HealthBeacon Privacy Notice – EU

Effective from 6th June 2020

This privacy notice applies to the HealthBeacon programme, mobile application “App”, technology and services available from: HealthBeacon Limited and explains how HealthBeacon process personal data and how HealthBeacon applies data protection under EU General Data Protection Regulation (GDPR).

At HealthBeacon, we are committed to protecting and respecting your data protection and privacy rights. Please take a moment to read this Privacy Notice to find out more about why and how we process your Personal Information as part of the HealthBeacon programme. Personal Information (data) is the information we hold in relation to you and this may vary dependent on several factors.

You must read and provide your consent to your personal and health data being used in accordance with this Privacy Notice, by way of consenting to the programme, before you can start using the HealthBeacon Services. You may withdraw your consent at any time, but if you withdraw your consent you may not be able to continue using the HealthBeacon Services.

By accepting our Privacy Notice during registration, you consent to our collection, use, disclosure, and processing of your Personal Information (as defined below) in accordance with this Privacy Notice.

What personal data does HealthBeacon process?

Personal information may be processed by HealthBeacon in relation to the HealthBeacon Service. Some of this information is considered by law to be “sensitive personal data” about you. This includes any information that you tell HealthBeacon directly or that HealthBeacon receives from third party provider about your health.

This information is only processed where relevant and necessary to ensure that you and your family are given the appropriate guidance and support based on your specific circumstances, and to allow the Programme to be evaluated and continuously improved. All the information we collect in relation to you for the above purposes is processed based on your consent.

Categories of Data

HealthBeacon collects and holds different types of categories of data:

▪ Data that is generated by the Equipment and Software Application Services or through use of the Services

▪ Automated decisions based on data generated: Sometimes, as part of our business operations, decisions about you are taken using automated computer software and systems. These decisions do not involve human input, and the software and systems apply pre-defined logic programming and criteria to decide and assess how we deal with you in connection with the provision of services. You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing.

▪ Data on patients who have used and use a HealthBeacon or Guardian or caregiver where appropriate.

▪ Data on Health Care Professional and Patient Support Companies involved in the HealthBeacon Program

Personal data collected as part of the HealthBeacon Services may include the below

HealthBeacon receives personal data either directly by your or from a third party service provider.

  • Name.
  • Age and date of birth.
  • Gender.
  • Contact details (phone, address, e-mail, best time to contact).
  • Healthcare professional, hospital/medical centre details.
  • Pharmacy Details.
  • Details relating to medication being taken and how it is administered.
  • Details of interactions with the HealthBeacon Services including the smart sharps bin and the mobile app, such as missed doses and any technical queries.
  • Details of interactions with the HealthBeacon team through the customer care support line and mobile app chat feature.
  • Details of interactions with the Programme Nurse and/or other Programme staff, including advice or information offered to you including information provided during training sessions.
  • Information considered relevant by the HealthBeacon team you speak to, including adverse event notifications, complaints, information on clinical trial participation and information & service requests and
  • Feedback on the Programme

How do we collect this information?

We collect personal information from you when you enrol in the HealthBeacon programme, apply for one of the services which we offer, this may be via an online injection training, follow up survey, interventions and reminders, a follow up question, a telephone call, an email or other means.

We collect your email and mobile number so that our team can contact you if required and to send you reminders and notifications as part of the programme. We collect your home or shipping address so that depending on the service selected, we can send your HealthBeacon Smart Sharps Unit.

When you schedule a service from HealthBeacon we collect information that includes your personal information and the services availed of. Should you contact us by any electronic format, including Web Chat, www.healthbeacon.com, application messages, phone, email or post or by any other method – we may hold the content, contact details and any additional information you provide to us on record for future reference and use by www.healthbeacon.com.

Device and network information

When you use our smart sharps unit, mobile application, or website we collect information about the app, browsers and devices that you use to access the HealthBeacon services. The information that we collect may include unique identifiers, browser type and settings, device type and settings, operating system, and application version number. We also collect information about the interaction of you and your browsers and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.

How does HealthBeacon use your Personal Information

We use your personal information (subject to your consent) as described below and to provide and support the services described in the HealthBeacon terms and conditions.

Provide you with our service

We use the information you provide for the following purposes:

a. Administration of the programme, correct use of the HealthBeacon Smart Sharps Unit, Mobile App, delivery and collection of products and services.

b. Providing healthcare professionals with information about adherence to medication and participation in the programme.

c. Reminding you when your medication is due, by SMS text, app notification, phone or email as prescribed by the Health Care Professional.

d. Providing you with educational materials and training sessions.

e. Reviewing calls and mobile app chat content for quality control and safety reporting purposes.

f. Storing and managing your data on the HealthBeacon mobile application

g. Tailoring the HealthBeacon Services or the Programme to you.

h. Providing information relating to the HealthBeacon Services.

i. Contacting you regarding the HealthBeacon Services, informing of changes and collecting feedback in relation to the Services.

j. Use of deidentified aggregated data (which cannot identify you, and which does not contain any personal data) to: help develop and evaluate the Programme and/or its services and provide analytics, use in research and publications, and data insights from the Programme and/ or its services and to make product and system improvements.

k. Sharing anonymised aggregated data with the Programme Sponsor about the HealthBeacon programme.

l. Share limited personal data of (date of birth and initials) along with the HealthBeacon generated data with other payors and reimbursement systems.

m. Sharing information relating to your medication schedule and adherence score, medication, pharmacy details and home address with healthcare providers and third parties such as nursing agencies, delivery services as required and

n. Liaising with HealthBeacon partners to facilitate the management of your medical waste.

Communicate with you

As part of this Programme reminder text messages will be sent to your mobile phone and reminders and alerts through the mobile application. These messages and alerts will remind you of when you need to administer your medication (as prescribed and directed by your Healthcare professional).

We use the mobile app, including the chat feature, email, and phone number you provide to HealthBeacon to provide you with alerts, reminders or service updates and communicate with you. All communication with our team will be via our secure messaging system.

Please call the HealthBeacon Support Line for any HealthBeacon related queries and if at any time you wish to opt out of the reminders or if you do not wish to continue with these services.

If we need to contact you urgently or you are not responding to the programme, we may use other means such as text messaging, letter or telephone calls to contact you. When you contact us, we use this information to respond to you. This may be via web chats, application messages, telephone, email, or post or by any other method. When you contact us, we use this information to respond to you. This may be via web chats, application messages, telephone, email, or post or by any other method.

How long do we hold your data (Data Retention Policy)?

Your personal data will be deleted as soon as reasonably practicable having regard to the purpose for which it was collected, but in any event within 8 years of the date you withdraw from the date you stop receiving the HealthBeacon Services or Sharps Bin Only Services. You will stop receiving the Services if you choose to cancel them (details on how to do this are in the “Contact Details” section below), or if you withdraw from the Programme. This may change, depending on legal requirements.

How do we store your information?

Whilst you are part of the Programme, we retain all the information we gather about you in our database. This data is stored on Amazon AWS servers . This information is only accessible to support or evaluate the Programme, and the Programme Nurse and other Programme staff directly involved in your care (such as nurses, call-centre staff, and Programme managers).

If you choose to leave or become ineligible for the Programme, or if we are unable to contact you for an extended period of time, your information will be archived and not further processed except to meet our obligations to maintain records of the care offered by our Programme, to meet pharmaceutical regulation requirements, and to protect ourselves against legal claims linked to the Programme (and therefore such processing is not based on consent). We will retain this information for as long as necessary to meet these objectives and for as long as permitted or required by applicable law.

We take further information security measures including access controls, stringent physical security and robust information collection, storage & processing practices.

Will HealthBeacon collect information about my family members/care givers?

In case you would like to involve members of your family or someone else as your caregiver, we may collect certain information about your caregiver as part of the Programme. This may be, more specifically:

• their name;

• their relationship to you.

• their involvement in your care; and

• details of any contact they may have had with a Programme member of staff

We collect this information to assist us in providing you with relevant information, support and care to maximise the health outcomes in your treatment. In consenting to join the Programme, you must ensure that you have notified and obtained the consent of your caregivers who are involved in your care, and they should be aware of the contents of this consent so that they know how their information will be handled during your participation in the Programme. Where your caregiver refuses consent, we will be unable to involve them in the Programme services.

What are your data protection rights?

HealthBeacon would like to make sure you are fully aware of all your data protection rights. In line with the Data Protection Acts, you are entitled to the following:

The right to access – You have the right to request copies of your personal data.

The right to rectification – You have the right to request that HealthBeacon correct any information you believe is inaccurate. You also have the right the request HealthBeacon to complete information you believe is correct.

The right to erasure – You have the right that HealthBeacon erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that HealthBeacon restrict the processing of your personal data under certain circumstances.

The right to object to processing – You have the right to object to HealthBeacon ‘s processing of your personal data, under certain circumstances.

The right to data portability – You have the right to request that HealthBeacon transfer the data that we have collected to another organisation, or directly to you, under certain circumstances.

These rights may be limited in some situations- for example, where we can demonstrate we have a legal requirement to process your data. As set out above, this can mean that we retain your data even if you withdraw your consent. To exercise your rights, please contact us in writing or by e-mail at the addresses dataconcern@healthbeacon.com. We may also require you to provide proper identification before we comply with any request.

You also have the right to require us to correct any inaccuracies in the information we hold about you by sending us a written request (this must include a copy of identification such as a driver’s licence or passport, this is to make sure that your personal information is only updated by you).

Subject access requests must be made in writing and include a copy of identification (such as driver licence or passport, this is to make sure that your personal information is not given to the wrong person) and must be addressed to the Data Protection Officer (see below). All access requests will be processed within one month on receipt of the access request.

Who has access to the information we collect?

We do not share your identifiable personal information with any third party except as necessary to operate services and to fulfil legal and regulatory obligations. HealthBeacon will share anonymised and aggregated data with the Programme Sponsor regarding how the programme is working. This information does not identify [you]/[your child] individually.

We may access or disclose information about you, your user account and/or the content of your communications, in order to: (1) comply with the law or legal process served on us; (2) enforce and investigate potential violations of this Agreement; including use of the Service to participate in, or facilitate, activities that violate the law; or (3) protect the rights, property, or safety of HealthBeacon, its employees, its customers or the public.

HealthBeacon Customer Care team

The sharing of information within the HealthBeacon customer care team is on a need-to-know basis, depending on the role the member of staff has in your programme. All our staff are bound by confidentiality clause in their contracts.

Disclosure with your consent

Disclosure can be made with your explicit consent. This could be a request from an Insurance company, employer or legal proceedings request but any disclosure must be with, and limited to, the authority provided by you. If this is not forthcoming, no information will be provided.

Disclosure without your consent

Disclosure can be made without your consent in two instances:

  • If the disclosure is required by law. For example, when ordered by a judge in a court of law
  • If the disclosure is in the public interest. For example, where mandated by infectious disease regulations, or there is a threat of serious harm to yourself or others.

Third Party Services

We require a number of third parties to deliver our service such as delivery companies. Without these, we cannot provide you with a service.

How will HealthBeacon protect my personal data?

