MilaHealth Privacy Policy
Effective Date: May 6, 2024
This MilaHealth platform Privacy Policy (this “Privacy Policy”) describes how your information is collected, used, and shared when you use the MilaHealth platform (“Patient App”) or the related web-based service for clinicians that links to or refers to this Privacy Policy (the “Clinician Portal” and collectively with the Patient App, the “Services”). The Services are made available on behalf of the health system that invited you to use the Patient App (if you are a patient) or the health system through which you access the Clinician Portal (if you are a clinician) (“Health System”) by Mila Health, Inc. (“Developer”).
Individually identifiable information submitted to the Patient App (also referred to as “Protected Health Information”) additionally may be subject to the federal HIPAA Privacy and Security Rules, as described in a HIPAA Notice of Privacy Practices (“HIPAA Notice”) provided to you by Health System. The HIPAA Notice describes how Protected Health Information about you may be used and disclosed and how you can get access to this information. Please review it carefully. To the extent there is a conflict between this Privacy Policy and the HIPAA Notice, the relevant version of the HIPAA Notice applies to your Protected Health Information.
INFORMATION COLLECTED
When you use the Services, information may be collected about you and the device you use to access the Services in a variety of ways.
You may provide personal information directly, such as during the registration and login processes, when providing feedback about your experiences, or when seeking customer service or technical support. This personal information may include:
- Contact information, such as your name, phone number, and email address.
- Demographic information, such as your date of birth and gender.
- Geographic information, such as your state and zip code.
- Health and other information you provide, such as known health risk factors.
- Other information you provide through the Services directly, such as when you provide feedback or respond to questions.
Information about your device and online activity also may be collected automatically when you use the Services, including through the use of standard Internet technologies, such as cookies and pixel tags. This information includes:
- IP addresses and other device IDs and device type.
- Information about how you use the Services and technology you use to access the Services.
- Other server log information. (For example, if you or your device experiences an error, the information logged includes the nature of the error, the time the error occurred, the feature being used, the state of the application when the error occurred, and communications or content provided at the time the error occurred.)
Information that is collected when you use the Services may be combined with other information collected from you or from third parties.
HOW YOUR PATIENT APP INFORMATION IS USED AND DISCLOSED
Health System’s use of your Protected Health Information is governed by federal law, as described in the applicable HIPAA Notice. For example, Health System may use your Protected Health Information to provide you with health care services and other information and services you request.
In addition, Health System may use personal information collected through your use of the Services:
- To enable Developer to provide and improve the Services and analyze use of the Services.
- To manage its relationship with you.
- For administrative purposes.
- To provide information and materials to you related to the Services, research opportunities or other programs and services, and surveys, including without limitation patient satisfaction surveys.
Personal information collected via the Patient App may be disclosed by Health System or Developer to third parties in certain circumstances in accordance with applicable laws. In particular, information you provide or that is otherwise collected through the Patient App is disclosed in the following circumstances:
- Authorized third-party service providers. Your information may be accessible to third parties that provide services, such as those involved in developing, maintaining, and hosting the Patient App or data, security and performance monitoring, and data processing. Third parties may use information to manage, provide, monitor, repair, improve, analyze, and operate the Patient App and the digital health platform that supports the Patient App (which is marketed as the “MilaHealth Platform”).
- Corporate affiliates. Information may be shared with corporate affiliates.
- Business transfers. Your information may be shared in connection with a substantial corporate transaction, such as a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- Legal purposes. Information may be disclosed to respond to subpoenas, court orders, legal process, law enforcement or public health requests, legal claims, or government inquiries; to protect and defend the rights, interests, safety, and security of Health System or Developer, affiliates, third-party service providers, users, or the public, and as otherwise permitted by law. Please see the applicable HIPAA Notice for more information.
- With your consent or authorization. Your information may be shared for any other purposes disclosed to you at the time of collection or pursuant to your consent or authorization.
