more useful to you and to tailor the experience with us to meet your special interests and needs.
USE OF PERSONAL INFORMATION
We use personal information collected via our Apps for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests, in order to enter into or perform a contract with you, with your consent, and/or for compliance with our legal obligations. We indicate the specific processing grounds we rely on next to each purpose listed below.
Below are some definitions that will help you understand the roles and responsibilities of Aila:
“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be used.
“data processor”, in relation to personal information, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
If you provide the data and the instructions, then you are the data controller and Aila is the data processor.
If we determine the purposes for which we collect and use your personal information, then we are the Controller.
We use your personal information as follows:
We use your personal information to operate, maintain, and improve our sites, products, and services.
We use your personal information to respond to comments and questions and provide customer service.
We use your personal information to send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages such as about changes to our terms, conditions, and policies.
To enforce our terms, conditions and policies for Business Purposes, Legal Reasons and Contractual.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
We use your personal information to communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
We use your personal information to link or combine user information with other personal information.
We use your personal information to provide and deliver products and services customers request.
For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Apps, products, marketing and your experience. We may use and store this information in aggregated and anonymized (de-identified) forms so that it is not associated with individual end users and does not include personal (identifiable) information. We will not use identifiable personal information without your consent. This
SHARING OF PERSONAL INFORMATION
We may share personal information as follows:
We may share personal information with your consent. For example, you may let us share personal information with others such as your doctors. Those uses will be subject to their privacy policies.
We may share your de-identified data with medical practitioners, academic institutions, public health officials and other entities.
We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
We may share personal information for legal, protection, and safety purposes.
We may share information to comply with laws.
We may share information to respond to lawful requests and legal processes.
We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
We may share information with those who need it to do work for us.
Allow Users to Connect to their Third-Party Accounts
Instagram, Facebook account, Twitter account and LinkedIn account
Cloud Computing Services
Amazon Web Services (AWS)
We may also share aggregated and/or anonymized data with others for their own uses.
RETENTION OF YOUR INFORMATION
Based on the laws of some countries, you may have the right to request access to the personal information we collect from you, change that information, or delete it in some circumstances. To request to review, update, or delete your personal information, please email firstname.lastname@example.org. We will respond to your request within 30 days.
INFORMATION STORAGE SAFETY
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Apps is at your own risk. You should only access the services within a secure environment.
INFORMATION FROM MINORS
We do not knowingly solicit data from or market to children under 18 years of age. By using the Apps, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Apps. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we have collected from children under age 18, please contact us at
INFORMATION CHOICES AND CHANGES
Our marketing emails tell you how to “opt-out.” If you opt out, we may still send you non-marketing emails. Non-marketing emails include emails about your accounts and our business dealings with you.
You may send requests about personal information to our Contact Information below. You can request to change contact choices, opt-out of our sharing with others, and update your personal information.
You can typically remove and reject cookies from our Site with your browser settings. Many browsers are set to accept cookies until you change your settings. If you remove or reject our cookies, it could affect how our Site works for you.
PRIVACY RIGHTS FOR CALIFORNIA RESIDENTS
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below. If you are under 18 years of age, reside in California, and have a registered account with the Apps, you have the right to request removal of unwanted data that you publicly post on the Apps. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Apps, but please be aware that the data may not be completely or comprehensively removed from our systems.
1999 Harrison Street, 18th FL
Oakland, CA 94612
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We understand the importance of privacy and are committed to maintaining the confidentiality of your medical and health information. We maintain records of your health services we cover (claims), and we also maintain information about your health status that we have used for enrollment processing and may receive such records from others. We use these records to administer your health plan benefits and coverage; we may also use these records to coordinate benefits with other health plans, ensure appropriate quality of services provided to you and to enhance the overall quality of our services, and to meet our obligations as a health plan. We consider this health information, and the records we maintain, to be protected health information. We are required by law to maintain the privacy of protected health information and to provide individuals such as health plan participants with notice of our legal duties and privacy practices with respect to protected health information. This notice describes how we may use and disclose your protected health information. It also describes your rights and our legal obligations with respect to your protected health information. If you have any questions about this Notice, please contact our Privacy Official listed above.
A. How We May Use or Disclose Your Health Information
We collect health information about you and store it in paper or electronic records formats. This is your health plan record. The health plan record is the property of Aila Health, but the information in the health plan record belongs to you. The law permits us to use or disclose your health information for the following purposes:
1. Treatment. As a health plan, we may provide information to a health provider who is directly involved in your health care. While this plan does not engage in health care treatment, we may disclose or use your health information to assist in coordinating your care among different providers. Or we may use this information to manage referrals and authorizations for your care with providers, diagnostic facilities, pharmacies and other providers involved in your care.
