Date of last revision: 26 May 2020
This Patient Privacy Notice (this "Privacy Notice") applies to personal information collected from you when you use Qr8 Health, Inc.'s ("Qr8") digital assessments and other services, including those made available through the Software (as defined below) (collectively, the "Services") and does not apply to information obtained or collected in other ways. This Privacy Notice describes how this personal information is processed, used and retained. Qr8 has developed (a) downloadable software applications (each, an "Application") that contain one or more tests ("Tests") which are administered through the use of an iPad and/or other devices supported by Qr8 (each, a "Device") and (b) related firmware and other embedded software ("Firmware") on Devices (e.g., a stylus). "Software" means any of the foregoing that are identified in the order form between you and Qr8 or otherwise made available by Qr8 to you, and includes, as applicable, any updates, upgrades or other new features, functionality or enhancements thereto made available by Qr8 to you. By using our Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Notice and you hereby consent to the collection, use and disclosure of your Personal Information (as defined below) in accordance with this Privacy Notice.
This Privacy Notice covers our collection, use and disclosure of information about identifiable individuals and information which can be used to identify an individual ("Personal Information"). Personal Information does not include "aggregate" information which we aggregate from information (including Personal Information) you provide to us. Personal Information may be collected about our customers and end users of the Services. You can choose not to provide us with certain information.
This Privacy Notice does not apply to the practices of companies that we do not own or control. You understand and agree that Qr8 and its authorized business partners, affiliates, subsidiaries or agents (collectively, "Qr8", "us" or "we") may collect, maintain, and process information provided by you, on and through the Services. You represent and warrant that you have permission to share any information you elect to provide Qr8, you consent to such information being shared with third parties, including, if applicable, healthcare providers, and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information.
The information contained in the Services is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. Qr8 makes no representation and assumes no responsibility for the accuracy of information contained on or available through the Services, and such information is subject to change without notice. You are encouraged to confirm any information obtained from or through the Services with and review all information regarding any medical condition or treatment with your physician. NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THE SERVICES.
Qr8 does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific Tests, products, procedures, treatments, services, opinions, health care providers or other information that may be contained on or available through the Services. Qr8 IS NOT RESPONSIBLE NOR LIABLE FOR ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER INFORMATION THAT YOU OBTAIN THROUGH USE OF THE SERVICES.
Qr8 has access to or collects Personal Information that you voluntarily give us when you are using its Services. Qr8 will not sell or provide any Personal Information to third parties for their use in their research or in their direct marketing, advertising, or promotion of their products or services, except as stated herein. You represent and warrant that you have permission to share any information you elect to provide Qr8 and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information.
Qr8 collects Personal Information in the following general ways:
Subject Information: Qr8 collects information about individuals who are prescribed the Services or otherwise begin or complete a Test within the Software ("Subjects"). When you use our Applications, we may collect your name, date of birth (age), sex, test score, level of education and other scoring and/or performance metrics which may be relevant to the particular Test you are taking. Some of the Personal Information received by Qr8 in connection with the Services may be provided by health care providers that are subject to laws and regulations, such as rules issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), that govern providers' use and disclosure of certain individually identifiable health-related Personal Information ("Protected Health Information"). When we receive Protected Health Information, we may do so as a "business associate" of the health care provider under an agreement that, among other things, prohibits us from using or disclosing the Protected Health Information in ways that are not permissible by the health care provider itself, and requires us to implement certain measures to safeguard the confidentiality, integrity, and availability of the Protected Health Information. When we act as a Business Associate, we may be subject to certain laws and regulations, including certain HIPAA rules, that govern our use and disclosure of Protected Health Information and that may be more restrictive than otherwise provided in this Privacy Notice. For more information about our HIPAA-compliant activities, please contact email@example.com or firstname.lastname@example.org.
Information Automatically Collected When You Use Our Services: When you interact with the Services, we receive and store certain information about your Device or Hardware, which may include Personal Information. We may use such information and pool it with other information to track, for example, the total number of users of our Services, device type, application versions, Device operating system versions, and crash logs.
Generally, Qr8 uses including Personal Information to deliver the Services to Medical Providers and Subjects, to improve the delivery of our Services and related products and services, to conduct our business, to develop analytics and aggregated data that allow us to improve our Services and related products and services, or to correspond with you. Specifically, Qr8 uses Personal Information to:
In order for us to properly collect your Personal Information, in particular your Protected Health Information, from your physicians and medical providers, we need your express authorization to do so. If you tap "Agree & Continue", you are authorizing Qr8 to contact your health care team and gain HIPAA-secure access to your medical records. We will only use those records and the information contained in them for the purposes set forth herein. Additionally, if you tap "Agree & Continue", Qr8 will use the personal information it collects about you to validate your Test results; in other words, to compare your Test results to the results of other people who have also used the Application(s). Qr8 may also use your Personal Information to improve the performance of its Software or to develop similar, related or wholly new software applications. Qr8 may also disclose your information as needed by law and to representatives of government organizations or independent review boards which are required to watch over the safety of medical products and therapies and the conduct of medical research.
When you use the Application, we may collect, for example, your name, date of birth (age), sex, test score, level of education and other scoring and/or performance metrics which may be relevant to the particular Test you are taking. If you tap "I do not agree", no information will be shared with Qr8.
Your Consent to Share: By providing any Personal Information to us, you fully understand and unambiguously consent to the transfer of such Personal Information and the collection and processing of such Personal Information to third parties, including healthcare providers or other third parties as described in the End User License Agreement. We may share aggregated data to conduct our business, improve the delivery of our Services, to develop analytics, and to enable us and our licensors and integration partners to improve and promote our products and services, including the Services. We will not sell or rent your Personal Information to anyone other than as described in this Privacy Notice.
Service Providers and Business Partners: We may from time to time employ third parties to perform tasks on our behalf and we may need to share Account information and other Personal Information with them to provide certain services. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary for them to provide the tasks and services on our behalf. We currently engage third-party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, and general improvement of the Services, and businesses who engage our Services (to the extent provided for above).
Protected Health Information: Some of the Personal Information received by Qr8 in connection with the Services may be provided by health care providers that are subject to laws and regulations, such as rules issued under HIPAA. If we need to share this information with third-party service providers, we enter into agreements that require the third party to comply with the restrictions on use and sharing as required under HIPAA.
Business Transfers: If our business (or substantially all of our assets) are acquired by a third party, or if we go out of business, enter bankruptcy, or go through corporate merger or some other change of control, Personal Information and other information may be made available or otherwise transferred to the new controlling entity, where permitted under applicable law.
With Your Consent: If we need to use or disclose any Personal Information including Protected Health Information in a way not identified in this Privacy Notice, we will notify you and/or obtain consent as required under applicable privacy laws.
As Required by Law: We may disclose Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other end users, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. Further, we may disclose Personal Information when we believe in good faith that such disclosure is required by and in accordance with the law. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to: (i) satisfy any applicable law, regulation, legal process or governmental request; (ii) enforce our contracts, including investigation of potential violations hereof; and (iii) detect, prevent, or otherwise address fraud, security or technical issues. We may disclose Personal Information if we believe it is necessary to investigate potential violations of our End User License Agreement or to enforce that End User License Agreement. The above may include exchanging information with other companies and organizations for fraud protection and spam/malware prevention. Notwithstanding the general terms of this Privacy Notice, the collection, use, and disclosure of Personal Information may be made outside of the terms herein to the extent provided for in any applicable privacy or other legislation in effect from time to time, or pursuant to court orders.
We will keep Personal Information for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. We may retain certain data as necessary to prevent fraud or future abuse, or for legitimate business purposes, such as analysis of aggregated, non-personally-identifiable data, account recovery, or if required by law. Unless otherwise set forth in the applicable End User License Agreement or a separate agreement with you governing the applicable Services (if any), if you cease using such Service, we may retain or destroy, at our discretion, all Personal Information and non-personally identifiable information we collect through your use of such Service. All retained Personal Information will remain subject to the terms of this Privacy Notice.
You have the right to access the Personal Information, including Protected Health Information, we hold about you in order to verify the Personal Information we have collected in respect to you and to have a general account of our uses of that information. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances, and as permitted under law, we may not be able to make all relevant information available to you, such as where that information also pertains to another user of the Services. In such circumstances we will provide reasons for the denial to you upon request. We will endeavor to deal with all requests for access and modifications in a timely manner.
We will make every reasonable effort to keep Protected Health Information accurate and up to date, and we will provide mechanisms to update, correct, delete or add to Protected Health Information as appropriate. As appropriate, this amended Protected Health Information will be transmitted to those parties to which we are permitted to disclose your information. Having accurate Protected Health Information about you enables us to give you the best possible service. Note that the terms of any Business Associate Agreement in effect with Medical Providers will dictate the manner in which we update, correct, or remove Personal Health Information. In the event there is a conflict between this Privacy Notice and the Business Associate Agreement, the Business Associate Agreement will control.
Qr8 takes very seriously the security and privacy of the Personal Information that it collects pursuant to this Privacy Notice. Accordingly, we implement reasonable and appropriate security measures to protect your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations, including HIPAA. Wherever Qr8 collects personal information, your information is encrypted and securely transmitted to Qr8. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases or the databases of the third parties with which we may share your information (as permitted herein), nor can we guarantee that the information you supply will not be intercepted while being transmitted over the Internet. In particular, email sent to us may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
We may amend this Privacy Notice from time to time. If we decide to change our Privacy Notice, we will post those changes and update the Privacy Notice modification date at the top of this page. Use of Personal Information we collect is subject to the Privacy Notice in effect at the time such information is collected, used or disclosed. If we make material changes or changes in the way we use Personal Information, we will notify you by posting an announcement on our website, through the interface of the applicable Services or sending you an email prior to the change becoming effective. You are bound by any changes to the Privacy Notice when you use the Services after such changes have been first posted.
For more information on how we collect and process your Personal Information, or if you have any complaints, please contact email@example.com or firstname.lastname@example.org. However, once you use the Application, your de-identified data, in other words, your age, sex, test score, level of education and time to completion of the test cannot be erased or deleted from the data which is stored within the application.
* * *