Healow Privacy Policy

Privacy Policy

Effective Date: January 6, 2023

Last Updated: October 11, 2023

1. Introduction

1.1. This Privacy Policy (this "Privacy Policy") informs you what Personal Information healow, LLC ("Healow," "we," "us," or "our") may collect, how healow collects such Personal Information, how healow uses such Personal Information in connection with the Services we provide to you or our customers (i.e., Providers as defined below), and your choices related to your Personal Information. This Privacy Policy also provides additional information required under California law about our collection, use and disclosure of the information of California residents from both online and offline sources, along with other required information such as rights that may be available to California residents.

1.1.1. "Services" means Healow's products and services, such as our websites ("Sites"), electronic medical records systems, practice management systems, healthcare provider customer portals ("Provider Portals"), patient portals ("Patient Portals," collectively with Provider Portals, "Portals"), software and mobile applications for the foregoing, etc.

1.2. In this Privacy Policy, we do not include Protected Health Information in the definition of Personal Information because, as discussed in Sections 2 and 4, Protected Health Information has different treatment under HIPAA (as defined below), other applicable laws, and the Customer Documents (as defined below). Accordingly, because Protected Health Information is handled differently under the Customer Documents, if you are a patient of a Provider (as defined below), your Protected Health Information is subject to the Customer Documents and your Provider's terms of service and privacy practices.

1.3. This Privacy Policy applies wherever it is posted, and it is part of and incorporated into applicable Terms of Use Agreements ("Terms of Use") for the Sites, the Portals, and other Services, and into any applicable Terms and Conditions for our software and mobile applications ("Terms and Conditions"). Any terms capitalized herein but not defined shall have the meanings assigned to such terms in the applicable Terms of Use or Terms and Conditions. By visiting or using the Services or otherwise affirming the acceptance of an agreement into which this Privacy Policy is incorporated by reference, you acknowledge and agree to accept the practices described in this Privacy Policy regarding the collection, use, disclosure, and transfer of your Personal Information. If you do not agree to the terms of this Privacy Policy, please do not use the Services. This Privacy Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by the applicable Terms of Use or Terms and Conditions of the respective Services.

1.4. Please note that some privacy rights and obligations may differ in certain locations based on local law, in which case healow will comply with the local legal requirements. If you are a California resident, our Privacy Notice for California Residents in Section 18 may apply to you. healow reserves the right, at any time, to modify this Privacy Policy. If we make revisions that change the way we collect, use, or share Personal Information, we will post those changes in this Privacy Policy. If we make material changes to our Privacy Policy, we may also notify you by other means prior to the changes taking effect, such as by posting a notice on our Site or sending you a notification. You should review this Privacy Policy periodically so that you keep up to date on our most current policies and practices. healow will note the effective date of the latest version of our Privacy Policy at the beginning of this Privacy Policy.

1.5. Employees and job applicants who are California residents receive a supplemental privacy notice that applies to their relationship with healow in the context of their employment or job application. In the event of any conflict with this Privacy Policy, the terms of the supplementary employee notice will control.

2. The Personal Information We Collect

2.1. When you access and use the Services, we may collect the following types of information:

2.1.1. "Personal Information" is information that identifies an individual or relates to an identifiable individual or household. The types of Personal Information collected, and the uses thereof depend on the purposes for which we collect the Personal Information (e.g., whether you are a visitor to our Sites, a user of our Portals, or a customer of our Services). As used in this Privacy Policy, Personal Information does not include Protected Health Information.

2.1.2. "Protected Health Information" or "PHI" is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations ("HIPAA").

2.1.3. "Usage Data" is information that we automatically collect about your use of the Sites and includes the sort that Web browsers and servers typically make available, through Web server logs, Web beacons, cookies and other similar tracking technologies, about the devices you use to access our Sites, as well as information on how you interact with our Sites. We do not deploy non-essential third-party cookies or similar tracking technologies on the Portals; however, we may collect log information including Usage Data for internal uses or uses by our service providers on our behalf, such as ensuring the security and integrity of our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your Location; computer and connection information such as your browser type and version; operating system and platform; confirmation when you open e-mail that we send you; purchase history; and the URLs which lead you to and around the Site including the date and time of access. Usage Data may overlap with Location Information. Usage Data generally does not directly identify an individual, but may constitute Personal Information in some instances.

