Health Ahead™ Privacy Policy
This Privacy Policy was last revised on May 26, 2023
This Privacy Policy (“Privacy Policy”) describes how Health Ahead Management, Inc. (“Health Ahead”) collectively referred to as “we,” “our,” and “us” in this Privacy Policy, collect and use personal information from and about you when you use the Health Ahead website https://.healthahead.com and mobile application (collectively, the “Website”), and/or when you communicate with Health Ahead by e-mail, text message, telephone conversation, chat, or other means of communicating electronically or by voice or video. Though the Website, we make certain information available to you regarding in-person and remote medical care, and facilitate your access to telemedicine and expert medical services (the “Medical Services”) provided by Health Ahead, PLLC (the “PLLC”). Health Ahead understands that privacy of information is of great importance to our Visitors.
Introduction
This Privacy Policy (“Privacy Policy”) describes how Health Ahead Management, Inc. (“Health Ahead”) collectively referred to as “we,” “our,” and “us” in this Privacy Policy, collect and use personal information from and about you when you use the Health Ahead website https://.healthahead.com and mobile application (collectively, the “Website”), and/or when you communicate with Health Ahead by e-mail, text message, telephone conversation, chat, or other means of communicating electronically or by voice or video. Though the Website, we make certain information available to you regarding in-person and remote medical care, and facilitate your access to telemedicine and expert medical services (the “Medical Services”) provided by Health Ahead, PLLC (the “PLLC”). Health Ahead understands that privacy of information is of great importance to our Visitors.
2. Types of Information that this Privacy Policy Applies to.
The Information we may collect, includes without limitation:
Information that identifies you or can be used to identify you, such as your name; home or work address; personal or work e-mail address; home, work, and mobile telephone numbers; date of birth; credit or debit card numbers (which we collect for payment purposes only); images and videos; age, sex, and gender; Social Security Number; physical or mental health condition or history; health plan or insurance information; and other personal information;
Information that you provide to be published or displayed (“posted”) on certain public areas of the Website or that you transmit through the Website to other users of the Website;
Information about your Internet use or connection; the equipment you use to visit our Website; usage details, such as traffic data, logs, referring/exit pages, the date and time of your visit to our Website; error information; clickstream data; and other communication data and the resources that you access and use on our Website, including without limitation usage details, IP addresses, and information collected through the use of cookies or other tracking technologies; and
Information provided to us by others, such as our business partners.
Personal Information
We collect information that personally identifies you, such as your name, telephone number, email address, date of birth and other data which can be reasonably linked to such information (“Personal Information”) only if you choose to share such information with us. For example, you will be required to provide us with certain Personal Information to register with the Services, sign up for certain features available through the Services (such as push notifications, text messages and other communications services which may offer you the ability to share information with third parties, such as health care professionals), and at other times. The decision to provide this information is optional; however, if you decide not to register or provide such information, you may not be able to use some or all of the features of the Services. Further, Health Ahead may offer location-enabled services, for example to locate a nearby doctor or pharmacy. If you use those services, Health Ahead may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID). You will have the option to disable collection and use of location information. However, doing so may prevent you from using some features of the Services, or limit the function of some features.
Health Information
Health Ahead offers you the ability to share your Health Information with the PLLC in connection with the Medical Services. “Health Information” includes both Protected Health Information and Additional Health Information. “Protected Health Information” or “PHI” is personally identifiable information which relates to your health or payment for your healthcare services that is created or received by an entity covered under the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”), such as Health Ahead as a business associate of the PLLC, and the PLLC, as a covered entity under HIPAA. Protected Health Information includes the combination of your Personal Information and personal health information, such as medical records, medical history and/or information regarding a condition or treatment (e.g. information about symptoms, prescriptions, allergies, diagnoses and outcomes or side effects of treatment), including but not limited to images, videos, photographs, text messages and other data or materials that you may create and/or upload to share with the PLLC and/or your healthcare provider, as part of the Medical Services. “Additional Health Information” is any and all other personal health information that is not Protected Health Information, generally because such information was not created or received by a HIPAA-covered entity.
When you use the Medical Services, you expressly authorize the sharing of your Health Information with anyone who is part of your Medical Services team and is also a user of the Services, which may include your healthcare professional(s).
