- Categories of Data We Collect When You Use Our Services
- How We Collect and Use Non-Personally Identifiable Information from Visitors
- How We Collect Personally Identifiable Information Prior to Your Registration.
- How We Collect Personally Identifiable Information from PHR Users
- How We Use the Data We Collect
- How We Share and Disclose Information With Others
- Communications with You
- What You Can Do With Your Information
- Retention of Your PHR Data
- Security Safeguards
- Users Outside of the United States
- Ways in Which You Can Further Protect PHR Data
- Notification in the Event of Improper Disclosure of PHR Data
- Notice to California Residents
- Acceptance Of Terms
- 1819 LLC or Quil-branded websites, including quilhealth.com
- 1819 LLC or Quil-branded and mobile applications
We are not responsible for the privacy practices of any third-party Service Providers (such as health plans, health care providers, internet service providers or cloud service providers) or other third parties operating websites or applications. The inclusion of a link in any Services to the services provided by another party does not imply that we endorse or otherwise monitor the privacy practices of that linked third-party Service Provider.
Categories of Data We Collect When You Use Our Services
- Non-Personally-Identiﬁable Information
- Information that does not identify an
individual and may include:
- Anonymous Mobile App API request, Website HTTP requests, Device IDs, Public Web Browser Agent Data, Tracking Pixels, IP addresses and Cookies
- Service Usage Data
- De-identified Data
- Information that does not identify an individual and may include:
Health Record Data
includes information that you, your Employer and/or your Providers
provide to the Service. PHR Data includes PII, PHI and may
include information such as:
- Your name and contact information, such as your address, phone number, or email address.
- Your medical history, conditions, treatments, and medications.
- Your healthcare claims, health plan account numbers, bills, and insurance information.
- Your demographic information, such as your age, birth date, gender, ethnicity, and occupation.
- Wellness information that you enter into the Service such as notes, fitness data, scheduling, height, and weight.
- Specific Device IDs, IP addresses, Gelocation data and Cookies that are aggregated together and linked to your account.
How We Collect and Use Non-Personally Identifiable Information from Visitors
If you have not registered for a Service account, then we treat you as a Visitor to our websites. When you visit or interact with our Services as a Visitor, we collect data from you through a number of different automated technologies such as Anonymous Website HTTP requests, Public Web Browser Agent Data, Tracking Pixels, IP addresses, and Cookies. We utilize Google Analytics, Firebase and Tag Manager to help collect this information, please see “How Google uses data when you use our partners’ sites or apps” for more details.
We use this information to track traffic on our websites; we do not track specific visitors over time and across third-party websites for targeted advertising; therefore, we do not respond to Do Not Track (DNT) signals.
After you have registered for an account, we no longer treat you as a Visitor but a PHR User of our Services.
How We Collect Personally Identifiable Information Prior to Your Registration.
Before you register for a Service account, we may collect your information in two ways: (1) if you contact us through the Internet and provide us with your contact information (e.g., name, mailing address, email address and other information); (2) We may obtain your contact information and other information from your Employer or a Healthcare Provider with which we partner. In either case, we will use such information for the sole purpose of informing you about our Services and inviting you to register or providing Services to you.
How We Collect Personally Identifiable Information from PHR Users
We do De-identify PHR Data, which is the process where personal identifiers are removed from an individual’s dataset and do not allow someone to determine a person’s identity. De-identified Data is no longer considered PII, PHI, or PHR Data; it is considered Non-Personally-Identiﬁable Information.
How We Use the Data We Collect
We use Personally Identifiable Information and Non-Personally-Identiﬁable Information so that we can:
- Verify your identity and authenticate access to your account.
- Provide you with our Services.
- Personalize the wellness management of our Services.
- Provide you with customer service and technical support for our Services.
- Evaluate and improve our Services and analyze trends.
- Notify you of new Service features or new Services that we provide.
- Notify you of other services or benefits available to you.
- Take action that helps us to maintain the security of our Services, the privacy of your PHR Data, obey laws, and help prevent fraud and abuse.
- Update any software that we provide in conjunction with our Services.
- Take actions to enforce our agreements and policies.
How We Share and Disclose Information With Others
Our policies for sharing and disclosing your data with others depends on whether you have registered with our Services or not.
- Third-Party Service Providers.
We consider all PHR Data we collect from our Services to be conﬁdential. We use third-party service providers to assist us in delivering our Services to you, including cloud hosting, technical integration, analytics, customer service, and fraud protection services. We may share PHR Data we collect about you with these third parties to the extent necessary for them to provide these services. These companies are acting on our behalf and are required by our Business Associate Agreements, to keep this information conﬁdential and are only authorized to use it for speciﬁc purposes.
- Your Employer
We will share De-Identified Data with your employer. We also may share PHR Data with your Employer as allowable by law.
- Your Health Plans and Health Care Providers.
