Interlock Health Privacy Policy and Statement

EFFECTIVE DATE: April 10, 2020

 

This Privacy Policy (or, the “Agreement”) applies to your access to and use of the services associated with Interlock Health information technology (the “Service” or “System”), which may be available online, through a website, through a mobile application, or any other device or portal that is designed to facilitate access to the information technology that we provide. These services are operated by Interlock Health, LLC (“Interlock Health” also, “our,” “us,” or “we.” Whenever and however you access the Service, your access to and use of the Service is subject to this Privacy Policy, regardless of whether you create an account (“Account”).

 

Key features of this Privacy Policy include:

  • Interlock Health was founded by an emergency medicine physician who understands the value of keeping your personal health information (PHI) private.
  • We view trust as fundamental to our business.  We hold ourselves to a standard that may seem unusual: we won’t do anything with your personal health information that we wouldn’t want done to our personal health information.
  • By intention, all of your personal health information stored on our system is stored securely and not sold, re used, or otherwise distributed without your permission.
  • You can use our system to grant access to your PHI to another person, or group. The person, clinic, or corporate entity subsequently assumes the responsibility to protect the privacy of the PHI thus shared.
  • You should not grant access to your PHI with any person or group unless that person or group has provided assurance of protection of PHI that you deem sufficient and appropriate.
  • Interlock Health is allowed to use your personal health information in a de-identified manner, meaning your identity as the owner of the personal health information has been removed from the record, to make it difficult or impossible to identify the person to whom it belongs.
  • Beyond that, we don’t share your personal health informationwith third-parties, with some exceptions as noted below.

 

By using any of our services (hereafter, the “Service”), you accept the privacy practices presented in this Privacy Policy.  You are encouraged to read the entire Privacy Policy to better understand our privacy practices before creating an Account or submitting any personal information.

 

Scope: This Privacy Policy applies only to all who use our Service.  It is understood that users in the role of medical professionals understand and undertake their own responsibility for the protection of PHI, under the expectations of their profession and as defined by the Health Insurance Portability And Accountability Act (“HIPAA”) in the United States.

 

Statement On Privacy: Your personal health information may be the best protected category of personal information, for some very good reasons.  At first thought, you may not care if the entire world sees your medical records, and perhaps you have no medical history to keep private.  Upon reflection, you’ll realize that you could develop a medical problem at any time, and that you might not want this shared with all those around you.

 

That said, there are people who won’t be able to do their job well without access to your personal health information.  We’re thinking physicians, nurses, nurse practitioners, physician assistants, and pharmacists here; there may be others.

 

Your personal health information belongs to you.  While this might seem obvious, the federal government has created laws and regulations that make it clear that you are entitled to an electronic copy of your personal health information.

 

Interlock Health Account: Users of our System are allowed to create an Account.  When the account holder is acting as a patient, i.e. using a HealthCard account, the Account is effectively a personal health record that generally contains PHI respective to the Account holder. With an Interlock Health HealthCard Account, you can sign in to Interlock Health services.  Signing in allows access to the personal health information and other data associated with your Interlock Health account; it also allows personalization and persistent setting choices across products and devices; permits you to use data stored in the Interlock Health cloud storage solution; it may permit you to make payments using payment instructions stored with your Interlock Health account; and may enable other features including sharing access to your PHI with medical professionals.

 

There are different types of Interlock Health accounts:

  • Personal Interlock Health accounts are tied to or associated with your personal email address and / or personal phone
  • Third-party accountsare tied to an email address and / or phone number that is associated with and / or provided by an organization, such as an employer, insurance company, clinic, sports team, or school.

 

Be aware that if you sign into a service offered by a third party with your Interlock Health account, you will share with that third party the account data that is required by that service.  Similarly, certain personal health information, for example, prescription information, will by necessity be sent to third parties for their proper function.  These third parties are responsible for the maintenance and publication of the rules and policies associated with the personal health information they receive.

 

Personal Information We Collect: When you use the Service, we may collect personal information about you.  This information includes, but is not limited to, unique identifiers and user behavioral information collection collected passively, such as your IP address, location, browser type, operating system, clickstream activity.

 

As you would expect, we also collect personal health information – which includes, but is not limited to, basic information (e.g. your age) as well as more specific health related information, your allergies, your medication history, and all of the other medical information that you, or others authorized by you, may store and retrieve in your Account. By creating an Account and using the Service, you grant us permission to obtain your PHI from third-parties.

 

You have choices regarding the technology you use, and the data you share.   When we ask you to provide personal health information or other information, you can decline.  For certain types of information, declining to provide accurate information could put your health or life at risk.  Your allergies and an accurate list of medications you are taking might be an obvious example, but accurate information might be life-saving in ways that are not obvious to you.