2. Payment. We use and disclose protected health information about you to adjudicate and pay claims for services rendered to you that are covered by this plan. We may use and disclose information about you to other health plans or third parties to obtain payment when they are also responsible (known as coordination of benefits). We may use and disclose information about you for the purpose of billing and receiving premium payment by your employer, or for the purpose of obtaining reimbursement from a re-insurer of your health plan. We may use and disclose protected health information to work with organizations providing certain specialized benefits. We always take care to ensure that we use or disclose only the minimally necessary protected health information to accomplish these purposes.
3. Health Care Operations. We may use and disclose protected health information about you to operate our health plan or services. For example, we may use and disclose this information to review and improve the quality of care that is rendered by the health care professionals and providers who treat you. We may use and disclose this information for the purpose of determining your coverage and benefits (commonly known as underwriting and enrollment) and for renewal or changes in your benefits and coverage. We may use or disclose your information for the purpose of improving our benefits and coverage, or to provide disease management services. We may use or disclose information for the purpose of authorizing referrals and services. We may also use and disclose this information as necessary for medical, dental or vision claim reviews, legal services and audits, including fraud and abuse detection, compliance programs and business planning and management. We may also share your protected health information with our "business associates", such as our third party administrator, enrollment processor, reinsurance carrier, and other firms that perform administrative or other services for us. We have a written contract with each of these business associates that contains terms requiring them to protect the confidentiality of your protected health information.
4. Communication. We may communicate with you by mail or by telephone regarding health plan coverage, eligibility questions and coordination of benefits. We will contact you at the home address we have on file for the plan member or the home telephone number on file.
5. Breach Notification. In the case of a breach of unsecured protected health information, we will notify you as required by law. If you have provided us with a current email address, we may use email to communicate information related to the breach. In some circumstances our business associate may provide the notification. We may also provide notification by other methods as appropriate.
6. Notification and communication with family. We may disclose your health information to notify or assist in notifying a family member, your personal representative or another person responsible for your care about your location, your general condition or in the event of your death. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with your care or helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over your objection if we believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others.
7. Disclosures to your employer. We may disclose protected health information about you to the plan sponsor, which is usually your employer, with certain restrictions. We will only disclose whether or not you are enrolled in the health plan and summary health information (which summarizes claims paid and related information but does not identify you or your services). The plan sponsor may use this information to evaluate its sponsorship of the health plan, such as obtaining quotes from other health plans or working with its broker or benefits consultant to modify plan coverage and design. If the plan sponsor requires more than summary or enrollment information, we will only provide that information if the plan documents (your summary plan description or enrollment package) allow this, or are modified to give you notice of this. In any case, the plan sponsor is not allowed to use any such information for employment related decisions about you. Plan sponsors must make certifications to us regarding their uses and disclosures of this information or protected health information and must assure that their agents and subcontractors do the same.
8. Marketing. We may contact you to give you information about products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments or health-related benefits and services that may be of interest to you, or to provide you with a list of providers and services covered by the plan. We may also communicate to you about services and products that add value to you but are not necessarily covered benefits. We may also communicate to you about alternative treatment options, alternative settings of care or providers or for case management or improved care such as with disease management. We may communicate with you about a drug or biologic that is currently being prescribed. Our representatives may communicate to you face to face or even provide you a promotional gift of nominal value, for example during a health fair. These activities described above do not require your authorization. For any other marketing activities, including those for which we may receive remuneration, we will not otherwise use or disclose your protected health information without your written authorization. You may also ask to opt out of any marketing communications by notifying the Privacy Official listed above.
9. Required by law. As required by law, we will use and disclose your health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities.
10. Public health. We may, and are sometimes required by law to, disclose your health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. When we report suspected elder or dependent adult abuse or domestic violence, we will inform you or your personal representative promptly unless in our best professional judgment, we believe the notification would place you at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm.
11. Health oversight activities. We may, and are sometimes required by law to, disclose your health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by applicable law.
12. Judicial and administrative proceedings. We may, and are sometimes required by law to, disclose your health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify you of the request and you have not objected, or if your objections have been resolved by a court or administrative order.
13. Law enforcement. We may, and are sometimes required by law to, disclose your health information to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person; complying with a court order, warrant, or grand jury subpoena; and for other law enforcement purposes.
14. Coroners. We may, and are often required by law to, disclose your health information to coroners in connection with their investigations of deaths.
