HEALTH ROVER PRIVACY POLICY
Last updated:  October 12th, 2023

This Privacy Policy describes the practices of Health Rover, LLC d/b/a Health Rover and its affiliates, predecessors, successors, and subsidiaries (“we,” “us,” or “Health Rover”), including when you visit any Health Rover website (“Websites”), use any affiliated applications (“Apps”), or otherwise provide data to Health Rover. We refer to the Website, Apps, and other services provided by Health Rover together in this Policy as the “Service” or “Services”).  

By creating, registering, or logging into an account through the Service, or otherwise accessing or using the Service, you are automatically accepting and acknowledging the most recent version of this Privacy Policy.

If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual's behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence, and you have given us your consent to allow any of your minor dependents to use this site.

Information You Provide to Us.  

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

·       Account and product registration and administration of your account

·       Processing your orders and requests for treatment

·       Questions, communications, or feedback you submit to us via forms or email.

·       Your participation in research and surveys

·       Requests for customer support and technical assistance, including through online chat functionalities.

·       Uploads or posts to the Services

·       Allowing access your camera roll or photo storage to allow you to upload your insurance card information.

The specific types of information we collect will depend upon the Services you use, how you use them, and the information you choose to provide. The types of data we collect directly from you may include:

·       Name, address, telephone number, date of birth, and email address

·       Information about your medical conditions, treatment options, physician referrals, prescriptions, and lab results or other related health information, such as your physical and emotional characteristics

·       Log-in credentials, if you create an account.

·       Billing information, such as shipping address, credit or debit card number, verification number, expiration date, and identity verification information, collected by our payment processors on our behalf.

·       Information about purchases or other transactions with us or independent providers

·       Information about your customer service and maintenance interactions with us

·       Demographic information such as your gender and age

·       User-generated content you post in public online forums on our Services.

·       Insurance card information

·       Any other information you choose to directly provide to us in connection with your use of the Services.

Information We Collect Through Automated Means.

We collect certain information about your use of the Services and the devices you use to access the Services, as described in this Section. As discussed further below, we and our service providers (which are third party companies that work on our behalf), may use a variety of technologies, including cookies and similar tools, to assist in collecting this information.

Our Websites. When you use our Websites, we may collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed the Services, software and hardware attributes (including device IDs) referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time you used the Services, error logs, and other similar information.

Our Apps. When you use our Apps, we may receive certain information about the mobile phone, tablet, or computer used to access the Apps, including a mobile device identifier, IP address, operating system, version, Internet service provider, browser type, domain name and other similar information, whether and when you update the Apps, date and time of use, and how you use the Apps, including time spent in different portions of the Apps.

You can also permit our web based or third-party applications to access specific images stored on your device by allowing the app access to your camera roll or photo storage solely for the purpose of uploading your insurance card information. We will not access, collect or use any other data or image on your camera roll or photo storage.

Location Information. When you use the Services, we and our service providers may automatically collect general location information (e.g., IP address, city/state and or postal code associated with an IP address) from your computer or mobile device. This information allows us to enable access to content that varies based on a user’s general location (e.g., to provide you with accurate sales tax information and to deliver content customized to your location).

Our Use of Cookies and Similar Online Tools. To collect the information discussed in this Section, we and our service providers use web server logs, cookies, tags, SDKs, tracking pixels, and other similar tracking technologies. We use these technologies to offer you a more tailored experience.

·       A web server log is a file where website activity is stored.

·       An SDK is a set of tools and/or code that we embed in our Apps and software to allow third parties to collect information about how users interact with the Services.

·       A cookie is a small text file that is placed on your computer or mobile device when you visit a site, that enables us to: (i) recognize your computer/device; (ii) store your preferences and settings; (iii) understand the parts of the Services you have visited and used; (iv), enhance your user experience by delivering and measuring the effectiveness of content and advertising tailored to your interests; (v) perform searches and analytics; and (vi) assist with security and administrative functions.