3. How we Collect Your Personal Information

3.1. healow uses information collected from users of the Services to personalize and improve your visit and experience, to provide the Services to you or our customers, and for other purposes set out below. When you use the Services, healow may collect Personal Information in the following ways described below.

3.2 Information You Provide to healow: healow collects Personal Information when you use and interact with the Services, such as when you:

3.2.1. Communicate with healow about our Services whether by letter, e-mail, online chat window, or telephone;

3.2.2. Complete and submit forms to us on our Sites or Provider Portals (e.g., to register for an account on a Provider Portal, authenticate yourself to verify your authorized use of the Services, to register for our events, or to subscribe to our newsletters);

3.2.3. Visit our offices; or

3.2.4. Visit our Sites or interact with us on social media and provide us Personal Information.

3.3 Information that healow Collects Automatically: When you use the Services, healow may automatically collect Usage Data subject to the settings of your device that you use to access the Services. With your consent, we may also collect information from your device to facilitate your use of certain features of the Services. healow may use this data to analyze trends and statistics to improve your online experience or our customer service. We do not deploy non-essential third-party cookies or similar tracking technologies on our Portals but may collect Usage Data for purposes such as ensuring the security and integrity of our Services.

3.4 Information from Other Sources: healow may collect Personal Information from other sources such as the Internet and other publicly-available sources and databases, data aggregators, marketing companies, and other third parties, including sources from which you authorize us to obtain Personal Information about you on your behalf. If you authorize us to collect information from a third party, or if you authorize a third party to send us information, and you later decide that you no longer want us to obtain that information, you may need to contact the third-party source directly and request that they stop transmitting information to us. For example, if you submit claims to the Centers for Medicare and Medicaid Services ("CMS"), you may decide to authorize us to obtain information directly from CMS. For more information about how those third parties collected and used your Personal Information, please review the privacy policy of the respective third party.

4. Protected Health Information; healow as a Business Associate

4.1 Certain Services we provide to our customers or make available to their patients, such as the Portals, as well as certain support operations, involve access to, and the processing of, PHI. This PHI is provided to us pursuant to a service agreement, business associate agreement, or other document with terms and conditions for the Services (the "Customer Documents") that we have entered with our customers (health care providers or their firms, "Providers") that also govern our use of PHI of their patients provided by our Provider customers or their patient users.

4.1.1 This Privacy Policy supplements the Customer Documents. healow only uses such PHI as a "business associate" of its Providers, who are "covered entities," in accordance with any instructions or restrictions provided to healow by the Provider and in full compliance with the applicable provisions of HIPAA.

4.1.2 If you are a patient of a Provider, our use and disclosure of your Protected Health Information is governed by HIPAA and other applicable law and the Customer Documents with your Provider — not by this Privacy Policy. Your Provider's collection, use, disclosure, and transfer of such PHI are governed, in turn, by your Provider's terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your PHI directly to your Provider. We are not responsible for how our Provider customers treat PHI we collect on their behalf, and we recommend you review their own privacy policies.

4.1.3 Our Sites are generally not intended to collect or retain any PHI. Thus, sections of this Privacy Policy that discuss Personal Information collection on the Sites do not apply to PHI, and we do not request, obtain, use or disclose any PHI through our Sites such as www.healow.com.

5. Use of Information Collected By healow

5.1 healow uses the Personal Information collected to provide Services to our customers and their authorized users to improve user experience with the Services, and to communicate with you about requested information. healow may use Personal Information to help target specific offers to customers and others and to develop and improve its Services.

Additionally, healow may disclose your Personal Information as discussed below in Section 7, and use your Personal Information to:

  • Respond to user service requests, user questions and concerns, and administer user accounts. We may use your information to verify your identity, register you, administer your account, or provide you the information, products, and services that you request.
  • Provide service to our customers, which include Providers. If you are a patient of a Provider, we use your information when providing the Services to the Provider.
  • Communicate with users about our products, services, and related issues. We may use your information to try to identify if you may be interested in any of the Services or our business partners' products and services. If we think something may interest you, we may send you information and promotional materials. You may unsubscribe from receiving marketing e-mails from us by using the unsubscribe link included in marketing e-mails.
  • Administer fees and provide users with invoices or resolve billing issues. We may use your information to verify your identity in order to process your payments.
  • Ensure the security and integrity of our Services.
  • Conduct internal analytics for the purposes of development and improvement of the healow app.
  • Verify and maintain the quality of our Services, improve the Services, or develop new Services.
  • In the event of a business transaction. If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may use your information in connection with exploring or concluding such transaction.
  • To comply with law. We may disclose your information to comply with any applicable laws and/or regulations, such as to comply with valid legal processes such as a search warrant, subpoena, or order from a court or tribunal of competent jurisdiction.

6. Data Collection Technologies

6.1. We and our service providers may use cookies, Web beacons, log files, and other technologies (collectively, "Data Collection Technologies") to help us provide, customize, and improve the Sites. We do not deploy non-essential third-party cookies or similar tracking technologies on our Portals. The Data Collection Technologies we use on our Sites include:

6.1.1. Web Beacons: A Web Beacon is a Web page element (such as a clear gif, pixel tag or single-pixel gif) that may be embedded into our Sites or e-mail communications, and which may employ cookie technology to enable healow to record clickstream data.

6.1.2. Cookies: Cookies are small text files placed on your device to store data that can be recalled by a Web server in the domain that placed the cookie. Cookies enable healow to collect clickstream data, including traffic on the Sites. You may set your browser to reject certain cookies or to notify you when you are sent a cookie. Rejecting cookies may limit functionality of the Sites. Third parties also provide software that allows you to visit the Sites without providing certain types of this information. Our Sites may use the following types of cookies:

6.1.2.1. Essential/Strictly Necessary Cookies: These cookies are necessary for the Sites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Sites will not then work.

6.1.2.2. Analytics/Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our Sites. They help us know which pages are the most and least popular and see how visitors move around the Sites.

6.1.2.3. Targeting/Advertising Cookies: These types of cookies may be set by our advertising partners at Sites at which a cookie banner is displayed. These cookies may be used by those advertising partners to build a profile of your interests and to show you relevant adverts on other websites. You may disallow these targeting/advertising cookies using the cookie banner. California residents may also opt-out of certain sharing of information through these cookies including by visiting the "Your Privacy Choices" section of our website and following the instructions there, as described further in Section 18.5.1. If you do not allow these cookies, you will experience less targeted advertising.

6.1.3. Analytics Services: We may use third-party Web analytics services (such as those of Google Analytics) and other technologies on our Sites to: collect and analyze usage information through cookies and similar tools; engage in activities such as auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on.
Healow's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

6.2. Notice Concerning Do Not Track: Do Not Track ("DNT") is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above and recognize "Global Privacy Control" through our vendor, OneTrust. However, we do not currently use technology that specifically recognizes DNT signals from your Web browser. You can learn more about DNT here.

7. Disclosing Your Information

We may disclose your Personal Information for the following reasons:

7.1.1. At Your Request: healow may disclose Personal Information to third parties at your request, direction, or authorization. For example, if you direct healow to disclose your Personal Information to a third-party entity, whether and healow business partner or other third party to use the third party's service, we will share your information with the third party.

7.1.2. Internal Sharing: healow may disclose Personal Information to its affiliates (including parents, entities under common ownership, and subsidiaries, such as Healow, LLC), and other related companies without authorization.

7.1.3. With Our Service Providers: healow may disclose Personal Information to service providers for the purposes of operating our business, delivering, improving, and customizing our products or services, sending marketing and communications related to our business, payment processing, and for other legitimate purposes permitted by applicable law.

7.1.4. With Our Customers: healow may disclose Personal Information, including Sensitive Personal Information, to its customers consistent with the Customer Documents. Sensitive Personal Information" refers to Personal Information regarding more sensitive areas, such as government ID and certain other financial information, gender, marriage status, race/ethnicity, or veteran or disability status.

