URx MOBILE APPLICATION PRIVACY POLICY
Effective as of
9/1/2022.
This privacy policy (the “Privacy Policy”) applies to the URx mobile application (the “App”), owned and operated by URx (“URx”; also referred to as “we”, “us”, or “our”). URx has created this Privacy Policy to tell users what information the App collects, how URx uses that information, and who URx will share that information with, if at all. This Privacy Policy does not address the privacy practices of any third parties that URx does not own, control, or is affiliated with. By visiting and/or using the App, you, as a user, are agreeing to the terms of this Privacy Policy. URx encourage the user to read the Privacy Policy and to use the information it contained to help make informed decisions.
1. Information URx Collects or Receives. In the course of operating the App, URx will collect and/or receive the following types of information. You authorize us to collect and/or receive such information.
-
Personal Information. We only receive or collect information that identifies you personally if you choose to provide such personally identifiable information to us via email or other means. When you sign up to become a user or contact us, you will be required to provide us with personal information about yourself (collectively, the “Personal Information”). Such Personal Information may include your name, e-mail address, physical address, and phone number. We do not collect any Personal Information from you when you use the App unless you provide us with the Personal Information voluntarily.
-
Third-Party Log In. If you sign in through a third-party, you are authorizing us to collect, store, and use, in accordance with this Privacy Policy, any and all information that you agreed that the third-party would provide to us through third-party’s Application Programming Interface (“API”). Such information may include, without limitation, your first and last name, third-party username, third-party profile picture, headline, unique identifier and access token, and e-mail address.
-
Payment Information. If you choose to make a purchase or subscribe to a feature or service ours that requires a fee, you will be required to provide us with your payment information, including, without limitation, bank account numbers, credit card or debit card numbers, account details, ACH information, and similar data (collectively, “Payment Information”). Such Payment Information will be collected and processed by our third-party payment vendors pursuant to the terms and conditions of their privacy policies and terms of use, and we do not obtain access to any Payment Information in connection with such purchases or subscriptions.
-
Geolocational Information. Certain features and functionalities of the App are based on your location. In order to provide these features and functionalities while you are using your mobile device, we may, with your consent, automatically collect geolocational information from your mobile device or wireless carrier and/or certain third-party service providers (collectively, “Geolocational Information”). Collection of such Geolocational Information occurs only when the App is running on your device. You may decline to allow us to collect such Geolocational Information, in which case we will not be able to provide certain features or functionalities to you.
-
Third-Party Analytics. We and the third-party technology providers, ad exchanges, ad networks, advertisers, agencies, ad exchanges, and ad servers with which we work use third-party analytics services (e.g., Google Analytics) to evaluate your use of the App, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the App and mobile and Internet usage. These third parties use cookies and other technologies to help analyze and provide us the data. You consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Privacy Policy.
-
Other Information. In addition to the Personal Information, Payment Information, and Geolocational Information, we may automatically collect or receive additional information regarding you and your use of the App; your interactions with us and our advertising; and information regarding your computer and mobile devices used to access the App (collectively, the “Other Information”). Such Other Information may include:
-
From You. Additional information about yourself that you voluntarily provide to us, such as your gender and your product and service preferences.
-
From Your Activity. We may collect or receive information regarding: (a) IP address, which may consist of a static or dynamic IP address and will sometimes point to a specific identifiable computer or mobile device; (b) browser type and language; (c) referring and exit pages and URLs; (d) date and time; and (e) details regarding your activity on the App, such as search queries and other performance and usage data.
-
About Your Mobile Device. We may collect or receive information regarding: (a) type of mobile device; (b) advertising Identifier (“IDFA” or “AdID”); (c) operating system and version (e.g., iOS, Android or Windows); (d) carrier; and, (e) network type (WiFi, 3G, 4G, 5G, LTE).
-
From Cookies. We may use both session cookies, which expire once you close the App, and persistent cookies, which stay on your mobile device until you delete them and other technologies to help us collect data and to enhance your experience with the App. Cookies are small text files an app can use to recognize a repeat visitor to the app. We may use cookies for various purposes, including to: (a) type of mobile device; (b) personalize your experience; (c) analyze which portions of the App are visited and used most frequently; and (d) measure and optimize advertising and promotional effectiveness.