15. Organ or tissue donation. We may disclose your health information to organizations involved in procuring, banking or transplanting organs and tissues.
16. Public safety. We may, and are sometimes required by law to, disclose your health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
17. Specialized government functions. We may disclose your health information for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.
18. Worker’s compensation. We may disclose your health information as necessary to comply with worker’s compensation laws. For example, when a worker’s compensation carrier requests information to coordinate benefits or to determine benefits based on claims we have paid or information we possess.
19. Underwriting Purposes. We may use protected health information to conduct underwriting and underwriting analyses, and for premium rate setting purposes. However, federal law prohibits the use or disclosure of genetic information about an individual for such purposes.
B. When We May Not Use or Disclose Your Health Information
Except as described in this Notice of Privacy Practices, we will not use or disclose health information which identifies you without your written authorization. If you do authorize us to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.
C. Your Health Information Rights
1. Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information, by a written request to the Privacy Official specifying what information you want to limit and what limitations on our use or disclosure of that information you wish to have imposed. We reserve the right to accept or reject your request, and will notify you of our decision.
2. Right to Request Confidential Communications. You have the right to request that you receive your health information in a specific way or at a specific location. We will comply with all reasonable requests submitted in writing to the Privacy Official, which specify how or where you wish to receive these communications; however you may be required to pay for special communications methods. We may require a statement that all or part of the information we disclose could endanger you.
3. Right to Inspect and Copy. You have the right to inspect and/or copy your health information, with limited exceptions. To access your protected health information, you must submit a written request to the Privacy Official detailing what information you want access to and whether you want to inspect it or get a paper or electronic copy. We will charge a reasonable fee, as allowed by applicable law. We may deny your request under limited circumstances; if we do so, in certain circumstances you have the right to request a review of our denial.
4. Right to Amend or Supplement. You have a right to request that we amend your health information in our possession that you believe is incorrect or incomplete. You must make a request to amend in writing to the Privacy Official, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your health information, and will provide you with information about our denial of such a request and how you can disagree with the denial. We may deny your request for reasons which include the following: we do not have the information, we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is.
5. Right to an Accounting of Disclosures. You have a right to receive an accounting of disclosures of your health information made by Aila Health, except that we do not have to account for the disclosures provided to you or pursuant to your written authorization, or as described in paragraphs 1 (treatment), 2 (payment), 3 (health care operations), 6 (notification and communication with family) and 17 (specialized government functions) of Section A of this Notice of Privacy Practices, or for disclosures for purposes of research or public health which exclude direct plan participant/member identifiers, or which are incident to a use or disclosure otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement official to the extent that we have received notice from that agency or official that providing this accounting would be reasonably likely to impede their activities.
6. You have a right to a paper copy of this Notice of Privacy Practices, even if you have previously consented to its receipt by e-mail.
If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact our Privacy Official listed at the bottom of this Notice.
D. Additional Information
1. Patient Portal and Other Patient Electronic Correspondence. Aila Health may use and disclose your PHI through various secure patient portals that allow you to view, download and transmit certain medical and billing information and communicate with certain health care providers in a secure manner through the portal.
2. Your Contact Information: Home and Email Addresses/Phone Numbers. If you provide us with a home or email address, home/work/cell telephone number, or other contact information during any registration or administrative process we will assume that the information you provided us is accurate and that you consent to our use of this information to communicate with you about your treatment, payment for service and health care operations. You are responsible to notify us of any change of this information. Aila Health reserves the right to utilize third parties to update this information for our records as needed.
3. Email or Downloading PHI. If you email us medical or billing information from a private email address (such as a Yahoo, Gmail, etc. account), your information may not be secure in transmission. We therefore recommend you use your Aila Health patient portal to communicate with us regarding your care and/or billing issues. If you request that Aila Health email your PHI to a private email address, we will send it in an encrypted manner unless you request otherwise. Aila Health is not responsible for the privacy or security of your PHI if you request that we send it to you in an unsecured manner or download or post it on a dropbox, unencrypted USB drive, CD or other unsecure medium. In addition, Aila Health is not responsible if your PHI is re-disclosed, damaged, altered or otherwise misused by an authorized recipient. In addition, if you share an email account with another person (for example, your spouse/partner/roommate) or you choose to store, print, email, or post your PHI, it may not be private or secure.
4. Sensitive Health Information. Federal and state laws provide special protection for certain types of health information, including psychotherapy notes, information about substance use disorders and treatment, mental health and AIDS/HIV or other communicable diseases, and may limit whether and how we may disclose information about you to others.
5. Substance Use Disorder Records and Information. The confidentiality of patient records maintained by federally assisted substance use disorder rehabilitation programs is protected by Federal law and regulations. Generally, such programs may not disclose any information that would identify an individual as having or being treated for a substance use disorder unless:
the individual consents in writing;
the disclosure is allowed by a court order
the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation; or
as otherwise permitted by law.
(Notwithstanding the preceding, we may disclose certain information that could identify you as having a substance use disorder pursuant to paragraph 6, below.) Violation of these laws and regulations is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations. Federal law and regulations do not protect any information about a crime committed by a patient or about any threat to commit such a crime. Federal laws and regulations do not prevent any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
6. Consent to Disclose Sensitive Health and Substance Use Disorder Information. The Aila Health Authorization & Consent to Treat form you sign as part of the registration process includes your consent to the release of federally assisted substance use disorder information, information regarding treatment of communicable diseases and mental health information for the purposes specified in this notice. If you do not wish for this information to be disclosed, you must notify us in writing at email@example.com and we will determine if it is feasible for us to accept your request.
7. Incidental Disclosures. Despite our efforts to protect your privacy, your PHI may be overheard or seen by people not involved in your care. For example, other individuals at your provider’s office could overhear a conversation about you or see you getting treatment. Such incidental disclosures are not a violation of HIPAA.
8. Business Associates. Your PHI may be disclosed to individuals or entities who provide services to or on behalf of Aila Health. Pursuant to HIPAA, Aila Health requires these companies sign business associate or confidentiality agreements before we disclose your PHI to them. However, Aila Health generally does not control the business, privacy, or security operations of our business associates.
9. Authorization for Other Uses and Disclosures. Aila Health will obtain your written authorization for uses and disclosures that are not identified by this notice or otherwise required or permitted by applicable law. Any authorization you provide regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. However, your revocation will not affect actions we have already taken; in other words, we are unable to take back any disclosures of PHI we have already made.
E. Health Information Exchanges
Health Information Exchange (HIE) enables your healthcare providers to quickly and securely share your health information electronically among a network of healthcare providers, including physicians, hospitals, laboratories and pharmacies. Your health information is transmitted securely and only authorized healthcare providers with a valid reason may access your information.
Aila Health is committed to protecting the privacy and security of your health information, including the sharing and accessing of your information through HIE. Every HIE and its participants must protect your private medical information under HIPAA law, as well as applicable state laws and regulations. Information shared via HIE is encrypted, meaning it can be accessed only by authorized users and prevents hackers from accessing your information. Aila Health participates in a number of HIEs, including, but not limited to, Surescripts, Commonwell, CareQuality. (Note: This list is subject to change.)
If you agree to have your medical information shared through HIE and you have a current Consent form on file, you do not need to do anything. By signing the form, you have granted us permission to share your health information to HIE.
We recognize your right to choose not to participate in HIE, also referred to as opting-out. If you decide to opt-out of HIE, healthcare providers will not be able to access your health information through HIE. You should understand that providers may still request and receive your medical information from other providers using other methods permitted by law, such as fax, mail or other electronic communication.
If you have any questions about HIE, you can email firstname.lastname@example.org. To opt-out of HIE, please email email@example.com. Please note, your opt-out does not affect health information that was disclosed through HIE prior to the time that you opted out.
F. Changes to this Notice of Privacy Practices
We reserve the right to amend this Notice of Privacy Practices at any time in the future. Until such an amendment is made, we are required by law to comply with this Notice. After an amendment is made, the revised Notice of Privacy Protections will apply to all protected health information that we maintain, regardless of when it was created or received. We will provide you with a revised Notice upon a material change to the Notice within 60 days of the material change and revision. We will provide the Notice to you via mail, or via email if you have consented to receive information by email. A copy of the revised Notice is available upon request. We will also post the current notice on our website.
Complaints about this Notice of Privacy Practices or how we handle your health information should be directed to our Privacy Official listed at the top of this Notice of Privacy Practices.
If you are not satisfied with the manner in which Aila Health handles a complaint, you may submit a formal complaint to the:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201
You can determine the best method for filing a complaint by visiting www.hhs.gov/ocr including whether to send your complaint to the address above or to your regional Office for Civil Rights.
You will not be penalized or retaliated against in any way by Aila Health, its employees or business associates if you file a complaint. If you believe you are being retaliated against please immediately contact the Privacy Official listed at the top of this Notice of Privacy Practices.
H. Contact for Questions
For more information or questions about the privacy policies of Aila Health, please contact:
℅ Privacy Officer
1999 Harrison Street, 18th Floor
Oakland, CA 94612