7.1.5. Compliance with Law: To the extent permitted by law, healow will disclose Personal Information to government authorities or third parties pursuant to a legal request, subpoena, or other legal process. healow may also use or disclose your Personal Information as permitted by law to perform charge verifications, apply, or enforce the Service's Terms of Use or Terms and Conditions, or protect healow's rights, interests, or property as well as those of healow affiliates, customers, or Service users.

7.1.6. Business Transaction: If healow sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, healow may transfer your Personal Information to a third party as part of that transaction.

8. Advertising and Third-Party Data Collection

healow may enter into relationships with third-party advertising companies to drive traffic to and serve ads on our Site. These third-party companies may also collect information through Data Collection Technologies described in Section 6 to measure the effectiveness of their ads and to personalize advertising content. The Network Advertising Initiative offers useful information about Internet advertising companies (also called "ad networks" or "network advertisers"), including information about how to opt-out of their information collection. We do not use such providers on our Portals.

8.1. You may opt-out of receiving marketing communications from us by following the instructions included in such a communication or by contacting us as provided in the Contact Information Section 17. If you opt out, we may still send you non-marketing communications, such as those about your account or our ongoing business relationship.

8.2. You may review and request changes to the Personal Information we have collected about you by contacting us as provided in the Contact Information Section 17 below.

9. Biometric Data

In connection with the Services, healow may collect or store biometric data, such as fingerprints or facial geometry scans that may identify you, which are uses for authentication and verification of your identity. This information may be biometric data under certain laws governing the collection, use, storage, and disclosure of biometric data. By providing such information, you acknowledge that you have been advised of, and understand that, healow, and its agents and contractors, may collect, use, store, and disclose biometric data for the purposes described in this Privacy Policy, or as otherwise described in the Services. We will not sell, lease, or trade your biometric information. We will retain such biometric data only until the occurrence of the first of the following, at which point the data will be scheduled for deletion: (a) the purposes outlined in this Section 9 have been satisfied, (b) any date of deletion required by applicable law, or (c) three (3) years have passed since your last interaction with our Services. Notwithstanding the foregoing, (1) healow will not delete biometric data that is PHI unless required by the applicable Provider, and (2) except as provided for in subsection (1), the collection, use, storage, disclosure, and retention of biometric data that is PHI through the use of any Service shall be governed by Section 4 of this Privacy Policy and any applicable Customer Documents, not this Section 9.

10. Security of Personal Information

healow has reasonable and appropriate safeguards in place to help protect the Personal Information healow collects from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Although healow attempts to protect the Personal Information in our possession, no security system is perfect, and healow cannot promise that your Personal Information will remain absolutely secure in all circumstances.

11. Retention of Personal Information

healow will retain your Personal Information as needed to fulfill the purposes for which it was collected. healow will retain and use your Personal Information as necessary to comply with healow's business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements. Additional information for California residents about our data retention practices is available in our Privacy Notice for California Residents.

12. Aggregated De-Identified Information

healow may provide aggregated information related to your Personal Information to some of healow's business partners. This information is used in a collective manner and does not identify you individually in any way. If you are a patient of a Provider, we may only create, use or disclose aggregated or certain de-identified PHI as authorized by your Provider in the Customer Documents.

13. Links to Third Party Websites

Our Sites may contain certain links to third party websites. healow is not responsible or liable for the privacy practices or content found on these websites. You should check the privacy notice and policies of each website you visit. Links to third party websites are provided solely for your convenience and any use or submission of data to such websites shall be at your sole risk.

14. Children's Privacy

Our Sites are not directed toward individuals under the age of 18. We do not promote our Sites to individuals under 18, and we do not knowingly collect any Personal Information through our Sites from individuals under 18. Access to our Portals is separately governed by the Portals' posted Terms of Use.

15. United States Only

The Services are intended for use only in the United States of America. If you use the Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) by using the Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Privacy Policy.

