Glossary of Terms

  “Analytics” means: the process of examining data to draw conclusions from that information.

“Breach” means: an unauthorized disclosure.

“Cloud computing or services“ means: a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand.

“Electronic Health Records (EHR)”means: the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.

“Electronic Medical Records (EMR)”means: the systematized collection of patient and population electronically stored health information in a digital format. These records can be shared across different health care settings. Records are shared through network-connected, enterprise-wide information systems or other information networks and exchanges. EHRs may include a range of data, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, vital signs, personal statistics like age and weight, and billing information.

“Encryption”means: a method of converting an original message of regular text into encoded text in such a way that only authorized parties can read it.

“Health Data”can include, but is not limited to: wellness information (e.g., exercise or fitness habits, nutrition, or sleep data), health markers (e.g., blood pressure, BMI, or glucose), information on physical or mental health conditions, insurance or health care information, or information that integrates into or receives information from a personal health record.

“HIPAA” means: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

“HITECH”means: The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

“Identifiable Data” means: data, such as your name, phone number, email, address, health services, information on your physical or mental health conditions, or your social security number, that can be used on its own or with other information to identify you.

“Statistical Models”means: a simplified mathematical description, of a system or process, to assist calculations and predictions.

“SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security)” are protocols for establishing authenticated and encrypted links between networked computers. Although the SSL protocol was deprecated with the release of TLS 1.0 in 1999, it is still common to refer to these related technologies as “SSL” or “SSL/TLS”.

What is HealthPhi?
HealthPhi, Inc (“HealthPhi” or “We” or “Our”) is a health Data company where members create value from their own Data. Members opt in to share their Data with HealthPhi, and with third party entities including for-profit companies, non-profit companies, universities, and researchers to develop solutions that improve the delivery of care, lower health care costs, improve patient experience, drive innovation and, improve equity and access. In return for sharing their Data, members can receive an equity stake in HealthPhi as well as other benefits. We believe that permission and ownership are the best ways to show Respect to you and your Data.

Why the HealthPhi App?
The HealthPhi App enables consumers and patients to aggregate their medical and nonmedical Data in one place for the purposes of deriving both economic and non-economic value from their Data. When you participate in the HealthPhi program, you become a member of an organization dedicated to Respecting your ownership of that Data and delivering as much value to you as possible. We are developing best-in-class care coordination programs, and working with third party entities to lower the cost of health care and connecting members to research studies and clinical trials that serve your health needs. We share your Data, identified, with your permission, with trusted third parties. We tell you who they are, and how your Data will be used. We will tell you when we share de-identified data.

What’s In this Policy?
We take your privacy very seriously. Your use of the App and membership in HealthPhi are entirely voluntary. We will go over the information (“the Data”) the App collects, how We store the Data, how We use the Data, and how We share the Data. By using the App, you become a member of HeathPhi and you acknowledge that you accept the practices and policies outlined here. You also consent that We collect, use and share your information as described in this privacy policy. When We share your information, we will tell you, Additionally, We may ask for additional opt-in consents for specific third parties so that you are fully aware of how your Data is being shared.

What Is Membership?
By using the App, you become a member of HealthPhi. When you sign up for HeathPhi and select medical and non-medical Data to share, you can begin to earn equity shares in HeathPhi. The number of equity shares can grow over time depending on Data sharing. The shares will vest over a period of time. Vested shares are yours even if you end your participation with HealthPhi. Healthphi may, from time to time, publish a price for vested shares. Healthphi will publish a separate equity management document. The equity feature of membership will be available after official launch and not during the App testing period, The official launch is defined as the date when the App is available to the general public.

Registering for the App
In order to establish membership and share Data, we ask you to create an account in the App. To create an account you must share certain identifying information and preferences, and agree to the usage and privacy practices detailed in this document. This document will be modified from time to time, We will always share with you the changes.

Push Notifications
Push notifications are messages sent to the App as reminders of various opt-in participation opportunities. You will be able to disable notifications.

SMS (“Text”) Messages
When signing up for membership we will use 2-factor authentication to verify your account with HealthPhi. Message and Data rates may Apply. Carriers are not liable for delayed or undelivered messages. We may send you continuous communications about your participation with third parties. If you need help, reply with “HELP”. To unsubscribe reply “STOP”. The stop will end the messages, not your participation with that third party. You will be able to end your participation with a third party via the HealthPhi App dashboard. Ending participation with a third party may not result in retroactive deletion of Data.

Information We Collect
The App collects Data you enter manually and, Data from non-healthcare Apps, services and sources you authorize to share. Authorized connection information: this is Data from healthcare providers that you have authorized in your App. This is Data in the electronic medical record and you have authorized a connection to that healthcare provider. HealthPhi has partnered with 1upHealth (https://1up.health) to offer a fast and secure method to transfer Data from health facilities. 1upHealth is a healthcare API platform that has direct relationships with health systems and electronic medical records to help patients aggregate and share medical Data with HealthPhi. 1upHealth uses this Data to solely support the services of HealthPhi directed by our Terms of Service and Privacy Policies. To directly contact 1upHealth, email [email protected]

Information you manually enter into the App
We receive and store information you manually enter into the App. You can choose not to provide us with certain information by simply skipping questions. Some of this Data is demographic, health, lifestyle, family, economic, educational. We will ask these questions periodically to track changes over time. This Data helps us create models that will allow us to better understand the causes of medical utilization, illness patterns and develop predictive indicators. To register for the App and allow us to connect to your electronic health record you will need to provide the following Data elements: name, date of birth, address, social security number.