·       Tracking pixels (sometimes referred to as web beacons or clear GIFs) are tiny electronic tags with a unique identifier embedded in websites, online ads and/or email that are designed to: (1) collect usage information like ad impressions or clicks and email open rates; (2) measure popularity of the Services and associated advertising; and (3) access user cookies.

As we adopt additional technologies, we may also gather information through other methods.

Information We Receive from Other Sources

We work closely with third parties (including, for example, physicians, medical professionals, and laboratories with whom we partner to provide you with the Services and their health care services, sub-contractors in technical, advertising networks, analytics providers, and search information providers). Such third parties will sometimes provide us with additional information about you.

PURPOSES FOR HOW WE USE YOUR INFORMATION

In connection with providing you with the Services, we may use your information to: 

·       Carry out, improve, and manage the Services and, as applicable, facilitate the provision of health care services to you by physicians or other health care providers and ensure that the physicians or health care providers have the services and support necessary for health care operations.

·       Engage in internal research to understand the effectiveness of our Services, improve our Services, and better understand our user base. If we publish or provide the results of this research to others, such research will be presented in a de-identified and aggregate form such that individual users cannot be identified.

·       Communicate with you about the Services, your use of the Services, or your inquiries related to the Services and send you communications on behalf of physicians or other health care providers utilizing the Services to meet your needs.

·       Communicate with you by email, postal mail, or phone about surveys, promotions, special events or our products and Services and those of our subsidiaries, affiliates, and parent companies and any of their related businesses and those of our third-party partners.

·       Provide you with technical support and customer service.

·       Verify your identity and administer your account, including processing your payments and fulfilling your orders.

·       Ensure that content from our Services is presented in the most effective manner for you and for your computer or device, allow you to participate in interactive features of our Services (when you choose to do so), and as part of our efforts to keep our Services safe and secure.

·       Measure or understand the effectiveness of advertising and content we serve to you and others, and to deliver and customize relevant advertising and content to you.

·       Help us better understand your interests and needs, such as by engaging in analysis and research regarding use of the Services.

·       Comply in good faith with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others.

·       Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others.

·       When Health Rover believes in good faith that such use is otherwise necessary or advisable.  

Combined Information. For the purposes discussed in this Privacy Policy, we may combine the information that we collect through the Services with information that we receive from other sources, both online and offline, and use and share such combined information in accordance with this Privacy Policy.

Aggregate/De-Identified Data. We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). We may use Aggregate/De-Identified Information for any purpose, including for research and marketing purposes, and may also share such data with any third parties, including advertisers, promotional partners, and sponsors.

ONLINE ANALYTICS AND ADVERTISING

1. Online Analytics

We may use third-party web analytics services on our Services to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; try to locate the same unique users across multiple browsers or devices to better tailor services and features; and provide certain features to you. 

If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

2. Online Advertising

The Services may integrate third-party advertising technologies (e.g., ad networks and ad servers such as Facebook, Google Ad Words, and others) that use cookies and other technologies to deliver relevant content and advertising, as well as on other websites you visit and other applications you use. The ads may be based on various factors such as the content of the page you are visiting, information you enter such as your searches, demographic data, and other information we collect from you. These ads may be based on your current activity or your activity over time and across other websites and online services.

We sometimes provide our customer information (such as email addresses) to service providers, who may “match” this information in de-identified form to cookies (or mobile ad identifiers) and other proprietary IDs, to provide you with more relevant ads when you visit other websites and mobile applications.

We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your device you use to access the Services by non-affiliated third-party advertising network services

3. Mobile Advertising

When using mobile applications from us or others, you may also receive tailored in-application advertisements. We may use third-party service providers to deliver advertisements on mobile applications or for mobile application analytics.  We do not control how the applicable platform operator allows you to control receiving personalized in-application advertisements; thus, you should contact the platform provider for further details on opting out of tailored in-application advertisements. You may review the support materials and/or the device settings for the respective operating systems to opt-out of tailored in-app advertisements.