16. Changes to the Privacy Policy

healow may change this Privacy Policy at any time. Unless we say otherwise, changes will be effective upon the last updated date at the top of this Privacy Policy. Please check this Privacy Policy regularly to ensure that you are aware of any changes. We may try to notify you of material changes to this Privacy Policy, which if we do so may be by means such as by posting a notice directly on the Services, by sending an e-mail notification (if you have provided your e-mail address to us), or by other reasonable methods. In any event, if you use the Services after changes to this Privacy Policy, you have accepted the changes. If you do not agree with the changes, please stop using the Services.

17. Contact Information

If you have any questions or concerns related to this Privacy Policy or if you need to report a Privacy incident, please contact the healow Chief Privacy Officer at:
healow, LLC
2 Technology Drive
Westborough, MA 01581
Attn: Chief Privacy Officer
privacy@healow.com

If you have any questions or concerns related to Security or if you need to report a Security incident, please contact the healow Chief Information Security Officer at:

healow, LLC
2 Technology Drive
Westborough, MA 01581
Attn: Chief Information Security Officer
ciso.office@healow.com

These e-mail addresses are monitored only for privacy- and security-related inquiries. If you are a patient and have a question related to accessing the Patient Portal, please contact your healthcare provider.

Pursuant to applicable law, healow may be required to send you notice of known or suspected security breaches that impact your Personal Information. In the event that healow must provide a notice of a security breach to you, healow will send security breach notices to the contact information contained in your account information unless healow is required by law to notify you using another method. Otherwise, if healow needs, or is required, to contact you concerning any event that involves information about you we may do so by e-mail, telephone, or mail.

18. Privacy Notice for California Residents

Effective Date: January 1, 2023

Last Updated: April 13, 2023

This Privacy Notice for California Residents (this "Notice") supplements the information contained in this Privacy Policy and applies to all visitors to our Site, users and others who reside in the State of California ("you" or as the context requires "your"). We adopt this notice to comply with the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 ("CCPA/CPRA"), and any terms defined in the CCPA/CPRA have the same meaning when used in this Notice.

18.1 Collection of CCPA/CPRA Personal Information

Through a user's interactions with our Services, healow collects information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household ("CCPA/CPRA Personal Information").

CCPA/CPRA Personal Information does not include:

  • Publicly available information or lawfully obtained, truthful information that is a matter of public concern;
  • De-identified or aggregated consumer information; or
  • Certain information excluded from the CCPA/CPRA's scope, such as PHI, health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act ("CMIA") or clinical trial data.

Read More about healow's Collection of CCPA/CPRA Personal Information

Categories of CCPA/CPRA Personal Information that healow Collects

Categories of Collected CCPA/CPRA Personal Information Examples
Identifiers A real name, alias, postal address, unique personal identifiers, Internet Protocol address, e-mail address, account name, Social Security number, driver's license or state identification number, passport number, telephone number, fax number, username, National Provider Identifier (NPI), APU ID, or other similar identifiers.
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

Note that some CCPA/CPRA Personal Information included in this category may overlap with other categories.
Biometric information If you have biometric authentication integration as part of healow's Services, then we may collect information concerning your fingerprints, faceprints, voiceprints, and iris or retina scans.
Internet or other similar network activity Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement, page views, first and recent conversion, domain name, and hosting space.
Geolocation data Geolocation data from attendees at our conference events, users of our applications, including conference event application, and based on IP address, where associated with a geographic location.
Audio, electronic, visual, thermal, olfactory, or similar information Call recordings, photographs such as from practices or depicting providers or staff, videos from practices, photos and videos relating to marketing.
Professional or employment-related information Current or past job-related information, including role, job history, and performance evaluation data; information related to a particular company or practice; NPI
Education information Education credentials; school or university attended; year of graduation.
Inferences drawn from any of the information identified in this table to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Sensitive personal information Driver's license or state identification number; account passwords.
Other Information you provide us regarding your attending a healow event; customer information regarding products and services; testimonials; other information as described in this Privacy Policy.