 

Our services require you to provide certain personal information, and if you decline, we will not be able to enter into or carry out a contract with you.

 

We may also use a variety of technologies to collect personal information about users of the Service.  These technologies may include the following:

  • web server logs
  • cookies (see more on cookies, below)
  • geo-location
  • other tracking technologies

 

Cookies, And Similar Technology: Cookies are small files placed and stored on your device to store data that can be retrieved for future reference by a web server.  We may use cookies, and similar technologies, to store and retrieve your preferences and settings, enable you to authenticate yourself as a user, to provide you with relevant advertising, to combat fraud, to analyze how our service(s) are performing, and to fulfill other legitimate purposes.  We use may use additional identifiers for similar purposes.

 

We may also use “web beacons” to help deliver cookies and gather usage and other data.  Our services and websites may include or incorporate web beacons, cookies, and / or other similar technologies from third-party service providers.

You have a variety of tools to control the data collected by cookies, web beacons, and the like.  For example, you can use settings and controls in your internet browser to limit how the websites you visit are able to use cookies, and to withdraw your consent by clearing and / or blocking cookies.

 

We may also obtain data about you from third parties.

 

How We Use Your Personal Information and Personal Health Information: Interlock Health uses the personal health information and other data that we collect to provide you with a service that is designed to enhance your health care.  Specifically, we use this information to

create the service(s) for you and

  • provide our Service, which includes sharing data, when it is required to provide the service or carry out the transactions that you request or authorize.
  • advertise and market to you, which may include third-party messaging that we think will be relevant to you as noted above.
  • improve, secure, troubleshoot, update, and otherwise provide support for the service
  • improve and develop our services and products
  • personalize our services and make recommendations
  • advertise and market to you, which includes sending promotional communications, targeted advertising, and presenting relevant offers to you
  • to operate our business, in general, which includes analyzing the operation and performance of our business, meeting our legal obligations, developing our workforce, and doing research. This means we may need to share your personal and personal health information with companies, organizations, or individuals outside of Interlock Health if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to

 

    • save or protect human lives
    • meet applicable laws, regulations, legal processes, or enforceable government requests
    • enforce applicable Terms of Service, including investigation of potential violations of same
    • detect, prevent, or otherwise address fraud, security, or other technical issues
    • protect the rights of Interlock Health and its customers against harm
    • engage in a merger, acquisition, reorganization, or sale of all or a portion of Interlock Health assets.

 

In accomplishing these purposes, we may combine data obtained from a variety of contexts and sources.  For example, you may enter certain personal health information which is stored and subsequently displayed next to personal health information derived from your doctor.  We do this in order to provide a more comprehensive view of your personal health information, to help you and your health care providers make more informed medical decisions, and for other legitimate purposes.

 

Reasons We Share Your Personal Health Information: We share your personal data, including your personal health information, with your consent or to complete any transaction or provide any service that you have requested and / or authorized.  We also may share this data with Interlock Health-controlled affiliates and subsidiaries; with vendors working on our behalf under appropriate restrictions and covenants; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our services; and to protect the rights and property of Interlock Health and its customers.

 

How To Access, And Modify, Your Personal Health Information: You can make choices about the collection and use of your personal health information by Interlock Health.  You can control the data that we have obtained, and exercise your data protection rights, by contacting Interlock Health or using the various services that we provide.  In some cases, your ability to access, modify, or control your personal health information and other data will be limited, as required or permitted by applicable law.

 

In addition, how you access or control your personal health information and other data will depend on which services you use.  For example, you can

  • delete medications that are displayed on your medication list
  • delete records that are displayed on various aspects of our services
  • access, and delete, some of the other personal health information and data through the service that you are using

 

Not all personal health information can be access or controlled by the tools provided.  If you want to access or control personal health information or other data in a manner that is not available to you via the tools and services provided, you can always contact Interlock Health at the address in the “Contact Us” section of our web site.

 

It should be clear that you can deleting information from the service will, in many cases, cause the information not to be displayed but will not delete the information from our databases.

 

Access, Correction, And Removal Of Personal Information: In general, you can control your personal data that Interlock Health has obtained from you using the Service.  In some cases, your ability to access or control your personal data will be limited, as required or permitted by applicable law.

 

Service Provided Through An Organization: In some cases, you may be able to use an email address that is provided by an organization to create an Account.  If this is the case, that organization may be able to

  • control or administer your Interlock Health Account, including controlling privacy-related settings of the Service
  • access and process your data

 

If you lose access to this email address (in the event of a change of employment, for example), you may lose access to your Interlock Health Account. Under these circumstances, we will attempt to provide a means for you to arrange uninterrupted access to your Account. This means, for example:

 

Patients: for a limited time, your account subscription level will default to a “Free” account, and you will be given the opportunity to upgrade to a paid account with no expected loss of any of your information / personal health information

 

Providers: for a limited time, your account subscription level will default to a “Free” account, and you will be given the opportunity to upgrade to a paid account with no expected loss of any of your personal information

 

 

Health Insurance Portability And Accountability Act (“HIPAA”): We have implemented programs to ensure compliance with the privacy and security requirements of HIPAA.