If you do not want us to deploy cookies in the App, you can opt out by setting your mobile device to reject cookies. You can still use the App if you choose to disable cookies, although your ability to use some features may be affected.
2. How Information Is Used and Shared.
- You authorize us to use the Personal Information, Payment Information, Geolocational Information, and the Other Information (collectively, the “Information”) to: (a) provide our services; (b) administer our promotional programs; (c) solicit your feedback; and (d) inform you about our products and services.
-
In order to provide our services and administer our promotional programs, we may including, without limitation, businesses participating in our various programs.
-
We engage third-party companies and individuals to perform functions on our behalf. Examples may include providing technical assistance, customer service, and administration of promotional programs. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law.
-
In an ongoing effort to better understand our users, the App, and our products and services, we may analyze certain Information in anonymized and aggregate form to operate, maintain, manage, and improve the App and/or such products and services. This aggregate information does not identify you personally. We may share and/or license this aggregate data to our affiliates, agents and business, and other third parties. We may also disclose aggregated user statistics to describe the App and these products and services to current and prospective business partners and investors and to other third parties for other lawful purposes.
-
We may share some or all of your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
-
As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
-
To the extent permitted by law, we may also disclose the Information: (a) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (b) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of us or others, including you.
3. HIPAA Assurances.
Users of the App and the services provided within agree to use this App as intended, within the laws of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including the HIPAA Privacy Rule and the HIPAA Security Rule. Information reported to URx by the User may constitute Protected Health Information (“PHI”), as the term is defined by HIPAA. URx will comply with HIPAA as it related to your PHI.
URx is a Business Associate as the term is defined by HIPAA. In the event URx creates, receives, maintains, or otherwise is exposed to personally identifiable or aggregate patient or other medical information defined as PHI, URx shall:
-
Recognize that HITECH (the Health Information Technology and Economic and Clinical Health Act of 2009) and the regulations thereunder (including 45 C.F.R. Sections 164.308, 164.310, 164.312, and 164.316), apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity;
-
Not use or further disclose the PHI, except as permitted by law;
-
Not use or further disclose the PHI in a manner that had the relevant Covered Entity done so, would violate the requirements of HIPAA;
-
Use appropriate safeguards (including implementing administrative, physical, and technical safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of PHI and to prevent the use or disclosure of the PHI other than as provided for by this EULA or related agreements;
-
Comply with each applicable requirements of 45 C.F.R Part 162 if URx conducts Standard Transactions for or on behalf of the Covered Entity;
-
Report promptly to the applicable Covered Entity any security incident or other use or disclosure of PHI not provided for by this or related agreements of which URx becomes aware;
-
Ensure that any subcontractors or agents who receive or are exposed to PHI (whether in electronic or other format) are explained the Business Associate obligations under this paragraph and agree to the same restrictions and conditions;
-
Make available PHI in accordance with the individual’s rights as required under HIPAA Regulations;
-
Account for PHI disclosures for up to the past six (6) years as requested by a Covered Entity, which shall include: (i) dates of disclosure, (ii) names of the entities or persons who received the PHI, (iii) a brief description of the PHI disclosed, and (iv) a brief statement of the purpose and basis of such disclosure;
-
Make its internal practices, books, and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining URx’s compliance with HIPAA; and
-
Incorporate any amendments or corrections to PHI when notified or enter into a Business Associate Agreement or other necessary Agreements to comply with HIPAA.
4. Accessing and Modifying Information and Communication Preferences. If you have provided us any Personal Information, you may access, remove, review, and/or make changes to the same by contacting us as set forth below. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any of our marketing e-mails. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. You cannot opt out of receiving transactional e-mails related to the App (e.g., requests for support). We may also deliver notifications to your mobile device (e.g., push notifications). You can disable these notifications by deleting the relevant service or by changing the settings on your mobile device.
5. How We Protect Your Information. We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share such Information, nor can we guarantee that the Information you supply will not be intercepted while being transmitted over the Internet. In particular, e-mail sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. For protected health information, security measures are taken pursuant to the HIPAA Security Rule.
6. Important Notices to Non-U.S. Residents. The App and its servers are operated in the United States. If you are located outside of the United States, please be aware that your Information, including your Personal Information, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to use the App, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States and elsewhere.
7. App Stores; External Websites. Your app store may collect certain information in connection with your use of the App, such as Personal Information, Payment Information, Geolocational Information, and other usage-based data. We have no control over the collection of such information by a third-party app store, and any such collection or use will be subject to that third party’s applicable privacy policies. The App may contain links to third-party websites. We have no control over the privacy practices or the content of these websites. As such, we are not responsible for the content or the privacy policies of those third-party websites. You should check the applicable third-party privacy policy and terms of use when visiting any other websites.
8. GDPR Privacy.
a. Legal Basis for Processing Personal Data Under GDPR. We pay process Personal Information under the following conditions:
-
Consent: You have given Your consent for processing Personal Data for one or more specific purposes.
-
Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with You and/or for any pre-contractual obligations thereof.
-
Legal obligations: Processing Personal Data is necessary for compliance with a legal obligation to which the Company is subject.
-
Vital interests: Processing Personal Data is necessary in order to protect Your vital interests or of another natural person.
-
Public interests: Processing Personal Data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
-
Legitimate interests: Processing Personal Data is necessary for the purposes of the legitimate interests pursued by the Company.
b. Your Rights Under the GDPR. The Company undertakes to respect the confidentiality of your Personal Information and to guarantee you can exercise your rights. You have the right under this Privacy Policy, and by law if you are within the EU, to:
-
Request access to Your Personal Information. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of Your Personal Information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the Personal Information we hold about you.
-
Request Correction of the Personal Information that We hold about You. You have the right to have any incomplete or inaccurate information we hold about you corrected.
-
Object to processing of Your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your Personal Information on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes.
-
Request erasure of Your Personal Information. You have the right to ask us to delete or remove Personal Information when there is no good reason for us to continue processing it.
-
Request the transfer of Your Personal Information. We will provide to you, or to a third-party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
-
Withdraw Your Consent. You have the right to withdraw your consent on using your Personal Information. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the App or our services.
c. Exercising of Your GDPR Data Protection Rights. You may exercise Your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.
9. CCPA Privacy. This privacy notice section for California residents supplements the information contained in Our Privacy Policy and it applies solely to all visitors, users, and others who reside in the State of California.
-
Categories of Personal Information Collected. We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or Device. The following is a list of categories of personal information which we may collect or may have been collected from California residents within the last twelve (12) months.
Please note that the categories and examples provided in the list below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact collected by us, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been collected. For example, certain categories of personal information would only be collected if you provided such personal information directly to us.
- Category A: Identifiers. Examples: A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, driver’s license number, passport number, or other similar identifiers. Collected: YES/NO.
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).Examples: A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. Collected: YES/NO.
- Category C: Protected classification characteristics under California or federal law. Examples: Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).Collected: YES/NO.
- Category D: Commercial information. Examples: Records and history of products or services purchased or considered. Collected: YES/NO.
-
Category E: Biometric information. Examples: Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. Collected: YES/NO.
-
Category F: Internet or other similar network activity. Examples: Interaction with our Service or advertisement. Collected: YES/NO.
-
Category G: Geolocation data. Examples: Approximate physical location. Collected: YES/NO.
-
Category H: Sensory data. Examples: Audio, electronic, visual, thermal, olfactory, or similar information. Collected: YES/NO.
-
Category I: Professional or employment-related information. Examples: Current or past job history or performance evaluations. Collected: YES/NO.
-
Category J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Examples: Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. Collected: YES/NO.
-
Category K: Inferences drawn from other personal information. Examples: Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Collected: YES/NO.
-
Under CCPA, personal information does not include:
- Publicly available information from government records
- Deidentified or aggregated consumer information
- Information excluded from the CCPA’s scope, such as:
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
- Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994
-
Sources of Personal Information. We obtain the categories of personal information listed above from the following categories of sources:
- Directly From You. For example, any forms or other information you complete or submit on the App, or that you otherwise expressly provide to us.
- Indirectly From You. For example, seeing your activity on our App or services.
- Automatically From You. For example, through cookies we or our service providers set on your device.
- From Service Providers. For example, a third-party vender that monitors and analyses the use of our App or services or other third-party venders we use to provide service to you.
-
Use of Personal Information for Business Purposes or Commercial Purposes. We may use or disclose personal information we collect for “business purposes” or “commercial purposes” (as defined under the CCPA), which may include the following examples:
- To operate and provide you with our services.
- To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our service.
- To fulfill or meet the reason you provided the information.
- To respond to law enforcement requests as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information or as otherwise set forth in the CCPA.
- For internal administrative and auditing purposes.
- To detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity, including, when necessary, to prosecute those responsible for such activities.
These examples are illustrative and not intended to be exhaustive. This Privacy Policy will be updated should there be a material change or personal information will be used for unrelated or incompatible purposes.
- Disclosure of Personal Information for Business Purposes or Commercial Purposes. We may use or disclose and may have used or disclosed in the last twelve (12) months the following categories of personal information for business or commercial purposes:
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Category F: Internet or other similar network activity
Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed.
When We disclose personal information for a business purpose or a commercial purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
-
Sale of Personal Information. As defined in the CCPA, “sell” and “sale” mean selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for valuable consideration. This means that We may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.
Please note that the categories listed below are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.
We may sell and may have sold in the last twelve (12) months the following categories of personal information:
- Category A: Identifiers
- Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
- Category F: Internet or other similar network activity
-
Share of Personal Information. We may share Your personal information identified in the above categories with the following categories of third parties:
- Service Providers
- Our affiliates
- Our business partners
- Third-party vendors to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide you
-
Sale of Personal Information of Minors Under 16 Years of Age. We do not sell the personal information of Consumers We actually know are less than 16 years of age, unless we receive affirmative authorization (the “right to opt-in”) from either the Consumer who is between 13 and 16 years of age, or the parent or guardian of a Consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to ss by contacting ss
If you have reason to believe that a child under the age of 13 (or 16) has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.
-
Your Rights Under the CCPA. The CCPA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:
- The right to notice. You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.
- The right to request. Under CCPA, you have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once we receive and confirm your request, we will disclose to you: (a) the categories of personal information we collected about you, (b) the categories of sources for that personal information we collected about you, (c) our business or commercial purpose for collecting or selling that personal information, (d) the categories of third parties with whom we share that personal information, (e) the specific pieces of personal information we collected about you, (f) if we sold your personal information or disclosed your personal information for a business purpose, we will disclose to you: (A) the categories of personal information sold, and (b) the categories of personal information disclosed.
- The right to say no to the sale of Personal Data (opt-out). You have the right to direct ss to not sell your personal information. To submit an opt-out request please contact us.
- The right to delete Personal Data. You have the right to request the deletion of your Personal Data, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct Our Service Providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or Our Service Providers to: (a) Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you, (b) Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, (c) Debug products to identify and repair errors that impair existing intended functionality, (d) Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law, (e) Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.), (f) Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent, (g) Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us, (h) Comply with a legal obligation, and (i) Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
- The right not to be discriminated against. You have the right not to be discriminated against for exercising any of your consumer’s rights, including by: (a) Denying goods or services to you, (b) Charging different prices or rates for goods or services, including the use of discounts or other benefits or imposing penalties, (c) Providing a different level or quality of goods or services to you, and (d) Suggesting that you will receive a different price or rate for goods or services or a different level or quality of goods or services.
-
Exercising Your CCPA Data Protection Rights. In order to exercise any of Your rights under the CCPA, and if You are a California resident, You can contact us: 119, Epperson St, Athens, TN 37303-3478, United States. Email: urxservice@helicase.ai Phone: +1 423-271-8499
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to your personal information.
Your request to us must: (i) Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and (ii) Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request to provide you with the required information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you.
We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonable necessary and with prior notice.
Any disclosures qe provide will only cover the 12-month period preceding the verifiable request’s receipt.
For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
-
Do Not Sell My Personal Information. You have the right to opt-out of the sale of Your personal information. Once We receive and confirm a verifiable consumer request from you, we will stop selling Your personal information. To exercise your right to opt-out, please contact us.
The Service Providers we partner with (for example, our analytics or advertising partners) may use technology on the Service that sells personal information as defined by the CCPA law. If you wish to opt out of the use of your personal information for interest-based advertising purposes and these potential sales as defined under CCPA law, you may do so by following the instructions below.
Please note that any opt out is specific to the browser you use. You may need to opt out on every browser that you use.
-
Website. You can opt out of receiving ads that are personalized as served by our Service Providers by following instructions presented on the following:
NAI: http://www.networkadvertising.org/choices/
EDAA: http://www.youronlinechoices.com/
DAA: http://optout.aboutads.info/?c=2&lang=EN
The opt out will place a cookie on your computer that is unique to the browser you use to opt out. If you change browsers or delete the cookies saved by your browser, you will need to opt out again.
-
Mobile Devices. Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
“Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
“Limit Ad Tracking” on iOS devices
You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.
-
“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA). Our Service does not respond to Do Not Track signals. However, some third party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.
-
Your California Privacy Rights (California’s Shine the Light law). Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes.
If you’d like to request more information under the California Shine the Light law, and if You are a California resident, You can contact Us using the contact information provided below.
-
California Privacy Rights for Minor Users (California Business and Professions Code Section 22581). California Business and Professions Code section 22581 allow California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted.
To request removal of such data, and if You are a California resident, You can contact Us using the contact information provided below, and include the email address associated with Your account.
Be aware that Your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
-
Links to Other Websites. You may find a link to another website in our App or our services. We strongly encourage you to review that third-party’s privacy policy as well, and we have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
10. Children. The App is not directed to children under the age of 13. We adhere to the Children’s Online Privacy Protection Act (COPPA) and will not knowingly collect Personal Information from any child under the age of 13. We ask that minors (under the age of 13) not use the App. If a child under the age of 13 has provided us with Personal Information, a parent or guardian of that child may contact us and request that such information be deleted from our records.
11. Changes to this Privacy Policy. This Privacy Policy is effective as of the date stated at the top of this Privacy Policy. We may change this Privacy Policy from time to time. Any such changes will be posted on the App. By accessing the App after we make any such changes to this Privacy Policy, you are deemed to have accepted such changes. Please be aware that, to the extent permitted by applicable law, our use of the Information is governed by the Privacy Policy in effect at the time we collect the Information. Please refer back to this Privacy Policy on a regular basis.
12. How to Contact Us. If you have questions about this Privacy Policy, please e-mail us at urxservice@helicase.ai with “Privacy Policy” in the subject line or mail us at the following address: 119, Epperson St, Athens, TN 37303-3478, United States.
URx HIPPA PRIVACY AND SECURITY POLICY
Introduction
URx (the “Company”) is involved in providing services relating to ePrescribing for covered entities and for business associates of covered entities and is itself considered a “business associate” as defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Company has adopted this policy to ensure compliance of the company under HIPAA.
Members of the Company’s workforce may have access to “protected health information” (as described below) of users of the URx application (the “App”). The Company intends to fully comply with HIPAA requirements, as administered by the United States Department of Health and Human Services (HHS), including HIPAA’s Privacy Rule and Security Rule and with the terms of any Business Associate Agreement with a Covered Entity. HIPAA restricts the Company’s use and disclosure of protected information related to the use and function of the App.
“Protected health information” (“PHI”) means information that is created or received by the Company through the App and relates to the past, present, or future physical or mental health condition of a user of the App; the provision of health care to a user of the App; or the past, present, or future payment for the provision of health care to a user of the App; and that identifies the user of the App or for which there is a reasonable basis to believe the information can be used to identify the participant. PHI includes information concerning persons living or deceased. The Security Rule governs electronically conveyed PHI, or “E-PHI”. (PHI herein includes E-PHI unless E-PHI is specified.) Special aspects of Security Rule compliance are addressed below.
PHI does NOT include individually identifiable health information which may be contained in employment records, such as sick leave, family leave, disability and other such records obtained from employees directly or from sources other than the App, in connection with those personnel matters. However, PHI from the APP may NOT be used in personnel matters without written consent of the individual.
The Company has adopted this Privacy Policy and the Company’s Separate Security Manual regarding the use and disclosure of individual’s rights related to their PHI. All members of the Company’s workforce who have access to PHI must comply with these policies, procedures, and manuals.
All issues arising from privacy practices or any related issues shall be directed to a Privacy Official or Security Official where appropriate, and any other personnel receiving inquiries regarding such issues shall not attempt to answer or address such inquiries, but shall refer such inquiries to the Privacy or Security Official.
-
ARTICLE I. Plan Responsibilities as Business Associate of Covered Entity
-
Privacy Official and Contact Person. Blessy Berachah will be the Privacy Official for the Company. The Privacy Official shall be responsible for the administration of policies and procedures relating to privacy, including but not limited to this Privacy Policy.
-
Security Official and Contact Person. The Security Official is designated according to the Security Manual.
-
Persons with Access; Workforce Training. It is the Company’s policy to limit access to PHI to those who have need and to train employees who have access to PHI on its privacy and security policies and procedures. The Privacy Official, Security Official and Contact Person will develop training schedules and programs so that employees who have access to PHI (including E-PHI) receive the training necessary and appropriate to permit them to carry out their functions within Plan. Initially, the Company has determined that the following positions (and their incumbents) will have access to PHI and will receive training: (hereinafter “Persons With Access”): Blessy Berachah, Developer . The Security Official will arrange supplemental training of Persons with Access in elements of Security Rule compliance.
-
Technical and Physical Safeguards and Firewall. The safeguards for PHI can be found in the URx HIPAA Security Risk Analysis and Assessment document.
-
Privacy Notice. Should a Covered Entity require Company to distribute Covered Entity’s Privacy Notice, Company shall do so.
-
Complaints. The appropriate Contact Person is responsible for administering a process for individuals to lodge complaints about privacy and security procedures. A copy of the complaint procedure shall be provided to any user upon request.
-
Sanctions for Violations of Privacy and Security Policy. Sanctions for using or disclosing PHI in violation of this HIPAA Privacy and Security Policy will be imposed in accordance with the Company’s discipline policy.
-
Mitigation of Inadvertent Disclosures of Protected Health Information. The Company shall mitigate, to the extent possible, any harmful effects that become known to it of a use or disclosure of an individual’s PHI in violation of the policies and procedures set forth in this Policy. As a result, if an employee becomes aware of a disclosure of PHI that violates this Policy, either by an employee of the Company or a third-party administrator or insurer, the employee may contact the Privacy Official so that the appropriate steps can be taken to mitigate the harm to the participant.
-
Breach Notification Requirements. The Company shall report any breach to the applicable Covered Entity or other required entity as outlined in its Business Associate Agreement
-
No Intimidating or Retaliatory Acts; No Waiver of HIPAA Privacy and Security. No employee may intimidate, threaten, coerce, discriminate against, or take other retaliatory action against individuals for exercising their rights, filing a complaint, participating in an investigation, or opposing any improper practice under HIPAA. No individual shall be required to waive his or her privacy rights under HIPAA as a condition of treatment, payment, enrollment or eligibility.
-
Documentation and Document Retention. The Company’s privacy policies and procedures must be documented and maintained for at least six years. Policies and procedures must be changed as necessary or appropriate to comply with changes in the law, standards, requirements and implementation specifications (including changes and modifications in regulations). Any changes to policies or procedures must promptly be documented. If a change in law impacts the Notice, the Notice must promptly be revised and made available to the necessary parties. Such change is effective only with respect to PHI created or received after the effective date of the Notice. The Plan and the Company shall document certain events and actions (including authorizations, requests for information, sanctions, complaints) relating to an individual’s privacy rights. The documentation of any policies and procedures, actions, activities and designations may be maintained in either written or electronic form.
-
ARTICLE II. Policies on Use and Disclosure of PHI.
-
Use and Disclosure Defined; Workforce Compliance. The Company and the Plan will use and disclose PHI only as permitted under HIPAA. The terms “use” and “disclosure” are defined as follows:
- Use. The sharing, employment, application, utilization, examination, or analysis of individually identifiable health information by any Persons with Access of the Company, or by an affiliated Covered Entity or Business Associate.
- Disclosure. For information that is PHI, disclosure means any release, transfer, provision of access to, or divulging in any other manner of individually identifiable health information to persons who are not Persons with Access of the Company.
- Workforce Compliance. Workforce Must Comply with Company’s Policies and Procedures.
-
Access to PHI is Limited to Certain Employees. Only the Persons with Access shall have regular and recurring access to and use of PHI. Persons with Access may use and disclose PHI for App administrative functions, and they may disclose PHI to other Persons with Access for App administrative functions (but the PHI disclosed must be limited to the minimum amount necessary to perform the App administrative function). Persons with Access may not generally disclose PHI to employees (other than other Persons with Access) unless an authorization is in place or the disclosure otherwise is in compliance with this Company’s policies and procedures.
-
Permitted Uses and Disclosures: Payment and Health Care Operations. PHI may be disclosed for the App’s own payment purposes, and PHI may be disclosed to a covered entity or another business associate for the payment purposes of that covered entity or business associate.
- Payment. Payment includes activities undertaken to obtain Plan contributions or to determine or fulfill the Plan’s responsibility for provision of benefits under the Plan, or to obtain or provide reimbursement for health care. Payment also includes: eligibility and coverage determinations, including coordination of benefits and adjudication or subrogation of health benefit claims; risk adjusting based on enrollee status and demographic characteristics; and billing, claims management, collection activities, obtaining payment under a contract for reinsurance (including stop-loss insurance and excess loss insurance) and related health care data processing.
- Any other Permitted Use and Disclosure allowed by law.
-
Mandatory Disclosures of PHI to Individual and HHS. A user’s PHI must be disclosed as required by HIPAA in two situations:
- The disclosure is to the individual who is the subject of the information; and
- The disclosure is made to HHS for purposes of enforcing HIPAA.
-
Permissive Disclosures of PHI for Legal and Public Policy Purposes. PHI may be disclosed in the following situations without a participant’s authorization, when specific requirements are satisfied, subject to policies developed by and approval of the Company’s Privacy Official. The permissive disclosures are:
- about victims of abuse, neglect or domestic violence;
- for judicial and administrative proceedings;
- for law enforcement purposes;
- for public health activities;
- for health oversight activities;
- about decedents;
- about crime on Company premises;
- for cadaveric organ, eye or tissue donation purposes;
- for certain limited research purposes;
- to avert a serious threat to health or safety;
- for specialized government functions; and
- that relate to workers’ compensation programs.
-
Disclosures of PHI Pursuant to an Authorization. PHI may be disclosed for any purpose if an authorization that satisfies all of HIPAA’s requirements for a valid authorization is provided by the user. All uses and disclosures made pursuant to a signed authorization must be consistent with the terms and conditions of the authorization.
-
Complying with the “Minimum-Necessary” Standard
HIPAA requires that when PHI is used or disclosed, the amount disclosed generally must be limited to the “minimum necessary” to accomplish the purpose of the use or disclosure, as determined by the Privacy Official case-by-case, or, in the instance of routine and recurring disclosures, as set forth in Company policies or procedures.
The “Minimum Necessary” Standard does not apply to any of the following:
- uses or disclosures made to the individual;
- uses or disclosures made pursuant to a valid authorization;
- disclosures made to the DOL;
- uses or disclosures required by law;
- uses or disclosures required to comply with HIPAA.
-
Minimum Necessary When Disclosing PHI. For routine and recurring disclosures developing prospectively, the Privacy Official (or Contact Person if directed by the Privacy Official) will direct an analysis of such disclosures and further, specific standards will be developed
All other disclosures must be reviewed on an individual basis with the Privacy Official to ensure that the amount of information disclosed is the minimum necessary to accomplish the purpose of the disclosure.
-
Minimum Necessary When Requesting PHI.
For making requests for disclosure of PHI for purposes of claims, claims reports, stop loss insurance and other payment and health care operations, the Privacy Official will outline policies and procedures designed to limit the amount requested to the amount reasonably necessary to accomplish the purpose for which the disclosure is requested.
All other requests must be reviewed on an individual basis with the Privacy Official to ensure that the amount of information requested is the minimum necessary to accomplish the purpose of the disclosure.
-
Disclosures of PHI to Business Associates. Persons with Access may disclose PHI to the Company’s business associates and allow Company’s business associates to create or receive PHI on its behalf. However, prior to doing so, the Plan must first obtain assurances from the business associate (in the form of business associate agreements) that it will appropriately safeguard the information. Before sharing PHI with outside consultants or contractors who meet the definition of a “business associate”, employees must contact the Contact Person and verify that a business associate agreement is in place.
-
Disclosures of De-Identified Information and Limited Data Sets. The Company and App may freely use and disclose de-identified information. De-identified information is health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual. There are two ways a covered entity can determine that information is de-identified: either by professional statistical analysis, or by removing 18 specific identifiers under HIPAA.
-
Policies Specific to E-PHI/Security Rule. The Company has performed a risk analysis and assessment and developed a document called the HIPAA Security Risk Analysis and Assessment document, including recommended administrative, physical and technical safeguards that reasonably protect the confidentiality, integrity and availability of electronic PHI the Company creates, receives, maintains or transmits.
-
ARTICLE III. Policies on Individual Rights.
-
Access to Protected Health Information and Requests for Amendment.
HIPAA gives users the right to access and obtain copies of their PHI that the Company/App (or its business associates) maintains in designated record sets. HIPAA also provides that participants may request to have their PHI amended. The Company will provide access to PHI and it will consider requests for amendment that are submitted in writing by participants.
A “Designated Record Set” is a group of records maintained by or for the Company that includes: (a) the enrollment, payment, and claims adjudication record of an individual maintained by or for the Company/App, or (b) any other information used to make decisions about individuals.
-
Accounting. An individual has the right to obtain an accounting of certain disclosures of his or her own PHI. This right to an accounting extends to disclosures made in the last six years, other than disclosures:
- to carry out treatment, payment or health care operations;
- to individuals about their own PHI;
- incident to an otherwise permitted use or disclosure;
- pursuant to an authorization;
- for purposes of creation of a facility directory or to persons involved in the patient’s care or other notification purposes;
- as part of a limited data set; or
- for national security or law enforcement purposes.
The Company shall respond to an accounting request within 60 days. If the Company is unable to provide the accounting within 60 days, it may extend the period by 30 days, provided that it gives the participant notice (including the reason for the delay and the date the information will be provided) within the original 60-day period.
The accounting must include the date of the disclosure, the name of the receiving party, a brief description of the information disclosed, and a brief statement of the purpose of the disclosure (or a copy of the written request for disclosure, if any).
The first accounting in any 12-month period shall be provided free of charge. The Contact Person may impose reasonable production and mailing costs for subsequent accountings.
-
Requests for Requested Confidential Communications.
Participants may request to receive communications regarding their PHI by alternative means or at alternative locations. For example, participants may ask to be called only at work rather than at home. Such requests shall be honored if, in the sole discretion of the Company, the requests are reasonable.
However, the Company shall accommodate such a request if the participant clearly provides information that the disclosure of all or part of that information could endanger the participant. The Contact Person has responsibility for addressing requests for confidential communications.
-
Requests for Restrictions on Uses and Disclosures of PHI. A participant may request restrictions on the use and disclosure of the participant’s PHI. It is the Company’s policy to attempt to honor such requests if, in the sole discretion of the Company, the requests are reasonable. The Contact Person is charged with responsibility for addressing requests for restrictions.
-
Requests for Amendment. No third-party rights are intended to be created by this Policy. The Company reserves the right to amend or change this Policy at any time (and even retroactively) without notice. To the extent this Policy establishes requirements and obligations above and beyond those required by HIPAA, the Policy shall be aspirational and shall not be binding upon the Company. This Policy does not address requirements under other Federal laws or under state laws.