Categories of Sources from Which the CCPA/CPRA Personal Information is Collected

  • Directly from you
  • Indirectly from you, which includes information collected in course of delivering services and information collected automatically through use of our website or other services
  • Third-party applications integrated with our CRM software
  • Other third parties that interact with us in connection with the services we perform
  • Medical providers, third-party payors, and government authorities
  • Data brokers or resellers from which we purchase data to supplement the information we collect
  • Employees and prospective employees
  • Other vendors/suppliers

Business or Commercial Purpose for Collecting CCPA/CPRA Personal Information

healow uses the CCPA/CPRA Personal Information collected in an effort to improve your experience with the Services, to provide the Services to you and to communicate with you about information that you request. healow may also use CCPA/CPRA Personal Information to help target specific offers to you and to help healow develop and improve its Services. Additionally, healow may use Your CCPA/CPRA Personal Information for one or more of the following business or commercial purposes:

  • Respond to user service requests
  • Administer user accounts
  • Provide service to our customers, which include Providers
  • Respond to your questions and concerns
  • Market and communicate about our products, services, events, and other offerings
  • Conduct diligence regarding our vendors and partners and administer vendor/partner relationships
  • Process payments, administer fees, provide users with invoices, or resolve billing issues
  • Carry out our legal obligations and enforce Company rights arising from any contracts to which we are a party
  • As necessary and appropriate to protect the rights, property or safety of healow, our customers or others
  • Provide, support, personalize, and develop our products, services, events, and other offerings
  • Help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business
  • As described to you when collecting your CCPA/CPRA Personal Information or as otherwise set forth in the CCPA/CPRA
  • Verify certain consumer privacy rights requests
  • Respond to law enforcement requests as required by applicable law, court order, or governmental regulations
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity
  • Undertake activities to verify or maintain the quality or safety of a service of the business and to improve, upgrade, or enhance such services

18.2 "Sale" and "Sharing" of CCPA/CPRA Personal Information

healow does not sell or share CCPA/CPRA Personal Information as the terms "sell" or "share" are defined by the CCPA. We may also use advertising technologies, such as those described in the Targeted/Advertising Cookies Section 6.1.2.3 and Advertising and Third-Party Data Collection Section 8 of this Privacy Policy, and we will comply with applicable law, including the CCPA/CPRA, as to such activity. To exercise the right to opt-out of the sale or sharing of your CCPA/CPRA Personal Information, you (or your authorized representative) may submit a request to us by visiting the "Your Privacy Choices" section of our website.

healow has no actual knowledge that it sells CCPA/CPRA Personal Information of consumers under 16 years of age to non-service provider third parties. Additionally, healow has no actual knowledge that it shares CCPA/CPRA Personal Information of consumers under 16 years of age to non-service provider third parties.

Read More about healow's "Sharing" of CCPA/CPRA Personal Information

Categories of CCPA/CPRA Personal Information Shared Categories of Third Parties to Whom CCPA/CPRA Personal Information is Shared
Identifiers Advertising and marketing partners
Internet and other similar network activity Advertising and marketing partners

Purpose for Sharing CCPA/CPRA Personal Information

  • To market and communicate about our products, services, events, and other offerings

18.3 Disclosure of CCPA/CPRA Personal Information

To facilitate the provision of Services to you and to comply with applicable law, we may disclose Your CCPA/CPRA Personal Information to third parties such as our affiliates; our service providers; other medical providers, third party payors, or clearinghouses; patients; government authorities; third parties for providing the services for which you have contracted; third parties to whom you or your agents authorize us to disclose your CCPA/CPRA Personal Information or to which we must provide your CCPA/CPRA Personal Information to provide services to you; and third parties to comply with applicable law, such as law enforcement.

Read More about healow's Disclosure of CCPA/CPRA Personal Information

Scenarios in which we disclose CCPA/CPRA Personal Information include:

Categories of CCPA/CPRA Personal Information Disclosed to Third Parties Third Parties to Whom CCPA/CPRA Personal Information is Disclosed
Identifiers Service Providers; Affiliates; Third parties for providing the services for which you have contracted; Third parties to whom you or your agents authorize us to disclose; Other medical providers, third party payors or clearinghouses; Patients
Categories described in Civ. Code § 1798.80(e) Service Providers; Affiliates; Third parties for providing the services for which you have contracted; Third parties to whom you or your agents authorize us to disclose; Other medical providers, third party payors or clearinghouses
Characteristics of protected classifications under California or federal law Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose
Biometric information Service Providers
Internet or other electronic network activity information Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose
Geolocation data Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose
Audio, electronic, visual, thermal, olfactory, or similar information Service Providers; Affiliates
Professional or employment-related information Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose
Education information Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose
Sensitive personal information Service Providers; Affiliates; Third parties to whom you or your agents authorize us to disclose

