Notice of Privacy Practices

Last Updated: May 4, 2017

BuddyCare mobile solution and patient engagement platform has been developed in close cooperation between Buddy Healthcare and hospitals to provide services for Patients and their families. We understand the importance of the patient-hospital relationship and keeping the Patient’s and Caretaker’s personal information private. Personal information identifies the Patient as an individual, such as name and date of birth (“Personal Information”).

This Privacy Policy describes our practices in connection with information we collect through the Patient’s or Caretaker’s use of BuddyCare mobile application. By using the BuddyCare mobile application, you agree to the terms and conditions stated in this Privacy Policy.

Protected Health Information (PHI) is part of the Personal Information we collect. Protected Health Information that is provided to us or that we otherwise collect is subject to the additional terms and conditions in the “Protected Health Information” section below. The terms and conditions of this section will prevail and control if they are inconsistent with or contradictory to the remaining terms and conditions of this Privacy Policy.

Personal Information

Personal Information We Collect From Patients and Authorized Caretakers

If you are a Patient of a physician or other healthcare or medical provider (“Provider”), who has subscribed to the BuddyCare mobile solution, we collect Personal Information about the Patient and the Caretaker. A Caretaker is a person who is the legal guardian of the Patient who is a minor, developmentally disabled adult or incapacitated senior. When the Caretaker registers to use the BuddyCare mobile application and through the Caretaker’s use of the BuddyCare mobile application, we collect Personal Information, including when the Caretaker and the Provider communicate with each other.

The Personal Information we collect from the Patient, includes, without limitations, the Patient’s full name, date of birth, gender, ID or SSN, postal address, surgery date and time, surgery type, hospital or other healthcare provider name the Patient is being cared in, Patient photo, answers to pre-questionnaire form, pre-assessment form and VAS pain scale and possible conversations with the care provider.

The Personal Information we collect from the Caretaker, includes, without limitations, the Caretaker’s full name, phone number/email address, relationship to the Patient and possible conversations with the care provider. When the Caretaker is communicating with the Provider, the Caretaker and the Provider may disclose Personal Information about the Patient, which may include Protected Health Information.

How We Use Personal Information?

We may use Personal Information, as follows:

  • Allow the Caretaker access to the BuddyCare mobile application
  • Respond to the Caretaker’s inquiries
  • Send the Caretaker information regarding the BuddyCare mobile application, such as, changes to our terms, conditions, and policies and/or other vital information
  • For our business purposes, such as data analysis, audits, developing new products, and enhancing and improving the BuddyCare mobile application
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
How We Disclose Personal Information?

We may disclose Personal Information, including Protected Health Information (defined below), as follows:

  • If you are a Patient to your Provider, without further authorization for purposes of operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures.
  • If you are a Caretaker to the Patient, without further authorization for purposes of operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures.
  • To our third party service providers who provide services such as data analysis, infrastructure provision, IT services, email delivery services, credit card processing, backup, auditing services and other similar services
  • To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Protected Health Information

What is Protected Health Information?

“Protected Health Information” or PHI includes information, whether oral or recorded in any form or medium, that we receive from the Patient, the Caretaker or Provider or that we create on behalf of a Provider, (i) that relates to the past, present or future physical or mental condition of the Patient; the provision of health care to the Patient; or the past, present or future payment for the provision of health care to the Patient; and (ii) that identifies the Patient or with respect to which there is a reasonable basis to believe the information can be used to identify the Patient. “Protected Health Information” has the same meaning generally in this Privacy Policy as defined as the term “Protected Health Information” in 45 C.F.R. § 160.103.

How We Use And/Or Disclose Protected Health Information?

We may use and/or disclose Protected Health Information in the same manner as Personal Information described above, except our use and disclosure of Protected Health Information is further limited as provided by the administrative simplification provision of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”) and the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information promulgated thereto.

Specifically, as described above, all uses or disclosures of PHI shall require Patient authorization or a valid authorization on the Patient’s behalf, except: (1) uses or disclosures by or to the Patient; (2) uses or disclosures for treatment, payment or healthcare operations; (3) as part of any valid use or disclosure; or (4) in compliance with and pursuant to Applicable Law.

Buddy Healthcare may disclose PHI for most other purposes only pursuant to Patient’s valid authorization, as follows: (1) for use or disclosure of PHI for marketing purposes; (2) for disclosures that constitute a sale of PHI; or (3) for other uses or disclosures that are not exempt from the authorization requirement.