We will share De-Identified Data with your health plans or Health Care Providers. We also may share PHR Data with your health plan and/or Health Care Provider(s) as allowable by law and/or with whom we have established Business Associate Agreements,.
- Your Authorized Representatives.
Our Services may give PHR Users the option of designating one or more individuals or organizations to access their PHR Data through the Services. In these cases, we will ﬁrst request your consent and contact information that we can use to verify the identity of these individuals or organizations. You should only authorize this access to individuals or organizations with whom you have a trusted relationship, as we cannot control these individuals or organizations’ use of your PHR Data or the access credentials that we issue to them with your consent.
- Legal Authorities.
We may be required by law or legal process to disclose PHR Data to our lawyers, to third parties in connection with litigation, or to law enforcement personnel. We will disclose your PHR Data in compliance with applicable laws. We may provide this information without your consent and without notice to you when we are required to do so in order to comply with a valid legal process such as a subpoena, court order, or search warrant.
- Business Transfers.
If we enter into a merger, acquisition, or sale of all or part of our assets, your PHR Data may be included in the transferred assets. In such an event, so long as we have the means to contact and are required to do so, we will provide you with notice of such a transaction.
- We do not sell your PHR Data to Data Brokers, Marketing Groups, Advertising Networks, or Analytics Firms.
Communications with You
Before you register for a Service account, we may use the contact information provided by your Employer or Healthcare Provider to inform you about our Services and inviting you to register. To the extent that your Employer or Healthcare Provider provides us your contact information, or as otherwise allowable by law, Quil may contact you via email or SMS for Service registration. If you do not wish to receive any notifications from us, you may click “Unsubscribe” on any emails and reply back with “STOP” to any SMS messages. You may also contact us by email at firstname.lastname@example.org and request that we STOP text messages or “Unsubscribe” you from emails. Data rates may apply to SMS messages.
For your convenience, emails and SMS messages may, and in accordance with applicable law, be sent to you in connection with our Services like for appointment reminders, wellness notifications, and more; these messages may contain your PHR Data. Emails and SMS messages that may contain your PHR Data and you understand and accept the risk of using these unsecured communications. We are not responsible for the security and privacy practices of your email provider or cellular carrier. You may choose to change your communication preferences at any time when logged into the Service application and/or website.
What You Can Do With Your Information
If you are a PHR User, you can contact us at email@example.com regarding how your PHR Data is handled, such as data correction, deletion, and export requests. We will respond to your privacy requests within 30 days or such other time period as required by applicable law.
Retention of Your PHR Data
We will retain your PHR Data for as long as your account is active or as needed to provide you with Services, or comply with our legal and contractual obligations, resolve disputes, and enforce our agreements with you.
We have implemented technical, administrative, and physical security measures based on generally accepted industry standards that are designed to protect PHR data from unauthorized access, disclosure, use, and modiﬁcation. We regularly review our security practices to consider appropriate new technology and methods. We enter into agreements with our third-party Service Providers that require them to adhere to privacy and security standards that are no less stringent than our own for the services that we delegate to them.
Users Outside of the United States
Ways in Which You Can Further Protect PHR Data
- Never share your username and password information with anyone.
- Do not reuse passwords between your Quil service account and other accounts you own.
- Immediately change your password if you believe any unauthorized access to your Quil service account has occurred.
- Log out of your service account when you’ve completed the actions for which you logged in.
- Install appropriate security products, such as firewalls, anti-virus and anti-spyware software, and wireless network security products on the computers from which you access your service account.
- Make sure that you read and understand the privacy policies of your Employer or Health Care Provider(s).
- If you choose to opt-in to using communication convenience features that may send PHR Data to you via email and/or SMS, be sure to protect your email account and phone with robust passwords and multi-factor authentication.
Notification in the Event of Improper Disclosure of PHR Data
In the event that identifiable data is improperly disclosed, Quil will contact affected individuals via reasonable means such as email in accordance with applicable state and federal laws.
Notice to California Residents
If you have any
inventory, export, removal or handling of your information, you may contact us
at 1-215-259-8663 or firstname.lastname@example.org or via mail to:
Quil, 1900 Market Street, Suite 601, Philadelphia, PA 19103
Acceptance Of Terms
- Authorized Representative
- An Authorized Representative is someone you authorize to access your PHR Data on your behalf.
- Business Associate Agreement
- A Business Associate Agreement (BAA) is a HIPAA required contract between a covered entity, such as a Healthcare Provider, and business associate, such as a company that maintains, stores and/or transmits PHI on behalf of that covered entity.
- A cookie is an element of data that we can send to your web browser to track your usage patterns as you visit browse the internet.
- De-identified Data
- De-identified data is data in which personal identifiers are removed.
- Device ID
- A unique alpha-numeric device identiﬁer.
- Collectively the entity that employs you, or other organization with which you are affiliated through which you have access to Quil’s services.
- Healthcare Provider
- A healthcare provider, healthcare practice, or hospital that you authorize to provide information to your Quil service account.
- