Remote Health Care Solutions Privacy Policy

1. What Information We Collect and Process

We collect different types of information from or about you and your use of our Services, as described below. "Personal Data" means any information that relates to an identified or identifiable individual.

1.1 Information You Provide to Us

We collect Personal Data that you provide directly to us when interacting with Remote Health Care Solutions. This includes information you provide when you create an account, fill out forms on our website, communicate with us, or use the Services. Examples include:

• Account Registration Information: When you sign up for our services, we ask for information such as your name, email address, organization name, job title, phone number, and password. We may also collect additional profile information you choose to provide.
• Contact and Support Information: If you request information, contact customer support, or otherwise communicate with us, you may provide your name, contact details, and the content of your communications. We collect this information to respond to your inquiries and improve our Services.
• Payment Information: If you subscribe to a paid plan or make purchases through our services, we (or our secure payment processor acting on our behalf) will collect billing details such as your billing address and payment method information. This information is used solely to process transactions you authorize.

1.2 Patient Health Information (PHI)

As a remote patient monitoring platform, we process Protected Health Information (PHI) on behalf of healthcare providers. This includes:

• Patient vital signs data (blood pressure, heart rate, weight, blood glucose, etc.)
• Patient demographic information (name, date of birth, address, phone number)
• Medical device readings and measurements
• Clinical notes and observations from healthcare providers
• Medication adherence information
• Communication records between patients and healthcare providers

We act as a Business Associate under HIPAA and process PHI strictly in accordance with our Business Associate Agreements and HIPAA requirements.

1.3 Information We Collect Automatically

When you use our websites or applications, we collect certain information automatically about your device and usage of the Services. This data helps us analyze and improve our Services and ensure the Service works properly. It may include:

• Usage and Log Data: We record information about your interactions with our platform, such as the date and time you logged in, the features or pages you accessed, and other actions within the application.
• Device and Technical Information: We collect information about the computer or mobile device you use to access our Services. This may include your IP address, browser type, device type, operating system, and device identifiers.
• Cookies and Similar Technologies: When you visit our website, we use cookies and similar tracking technologies to remember your preferences and settings, authenticate your account, and analyze web traffic and usage patterns.

2. How We Use Personal Data

We use the Personal Data we collect for the following purposes:

• Providing Remote Patient Monitoring Services: We process your information to provide remote patient monitoring services, including collecting and analyzing patient vital signs, generating health reports, and facilitating communication between patients and healthcare providers.
• Healthcare Operations: We use patient health information to support healthcare operations such as care coordination, quality assessment, case management, and clinical decision support.
• Communicating with You: We use contact information to send you account-related messages, clinical alerts, system notifications, and administrative messages. We may also send you service updates and important announcements.
• Customer Support: If you contact us for help, we will use any Personal Data you provide to troubleshoot and resolve your issue, including accessing your account as necessary to provide support.
• Security and Compliance: We process Personal Data to maintain the security of our Services, detect and prevent fraudulent activity, and comply with healthcare regulations including HIPAA.
• Legal Compliance: Where required by law, we use Personal Data to comply with obligations under applicable laws, regulations, or legal processes.

3. How We Share Personal Data

We understand the critical importance of keeping health information private and secure. We only share Personal Data and PHI in the following limited circumstances:

3.1 Healthcare Providers and Care Teams

We share patient health information with authorized healthcare providers and care team members as necessary to provide remote patient monitoring services and coordinate patient care.

3.2 Service Providers (Business Associates)

We may share your information with trusted third-party service providers who perform services on our behalf, such as cloud hosting providers, technical support services, and payment processors. These service providers are bound by contractual obligations to protect Personal Data and PHI and are not permitted to use your data for their own purposes.

3.3 Legal Compliance and Protection

We may disclose Personal Data or PHI if we believe such disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or governmental request
• Protect the rights, property, and safety of our users, patients, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to medical emergencies or threats to patient safety

3.4 Business Transfers

If Remote Health Care Solutions is involved in a merger, acquisition, or sale of assets, Personal Data and PHI may be transferred as part of that transaction, subject to appropriate safeguards and notification requirements.

4. How We Transfer Personal Data Internationally

Remote Health Care Solutions primarily operates within the United States. Patient health information is stored and processed on secure servers located in the United States. If you are accessing our Services from outside the United States, your Personal Data may be transferred to and stored in the U.S., which may have data protection laws that differ from those in your country.

In all international transfers, we ensure that appropriate safeguards are in place to protect your Personal Data in accordance with this Privacy Policy and applicable laws, including HIPAA requirements for PHI.

5. How We Store and Secure Personal Data

5.1 Data Security

We implement comprehensive security measures to protect Personal Data and PHI, including:

• Encryption: All data transmitted between your device and our servers is protected using industry-standard encryption (HTTPS/TLS). PHI is encrypted both in transit and at rest.
• Access Controls: We restrict access to Personal Data and PHI to authorized personnel who need it to provide our Services. All staff receive HIPAA training and are bound by confidentiality agreements.
• Network & System Security: Our infrastructure is protected by firewalls, intrusion detection systems, and monitoring. We regularly update and patch our software and conduct security assessments.
• Audit Logging: We maintain detailed audit logs of all access to PHI and regularly monitor for unauthorized access attempts.
• Business Associate Agreements: All third-party service providers who may access PHI are required to sign HIPAA-compliant Business Associate Agreements.

5.2 Data Retention and Deletion

We retain Personal Data and PHI only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by law:

• Account Data: We keep account information for as long as you maintain an active account with us.
• Patient Health Information: PHI is retained in accordance with healthcare record retention requirements and our agreements with healthcare providers, typically for a minimum of 6 years after the last service date.
• Upon Account Termination: When an account is terminated, we will delete or de-identify Personal Data in accordance with applicable laws and contractual obligations.

6. Cookies and Similar Technologies

Remote Health Care Solutions uses cookies and similar tracking technologies on our websites to provide, customize, and improve your user experience:

• Essential Cookies: Necessary for our website and Services to function properly, including user authentication and session management.
• Analytics Cookies: Help us understand how users interact with our website to improve the user experience.
• Security Cookies: Used to detect and prevent security threats and unauthorized access.

You can manage cookie preferences through your browser settings, though disabling certain cookies may affect the functionality of our Services.

7. Your Privacy Rights and Choices

You have certain rights and choices regarding your Personal Data:

7.1 Access, Correction, and Deletion

• Access: You have the right to request access to the Personal Data we hold about you.
• Correction: You can request correction of any inaccurate or outdated Personal Data.
• Deletion: You may request deletion of your Personal Data, subject to legal and contractual retention requirements.

7.2 HIPAA Rights for Patients

If you are a patient whose health information is processed through our platform, you have additional rights under HIPAA:

• Right to access your PHI
• Right to request amendments to your PHI
• Right to an accounting of disclosures of your PHI
• Right to request restrictions on use and disclosure of your PHI
• Right to file a complaint with us or the Department of Health and Human Services

7.3 Communication Preferences

You can opt out of non-essential communications, though you will continue to receive important service-related and clinical communications necessary for your care.

8. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we collect, use, disclose, and sell.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, please contact us at [email protected].

9. HIPAA Compliance and Protected Health Information

Remote Health Care Solutions is committed to full compliance with the Health Insurance Portability and Accountability Act (HIPAA) and its implementing regulations:

9.1 Business Associate Relationship

We act as a Business Associate for healthcare providers and covered entities that use our remote patient monitoring services. We enter into Business Associate Agreements that specify how PHI may be used and disclosed.

9.2 Permitted Uses and Disclosures

We use and disclose PHI only as permitted by HIPAA and our Business Associate Agreements, including:

• To provide remote patient monitoring services as requested by healthcare providers
• For healthcare operations such as quality assessment and care coordination
• As required by law or to avert a serious threat to health or safety
• For research purposes with appropriate authorizations or approvals

9.3 Patient Rights Under HIPAA

Patients have the right to:

• Request access to their PHI
• Request amendments to their PHI
• Request an accounting of disclosures
• Request restrictions on use and disclosure
• File complaints about privacy practices

9.4 Breach Notification

In the event of a breach of unsecured PHI, we will notify affected individuals and covered entities in accordance with HIPAA breach notification requirements.

10. Children's Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without parental consent. When we provide services to minors under 18, we comply with applicable laws regarding parental consent and the privacy rights of minors.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can take appropriate action.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy.

For material changes, we will provide prominent notice and, where required by law, obtain your consent. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Remote Health Care Solutions
Privacy Officer
Email: [email protected]
Phone: 855-574-4200
Website: remotehcs.com

We will respond to your inquiries as soon as reasonably possible, generally within 30 days. If you need to access this Privacy Policy in an alternative format due to a disability, please contact us and we will accommodate your needs.

Thank you for trusting Remote Health Care Solutions with your information. We are dedicated to safeguarding your privacy and providing secure, reliable remote patient monitoring services.