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We may share your information for our business purposes in the following ways:

·       Affiliates and Subsidiaries. We may share information we collect within and across any affiliates or subsidiaries to deliver products and services to you, ensure a consistent level of service across our products and services, and enhance our products, services, and your customer experience.  We may provide you with information about Health Rover’s products and services by letter, email, text, telephone, or other forms of communication.  We may also provide you with information about third-party businesses, products, and services by letter, email, text, telephone or other forms of communication.  

·       Health Care Providers and Services. We share your information with health care providers: (i) to schedule and fulfill appointments and provide health care services as part of the Services, (ii) to whom you send messages through our Services, and (iii) for other treatment, payment or health care operations purposes, upon your request.

·       Service Providers. We may provide access to or share your information with select third parties who use the information to perform services on our behalf. They provide a variety of services to us, including but not limited to marketing, advertising, analytics, research, customer service, shipping and fulfillment, data storage, IT and security, fraud prevention, and auditing and legal services. These entities may also include health care organizations, pharmacies, laboratories and other third parties we use to support our business or in connection with the administration and support of the Services.

·       Protection of Health Rover and Others. By using the Services, you acknowledge and agree that we may access, retain and disclose the information we collect and maintain about you if required to do so by law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce our Terms and Conditions, this Privacy Policy, or other contracts with you, including investigation of potential violations thereof; (c) respond to claims that any content violates the rights of third parties; (d) respond to your requests for customer service; and/or (e) protect the rights, property or personal safety of Health Rover, its agents and affiliates, its users and/or the public. This includes exchanging information with other companies and organizations for fraud protection, and spam/malware prevention, and similar purposes.

·       Business Transfers. As we continue to develop our business, we may buy, merge, or partner with other companies. In such transactions, (including in contemplation of such transactions) user information may be among the transferred assets. If a portion or all our assets are sold or transferred to a third-party, customer information (including your email address) would likely be one of the transferred business assets. If such transfer is subject to additional mandatory restrictions under applicable laws, we will comply with such restrictions.

·       Public Forums. Certain features of our Services may make it possible for you to share comments publicly with other users. Any information that you submit through such features is not confidential, and we may use it for any purpose (including in testimonials or other marketing materials). For example, if you submit a product review on one of our sites, we may display your review (along with the name provided, if any) on other Health Rover websites and on third-party websites. Any information you post openly in these ways will be available to the public at large and potentially accessible through third-party search engines. Accordingly, please take care when using these features.

·       Consent. We may also disclose your information in other ways you direct us to and when we have your consent.

·       Aggregate/De-Identified Information. We reserve the right to create Aggregate/De-Identified Data from the information we collect through the Services and our sharing of such Aggregate/De-Identified Data is in our discretion.

HOW WE PROTECT YOUR INFORMATION

Health Rover takes a variety of technical and organizational security measures to protect your information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. As such, you acknowledge and accept that we cannot guarantee the security of your information transmitted to, through, or on our Services or via the Internet and that any such transmission is at your own risk.

Where we have given you (or where you have chosen) a password that enables you to access the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. The information you share in public areas may be viewed by any user of the Services.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption.  Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

REVISIONS TO OUR PRIVACY POLICY

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

REVISIONS TO OUR PRIVACY POLICY

We reserve the right to change this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, the features of our Services, or advances in technology. We will make the revised Privacy Policy accessible through the Services, so you should review it periodically. The date this Privacy Policy was last revised is identified at the top of the document. You are responsible for periodically monitoring and reviewing any updates to the Privacy Policy. If we make a material change to the Privacy Policy, we will provide you with appropriate notice in accordance with legal requirements. Your continued use of our Websites or Apps after such amendments (and notice, where applicable) will be deemed your acknowledgment of these changes to this Privacy Policy.

RETENTION OF INFORMATION 

Health Rover may retain your information for as long as it believes necessary; as long as necessary to comply with its legal obligations, resolve disputes and/or enforce its agreements; and/or as long as needed to provide you with the products and/or services of the Service. Health Rover may dispose of or delete any such information at any time, except as set forth in any other agreement or document executed by Health Rover or as required by law.

