Updated: October 29, 2015
4D Healthware LLC, an Illinois limited liability company (the “Company”, “we”, “us” or “our”), provides the website located at www.4Dhealthware.com (the “Website”) and the related application (the “Application”) to aggregate data from various activity and biometric monitoring devices, healthcare applications, and website providers to provide Consumers (as defined below) with access to aggregated and integrated data from certain third party applications, programs, and/or devices that the Consumer may elect to connect to using the Website or the Application (collectively, the “Service”).
“Consumers” (including “you” or “your”) refers to a Consumer or a Patient. are those individuals who elect to utilize the Website and/or Application for the monitoring and aggregation of activity, biometric and healthcare data produced by a Consumer’s use of, or uploaded by the Consumer from, certain integrated third party websites, applications, programs and/or devices that the Consumer may elect to use in connection with the Website, Application and/or the Service.
“Health Professionals” are licensed physicians, nurse practitioners, registered nurses and other medical professionals, who monitor, and/or communicate with, Consumers using the Website, Application and/or the Service.
“Patients” are those Consumers who have agreed to accept a Health Professional’s services in making diagnoses or in recommending treatment or both, including, where the Health Professional deems it appropriate and lawful, and where it is within the scope of the Health Professional’s practice, the prescribing of medications (exclusive of controlled substances).
“Protected Health Information,” or “PHI,” is any information about health status, provision of health care, or payment for health care that is identifiable, meaning it can be linked to a specific individual.
A. Non-Personally Identifiable Information
The Company may collect information about and from Consumers that use the Website, the Application and/or the Service (collectively, “Consumer Data”), including the following:
Each activity and biometric device, healthcare application or website a Consumer connects to the Service will provide the Company or its agent a specific user key (the “User Key”) that identifies the Consumer as a registered member, which allows us to verify that we are authorized to provide you with the Service. We do not ordinarily receive any personally identifiable information or PHI from such activity and biometric devices, healthcare applications or websites.
The Company may collect and use non-personally identifiable information about the mobile phone and other devices a Consumer uses to access the Website, the Application and/or the Service, including for example the make and model of a Consumer’s devices, and (if applicable) the type of browser software used, the operating system, Internet Protocol addresses, referring/exit pages, operating system, date/time stamp, click stream data and anonymous statistical data regarding your use of the Website, the Application and/or the Service. In addition, a Consumer’s location may be collected and stored via the functionality of a Consumer’s mobile phone or other devices and, if so, the Company may store and access such information. In addition, the Company reserves the right to use the information collected about a Consumer’s mobile phone or other devices (including its location), for any lawful business purpose, including without limitation to help identify problems with the Company’s servers, to gather de-identified demographic information, and to otherwise administer the Website, the Application and the Service.
The Company, in a continuous effort to better understand and serve our Consumers, may conduct research on demographics, interests, behavior and other topics based on data generated by our Consumers, that is provided to, collected by or otherwise available to us. Because we do not collect any personally identifiable information, all of the Consumer Data we collect is considered “De-Identified Consumer Data.” We use the Consumer Data from you and other users and reformat, supplement, compile, analyze and/or aggregate these datasets together to create what we term “Aggregated Consumer Data.” We may share certain of this Consumer Data and/or Aggregated Consumer Data with our affiliates, agents and business partners as described below. Neither Consumer Data nor Aggregated Consumer Data is intended to identify any user.
B. Protected Health Information
The Company does not ordinarily collect information pertinent to the services Health Professionals directly provide by way of clinical services to Patients. Other than information specifically needed for the administration of our Service, the Company does not seek to collect individually identifiable health information.
With a Consumer’s permission, however, the Company will store PHI for the Consumer’s use and, at the Consumer’s election, the Consumer’s selected Health Professionals’ use. The Company does not seek to use PHI for any purpose except as necessary for providing the Service and for those uses to which a Consumer has consented. Consumers have the option to upload or not to upload PHI, but if a Consumer chooses to do so, the Consumer will have access to their own PHI. Consumers are not required to upload PHI in order to use the Website, Application and/or the Service. Use of your PHI by the Company shall be limited to those uses to which a Consumer consents.
PHI provided to the Company and transmitted between or among the Website, the Application, mobile devices and the Company’s servers is encrypted. The passwords that allow access to the Website and the Application, which may contain PHI, are also encrypted. The Company’s servers that PHI may be stored on is protected by a firewall. Human access is limited to that access needed to maintain the server, and generally excludes access to PHI. The Company’s servers require secure shell certificates for access. The servers have all ports closed (deny-all mode) except for those required to remain open because they are vital for operation. These open ports are secured with authentication (login/password) and encryption (Hypertext Transfer Protocol Secure/ Secure Socket Layer (“HTTPS/SSL”). The Company undertakes commercially reasonable efforts to secure all PHI as it is sent. In the event of hacking, however, it is always possible, despite the Company’s commercially reasonable efforts, that PHI may be exposed. By using the Website, Application and/or Service, a Consumer accepts this risk of unauthorized PHI use or disclosure.
The Company is not a “covered entity” as defined in the Health Insurance Portability and Accountability Act and the regulations promulgated under that Act. The Health Professionals with whom a Consumer may communicate with through the Website or Application are subject to laws governing the privacy of PHI. Any individually identifiable health information provided to the Company by a Health Professional is subject to or protected by law. To the extent the law applies to the Company, commercially reasonable efforts to maintain the privacy of such PHI will be made.
The security of Consumer Data and PHI is of critical importance to the Company, and, accordingly, The Company has established commercially reasonable physical, electronic, and managerial procedures to safeguard and secure Consumer Data from unauthorized access. Consumers should be aware, however, that there is always some risk involved in transmitting information over the internet. There is always some risk that the Company’s or the Consumer’s network and/or security systems could be circumvented or breached, including by third parties who use the Website, the Application or the Service in order to do so. While the Company strives to use commercially reasonable means to protect Consumer Data, we cannot ensure or warrant the security and privacy of Consumer Data or any other information, including PHI, you transmit to us.
Consumers electing to store PHI on the Website or Application accept responsibility for securing their usernames and passwords. Should the Company become aware of a compromise of PHI, the Company shall notify the relevant Health Professionals as soon as possible, but in any event within thirty (30) days of learning of the compromise.
4. CONTACT INFORMATION
If you have questions or complaints regarding this Policy or our practices, please contact the Company at:
4D Healthware LLC
Chicago, IL 60654