We will enter into Business Associate Agreements with the Providers who are “Covered Entities” when we are a “Business Associate”, as those terms are defined by HIPAA. We will use and disclose PHI only for those uses and disclosures permitted by HIPAA and under the applicable Business Associate Agreement. We may use or disclose PHI to provide the BuddyCare mobile solution to the Patient, the Caretaker or the Provider. We may also use PHI for our management and administration or to carry out our legal responsibilities.

Non-Personal Information

Non-Personal Information We Collect

“Non-Personal Information” is any information that does not reveal the Patient’s or the Caretaker’s identity, such as:

  • Information collected through cookies, pixel tags and other technologies
  • Demographic information
  • Aggregated information
  • Answers to feedback questionnaire
  • Tasks and activities the Patient or the Caretaker acknowledges in the BuddyCare mobile application

We and our third party service providers may collect Non-Personal Information in a variety of ways, including:

  • From the Caretaker: Information such as the Patient’s or the Caretaker’s location, as well as other information, such as preferred content and user interface language when using the BuddyCare mobile application. These are collected when the Patient or the Caretaker voluntarily provides this information. Unless combined with Personal Information, this information does not personally identify the Caretaker or the Patient or any other user of the BuddyCare mobile application.
  • By aggregating information: Aggregated Personal Information does not personally identify the Patient or the Caretaker or any other user of the BuddyCare mobile application (for example, we may use Personal Information to calculate the percentage of users who have read the Surgery Information Package).
How We Disclose and Use Non-Personal Information?

Because Non-Personal Information does not personally identify either the Caretaker or the Patient, we may use and disclose Non-Personal Information for any purpose whatsoever. In some instances, we may combine Non-Personal Information with Personal Information (such as combining the Caretaker’s name with the Caretaker’s geographical location). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined.

Third Party Services

This Privacy Policy does not address the privacy, information or other practices of any third party services. A Business Associate Agreement is made with third party service providers, which establishes the permitted and required uses and disclosures of PHI by the business associate.

IP Addresses

The user’s “IP Address” is a number that is automatically assigned to the user. The IP Address is identified and logged automatically in server log files whenever a user uses the BuddyCare mobile application, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is a standard practice and done automatically.

We use IP Addresses for purposes such as calculating application usage levels, diagnosing server problems, tracking malpractice, preventing cyber attacks and denial-of-service attacks, and administering the BuddyCare mobile application in general. We may also use and disclose IP Addresses for all the purposes for which we use and disclose Personal Information. Please note that we treat IP Addresses, server log files and related information as Non-Personal Information, except where we are required to do otherwise under applicable law.

Security

We use reasonable organizational, technical and administrative measures to protect Personal Information under our control, consistent with the Omnibus regulations promulgating Standards for Privacy of Individually Identifiable Health Information and Security Standards for the Protection of Electronic Protected Health Information. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have a reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account with us has been compromised), please immediately notify us about the problem by contacting us in accordance with the “Contact Us” section below.

Likewise, Buddy Healthcare will notify affected Providers, Patients and Caretakers of any breach of unsecured PHI within one week of notice and confirmation thereof.

Access and Change Your Information

How You Can Access or Change Your Personal Information

If the Caretaker or the Patient would like to review, correct, update, delete or otherwise limit our use of Personal Information that has been previously provided to us, the Patient or Caretaker may contact us in accordance with the “Contact Us” section below.

In the request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit the use of your Personal Information, we may need to terminate your account with us and your ability to access and use the BuddyCare mobile application, and you agree that we will not be liable to you for such termination or for any fees to you. Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems all your Personal Information. The need to backup our systems to protect information from inadvertent loss means that a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to remove.

Updates To This Privacy Policy

We may change this Privacy Policy. Please take a look at the “LAST UPDATED” legend at the top of this page to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on this Website, make it available through the BuddyCare mobile application, or otherwise notify the Patient or the Caretaker, whichever occurs earlier.

Any changes to this Privacy Policy will be effective for all information that we maintain, even information in existence before the change. Your use of the BuddyCare mobile application following these changes means that you accept the revised Privacy Policy.

Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law.

Contacting Us

If you have any questions about this Privacy Policy, please contact us by email at care@buddyhealthcare.com, or please write to: Buddy Healthcare Ltd Oy, Kuortaneenkatu 2, 00160 Helsinki, Finland. Please note that email communications are not always secure; so please do not include sensitive information in your emails to us.