ARCHES Technology Privacy Policy
This Privacy Policy governs the data collection practices by ARCHES Technology (“ARCHES”). For the purposes of this Privacy Policy, unless otherwise noted, all references to ARCHES, include the My Care Compass Health Program (the “My Care Compass”) and/or its associated products including the My Care Compass website (the “Website”) (collectively the “Services”).
Since we may gather certain types of information about our users, we feel you should fully understand our policy and the terms and conditions surrounding the capture and use of that information. This privacy statement discloses what information we gather and how we use it. The private information you provide on the Website will be used only for its intended purpose.
Use of your Personal Information
We collect personal information (“Personal Information”) to be able to provide you with our Services. Some of the Personal Information which you provide to us may include identifying information, such as your name, age and gender, and contact information such as phone numbers, postal address and email address.
We may use your Personal Information as follows:
- (1) To send communications to patients based on their appointment schedules and disease state;
- (2) To enable you to access and use the Services, and if you are a Patient, to access and download the My Care Compass Health Record which contains all communications among you, your Authorized Caregiver, Provider and its Designees;
- (3) To respond to inquiries;
- (4) For business purposes, such as data analysis, audits, developing new products, and enhancing and improving our Website and the Services;
- (5) To send important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information;
- (6) As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Disclosure of Personal Information
We may disclose Personal Information, including Protected Health Information (PHI) as follows:
- (1) If you are a Patient, to your Provider, its Designees and Authorized Caregivers, without further authorization for purposes of treatment, payment or operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures.
- (2) To third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email delivery services, credit card processing, backup, auditing services and other similar services.
- (3) To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- (4) As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Collection of Protected Health Information (PHI)
Protected Health Information or “PHI” includes information, whether oral or recorded in any form or medium, that we receive from you (“Patient”), your Authorized Caregiver or a physician (or other health care providers) or that we create on behalf of a physician (or other health care provider), that:
- (1) Relates to the past, present or future physical or mental condition of the Patient; the provision of health care to the Patient; or the past, present or future payment for the provision of health care to the Patient; and
- (2) that identifies the Patient or with respect to which there is a reasonable basis to believe the information can be used to identify the Patient.
“Protected Health Information” has the same meaning generally in this Agreement as defined as the term “Protected Health Information” in 45 C.F.R. § 160.103.
Use and Disclosure of Protected Health Information
We may use and/or disclose PHI in the same manner as Personal Information, described above, except our use and disclosure of PHI is further limited as provided by the administrative simplification provision of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) and the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information promulgated thereto.
Specifically, as described above, all uses or disclosures of PHI shall require Patient authorization or a valid authorization on the patient’s behalf, except: (1) uses or disclosures by or to the Patient; (2) uses or disclosures for treatment, payment or healthcare operations; (3) as part of any valid use or disclosure; or (4) in compliance with and pursuant to Applicable Law.
We may disclose PHI for most other purposes only pursuant to Patient’s valid authorization, as follows:
- (1) for most uses and disclosures of psychotherapy notes;
- (2) for use or disclosure of PHI for marketing purposes;
- (3) for disclosures that constitute a sale of PHI; or
- (4) for other uses or disclosures that are not exempt from the authorization requirement.
We will enter into business associate agreements with the Patient’s Providers who are “Covered Entities” when we are a “Business Associate,” as those terms are defined by HIPAA. We will use and disclose PHI only for those uses and disclosures permitted by HIPAA and under the applicable business associate agreement. We may use or disclose PHI to provide Services to the Patient or the Provider. We may also use PHI for our proper management and administration or to carry out our legal responsibilities.
Use of Non-Personal Information
When you interact with the Services we automatically collect certain personally non-identifiable information ("Non-Personal Information"). The Non-Personal Information collected includes without limitation, your Internet Protocol ("IP") address, domain name of your internet service provider, approximate geographic location, the type of device used, the operating system of your device and aggregated personal information that cannot be used to specifically identify you. Such information, which is collected passively using various technologies is strictly for statistical purposes and to determine the visitor traffic patterns through the Services and cannot, in and of itself, be used to specifically identify you.
Automatic Collection Technologies
The technologies we use for automatic information collection may include:
- (1) Cookies: We may use "cookies" on our Website to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Website.
- (2) Web Beacons: Pages of the Websites and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an e-mail and for other related Websites statistics (For example, recording the popularity of certain Website content and verifying system and server integrity).
Disclosure of your Personal Information to Third Parties.
ARCHES does not sell, rent or lease its user list to third parties. ARCHES, through the website, may share data between/with Third Parties to help perform statistical analysis, send you email and/or provide customer support. All such Third Parties are prohibited from using your personal information except to provide the services to the Website and they are required to maintain the confidentiality of your information
Security
We take reasonable steps to protect the personal data provided to us from unauthorized access, use or disclosure. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of the Services, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet and mobile websites is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted through our Services. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide. If you suspect that there has been a breach of the security of your data you should contact us and include details of the nature of the breach, the date of the breach, and the full circumstances of the breach.
Children under Thirteen
We do not knowingly collect personal information from children under the age of thirteen (13). If you are under the age of thirteen (13) please do not submit any personal data through our Services.
Changes to this Statement
We will occasionally update this Statement of Privacy to reflect company and customer feedback. We encourage you to periodically review this Statement to be informed of how we are protecting your information.
Contact Information
We welcome your questions or comments regarding this Statement of Privacy. If you believe that we have not adhered to this Statement, please contact us at:
Arches Technology, Inc.
New York, NY
By email:
info@archestechnology.com
Effective as of May 1, 2017.