Will the App access other technology on your device
The App will not access your device’s camera, photos, contacts, microphone, or location services without your permission. A future version of the App will integrate with health monitoring services. When that version is available we will tell you and you can provide permission.

Will the App share information with social media companies
The App will not share any data with social media companies.

How We Secure Your Data
The main risk of membership is to your privacy. A Data breach is when someone sees or uses Data without your permission. If there is a Data breach, someone could see or use the Data we gave about you, even without your name, there is a chance someone could figure out who you are. They could misuse your Data, We believe the chance of this is very small, but it is not zero.

Your Data is maintained in the United State by HealthPhi or our authorized partners. We use Appropriate physical, organizational, and technical safeguards designed to protect the confidentiality, security and integrity of the Data we collect.

HIPAA and HITECH establish a set of federal standards intended to protect the security and privacy of PHI. HIPAA and HITECH impose requirements related to the use and disclosure of protected health information (PHI), Appropriate safeguards to protect PHI, individual rights, and administrative responsibilities.

We partner with our cloud services provider to secure, scalable IT Applications in alignment with HIPAA and HITECH compliance requirements. Our services provider offers a commercialoff-the-shelf infrastructure platform with industry-recognized certifications and audits such as ISO 27001, FedRAMP, and the Service Organization Control Reports (SOC1, SOC2, SOC3. Our services providers’ services and data centers have multiple layers of operational and physical security to help ensure the integrity and safety of customer data.

Our services provider maintains a standards-based risk management program to ensure that IT services specifically support HIPAA administrative, technical, and physical safeguards. Using these services to store, process, and transmit PHI helps HealthPhi and our services provider to address the Applicable HIPAA requirements.

Our services provider provides database encryption for its clusters to help protect data at rest. All data, including backups are encrypted by using hardware-accelerated Advanced Encryption Standard (AES)-256 symmetric keys. A four-tier, key-based architecture for encryption. These keys consist of data encryption keys, a database key, a cluster key, and a master key.

Data in transit is encrypted using secure sockets layer (SSL) / Transport Layer Security (TLS).

HealthPhi maintains a standards-based risk management program to ensure compliance with HIPAA privacy and security standards.

Access to the App on your device will be protected by the biometric code or passcode you have enabled on your device. We strongly recommend that one of these be enabled to protect access to any apps on your device including our App.

We strive to protect the privacy of the Personal Information we collect and hold but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, new technology and other factors, may compromise the security of your personal information at any time.

What happens if there is a Data breach?
If there is a data breach, these are the steps we will take: i) we will stop any ongoing breaches, ii) conduct an investigation, iii) notify law enforcement, iv) notify regulatory agencies, eg, FTC, HHS and state agencies as needed, v) notify major credit bureaus if necessary. We will notify you, at the email and mailing address on record, and will let you know i) what happened, ii) what information was involved, iii) what we are doing, iv) what you can do, v) any other important information.

How We Use the Data
You will choose whether you share identified Data. We will tell you when we share de-identified Data. Your Data will not be used for advertising. The App collects your Data for the purposes of:

• Developing smarter, lower cost insurance models
• Developing more effective care coordination services
• Identifying care variation and care gaps
• Improve access and equity in clinical trials
• Identify economic opportunity for you as a member
• Improve the user experience of the App and improve engagement
• Developing machine learning and artificial intelligence models

How We May Share the Data
We will not share your identifiable Data unless you have given us permission for the specific purpose. We remove identifiable Data elements to make the Data non-identifiable. We will tell you when we share non-identified Data.

Any information collected by the App will not be shared for advertising purposes. We will share the Data as required by law with government agencies or to comply with a court order.

We may aggregate Data with other members’ Data to form specific Data sets to support third party initiatives and projects. When we work with third parties we take steps to limit the information provided to them to that which is necessary to perform the functions listed above. We require them to agree to handle and process the information in accordance with our instructions and to maintain security and confidentiality of the information by applying appropriate organizational and technical safeguards.

We reserve the right to disclose your information that we believe, in good faith, may be necessary to i) prevent fraudulent, abusive, unlawful uses or activity; ii) protect our rights and property; iii) investigate and defend ourselves against any third-party claims or allegations; iv) protect the rights and safety of others. We will notify you of such disclosures.

We reserve the right to disclose and otherwise transfer your Data to an acquirer, successor or assignee as part of any merger, acquisition debt financing, sale of assets, or similar transactions, or in the event of an insolvency , bankruptcy or receivership in which information is transferred to one or more third parties as one of our business assets to the extent and in the way prescribed by applicable law.