If you allow someone to access your account, you do so at your sole risk and may risk exposing your Health Information. Health Ahead does not know and cannot control how anyone else to whom you give access to your account and/or with whom you share your Health Information may use your Health Information or account. Health Information you provide to others may not be protected, kept private, or be secure. You are solely responsible for all use of your account, by yourself or anyone whom you permit to use it. Health Ahead will not be liable for any disclosure or use of Health Information or other information by you or anyone using your account with your permission.
You should not upload any Health Information regarding any person other than yourself without that person’s prior express consent. You must obtain the consent of your family member or any other person before you submit or share Health Information about that person. By submitting or sharing Health Information about a family member or anyone else, you represent and warrant that you have obtained that person’s express consent to do so or that you otherwise have the legal authority to do so (e.g., because that person is a minor and you are the parent or legal guardian).
This Privacy Policy also applies to information collected from Visitors after they register and log-in (“Members”) to the password protected and secure portions of our website and mobile application (“Secure Platforms”). These Secure Platforms allow Members to utilize the Medical Services provided by the PLLC.
This Privacy Policy details how we may use, share and maintain any information that you provide to us or to the PLLC. Health Ahead’s role is limited to making such information available to you and/or facilitate your access to the Medical Services, on behalf of the PLLC as its “business associate” as that term is defined under HIPAA. Health Ahead is independent from the PLLC and the healthcare providers that may provide you with Medical Services through the PLLC. Health Ahead is not responsible for the PLLC’s acts, omissions or for any content of the communications made by them to you. Health Ahead does not engage in the practice of medicine or provide any health services to you. Health Ahead provides certain business associate services to the PLLC.
Any Health Information stored and collected by Health Ahead or added by Members into such Secure Platforms is identifiable, PHI and therefore governed by HIPAA. How the PLLC uses and discloses such PHI shall be in accordance with the PLLC’s Notice of Privacy Practices. For example, if you have consented to importing data from your healthcare provider into the Secure Platform, you should review the PLLC’s Notice of Privacy Practices to understand how the PLLC will use and disclose such PHI.
3. Agreement to this Privacy Policy
Your access and use of the Website and Secure Platforms is subject to your agreement with this Privacy Policy and the Website Terms of Use. By using the Website, you expressly agree to the terms of this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use or access the Website for any purpose. Please print a copy of this Privacy Policy for your records.
4. Modifications to this Privacy Policy
Health Ahead may revise this Privacy Policy regarding the collection of information at any time. Should this Privacy Policy change materially, Health Ahead will give notice to you by posting a notice regarding the new policy on the Website. The revised Privacy Policy will be effective as of its posting unless otherwise stated.
5. Collection, Use and Disclosure of Your Information
We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect certain information relating to your use of the Website. Google Analytics uses cookies to help the Website analyze how users use the site. You can find out more about how Google uses data when you visit our Website by visiting “How Google uses data when you use our partners’ sites or apps”, (located at google.com/policies/privacy/partners/). We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics please visit Google’s website, and pages that describe Google Analytics, such as www.g oog le.com/analytics/learn/privacy.html.
We use Facebook Pixel, a web analytics and advertising service provided by Facebook Inc. (“Facebook”) on our Website. With its help, we can keep track of what users do after they see or click on a Facebook advertisement, keep track of users who access our Website and Application or advertisements from different devices, and better provide advertisements to our target audiences. The data from Facebook Pixel is also saved and processed by Facebook. Facebook can connect this data with your Facebook account and use it for its own and others advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. Please click here if you would like to withdraw your consent for use of your data with Facebook Pixel https://www.facebook.com/settings/?tab=ads#_=_.
Either Health Ahead or a third-party vendor on behalf of Health Ahead may automatically collect information while Visitors browse the Website. We may collect such information by tracking, or asking a third-party vendor to track, your click-stream activity when such information is not tied to a user ID through the use of “cookie” technology or by tracking internet protocol (IP) addresses, as explained below.
Because we want our Website to better serve Visitors’ needs, we collect some basic information about Visitors and their devices, including, but not limited to:
- IP address (the computer’s address on the Internet)
- Operating system (e.g. Windows, macOS, Linux, iOS, Android OS\)
- Browser software (e.g. Microsoft Edge, Chrome, Firefox)
- Internet Service Provider (e.g. AT&T, Verizon, Comcast, etc.)