 

Children’s Privacy: Our Service is not intended for any user under the age of 13, and we do not knowingly collect personal information from children under the age of 13.  We request that children under the age of 13 not submit any personal information nor create an Account using our Service. Additionally, we request that children under the age of 16 not independently use any telehealth feature involving video that is otherwise available using our Service.

 

How We Protect Your Information: We use reasonable and appropriate technical, physical, and administrative industry safeguards to protect your information from unauthorized access, use, loss, misuse, or unauthorized changes.  We will use reasonable efforts to protect your information using commercially available computer security products (e.g., firewalls and encryption techniques), as well as carefully thought out security procedures, practices, and techniques.  All of this notwithstanding, we cannot guarantee 100% security in all circumstances.   If you have any questions regarding the security of this website, you can contact the Privacy Office using [email protected].

 

Products provided to an organization: notice to end users: If you use an Interlock Health service that was provided by an organization, such as an employer, clinic, hospital, school, or sports team, that organization may be permitted to

  • control and administer your Interlock Health services and account, including controlling privacy-related settings of the product or service
  • access and process your personal health information and other data specific to you, and the contents of your communications and files associated with Interlock Health services and accounts.

 

This is also true if you use and email address that was provided to you by an organization that you are affiliated with, where that organization has an agreement with Interlock Health (or its affiliates and subsidiaries) to provide the respective service to its patients / employees / affiliates and the like.

 

If you lose access to your affiliation with this organization (for example, if you change jobs), you may lose access to the service(s) and products that had been provided to you through the agreement with between the organization and Interlock Health.  In most cases, we will endeavor to notify you of the ability to transition to an account that is independent of the organization before permanently deleting the information associated with your account.

 

If an organization provides you with access to Interlock Health services, your use of the services is subject to the organization’s policies, if any.  You should direct your privacy inquiries, including any requests to exercise your data protection rights, to the organization’s administrator.

Interlock Health is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.  We do expect each of our customers to abide by our business associate agreement, which provides expectations for information handling that are designed to comply with Federal privacy requirements.

 

If you wish to opt out of an account provided by an organization, you should not use the email address provided to you by that organization, or, in the case of insurers / sports teams / health care providers or other organizations, you should not indicate or create any affiliation with the organization. For example, you should refuse to use a discount code associated with an organization if you do not wish your account to be provided by that organization.

 

How We Respond To “Do Not Track” Signals: “Do Not Track” is a feature offered by certain web browsers.  These features vary across browsers and are not broadly supported.  Our Service is not currently set up to respond to those signals.

 

Service Specific Details:

HealthCard: Interlock’s HealthCard service is designed to collect and use personal health information to provide services designed to enhance the information flow associated with your health care.  Specifically, the service allows you to collect, modify, and store personal health information, and share your personal health information with family, caregivers, and health care providers.

 

HealthDesk: Interlock’s HealthDesk service is designed to facilitate and enhance access to your PHI by health care professionals associated with a clinic, health care institution, or other form of group practice.  This process may include a request to the patient to verify or update some, or all, of the personal health information associated with the account prior to granting access to it by medical professionals.

 

PreScript: Interlock’s PreScript service is designed to allow health care providers, for example doctors, nurses, and physician assistants, to view, create, and modify personal health information respective to patients who are in their care.  As one specific example, the service allows health care providers to create electronic prescriptions for patients. HIPAA and Interlock Health require that providers agree to a Business Associate Agreement prior to use of the system by health care providers; this agreement is part of the Interlock Health enrollment process for health care providers.

 

VideoCare: Interlock’s VideoCare feature is designed to provide a secure video and audio connection between a patient and one or more medical professionals.  HIPAA and Interlock Health require that providers agree to a Business Associate Agreement prior to use of the feature by health care providers; this agreement is part of the Interlock Health enrollment process for health care providers.  As noted elsewhere, we ask individuals under the age of 16 not to use the VideoCare service unless under the supervision of a parent.

 

Changes To The Privacy Policy: We may update this Privacy Policy from time to time to better reflect new features, products, or services and how it may affect our use of your personal information and personal health information.   Accordingly, we recommend that you check the current version of the Privacy Policy from time to time.  If we make changes to this policy, we will update the “Effective Date” at the beginning of this notice.

 

Contact Information: If you have questions or concerns about this Privacy Policy, please contact us at support @ interlockhealth.com.