HealthBeacon has implemented and will maintain appropriate technical and organizational security measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, or access. Please be aware that when you give others access to your data, they may be able to use, reproduce, distribute, display, transmit, and/or communicate that data to others and the public. Please consider carefully what you choose to share or make public. HealthBeacon has no responsibility for access, use or disclosure of your data by people you authorized to have access to your user account.

There is a risk that data transmitted via a mobile device is not entirely secure. Once the data reaches our servers our security measures will provide enhanced security and protections. You assume the risk that data transferred to our servers may be intercepted or otherwise compromised prior to reaching our servers. You agree that we are not responsible for data breaches that occur before our servers receive the data. Emails you send us are not necessarily secure when they are transmitted to us and we can accept no liability for any loss or damage resulting from emails to HealthBeacon.

Telephone Recording

We may record telephone calls to: Improve the standard of service that we provide by providing our team with feedback and training, address queries, concerns or complaints, prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks and to comply with our legal and regulatory obligations

We may also monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by identifying and dealing with inappropriate communications, looking for and removing any viruses, or other malware, and resolving any other information security issues.

Consent

By registering for the HealthBeacon programme and giving your personal data to us, you indicate your explicit consent for us to collect, use, store, disclose and otherwise process your personal data in accordance with the terms set out in this policy.

Changes to this Statement

We may occasionally update this Privacy Notice. We encourage you to periodically review this Notice to stay informed about how we are helping to protect the personal information we collect. Your continued use of this service constitutes your agreement to this Privacy Notice and any updates.

How to contact HealthBeacon with questions

If you have any questions about this or want more information, please call the HealthBeacon customer care team or contact the customer care team in writing: Data Protection Officer, HealthBeacon, Unit 18 Naas Road Business Park, Muirfield Drive, Dublin 12. D12 WD85 or by email: dataconcern@healthbeacon.com

HealthBeacon Limited (“Privacy Notice”)

HEALTHBEACON Privacy Notice USA

Version 2.0. Last Revised: 15th June 2020

This Privacy Notice is provided by HealthBeacon Limited, to participants in the HealthBeacon program and who have chosen to sign up to receive and use an electronic smart sharps bin called a “HealthBeacon Unit”. This Privacy Policy only covers the collection and use of your personal health information (“PHI”) in relation to your use of the HealthBeacon Unit.

We are firmly committed to protecting the confidentiality and security of your Personal Information, as such term is defined herein. HealthBeacon may use or disclose PHI to perform functions, activities and services for, or on behalf of Express Scripts Holding, provided that such disclosure would not violate the HIPAA Privacy and Security Rules if done by HealthBeacon.

The term “Personal Information” means any information which can be used to identify a person including by way of example, but not limitation, name, date of birth, mailing address, social media and other third party platform account identifiers, home phone number, mobile phone number, e-mail address, credit card information, and/or Social Security number.

The term “Health Information” means any information, in any form, related to the past, present, or future health or medical status, condition, or treatment of a person, including, by way of example, but not limitation, names of doctors, health conditions, medicines, and/or prescription information and history.

This Privacy Policy describes how we may use and disclose Health Information, and your rights to access and update your Health Information, and how to request restrictions on our use and disclosure of your Health Information.

COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION

When you enroll in the HealthBeacon program, the Personal Information required to be submitted is limited to information that is reasonably necessary to allow HealthBeacon provide the service to you. The information you disclose in connection with the services is provided strictly on a voluntary basis.

The HealthBeacon Unit reminder schedule is based solely on information that you provide to the HealthBeacon team. HealthBeacon shall not be responsible for the effects of any incorrect information provided. For any medical questions, you must contact your HealthCare Provider.

HealthBeacon complies with all applicable requirements of the HIPAA Privacy and Security Rules and has implemented the appropriate administrative, physical and technical safeguards to prevent the use or disclosure of PHI in any manner other than pursuant to the terms and conditions of this Agreement.

HealthBeacon complies with the HIPAA Security Rule with respect to any electronic PHI that HealthBeacon holds as part of the service.

USES AND DISCLOSURE OF YOUR PERSONAL INFORMATION

PHI data collected as part of the HealthBeacon Services may include, without limitation:

  • Name.
  • Age and date of birth.
  • Gender.
  • Contact details (phone, address, e-mail, best time to contact).
  • Healthcare professional, hospital/medical centre details.
  • Pharmacy Details.
  • Details relating to medication being taken and how it is administered.
  • Details of interactions with the HealthBeacon Services including the smart sharps bin and the mobile app, such as missed doses and any technical queries.
  • Details of interactions with the HealthBeacon team through the customer care support line and mobile app chat feature.
  • Details of interactions with the Programme Nurse and/or other Programme staff, including advice or information offered to you including information provided during training sessions.
  • Information considered relevant by the HealthBeacon team you speak to, including adverse event notifications, complaints, information on clinical trial participation and information & service requests and
  • Feedback on the Programme

All the information collected in relation to you for the above purposes is processed on the basis of your consent.

HOW WILL HEALTHBEACON USE AND SHARE YOUR INFORMATION

Your PHI data will be used for:

  • Program administration, correct use of your HealthBeacon, delivery and collection of products and services;
  • Reminding you when your medication is due, by SMS text, app notification, phone or email as prescribed by the Health Care Professional.
  • Tailoring the HealthBeacon services or the program to you;
  • Providing you with information relating to HealthBeacon services; Providing you with educational materials and training sessions.
  • Reviewing calls and mobile app chat content for quality control and safety reporting purposes.
  • Storing and managing your data on the HealthBeacon mobile application
  • Providing your care team with information relating to your use of the HealthBeacon services
  • Contacting you regarding any issues identified relating to the HealthBeacon services, to inform you of changes and to collect your feedback.
  • We may disclose your Personal Information to relevant third parties such as auditors, lawyers, or other professional advisors

HealthBeacon will not use or disclose your Personal Information in a manner inconsistent with applicable law and this Privacy Policy.

Device and network information

When you use our smart sharps unit, mobile application, or website we collect information about the app, browsers and devices that you use to access the HealthBeacon services. The information that we collect may include unique identifiers, browser type and settings, device type and settings, operating system, and application version number. We also collect information about the interaction of you and your browsers and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.

RIGHT TO CONFIDENTIAL COMMUNICATIONS AND TO REQUEST RESTRICTION ON USE AND DISCLOSURE OF PHI

HealthBeacon shall comply in responding to your request for confidential communications or to restrict the uses and disclosures of your PHI.

COMPELLED AND NECESSARY DISCLOSURES

In certain circumstances, we may be legally compelled to release your Personal Information and Health Information in response to a court order, subpoena, search warrant, law or regulation.

HOW YOU CAN CORRECT/ UPDATE YOUR PERSONAL INFORMATION AND OR HEALTH INFORMATION

You can correct or update your Personal Information or certain Health Information at any time by calling the HealthBeacon Customer Care Team using the toll-free phone number on the back of your HealthBeacon Unit.

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

Subject to any applicable business, legal, or regulatory requirements, we securely destroy Personal Information when it is no longer required to fulfil our services and commitments to you or to enforce our rights or meet our obligations.

YOUR ACCEPTANCE OF THIS PRIVACY NOTICE

You are deemed to have assented to the terms and conditions contained in this Privacy Notice when you consent to the HealthBeacon program and that you accept the Terms of Use into which this Privacy Notice is incorporated. You are deemed to have read and accepted this Privacy Notice. If you do not agree to the terms of this Privacy Notice, you will not be eligible to participate in the HealthBeacon program. You may withdraw your consent at any time, but if you withdraw your consent you may not be able to continue using the HealthBeacon services.

The terms and conditions contained in this Privacy Notice are subject to and may be superseded by applicable Federal and State laws.

CHANGES IN OUR PRIVACY POLICY

We use Personal Information, Health Information collected from you pursuant to the scope of use described in this Privacy Policy. However, we reserve the right, from time to time in our sole and absolute discretion, to change, to modify, or to add terms or remove terms from this Privacy Notice. Changes to this Privacy Notice will be reflected when we post a new version number and updated revision date on our website: www.healthbeacon.com

POLICY QUESTIONS AND FEEDBACK

We welcome your questions and comments on this Privacy Notice and the Terms of Use. If you have general comments regarding these policies, please e-mail us. Specific questions regarding the enforcement of these policies should be directed to Quality@healthbeacon.com. For all HealthBeacon program related queries, please contact the customer care team on free phone number: (857) 302-4872.

HealthBeacon Website Privacy Policy

HEALTHBEACON PRIVACY POLICY

Last Revised: February 2020

 

At HealthBeacon, we are committed to protecting and respecting your data protection and privacy rights. Please take a moment to read this Privacy Policy to find out more about why and how we process your Personal Information. Personal Information (data) is the information we hold in relation to you and this may vary dependent on several factors.

Our aim is the responsible and secure handling of Personal Information, balancing the benefits of activities like research and data analytics to improve our products and service delivery, with our other commitments, including fairness and transparency. In Europe, we do so in accordance with the Data Protection Act 1988 and 2003 and the General Data Protection Regulation (GDPR) (EU) 2016/679.

In the United States, HealthBeacon may use or disclose PHI to perform functions, activities and services for, provided that such disclosure would not violate the HIPAA Privacy and Security Rules if done by HealthBeacon.

This Privacy Policy describes how we may use and disclose Health Information, and your rights to access and update your Health Information, and how to request restrictions on our use and disclosure of your Health Information.

 

This Privacy Policy will be supplemented by additional privacy notices tailored to our specific relationships with you where this policy is useful to provide you with a full picture of how we collect and use your Personal Information. In this Privacy Policy, we refer to the HealthBeacon Program, Technology, Website, the Apps and Social Media Content together as HealthBeacon Services.

HealthBeacon services can be used by individuals under the age of eighteen (18), in which case guardian information and consent will be required.

WHAT IS PROTECTED HEALTH INFORMATION

As many health care service providers, HealthBeacon receives and maintains certain personal information. Some of this personal information is protected by federal and state laws in the United States and under the GDPR in Europe. This type of information is known as “protected health information” or “PHI”. PHI is health information that identifies or could be used to identify a specific person.

Protected Health Information and Personal Information may be provided to us by you directly or by a third party.  For example, a Patient Support Provider, Pharmacy Benefits Manager may add your information to the HealthBeacon system in order to provide you with HealthBeacon services.

WHY DO WE PROCESS YOUR DATA? 

 

We process your personal data in order to provide you with our services and to assist us in the operation of our business. We are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.

In Europe, under GDPR, there are various options under data protection law, but the primary bases that we use are (a) processing necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your dependants’ consent, and (d) processing that is required under applicable law.

COLLECTION, USE, AND DISCLOSURE OF PERSONAL INFORMATION AND HEALTH-RELATED PERSONAL INFORMATION

 

The Personal Health Information we collect, and hold depends on our relationship with you. We process the identification and contact information and the data you input into our programming forms or provide to us over the phone when you request a HealthBeacon or when you join a HealthBeacon sponsored program.

When you enrol in the HealthBeacon program, the Personal Information required to be submitted is limited to information that is reasonably necessary to allow HealthBeacon provide the service to you. The information you disclose in connection with the services is provided strictly on a voluntary basis.

 

The HealthBeacon schedule is based solely on information that you provide to the HealthBeacon team. HealthBeacon shall not be responsible for the effects of any incorrect information provided. For any medical questions, you must contact your HealthCare Provider.

 

USES AND DISCLOSURE OF YOUR PERSONAL INFORMATION

 

PHI data collected as part of the HealthBeacon Services may include, without limitation:

 

  • Name.
  • Age and date of birth.
  • Gender.
  • Contact details (phone, address, e-mail, best time to contact).
  • Drug/Diagnosis
  • Details relating to medicine being taken and how it is administered.
  • Health care professional, hospital/medical centre details, contacts details.
  • Details of your interactions with the HealthBeacon services, such as initial treatment start date, HealthBeacon start date, reminder preferences missed doses and any technical queries related to the HealthBeacon Unit and the service.
  • Other information considered relevant by HealthBeacon Care Team staff you speak to, including information on, complaints, adverse event notifications and information & service requests; and
  • Your satisfaction feedback on the Program.

 

PHI and personal data will be used for:

 

  • Program administration, correct use of a HealthBeacon, delivery and collection of products and services.
  • Reminders when medication is due by SMS text, phone or email.
  • Tailoring the HealthBeacon services or the program.
  • Providing information relating to HealthBeacon services.
  • Providing the care/ support team with information relating to use of the HealthBeacon services
  • Contacting regarding any issues identified relating to the HealthBeacon services, to inform of changes and to collect feedback.
  • We may disclose personal Information to relevant third parties such as auditors, lawyers, or other professional advisors

 

HealthBeacon will not use or disclose Personal Information in a manner inconsistent with applicable law and this Privacy Policy. We provide only the minimal PHI to accomplish the intended purpose of the use and disclosure of the PHI.

This information is only processed where relevant and necessary to ensure that we provide adequate services and to allow the service to be evaluated and continuously improved.  All the information we collect  for the above purposes is processed on the basis of consent.

In the United States, as Required by Law:

We may use or disclose your PHI as required by Law Enforcement Activities, Legal Proceedings and Court Orders. We may use and disclose your PHI to prevent or minimize a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may also disclose PHI to appropriate agencies if we reasonably believe an individual to be a victim of abuse, neglect or domestic violence. We may disclose your PHI if required to do so with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process during a judicial or administrative proceeding. We may also disclose PHI to those assisting in disaster relief efforts so that others can be notified about your condition, status and location. • Family and Friends: At your request, we may disclose PHI to a family member, friend, or anyone else you inform us to provide the information to.

 

WHAT IS THE LEGAL JUSTIFICATION FOR OUR USE OF THE DATA?

 

We are obliged to advise you on the legal justification we rely on for using your Personal Information.

Relevant data protection laws seek to ensure that the way Personal Information is used is fair. We may be required to obtain Personal Information from you to comply with applicable legal requirements, and certain data may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else). We may inform you of this at the time that we are obtaining the data from you.  In these circumstances, if you do not provide the relevant data to us, we may not be able to provide our products and benefits to you.

For more sensitive special categories of Personal Information, we will rely on either your consent or one or more of the other legal justifications below):

Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Information, those legitimate interests will be set out in a supplemental privacy notice (which is tailored to our relationship with you where this is useful to provide you with a full picture of how we collect and use Personal Information). In any event our legitimate interests will usually be:

  • pursuit of our commercial activities and objectives, or those of a third party (such as direct marketing)
  • compliance with legal and regulatory obligations, and any guidelines, standards and codes of conduct (such as detecting or investigating fraud or money laundering)
  • improvement and development of our business operations and service offering, or those of a third party
  • protection of our business, shareholders, employees and members, or those of a third party (such as ensuring IT network and information security, enforcing claims, including debt collection)
  • analysing competition in the market for our services (such as research, including market research).

We may need to collect, use and disclose Personal Information in connection with matters of important public interest, for instance when complying with our obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime.  In these cases, the legal justification for our use of Personal Information is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.

OTHER USES AND DISCLOSURES:

In the United States, as permitted by HIPAA, we may disclose your PHI to:

Public Health Authorities, The Food and Drug Administration, Health Oversight Agencies, Military Command Authorities, National Security and Intelligence Organization, Correctional Institutions, Organ and Tissue Donation Organizations, Coroners, Medical Examiners and Funeral Directors, Workers Compensation Agents.

Please be aware that we are required as stated in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 to notify you in the event of a breach involving your PHI and will do so as required by law. You have the right to obtain a paper copy of this Privacy Policy by written request to the address below.

  • Where permitted by applicable law and consent, HealthBeacon may share Personal Information with other third parties, for example, HCPs, Care Programs and Program Sponsors
  • Personal Information may also be shared by you on message boards, chat, profile pages and blogs, and other HealthBeacon digital services to which you are able to post information and materials (including, our Social Media Content).Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the HealthBeacon digital services and to the general public.  We urge you to be very careful when deciding to disclose your Personal Information, or any other information, when using the HealthBeacon digital services.

 

CATEGORIES OF DATA

 

HealthBeacon holds different types of categories of data:

  • Data that is generated by the Equipment and Software Application Services or through use of the Services (including but not limited to diagnostic data (device plugged in, connecting to network etc) as well as records such as a time stamped image of the injection drop made, the time and date the injection drop was made, the location the injection drop was made, type of medication injection, frequency of the injections, injections missed, late or early injections, the demographic of patient including gender and age, patient persistence and adherence scores),
  • Automated decisions based on data generated: Sometimes, as part of our business operations, decisions about you are taken using automated computer software and systems. These decisions do not involve human input, and the software and systems apply pre-defined logic programming and criteria to decide and assess how we deal with you in connection with the provision of services. For example, we sometimes use automated decision making as part of a process to: Sending SMS Reminders, sending SMS Reminders if a Unit is unplugged, Excluding images. You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing.
  • Data on patients who have used and use a HealthBeacon or Guardian or caregiver where appropriate.
  • Data on HCP, Pharmacy Benefit Managers, Patient Support Companies involved in the HealthBeacon Program

WHAT USER AND DEVICE DATA DO WE COLLECT THROUGH THE HEALTHBEACON SERVICE?

 

Along with our third-party service providers we may collect user and device data in a variety of ways when you use HealthBeacon services including:

  • internet browser and electronic device information
  • app usage data
  • data grouped together so that it is not possible to link the data to an individual, known as aggregated data.

This information may not reveal your specific identity and therefore may not be Personal Information which is used as described in the earlier sections of this Privacy Policy.

Methods of Data Collection Examples
Through your internet browser or electronic device Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), , internet browser type and version, electronic device manufacturer and model, language, time of the visit, pages visited, and the name and version of the HealthBeacon services (such as the Firmware revision) you are using. We use this information to ensure that the HealthBeacon services function properly.
Through your use of an App When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number.
Using cookies and online tracking To make this website work properly, the HealthBeacon sometimes place small data files called cookies on your device. Most websites do this. You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Site and some online products.  We do not respond to browser do not track signals currently.
Physical location Subject to applicable law (and your consent where required by applicable law), we may collect the physical location We may obtain the location of your device if you provide your address. We may share your location information with our partners and other entities with whom we work in order to provide our collection service if relevant.

In some circumstances, physical location information may become your Personal Information if you are identifiable in relation to the physical location information. In such cases, the physical location information will be handled as Personal Information as described in the earlier sections of this Privacy Policy.

Using information provided by you Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Information, this information does not personally identify you.
By aggregating information
We may group information together so that it does not link to a specific individual, i.e. aggregate, and use that information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code).

 

Who is responsible for third party services accessed via HealthBeacon digital services?

We are not responsible for the privacy, information or other practices of any third parties, including any third party operating any site or service to which the HealthBeacon digital services link.

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which HealthBeacon digital services link.  The inclusion of a link on HealthBeacon digital services does not imply endorsement of the linked site or service by us or by our group companies.

Please note that we are not responsible for the collection, usage and disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Information you

CALL MONITORING AND COMMUNICATIONS

 

To ensure that we can meet the needs of our members we may record telephone calls to:

  • Improve the standard of service that we provide by providing our team with feedback and training
  • Address queries, concerns or complaints
  • Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks
  • Comply with our legal and regulatory obligations

We may also monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by identifying and dealing with inappropriate communications, looking for and removing any viruses, or other malware, and resolving any other information security issues.

 

DURATION OF PROCESSING

 

HealthBeacon will process (use/store) PHI and personal data only for so long as you require us, or as legally required by set retention periods. As a company recording medical records, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information.

For example:

  • Where we hold Personal Information to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation.
  • Where we hold Personal Information in order to provide a product or service (such as a HealthBeacon), we will keep the information for at least as long as we provide the product or service.
  • For further information about the period of time for which we retain your Personal Information, please contact us.

 

RIGHT TO CONFIDENTIAL COMMUNICATIONS AND TO REQUEST RESTRICTION ON USE AND DISCLOSURE OF PHI

HealthBeacon shall comply in responding to your request for confidential communications or to restrict the uses and disclosures of your PHI.

DATA SECURITY

 

HealthBeacon complies with all applicable requirements of the HIPAA Privacy and Security Rules in the United States and Security of Processing rules under General Data Protection Regulation (GDPR)  and has implemented the appropriate administrative, physical and technical safeguards to prevent the use or disclosure of PHI in any manner other than pursuant to the terms and conditions of this Agreement.

 

HealthBeacon complies with the HIPAA Security Rule with respect to any electronic PHI that HealthBeacon holds as part of the service

HealthBeacon has put technological and organisational controls, including policies and procedures, in place to protect personal data from loss, misuse, alteration or unintentional destruction.  HealthBeacon personnel who have access to the data have been trained to maintain the confidentiality of such information.  Conditions to protect data to at least the same standard as the HealthBeacon does are cascaded to all our contractors, sub processors and suppliers.

The HealthBeacon carries out regular monitoring and testing of its security defences to ensure they continue to be effective against the latest threats.

Data transferred over the internet by us are protected using encryption technologies to ensure they remain secure.

Please note that no communications over the internet can be guaranteed as secure. Whilst we take appropriate steps to protect your data, we cannot guarantee that it will remain secure in transit.

 

INDIVIDUAL RIGHTS

 

Individuals have several rights under applicable laws in relation to how the HealthBeacon uses personal information. Individual have the right free of charge to:

  • Request a copy of the personal information held about them; you have the right to receive a copy of the Personal Information we hold about you and information about how we use it. This right is always applicable when we hold your Personal Information (subject to certain exemptions)
  • Rectify any inaccurate personal data held.
  • Erase personal information held- this right is sometimes referred to as ‘the right to be forgotten’.  This right entitles you to request that your Personal Information be deleted or removed from our systems and records.  However, this right only applies in certain circumstances. Examples of when this right applies to Personal Information we hold include (subject to certain exemptions):
  • When we no longer need the Personal Information for the purpose, we collected it
  • If you withdraw consent to our use of your information and no other legal justification supports our continued use of your information
  • If you object to the way, we use your information and we have no overriding grounds to continue using it
  • If we have used your Personal Information unlawfully
  • If the Personal Information needs to be erased for compliance with law.
  • Right to restrict processing of Personal Information – you have the right to request that we suspend our use of your Personal Information.

However, this right only applies in certain circumstances.

  • You can exercise this right I you think that the Information we hold about you is not accurate, but this only applies for a period that allows us to consider if your Personal Information is in fact inaccurate.
  • The processing is unlawful, and you oppose the erasure of your Personal Information and request the restriction of its use instead
  • We no longer need the Personal Information for the purposes we have used it to date, but the Personal Information is required by you in connection with legal claims.
  • You have objected to our processing of the Personal Information and we are considering whether our reasons for processing override your objection.
  • Right to data portability – this right allows you to obtain your Personal Information in a format which enables you to transfer that Personal Information to another organisation.  However, this right only applies in certain circumstances.
  • You may have the right to have your Personal Information transferred by us directly to another organisation, if this is technically feasible.

 

This right will only apply:

  • To Personal Information you provided to us, where we have justified our use of your Personal Information based on your consent, the fulfilment by us of a contract with you if our use of your Personal Information is by electronic means.

 

Where we suspend our use of your Personal Information, we will still be obliged to store your Personal Information, but any other use of this information while (subject to certain exemptions) our use is suspended will require your consent.

  • Restrict processing of personal information.
  • Object to the HealthBeacon’s use of personal information for their legitimate interests.
  • Receive personal information in a structured commonly used and machine-readable format; and
  • To have that data transmitted to another data controller.

These rights are in some circumstances limited by European data protection legislation.  If you wish to exercise any of these rights please contact the HealthBeacon Data Protection Officer using the contact details listed.

RIGHT OF ACCESS TO PERSONAL INFORMATION

 

Right to object to processing of Personal Information – you have the right to object to our use of your Personal Information in certain circumstances.

You can object to our use of your Personal Information where you have grounds relating to your particular situation and the legal justification, we rely on for using your Personal Information is our (or a third party’s) legitimate interests. However, we may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims.

This right is different where it relates to direct marketing and you can read about how to exercise your right to opt-out of receiving any direct marketing in the ‘How can you tell us about your marketing preferences?’ section of this Privacy Policy.

You can also object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).

Rights relating to automated decision making and profiling – you have the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects you. However, this right only applies in certain circumstances.

This right is not applicable if:

We needs to make the automated decision in order to enter or fulfil a contract with you. We are authorised by law to take the automated decision. You have provided your explicit consent to the decision being taken in this way using your Personal Information.

Right to withdraw consent to processing of Personal Information – where we have relied upon your consent to process your Personal Information, you have the right to withdraw that consent.  This right only applies where we process Personal Information based upon your consent.

Right to complain to the relevant data protection authority – if you think that we have processed your Personal Information in a manner that is not in accordance with data protection law, you can make a complaint to the data protection regulator.

If you live or work in an EEA member state, you may complain to the regulator in that state. This right applies at any time.

Right to provide instructions regarding the management of your Personal Information after your death (only where such right applies under applicable law)

You may have the right to inform us of instructions on how we manage the Personal Information we hold about you after your death. This right is applicable at all times when we hold your Personal Information (only where such right applies under applicable law).If you wish to exercise any your rights, please contact us.

 

IMPLICATIONS OF NOT PROVIDING INFORMATION

 

Sharing information with us is in both your interest and ours.

We need your information in order to:

  • Provide our services to you and fulfil our contract with you.
  • Manage our business for our legitimate interests.
  • Comply with our legal obligations.

 

Of course, you can choose not to share information, but doing so may limit the services we are able to provide to you.

  • We may not be able to provide you with certain services that you request. We may not be able to continue to provide you with or renew existing services.
  • When we request information, we will tell you if providing it is a contractual requirement or not and whether or not we need it to comply with our legal obligations.

 

COMPELLED AND NECESSARY DISCLOSURES 

 

In certain circumstances, we may be legally compelled to release your Personal Information and Health Information in response to a court order, subpoena, search warrant, law or regulation

HOW YOU CAN CORRECT/ UPDATE YOUR PERSONAL INFORMATION AND OR HEALTH INFORMATION

 

You can correct or update your Personal Information or certain Health Information at any time by calling the HealthBeacon Customer Care Team using the phone number on the back of your HealthBeacon Unit.

 

RETENTION AND DESTRUCTION OF PERSONAL INFORMATION

 

Subject to any applicable business, legal, or regulatory requirements, we securely destroy Personal Information when it is no longer required to fulfil our services and commitments to you or to enforce our rights or meet our obligations.

 

WHERE DO WE PROCESS PERSONAL INFORMATION?

 

We may process Personal Information both nationally and internationally. This may include transferring Personal Information outside the European Economic Area (EEA). Rest assured, we are committed to protecting and respecting your data protection and privacy rights. We take additional steps to ensure the security of Personal Information when we transfer it outside the EEA. Depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries in the EU an EEA. When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law.

This typically involves the use of data transfer agreements in the form approved by the European Commission and permitted under Article 46 of the EU General Data Protection Regulation (GDPR) (the relevant data protection law). If there is no data transfer agreement in place, we may use other mechanisms recognised by the GDPR as ensuring an adequate level of protection for Personal Information transferred outside the EEA (for example, the US Privacy Shield framework or any framework that replaces it).

HOW DO WE KEEP YOUR DATA SECURE?

 

Information security is extremely important to us. HealthBeacon uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Information secure.  If, despite our efforts, you believe that Personal Information is no longer secure, please tell us so that we can resolve any security issue.

As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure.  For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure.  Our team receive regular training on data protection and information security.

When HealthBeacon engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.  If you believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have sent to us has been compromised), please contact us immediately.

 

YOUR ACCEPTANCE OF THIS PRIVACY POLICY 

 

You are deemed to have assented to the terms and conditions contained in this Privacy Notice when you consent to the HealthBeacon program and that you accept the Terms of Use into which this Privacy Notice is incorporated. You are deemed to have read and accepted this Privacy Notice.  If you do not agree to the terms of this Privacy Notice, you will not be eligible to participate in the HealthBeacon program. You may withdraw your consent at any time, but if you withdraw your consent you may not be able to continue using the HealthBeacon services.

 

The terms and conditions contained in this Privacy Notice are subject to and may be superseded by applicable Federal and State laws.

 

CHANGES IN OUR PRIVACY POLICY

 

We use Personal Information, Health Information collected from you pursuant to the scope of use described in this Privacy Policy. However, we reserve the right, from time to time in our sole and absolute discretion, to change, to modify, or to add terms or remove terms from this Privacy Notice. Changes to this Privacy Notice will be reflected when we post a new version number and updated revision date on our website: www.healthbeacon.com

 

QUESTIONS AND FEEDBACK

 

If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against any individual for filing a complaint. To file a complaint with us, or should you have any questions about this Privacy Policy and Notice of Privacy Practices, send an email to quality@healthbeacon.com.

 

We welcome your questions and comments on this Privacy Notice and the Terms of Use. If you have general comments regarding these policies, please e-mail us. Specific questions regarding the enforcement of these policies should be directed to quality@healthbeacon.com.

In the United States, for all HealthBeacon program related queries, please contact the customer care team on free phone number: (857) 302-4872.

 

In Europe, please contact the customer care team on number: Writing: Data Protection Officer, HealthBeacon, Unit 18 Naas Road Business Park, Muirfield Drive, Dublin 12. D12 WD85 or by email:  quality@healthbeacon.com

 

RESPONSIBLE DISCLOSURE GUIDELINES

Security issues should be disclosed to quality@healthbeacon.com. We will investigate legitimate security reports and respond within 1-2 business days, and make every effort to quickly correct any issues, while following Data Protection guidelines and responsibilities. If you identify a security issue you should not modify or access data that does not belong to you.

 

WHEN WAS THE PRIVAY POLICY LAST UPDATED?

This Privacy Policy was last updated in February 2020. We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the way we process Personal Information.  We will place updates on this website and where appropriate we will give reasonable notice of any changes.

TERMS OF USE

Terms of Use for www.healthbeacon.com

These Online Terms of Use only apply to www.healthbeacon.com.

Without prejudice to your rights under applicable law, HealthBeacon reserves the right to amend these Online Terms of Use at any time (including, without limitation, to reflect technological or functional advancements, legal and regulatory changes or good business practices). If HealthBeacon amends the Online Terms of Use, we will notify users by posting the amended version with an updated effective date on this HealthBeacon Website. By accessing or using the HealthBeacon Website, you agree to be bound by the then current version of the Online Terms of Use. If you disagree with these Online Terms of Use, or are dissatisfied with the HealthBeacon Website, your sole and exclusive remedy is to discontinue using the HealthBeacon Website.

In order to use the HealthBeacon Website, you may be asked to furnish information that constitutes an electronic signature.  You accept that your electronic signature is legally binding and equivalent to your written signature. You agree that after your authentication for use of an HealthBeacon Website, both (i) your act of ticking any checkbox on a form to indicate consent, or (ii) your use of functionality of the HealthBeacon Website, constitute “electronic signatures” within the meaning of the Electronic Commerce Act 2000, and manifest your intention to consent (in particular, to the data collection, handling or disclosure to which such “checkbox” or website functionality may relate, in accordance with the Privacy Policy).

 

DISCLAIMERS

  • HealthBeacon will take reasonable care to ensure that the information and content on the HealthBeacon Website is accurate, complete, up to date, available and does not infringe any third-party rights. However, we do not guarantee that this is always the case. The HealthBeacon Website and the content and information on it are provided on an “as is” and “as available” basis, with all faults. To the maximum extent permitted by applicable law, HealthBeacon hereby disclaims all representations and warranties relating to the information and content on the HealthBeacon Website, whether express or implied, created by law, contract or otherwise, including, without limitation, any warranties or conditions about satisfactory quality, fitness for a particular purpose, title or non-infringement of third party rights.
  • The information and content on the HealthBeacon Website do not constitute, and is not intended to be, medical or financial advice. You should seek independent advice before you make any decisions relating to your medical condition or finances. To the maximum extent permitted by applicable law, HealthBeacon hereby disclaims all liability for any loss or damage which may be suffered by any person, whether suffered directly, indirectly, immediately or consequentially, and whether arising in contract, tort (including negligence) or otherwise, which arises out of, or in connection with, use of the HealthBeacon Website or any decisions which you make in consultation with an independent advisor or practitioner, except in the case of death or personal injury resulting from HealthBeacon’s negligence.
  • HealthBeacon is not responsible, and provides no warranty whatsoever, for the accuracy, effectiveness, timeliness and suitability of any information or content obtained from third parties, including any hyperlinks to or from third-party websites.

 

Your Use:

You agree:

  • not to disrupt, amend or intercept information posted on the HealthBeacon Website or on any of HealthBeacon’s servers.
  • to provide only information that is accurate, complete and not misleading.
  • to abide by all applicable, national and international laws, rules and regulations.
  • not to attempt to circumvent any security features of the HealthBeacon Website.
  • not to permit any other person to use your account (failing which, you assume full responsibility for those persons’ use of the HealthBeacon Website, and further acknowledge that such use is unauthorised and shall constitute a material breach of these Online Terms of Use);