Business or Commercial Purpose for Disclosing CCPA/CPRA Personal Information

  • To provide, support, personalize, and develop our products, services, events, and other offerings
  • To provide service to our customers, which include Providers
  • To market and communicate about our products, services, events, and other offerings
  • To process payments, administer fees, provide users with invoices, or resolve billing issues
  • To conduct diligence regarding our vendors and partners and administer vendor/partner relationships

18.4 CCPA/CPRA Notice at Collection for Online Sources

The CCPA/CPRA requires us to provide certain disclosures at or before our collection of CCPA/CPRA Personal Information from California residents. The below CCPA/CPRA Notice at Collection for Online Sources provides you with information about how we collect and use, sell or share and retain your CCPA/CPRA Personal Information in the online context. When you use or interact with our Services online, including when you communicate with healow by e-mail or online chat window, complete or submit forms to us on our Sites or Provider Portals, or when you visit our Sites or interact with us on social media, we may collect and use the following categories of information.

Category of CCPA/CPRA Personal Information Purpose for Collection and Use Is the information sold or shared? Criteria Used to Determine Retention Periods
Identifiers

Market and communicate about our products, services, events, and other offerings

Administer user accounts

Conduct diligence regarding our vendors and partners and administer vendor/partner relationships

Conduct research and analysis

Provide, support, personalize, and develop our products, services, events, and other offerings

Provide service to our customers, which include Providers

Yes, to Market and communicate about our products, services, events, and other offerings. As necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements.
Categories described in Civ. Code § 1798.80(e)

Market and communicate about our products, services, events, and other offerings

Administer user accounts

Conduct diligence regarding our vendors and partners and administer vendor/partner relationships

Provide, support, personalize, and develop our products, services, events, and other offerings

Provide service to our customers, which include Providers

Process payments, administer fees, provide users with invoices, or resolve billing issues

Yes,to Market and communicate about our products, services, events, and other offerings. As necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements.
Internet or other similar network activity

Market and communicate about our products, services, events, and other offerings

Conduct research and analysis

Yes, to Market and communicate about our products, services, events, and other offerings. As necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements.
Professional or employment-related information

Administer user accounts

Conduct diligence regarding our vendors and partners and administer vendor/partner relationships

Provide, support, personalize, and develop our products, services, events, and other offerings

Provide service to our customers, which include Providers

Process payments, administer fees, provide users with invoices, or resolve billing issues

Market and communicate about our products, services, events, and other offering

Yes, to Market and communicate about our products, services, events, and other offerings. As necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements.
Audio, electronic, visual, thermal, olfactory, or similar information Market and communicate about our products, services, events, and other offering No As necessary to fulfill the specified purposes for collection and use (or a reasonable time thereafter) or other compatible purposes including satisfying legal requirements.

CCPA/CPRA Sensitive Personal Information from Online Sources

healow may collect sensitive personal information from certain online sources, including password information in the course of users accessing our registration system, and driver's license and state identification numbers in some instances.

18.5 CCPA/CPRA Consumer Rights

California residents may have certain consumer rights. These rights may include:

  • The right to know what CCPA/CPRA Personal Information we collect, including (1) the right to request information regarding the categories of CCPA/CPRA Personal Information we collect along with other information such as the categories of sources from which the information is collected and third parties with whom it is shared and (2) the right to request a copy of the specific pieces of CCPA/CPRA Personal Information we collect (sometimes referred to as the right to access personal information);
  • The right to delete CCPA/CPRA Personal Information that we collect from you, subject to certain exceptions;
  • The right to correct inaccurate CCPA/CPRA Personal Information that we maintain about you;
  • The right to opt-out of the sale or sharing of CCPA/CPRA Personal Information;
  • The right to opt-out of certain uses of CCPA/CPRA Sensitive Personal Information; and
  • The right not to be retaliated or discriminated against for exercising any CCPA/CPRA rights in good faith.

healow will not discriminate against you for exercising any of the abovementioned rights, for example, by charging a different price or denying goods or services. However, healow may charge a different price or rate or provide a different level or quality of goods or services when that difference is reasonably related to the value provided to us by the data.