The retention period for patient-related information varies depending on various factors:

1. **Jurisdiction**: Different countries, states, and localities may have different regulations regarding the length of time medical records should be retained.

2. **Type of Record**: Different types of records, such as adult medical records, pediatric records, immunization records, radiographs, and others, might have different retention requirements.

3. **Patient Age**: For example, many jurisdictions require pediatric records to be kept for a certain number of years after the patient reaches the age of majority.

4. **Regulatory or Accreditation Standards**: Medical facilities might be subject to additional regulations or standards from professional organizations or accrediting bodies.

Under the Health Insurance Portability and Accountability Act (HIPAA), there isn't a specific retention period for medical records. However, the HIPAA Privacy Rule requires covered entities to retain certain documentation for six years.

Many U.S. states have their own regulations. For instance, in some states, adult patient records must be retained for a minimum of seven years from the date of the last patient encounter, while pediatric records must often be retained until the patient has reached the age of 21 (or longer). 

PROTECTED HEALTH INFORMATION

In using components of the Service, you may also provide certain health or medical information that may be protected under applicable laws.  One or more of medical groups, allied health professionals, or laboratories (the “Providers”) that provide services to you through Health Rover’s Service may be a "covered entity" or "business associate" under HIPAA, and Health Rover may in some cases be a "business associate” of the Providers. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA may not apply to your transactions or communications with Health Rover or the Providers.  To the extent Health Rover is deemed a "business associate" however, and solely in its role as a business associate, Health Rover, may be subject to certain provisions of HIPAA with respect to "protected health information," as defined under HIPAA, that you provide to the Providers (" PHI"). In addition, any medical or health information that you provide that is subject to specific protections under applicable state laws (collectively, with PHI, "Protected Information"), will be used and disclosed only in accordance with such applicable laws. However, any information that does not constitute Protected Information under applicable laws may be used or disclosed in any manner permitted under this Privacy Policy. Protected Information does not include information that has been de-identified in accordance with applicable laws.

SYSTEMS UTILIZED TO MAINTAIN PROTECTED HEALTH INFORMATION (PHI)

To guarantee the safety, confidentiality, and integrity of your PHI, we employ various platforms and services:

Google Cloud Services: Our primary data storage solution is Google Cloud Services. Health Rover has established a Business Associate Agreement (BAA) with Google, ensuring that Google Cloud Services meets the standards set by HIPAA to protect the privacy and security of PHI.

Klara Patient Communication Platform: Klara serves as our foremost patient communication tool. This platform allows patients to register and grant consent for specific health interventions. To ensure the protection of your information, Klara incorporates robust security measures.

Practice Fusion Electronic Medical Records (EMR) System: Practice Fusion powers our EMR system, facilitating the documentation of patient encounters and enabling clinician signoffs within Health Rover. Practice Fusion adopts leading-edge security standards to preserve the confidentiality, integrity, and availability of patient health data.

Microsoft 365: For streamlined patient communications and intake processes, we deploy Microsoft 365. We utilize its email functionalities for direct communication and its integrated tools for managing patient intake forms. Like our other platforms, Microsoft 365 is fully committed to PHI protection, and we hold a BAA with them, assuring their rigorous adherence to HIPAA requirements and standards.

THIRD PARTY SERVICES AND NOTICES ABOUT HEALTH INFORMATION

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including physicians, other health care providers using the Services, or third-party systems such as Google Cloud Services, Klara, Practice Fusion and Microsoft. Such third parties, including Klara and Practice Fusion, with whom we share patient registration, consent, and clinical documentation respectively, may sometimes gather information from or about you. While we maintain BAAs with Google Cloud Services and Microsoft and ensure the best practices are in place with our partners, we have no control over the privacy practices of these third parties. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites or services, and not this Privacy Policy. We urge you to read the privacy and security policies of these third parties.

CONTACTING US

If you have any questions about this Privacy Policy or Health Rover’s privacy practices, please contact us at: 

Health Rover, LLC

81 Scudder Avenue Northport, NY 11768

Email: workplace@thehealthrover.com