HIPAA

This health technology developer is a HIPAA

covered entity



Yes



[If yes] If the health technology developer is a

HIPAA covered entity, select one of the statements

on the right that applies to be inserted in the

privacy notice.



Please note that the health data we collect

as part of this [insert name of technology

product] are NOT covered by HIPAA and

our company’s HIPAA Notice of Privacy

Practices does NOT apply



Some of the health data we collect as part

of this [insert name of technology product]

also are protected by HIPAA.

o Read our HIPAA Notice of Privacy

Practices (embed link or popup] for

more information.

Use: How we use your data internally

We collect and use your identifiable data

to:



Provide the primary service

of the app or technology



Develop marketing materials for our products



Conduct scientific research



Support company operations (e.g., quality control or fraud detection)



Develop and improve new and current products and services (e.g., analytics

)



Other: _____



We DO NOT collect and use your identifiable data

Share: How we share your data externally with other companies or entities

We share your identifiable data

to:



Provide the primary service

of the app or technology



Develop marketing materials for our products



Conduct scientific research



Support company operations (e.g., quality control or fraud detection)



Develop and improve new and current products and services (e.g., analytics

)



Other:________



We DO NOT share your identifiable data

                 

          

Privacy Policy

☑

We share your data AFTER removing identifiers (note that remaining data may not be anonymous) to:



Provide the primary service

of the app or technology



Develop marketing materials for our products



Conduct scientific research



Support company operations (e.g., quality control or fraud detection)



Develop and improve new and current products and services (e.g., analytics

)



Other:________



We DO NOT share your data after removing identifiers

Sell: Who we sell your data to

We sell your identifiable data

to some or all

of the following: data brokers

, marketing

firms, advertising firms, or analytics firms.



Yes, automatically



Yes, only with your permission

o [If yes] Here is how you can check your

settings, including permissions set as a

default…



No, we DO NOT sell your data

We sell your data AFTER removing identifiers

(note that remaining data may not be

anonymous) to some or all of the following:

data brokers

, marketing firms, advertising

firms, or analytics firms.



Yes, automatically



Yes, only with your permission

o [If yes] Here is how you can check your

settings, including permissions set as a

default…



No, we DO NOT sell your data after removing

identifiers (note that remaining data may not be

anonymous)

Store: How we store your data

We store your data on the device



Yes



We store your data outside the device at our

company or through a third party



Yes



Encryption

: How we encrypt your data

We encrypt your data in the device or app



Yes, automatically



Yes, but only when you take certain steps (click

to learn how)



N/A

We encrypt your data when stored on our

company servers or with an outside cloud

computing

services provider



Yes, automatically



Yes, but only when you take certain steps (click

to learn how)



N/A

We encrypt your data while it is

transmitted



Yes, automatically



Yes, but only when you take certain steps (click

to learn how)



N/A

☑

Deactivation

: What happens to your data when your account is deactivated

When your account is deactivated/terminated

by you or the company, your data is…



Deleted immediately



Deleted after __ days, weeks, months, years

[select applicable interval]



Permanently retained and used



Retained and used until you request deletion

Policy Changes: How we will notify you if our privacy policy changes

Breach

: How we will notify you and protect your data in case of an improper disclosure

consumers’ data in the case of a breach and provide link to section in privacy policy.

Privacy: How this technology accesses other data

The technology or app requests access to

other device data or applications, such as your

phone’s camera, photos, or contacts



Yes, only with your permission. It connects to...



Camera



Photos



Contacts



Location services



Microphone



Health monitoring devices



Other: _____________

[If yes] Here is how you can check your

settings, including permissions set as a

default…



No: This technology or app does NOT request

access to other device data or applications,

such as your phone’s camera, photos, or

contacts.

The technology or app allows you to share the

collected data with your social media accounts,

like Facebook



Yes



Yes, only with your permission.

[If yes] Here is how you can check your

settings…



No: This technology or app does not allow you

to share the collected data with your social

media accounts, such as Facebook.

User Options: What you can do with the data that we collect

The technology or app allows you to access,

edit, share, or delete the data we have about

you



Yes. You can…



Access your data



Edit your data



Share your data



Delete your data

[If yes] Here is how to do this…



          

             

☑

email privacymatters@healthsouse.com

☑

In the event of a breach, you’ll be notiﬁed at the email we have on ﬁle for you within 24 hours

Health data can include, but is not limited to: wellness information (e.g., exercise or fitness habits, nutrition, or

sleep data), health markers (e.g., blood pressure, BMI, or glucose), information on physical or mental health

conditions, insurance or health care information, or information that integrates into or receives information from a

personal health record.

Include definition of “identifiable data.” Identifiable data means: data, such as your name, phone number, email,

address, health services, information on your physical or mental health conditions, or your social security number,

that can be used on its own or with other information to identify you.

If unclear, specify what the developer considers the primary service.

Include definition of “analytics.” Analytics means: the process of examining data to draw conclusions from that

information.

Include definition of “data broker.” Data broker means: companies that collect personal information about

consumers from a variety of public and non-public sources and resell the information to other companies

(From FTC: https://www.ftc.gov/news-events/press-releases/2012/12/ftc-study-data-broker-industrys-collection-

use-consumer-data).

Direct consumers how to adjust permissions.

Include definition of “encryption.” Encryption means: a method of converting an original message of regular text

into encoded text in such a way that only authorized parties can read it.

Include definition of “cloud computing.” Cloud computing means: a kind of Internet-based computing that

provides shared processing resources and data to computers and other devices on demand.

Include definition of “deactivation.” Deactivation means: an individual takes action or a company ceases

operation or deactivates an individual’s account due to inactivity.

Include definition of “breach.” Breach means: an unauthorized disclosure.

 







  

   