You may also limit the use and disclosure of your CCPA/CPRA Personal Information by either unsubscribing from marketing communications or contacting healow at the address listed above under Section 17 titled "Contact Information." Please note that some information, excluding claims data information provided by CMS as part of the "Blue Button" program, may remain in healow's records even after you request deletion of your CCPA/CPRA Personal Information, to the extent required by applicable laws. Additionally, there may be limits to the amount of information healow can practically provide. For example, we may limit access to CCPA/CPRA Personal Information where the burden or expense of providing access would be disproportionate to the risks to an individual's privacy or where doing so would violate others' rights.

18.5.1 Right to Opt Out of the Sale or Sharing of Personal Information

As noted above, you have the right to opt out of the sale or sharing of your CCPA/CPRA Personal Information to third parties. To exercise this right, you can visit the "Your Privacy Choices" section of our website. Additionally, healow processes opt-out preference signals in a frictionless manner communicated through Global Privacy Control settings you may turn on in certain browsers through its vendor, OneTrust.

18.5.2 Right to Limit Certain Uses of Sensitive Personal Information

You also have the right to limit the use or disclosure of your CCPA/CPRA Sensitive Personal Information if used to infer characteristics about you. To exercise this right, please visit the "Your Privacy Choices" section of our website. healow may continue using Sensitive Personal Information for certain purposes expressly permitted by the CCPA/CPRA.

18.5.3 How to Exercise All Consumer Rights

If you wish to exercise any of these rights, please complete the CCPA/CPRA Consumer Rights Request Form. You may also call us toll-free at +1 (866) 888-6929.

We will review your requests and respond accordingly. The rights described herein are not absolute and we reserve all our rights available to us at law in this regard. Additionally, if we retain your CCPA/CPRA Personal Information only in de-identified form, we will not attempt to re-identify your data in response to a Consumer Rights request.

If you make a request related to CCPA/CPRA Personal Information about you, you will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the CCPA/CPRA Personal Information maintained by healow or use a third-party identity verification service. If it is necessary to collect additional information, healow will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.

If you make a Consumer Rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.

We will process your request within the time provided by applicable law.

18.6 Other California Privacy Rights — Shine a Light

In addition to the rights already described, California's Shine the Light law permits California residents to request certain details about how their information is shared with third parties and, in some cases, affiliates, for those third parties' and affiliates' own direct marketing purposes. Under the law, a business must either provide this information or permit California customers to opt in to, or opt out of, this type of sharing.

We may from time to time elect to share certain information about you collected by us through the Services with third parties or affiliates for those third parties' or affiliates' own direct marketing purposes. If you are a California resident, you may opt out of such future sharing of your personal information (as defined by the California Shine the Light law) by contacting our Privacy Officer at privacy-office@healow.com with the phrase "Do Not Share" in the subject line.

18.7 healow as Service Provider

If you are a California resident and we, as a service provider, have processed personal information about you on behalf of our customers and you wish to exercise your CCPA/CPRA rights, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal information. We will refer your request to that customer and will support them to the extent required by California privacy law in responding to your request.

18.8 Individuals with Disabilities

If you have a disability and would like to access this Notice in a different format, you may contact us at privacy@healow.com with the phrase "Alternative Format California Privacy Notice" in the subject line.

18.9 CCPA/CPRA Governing Law

This Notice will be subject exclusively to the laws of the State of California within the United States of America. We make no representation that this Notice and such practices comply with the laws of any other country. Visitors who use this Site and reside outside the United States do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable. If you reside outside of the United States, by using our Site, you consent to the transfer and use of your information outside your country.