- Geographic location (e.g. Boston, Mass.)
- Type of device (e.g. iPad, desktop)
- Mobile device crash information
- Locale & language of device, whether it has fingerprint/face sensors, and other activity sensors
- Data generated by activity sensors installed on the device
- Dates and times you accessed and used the Website, features you used in the Website, and how
long you use the Website overall
- Links you click and pages you view within the Website
- Pages you view before and after you leave the Website
We use this Information to provide you with the Services, to enhance and improve our Website and to better serve our Visitors’ needs. For example, we use this Information to know what browsers people most commonly use, what pages are most often visited, and what functionality is most used.
Some of the Information we collect from Visitors, such as IP Address, may be considered identifiable Personal Information. Additionally, there are times on our Website that Visitors are able to voluntarily submit Personal Information, such as their name, phone number, and/or email address in order to obtain more information from Health Ahead. We may remove personal identifiers from your Personal Information and maintain and use it in a de-identified form (“De-Identifiable Information”). De-Identifiable Information and Personal Information are collectively referred to throughout this Privacy Policy as “Information”.
The Information collected from Visitors on our Website may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze the Websites’ usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.
By continuing to use the Website, you hereby consent to the use and disclosure of your Information as set forth below:
within Health Ahead or with our service providers such as a cloud service provider in the United States for data storage;
with our financial, insurance, legal, accounting or other advisors that provide professional services to us;
to respond to a subpoena, order, legal process, or government request;
to protect, establish or exercise our legal rights or defend against legal claims;
to investigate, detect, suppress, prevent or take action regarding illegal or prohibited activities, suspected fraud, situations involving potential threats to the reputation or physical safety of any person;
if we are to be sold, merged, or amalgamated or substantially all of our assets are to be sold or disposed of, your Personal Information may be transferred to a potential purchaser if, and to the extent necessary, it is required for the purposes of deciding whether to proceed with the proposed transaction and completing it. If such a sale, merger, acquisition, or disposal is completed, we will use reasonable efforts to direct the transferee to use Personal Information you have provided to us in a manner that is consistent with this Privacy Policy. Following such a sale or transfer, you may contact the entity to which we transferred your Personal Information with any inquiries concerning the processing of that information; or
as otherwise required by law.
Communicating with You
By becoming a user of the Services and providing your mobile number and/or email address, certain features of the Services will be provided to you via your mobile phone or other mobile device which may include: the ability to upload content to the Website, download applications, and receive email, short message service (SMS), text message communications and mobile push notifications, each of which are not encrypted (“Mobile Features”). Standard messaging, data and/or other fees may be charged by your carrier. You can opt out of receiving email, SMS/text messages, and mobile push notifications. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Health Ahead from any liability arising from or related to any such interception or unauthorized access. You can opt out by changing your profile settings within the Services or by notifying your healthcare provider. You agree to notify Health Ahead of any changes to your mobile number and email by updating your Health Ahead Services account to reflect any changes.
Communicating with Your Healthcare Professionals
Services concerning you may be accessed by the PLLC and its healthcare professionals who are linked to your account, and by Health Ahead service providers, affiliates, representatives and assigns, all of whom may: send and receive reminders, alerts or other service-related information via email and/or push notifications or the like, i.e., utilize Mobile Features to notify and be notified of information about you. The use of Mobile Features may include the sharing of your Personal Information and Health Information.
Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Health Ahead from any liability arising from or related to any such interception or unauthorized access.
Communicating with You
By becoming a user of the Services and providing your mobile number and/or email address, certain features of the Services will be provided to you via your mobile phone or other mobile device which may include: the ability to upload content to the Website, download applications, and receive email, short message service (SMS), text message communications and mobile push notifications, each of which are not encrypted (“Mobile Features”). Standard messaging, data and/or other fees may be charged by your carrier. You can opt out of receiving email, SMS/text messages, and mobile push notifications. Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Health Ahead from any liability arising from or related to any such interception or unauthorized access. You can opt out by changing your profile settings within the Services or by notifying your healthcare provider. You agree to notify Health Ahead of any changes to your mobile number and email by updating your Health Ahead Services account to reflect any changes.