The information described above may be aggregated or de-identified. Aggregated or de-identified data is not subject to this Privacy Policy or the Health System’s HIPAA Notice and may be shared with additional third parties for research and other purposes.
CLINICIANS
Information collected about clinicians is used by Health System, Developer, affiliates, and authorized third-party service providers to provide and improve the Services, analyze use of the Services, and to periodically contact clinicians with information related to the Services. For example, information about usage of the Services may be used for purposes of authentication and to enable the collection of information about use of the Services (e.g., duration and frequency of use).
Clinicians’ information also may be used and shared as disclosed at the time of collection; pursuant to clinicians’ consent or authorization; in connection with a substantial corporate transaction; in response to subpoenas, court orders, legal process, law enforcement or public health requests, legal claims, or government inquiries; to protect and defend the rights, interests, safety, and security of Health System, Developer, affiliates, third-party service providers, users, partners, or the public; and as otherwise permitted by law.
As noted above, aggregated or de-identified data is not subject to this Privacy Policy and may be used and shared for additional purposes.
DATA SECURITY
While there are security measures in place to safeguard personal information, you should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure, accurate, complete, or current.
You are responsible for taking reasonable steps to ensure that no unauthorized person has access to your password or account login information. It is your sole responsibility to control the use of login information and a password, to authorize, monitor and control access to and use of your account and password and to inform Patient App promptly of any need to deactivate a password. It is also your responsibility to ensure that your devices are protected with passcode controls and are kept current with software and security updates, has a passcode enable, to minimize being compromised by a malicious actor.
COOKIES AND SIMILAR TECHNOLOGIES
When you use the Services, Developer and third parties that provide content or functionality on the Services may use cookies, pixel tags, and other technologies, such as third-party software development kits (collectively “cookies”) to collect information from your browser or device. For example, they use these tools to collect information for debugging and data analytics. By using the Services, you consent to the use of cookies and similar technologies.
These technologies include:
- Cookies. Cookies are small text files that a website’s server stores in your web browser. Consult your browser’s settings or support pages to assist you in managing cookies on your browser or device.
- Pixel tags. A pixel tag (also known as a web beacon) is a small string of code that may be placed in a website, advertisement, or email.
- SDKs and mobile advertising IDs. The application may include third-party software development kits (“SDKs”) that allow the Patient App and service providers to collect information about your mobile app activity. Some mobile devices come with a resettable advertising ID (such as Apple’s IDFA and Google’s Advertising ID).
When you use certain Services or portions of the Services, information about your online activities may be collected over time and across different websites and other online services. Some of the third parties participate in industry-developed programs designed to provide consumers choices about whether to receive targeted advertising. Please visit the websites operated by the Network Advertising Initiative and Digital Advertising Alliance to learn more.
Certain web browsers can transmit “Do Not Track” signals, but there is no universally accepted standard for how to interpret such signals. The Patient App does not function differently in response to these web browser “Do Not Track” signals.
YOUR RIGHTS AND CHOICES
You may be entitled, in accordance with applicable law, to request access to or correction of your information or request deletion of your information. Please refer to the Health System’s HIPAA Notice for more information if you are a Patient App user. Clinicians should contact the applicable Health System for further information about available rights.
LINKS TO EXTERNAL WEBSITES
This Privacy Policy applies only to the Services. In order to provide users with other helpful information, the Services may contain links to other websites. However, this policy does not apply to any external site that is linked to any Service. Please read the privacy policies on any external website before providing personal information to any third party.
CHANGES TO THIS POLICY
Health System and its partners reserve the right to change or update this Privacy Policy from time to time without notice, so please review it periodically to keep informed of any changes. Any updates to this Privacy Policy are effective as of the “Effective Date” above.
CONTACT INFORMATION
If you have an inquiry regarding the functionality of the Services, please contact Developer as follows:
Email: support@milahealth.com
If you have an inquiry about health related issues or questions during your use of the Services, please call or see your physician or other healthcare provider promptly.