For the avoidance of doubt, this Notice is related solely to the Service available through the Planned Parenthood Direct mobile application (the "PP Direct App") and is different from the Notice of Privacy Practices that governs any care you receive in a Planned Parenthood health center and different from Privacy Policies on Planned Parenthood websites.
We understand that health information about you and your health care is personal and we are committed to protecting such health information. We will create records of the care you receive from us. We do so to provide you with quality care and to comply with any legal requirements.
This Notice applies to all of the records generated or received by the Planned Parenthood Affiliates, whether we documented the health information or you provided the health information. This Notice will describe the manner in which we may use your health information, your rights to the health information we keep about you, and certain obligations we have regarding the use and disclosure of your health information. This Notice also describes the risk of using electronic communications and the risk of us electronically storing your health information related to the Service.
This Notice is being provided to you on behalf of Kaleido Health Solutions, Inc. ("Kaleido", also referred to herein as "we" or "our" or "us"). Kaleido operates the Planned Parenthood Direct mobile application (the "App"). Kaleido is a contracting partner of certain regional Planned Parenthood member affiliates governed by the Bylaws of Parenthood Federation of America, Inc. (the "PP Affiliates"). The App enables the PP Affiliates to offer an online telehealth service (the "Service") that, when clinically appropriate, allows patients to obtain a limited range of health care from the PP Affiliate providers. Kaleido is the owner and operator of the App and does not provide healthcare services. We understand that your medical information is private and confidential. Further, we are required by law, as a business associate of the PP Affiliates, to maintain the privacy of "protected health information." "Protected health information" or "PHI" includes any individually identifiable information that we obtain from you or others that relates to your past, present or future physical or mental health, the health care you have received, or payment for your health care. We will share protected health information with one another, as necessary, to carry out treatment, payment, or health care operations relating to the services to be rendered through the PP Direct App.
As required by law, this Notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of PHI. This Notice also discusses the uses and disclosures we may make with respect to your PHI. We must comply with the provisions of this Notice as currently in effect, although we reserve the right to change the terms of this Notice from time to time and to make the revised Notice effective for all PHI we maintain.
We can use or disclose your PHI for purposes of treatment, payment, and health care operations. For each of these categories of uses and disclosures, we have provided a description and an example below. However, not every particular use or disclosure in every category will be listed.
We may also use your PHI in the following ways:
Because the PP Affiliate providers provide the Service on a mobile application, we do not respond to 'Do not track' requests from web browsers. However when you have registered and created an account on the App, you can turn off analytical tracking within the App by going into Settings and turning off 'Allow Tracking'.
Note: incidental uses and disclosures of PHI sometimes occur and are not considered to be a violation of your rights. Incidental uses and disclosures are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented.
When you register for this Service on the PP Direct App, we will send an email to the email address you provide and a text message to the phone number you provide. If you click on the initial email we send you, we may also send you marketing emails to encourage you to use our Service again or to tell you about new online services we are launching.
By giving us your email address you are agreeing to us sending you emails. It will be clear to anyone who sees the emails we send you on behalf of the PP Affiliates that the emails come from Planned Parenthood. Anyone who gets or has access to an email we send you can read, forward, copy, delete or change it. This includes people who have permission to read your emails and those who do not.
By giving us your telephone number you are agreeing to us calling you and leaving voice messages and sending you text messages on the number you provide. It will be clear to anyone who has access to your telephone or voicemail or text messages that messages we send you come from Planned Parenthood.
Subject to the requirements of applicable law, we will make the following uses and disclosures of your PHI:
Note: HIV-related information, genetic information, alcohol and/or substance abuse records, mental health records and other specially protected health information may enjoy certain special confidentiality protections under applicable state and federal law. Any disclosures of these types of records will be subject to these special protections.
Certain uses and disclosures of PHI will be made only with your written authorization, including uses and/or disclosures: (a) for marketing purposes, and (b) that constitute a sale of PHI under the HIPAA Privacy Rule. Other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written authorization. You have the right to revoke that authorization at any time, provided that the revocation is in writing, except to the extent that we already have taken action in reliance on your authorization.
1. You have the right to request restrictions on our uses and disclosures of PHI for treatment, payment and health care operations. However, we are not required to agree to your request unless the disclosure is to a health plan in order to receive payment, the PHI pertains solely to your health care items or services for which you have paid the bill in full, and the disclosure is not otherwise required by law. To request a restriction, you may make your request in writing to Privacy Officer at PrivacyOffice@kaleido-health.com.
2. You have the right to reasonably request to receive confidential communications of your PHI by alternative means or at alternative locations. To make such a request, you may submit your request in writing to our Privacy Officer.
3. You have the right to inspect and copy the PHI contained in our records, except:
In order to inspect or obtain a copy of your PHI, you may submit your request in writing to Privacy Officer at PrivacyOffice@kaleido-health.com. If you request a copy, we may charge you a fee for the costs of copying and mailing your records, as well as other costs associated with your request.
We may also deny a request for access to PHI under certain circumstances if there is a potential for harm to yourself or others. If we deny a request for access for this purpose, you have the right to have our denial reviewed in accordance with the requirements of applicable law.
4. You have the right to request an amendment to your PHI but we may deny your request for amendment, if we determine that the PHI or record that is the subject of the request:
In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records. In order to request an amendment to your PHI, you must submit your request in writing to Privacy Officer at PrivacyOffice@kaleido-health.com, along with a description of the reason for your request.
5. You have the right to receive an accounting of disclosures of PHI made by us to individuals or entities other than to you for the six years prior to your request, except for disclosures:
To request an accounting of disclosures of your PHI, you must submit your request in writing to our Privacy Officer. Your request must state a specific time period for the accounting (e.g., the past three months). The first accounting of disclosures you request within a 12-month period will be free. For additional requests for an accounting, we may charge you for the costs of providing the accounting. We will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred. We will mail you a list of disclosures in paper form within 30 days of your request, or notify you if we are unable to supply the list within that time period and by what date we can supply the list; but this date should not exceed a total of 60 days from the date you made the request.
6. By using the App, you forgo your right to request that we communicate with you in a certain way. The nature of the Service is that, other than the hard copy communications we mail to you with a prescription, all other communications will be electronic or by telephone.
7. You have the right to receive a notification, in the event that there is a breach of your unsecured PHI, which requires notification under the Privacy Rule.
We understand the importance of protecting your PHI and take our security obligations very seriously. We take a number of steps to safeguard the privacy and security of all electronic communications we send to you and that you may send to us through the PP Direct App. We also take a number of steps to safeguard the security of your PHI that we store in our various electronic systems. However, any device or application connected to the Internet is susceptible to a security breach, despite the level of administrative, technical, and physical safeguards employed. This means that there is a risk that unauthorized parties may be able to access and read electronic communications about you or pertaining to the care that we provide to you through the PP Direct App. By using the App, you agree that you have read, understand, and accept this risk.
We also take safeguards to ensure that any photo that you upload through the PP Direct App is only accessible through the PP Direct App. Despite the safeguards we take, however, there is a risk that any photo you upload may be accessible to third parties, including elsewhere on your mobile phone and visible to others who may access your phone. If you back-up data from your phone, there is a risk that your PHI may be backed up and stored elsewhere.
If you believe that your privacy rights have been violated, you should immediately contact Privacy Officer at PrivacyOffice@kaleido-health.com. We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
If you have any questions or would like further information about this Notice, please contact Privacy Officer at PrivacyOffice@kaleido-health.com.
This Notice is effective as of August 14, 2017