Communicating with Your Healthcare Professionals
Services concerning you may be accessed by the PLLC and its healthcare professionals who are linked to your account, and by Health Ahead service providers, affiliates, representatives and assigns, all of whom may: send and receive reminders, alerts or other service-related information via email and/or push notifications or the like, i.e., utilize Mobile Features to notify and be notified of information about you. The use of Mobile Features may include the sharing of your Personal Information and Health Information.
Although unlikely, it is possible for these communications to be intercepted or accessed without your authorization, and by using the Services, you release Health Ahead from any liability arising from or related to any such interception or unauthorized access.
Public Areas
Please be advised that, whenever you voluntarily post information to any public forum such as a bulletin board, blog, community or related interactive area of the Services, collectively “Public Posts”, such information can and may be accessed by the public. This means that any person or entity with access to such information can potentially use it for any purpose, including to send unsolicited communications.
7. Cookies and Web Beacons
Like many companies, we use “cookies” and “web beacons” to help you better navigate the Website. A “cookie” is a small piece of information sent by Health Ahead’s web-based applications that are stored by your web browser on your computer’s hard drive. A “web beacon” is an electronic file placed within a website that monitors usage. Cookies can enhance your online experience by saving your preferences while you are visiting a particular Website. The cookies do not contain any identifiable information and cannot profile your system or collect information from your hard drive. Most Internet browsers automatically accept cookies, but you can set your browser to refuse them or to alert you when they are being sent.
For more information about the cookies that are used on the Website and your ability to change your preferences or opt out of use of those cookies, please see Health Ahead’s Cookie Preferences.
8. Your Rights Regarding Your Personal Information
Amendment. You have a right to request that Health Ahead amend or delete the Personal Information it collects from your use of the Website if you believe it is incorrect or incomplete, and you may request an amendment or deletion for as long as the Personal Information is retained by Health Ahead. You must submit your request in writing to Health Ahead and provide a reason to support the requested amendment. Rebuild
Health may, under certain circumstances, deny your request by sending you a written notice of denial.
Withdrawal of Consent. Subject to applicable law, you may withdraw your consent to uses and disclosures of Personal Information as outlined in this Privacy Policy. You must submit your request in writing to Health Ahead. Withdrawing consent does not invalidate consent to any collection, use or disclosure of Personal Information to which you consented before consent was withdrawn. If you withdraw consent, or refuse further consent, Health Ahead’s ability to offer services to you may be limited.
9. Notice to California Residents/Your California Privacy Rights
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by Health Ahead to third parties for the third parties’ direct marketing purposes. These requests only cover information for the immediately prior calendar year (e.g. requests made in 2021 will receive information about 2020 sharing activities) and information about our sharing in general, not specific to you. To make such a request, please send an email to privacy@reside.health. If you are a California resident, the California Consumer Privacy Act (the “CCPA”) gives you additional rights about the collection, processing and storage of your personal data, which we will explain below. Information Collected We will not collect additional categories of personal information or use Personal Information collected for additional purposes without providing you with notice.
Information Disclosed for Business Purposes
We may disclose your contact information and financial information with our Service Providers to help us provide the Services. Please note that we do not sell any of your Personal Information to third parties.
Your Rights under CCPA
Additionally, you have the following rights under the CCPA and you may exercise these rights no more than twice in any twelve (12) month period by following the instructions below. To exercise more than one right at a time, please submit each request individually. If you submit multiple requests, we cannot guarantee the order in which your requests will be processed:
Right To Know
You have the right to know what categories of Personal Information we collected in the preceding twelve (12) months, including the categories of sources from which the Personal Information was collected, the specific pieces of Personal Information we have collected about you, and the business or commercial purposes for which such Personal Information was collected and shared. You also have the right to know the categories of Personal Information which were disclosed for business purposes, and the categories of third parties with whom we shared your Personal Information in the preceding twelve (12) months.