Do we sell your Data?
We may provide subscription services to Data for the purposes outlined in How We Use your Data, above. You will be able to provide permission to include identified Data in the subscription service.

Information you can access and withdraw from the App
The App enables you to view, edit and share some of the Data collected. You may elect to withdraw from using the App or any specific third party use by uninstalling the App or by contacting us at [email protected]. Upon your withdrawal we will stop collecting new Data from you, but the Data that you have already provided may not all be destroyed or deleted.

You can utilize features of the App to keep Account Information and Self-Reported Information accurate, complete and up-to-date. However, HeathPhi cannot make or send changes to the data we receive from a third party including a medical provider, health plan, or other health Data source (i.e., Health Records) cannot be changed by you or HealthPhi; however, you may upload or have us request on your behalf, updated information, including Health Records. Any changes made to source data must be made by contacting the third party (for example, your doctor’s office or hospital) directly.

HealthPhi will retain personal information about you as long as necessary to fulfill the purposes outlined in this Privacy Policy. Your HeathPhi account will remain populated with personal information about you (including Health Records) until you decide to close your membership.

Are there any costs?
There are no costs to you for membership. However, from time to time, we may ask for various tests, exams and surveys as part of Data collection. These tests, exams and surveys are voluntary and will help improve statistical models and other analytics. We will pay for these tests and exams. Surveys can take as little as 10 minutes and as much as 60 minutes. We will give the results. You can decide to seek follow-up care on your own because of these results. If you receive follow-up care, your doctor will bill you or your insurance company per usual practice. If you do not have insurance, or if your insurance will not pay, you will be responsible for the cost of follow-up care.

Are there any benefits?
Membership will come with tiers of equity positions depending on how much Data sharing you agree to. The equity share feature of membership will not be available during the App test period. Additionally, third parties may offer rewards and payments for your participation. HealthPhi also offers and is developing a slate of services that allow you to maintain your Data in one place, to leverage services as they become available including high quality care coordination, receive provider rankings, participate in clinical trials to name a few.

Will I be able to see my Data?
Yes, you will be able to see all of the Data that we receive for you.

Can children become members?
Membership is available only to individuals 18 years of age or older. At this time there are no exceptions to this. By using this App, you warrant that you are 18 years of age or older.

International Users
The HealthPhi website and App are hosted within the United States. The website and App are meant for use within the United States. Users residing outside of the United State should not access the App and at this time are not eligible for membership. If you are traveling overseas you will be able to access your data.

Limitations and Terms Related to Your Use of the App
When you download the App, you receive a non-exclusive, non-transferable, non-assignable license (without the right to sublicense) to install and use one copy of the App solely for your personal, non-commercial use in connection with participating in the App community. You must own or control the device(s) on which you download the App. By downloading and using the App, you agree that you will not do anything to interfere with or disrupt the operation of the App, will provide only accurate and current information through the App, and will not impersonate anyone else in your use of the App. You further agree not to transmit content that you do not have the right to transmit or that infringes the rights of any party, and you agree to use the App in compliance with all Applicable laws. You understand that the App or portions of it may be subject to patent, copyright, trademark and other intellectual property protection and that the ownership of software and other intellectual property related to the App, as well the goodwill associated therewith, remains with HealthPhi. You agree that any improvements or other changes to the App are the property of HealthPhi.

The App does not provide medical services and the App is not designed to deliver medical care and is not intended to provide professional medical advice. The App is not intended to diagnose, treat, care, cure and prevent health conditions. Do not ignore or delay getting medical advice because of any information or other content you obtain from the App.

To the maximum extent permitted by law, the App is provided “As IS” and “As Available”, with all faults and without warranty of any kind and HealthPhi and its licensors disclaim all warranties, either implied or statutory, including, but not limited to, the implied warranties of merchantability, satisfactory quality, fitness for a particular purpose, accuracy, quiet enjoyment, and non-infringement of third party rights. To the extent not prohibited by Applicable law, in no event shall HealthPhi be liable for personal injury, or any incidental, special, indirect or consequential damages whatsoever arising out of or related to your use or inability to use the App.

Changes to Our Privacy and Use Policy
We reserve the right to make changes to this privacy policy, in which case changes will be posted to our website and the App. We will give you advance notice of any material changes so you can decide if you want to maintain your membership with HealthPhi (except those that may need to be made immediately in order to comply with law or to deal with an urgent situation that threatens the security of information held by Healthphi or severely impacts HealthPhi’s functionality). The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy.

Governing Law and Venue
This agreement shall be governed by the laws of the state of New York and the Applicable federal laws of the United States of America. All disputes arising under, or in any way connected with membership in or use of the Site, shall be litigated exclusively in the state and federal courts residing in the state of New York, and in no other court or jurisdiction. You hereby submit to the jurisdiction of the state and federal courts sitting in the state of New York.

Who can answer my questions?
If you have questions about HealthPhi, please contact us at:

Email: [email protected]

Languages: English

Contact
If you have any questions, comments or requests regarding this policy or the handling of your Data, please contact:

Email: [email protected]