By subscribing to and accessing our Services, you agree that you:
We collect the following information for the purpose of providing you with the functionality of our app:
- Information provided directly to us when you enroll in our platform via web application, SMS notification system, through the Contact Us page of our Website, or when you email, write or call us (“Personal Information”);
- Personal Health Information (“PHI”) of individuals using our Equipment and applications to ensure adherence to medication dosing schedules, which you input directly into our systems using our Software;
- Non-Personal Information collected automatically as you utilize our Services, including information collected through cookies (or web beacons if applicable).
“Personal Information” means any data, whether used alone or when combined with other identifying information, which can be used to distinguish or trace your identity, such as your name or other personally identifiable information, financial and payment information, authentication information, phonebook, contacts, device location, SMS and call related data, inventory of other apps on the device, microphone, camera, location data and other sensitive device or usage data, company name, email, address or telephone number. Unless you or your organization provides it to us voluntarily, we do not collect Personal Information about you in connection with your use of our Services.
“PHI” means personal health information as defined under the Health Insurance Portability and Accountability Act and its implementing regulations.
“Non-Personal Information” means data that cannot be used on its own to trace or identify you. This includes your web browser type, domain name, referring site(s), date/time, and IP address from which you utilized our Services, as well as from your transactions with us and our affiliates or non-affiliated third parties. This “Non-Personal Information” is used to improve the operations, functionality, and appearance of our Services.
- to help us recognize you when you return to our Services (just a number without any Personal Information);
- to avoid requiring registration for access to content on the Services;
- to develop leads for our business development team and our business partners and to provide direct marketing communications to you if you have consented to receive such communications;
- to compile anonymous, aggregated statistics that allow us to understand how users interact with our Services; and
- to help us improve the structure and user experience of our Services.
We use your Personal Information only for the purpose for which it was submitted. For example, if you enroll in our SMS notification system, we will send text message notifications to the provided phone number. We may use Non-Personal Information to help diagnose problems with our server, and to administer our Services, for example, to:
- provide and improve the content and features of our Website and mobile app for you;
- provide you with information about our Services and Equipment, solely at your election;
- provide you with expiration or renewal notices for your account;
Personal Health Information
In the event of a breach of security of PHI under our control, we will:
- Report to you any breach of security of PHI of which we become aware within three calendar days of “discovery” within the meaning of the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”). Such notice shall include the identification of each individual whose “unsecured PHI” (as defined in HITECH) has been, or is reasonably believed by Impruvon, to have been, accessed, acquired, or disclosed in connection with such breach. In addition, Impruvon shall provide any additional information reasonably requested by you for purposes of investigating the breach and any other available information that you are required to provide under 45 C.F.R. § 164.404(c) at the time of notification or promptly thereafter as information becomes available. Our notification of a breach of unsecured PHI under this Section will comply in all respects with each applicable provision of Section 13400 of Subtitle D (Privacy) of the American Recovery and Reinvestment Act of 2009 (“ARRA”), the HIPAA rules, and related guidance issued by the U.S. Secretary of Health and Human Services (“Secretary”) from time to time.
- In the event of our use or disclosure of unsecured PHI in violation of HIPAA, HITEC, or ARRA, we bear the burden of demonstrating that notice as required under this was made, including evidence demonstrating the necessity of any delay, or that the use or disclosure did not constitute a breach of unsecured PHI.
- We agree, in accordance with 45 C.F.R. §§ 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, to require that any of its subcontractors that create, receive, maintain, or transmit PHI on behalf of Impruvon agree to the same restrictions, conditions, and requirements that apply to the us with respect to such information.
- We agree to make PHI available in a designated record set to you as necessary to satisfy your obligations under 45 C.F.R. § 164.524, and to comply with any individual’s request to restrict disclosure of his or her PHI in accordance with 45 C.F.R. § 164.522, except where such use, disclosure, or request is required or permitted under applicable law.
- We will charge fees for providing individuals access to their PHI in accordance with 45 C.F.R. § 164.524(c)(4).
- We agree that when requesting, using, or disclosing PHI in accordance with 45 C.F.R. § 164.502(b)(1) that such request, use, or disclosure shall be to the minimum extent necessary, including the use of a “limited data set” as defined in 45 C.F.R. § 164.514(e)(2), to accomplish the intended purpose of such request, use, or disclosure.
- We agree to make any amendments to PHI in a designated record set as directed or agreed to by the you pursuant to 45 C.F.R. § 164.526, or to take other measures as necessary to satisfy your obligations under 45 C.F.R. § 164.526.
- We agree to maintain and make available the information required to provide an accounting of disclosures to the you or the individual owner of PHI, as the case may be, as necessary to satisfy your obligations under 45 C.F.R. § 164.528.
- We agree to make our internal practices, books, and records, including policies and procedures regarding PHI, relating to the use and disclosure of PHI and breach of any unsecured PHI received from you, or created or received by us on your behalf, available to you (or the Secretary) for the purpose of determining compliance with 45 C.F.R. Parts 160-164 (the “Privacy Rule”).
- To the extent we carry out one or more of your obligations under Subpart E of 45 C.F.R. Part 164, we agree to comply with the requirements of Subpart E that apply to you.
We agree to account for the following disclosures:
- Disclosures of PHI and breaches of unsecured PHI and any information relating to the disclosure of PHI and breach of unsecured PHI in a manner as would be required for you to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and breaches of unsecured PHI.
- Information collected in accordance with this Section, to permit you to respond to a request by an individual or the Secretary for an accounting of PHI disclosures and breaches of unsecured PHI.
- Any disclosure of PHI used or maintained as an electronic health record in a manner consistent with 45 C.F.R. § 164.528 and related guidance issued by the Secretary from time to time; provided that an individual shall have the right to receive an accounting of disclosures of such records by us made on your behalf only during the three years prior to the date on which the accounting is requested.
We shall comply with the HIPAA Security Rule according to the Standards for Security of Electronic Protected Health Information at 45 C.F.R. Part 160 and Subparts A and C of Part 164, as amended by ARRA and the HITECH Act.
We will retain your Personal Information only for as long as necessary to fulfill the purpose of collection. We may retain your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will establish and maintain commercially reasonable safeguards against the destruction, loss or alteration of Personal Information in our possession that are no less rigorous than those in effect for our operations.
We may also retain Non-Personal Information for internal analysis purposes. Non-Personal Information will be disposed of and/or destroyed in accordance with industry best practices when no longer needed.
Links to Third Party Sites
Disclosure of Information to Third-Parties
Our platform includes a live chat service that enables you to communicate with us as well as other users of our platform. You hereby acknowledge that any content that you post when using the chat service will be visible to those other users with whom you are communicating, and we are not responsible for maintaining your privacy with respect to those messages.
Effect of Changes
Last updated September 30, 2021