a. To exercise your right to know, please email us at privacy@reside.health and follow these instructions:
i. Write to us from the email address or mailing address that is affiliated with your account and include “Right to Know Under CCPA” in the subject of the email or written request;
ii. Please include sufficient Personal Information for us to verify the identity affiliated with your account. For example, provide your full name, phone number, address, email and account number, if applicable, at a minimum. We may request additional information to complete the verification process if we are unable to verify your identity initially;
iii. If you would like to know the categories of sources from which we collected your Personal Information, write “I am writing to request the categories of sources from which my personal information was collected” in your request;
iv. If you would like to know the specific Personal Information that we have collected about you, write “I am writing to request the specific personal information we have collected about you” in your request;
v. If you would like to know the business or commercial purposes for which we collected or shared your Personal Information, write “I am writing to request the business or commercial purposes for which my personal information was collected” in your request;
vi. If you would like to know the categories of Personal Information collected about you, write “I am writing to request the categories of personal information that was collected” in your request; and
vii. If you would like to know the categories of third parties with whom we shared your Personal Information in the preceding 12 months, write “I am writing to request the categories of third parties with whom you shared my personal information” in your request.
Right To Access
You have the right to receive the Personal Information that you gave us. The information that we will provide to you will be masked, meaning that portions of it will be omitted so that it can’t be used fraudulently. For example, your telephone number may display as (123) – XXXXXX67. In order to exercise your right to access, email us at privacy@reside.health and follow these instructions:
a. Write to us from the email address or mailing address that is affiliated with your account and include “Right to Access Personal Information Under CCPA” in the subject of the email or written request;
b. Please include sufficient Personal Information in your request for us to verify the identity affiliated with your account. For example, provide your full name, address, Email, Phone Number and account number if applicable. We may request additional information to complete the verification process if we are unable to verify your identity initially; and
c. In the body of your request, please write “I would like access to all of the information that I have given to you over the past 12 months.”
Deletion
You can request to have your Personal Information deleted and we will ask our Service Providers to do the same. Please note that if we delete your Personal Information, many of our Services will not work the same. For example, you will not have an account (since any prior saved data will be deleted). If you make multiple requests under this section, we recommend sending your deletion request last, as we will not be able to fulfill your other requests once we have deleted your information.
§ Exceptions: We may not be able to fulfill your request if we (or our Service Providers) are required to retain your Personal Information for one or more of the following reasons:
1. Transactional: to receive the Services for which the Personal Information was collected, provide a good or service requested by you, or perform a contract we have with you;
2. Security: to detect data security incidents;
3. Error Correction: to debug or repair any errors;
4. Legal: to protect against fraud or illegal activity or to comply with applicable law or a legal obligation, or exercise rights under the law, such as the right to free speech; or
5. Internal Use: to use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information (i.e., to improve our services).
§ To exercise your right to deletion, email us at privacy@reside.health and follow these instructions:
1. In the body of your request, please write “I would like my information deleted” and provide the information that you would like deleted;
2. Please include sufficient Personal Information for us to verify the identity affiliated with your account. For example, provide your full name, address, Email, Phone Number, and account number if applicable. We may request additional information to complete the verification process if we cannot verify your identity initially. Our ability to fulfill your deletion request is limited by the information you provide us and the information associated with your account. For example, if you have multiple email addresses and you include only one in your request, we will only delete the email address that you included in the request. To delete multiple email addresses, you must verify you own applicable email account by sending the request from the applicable email address
Non-Discrimination:
We will not discriminate against you for exercising any of your rights, and we will not deny you good or services, charge you a different price, or provide you with a lesser quality of goods or services if you exercise any of your rights, unless by exercising any of your rights we are unable to provide the Services for which the Personal Information was collected, or perform a contract we have with you.
10. Third Party Website and Social Media Platforms
Our Website and Services may contain links to and from other websites or allow you to share certain content on third party websites or social platforms, such as Facebook and Twitter. A link to a third party’s website or social platform does not mean that we endorse it or that we are affiliated with it. We do not exercise control over third party websites or social platforms; you access such third-party websites or social platforms at your own risk. You should always read the privacy policy of a third-party website and social platform before sharing any information on or with them.
11. Service Providers
From time to time, we may establish a business relationship with other businesses whom we believe trustworthy and who have confirmed that their privacy practices are consistent with ours (“Service Providers”). For example, we may contract with Service Providers to provide certain services, such as hosting and maintenance, data storage and management. We only provide our Service Providers with the information necessary for them to perform these services on our behalf. Each Service Provider must agree to use reasonable security procedures and practices, appropriate to the nature of the information involved, in order to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers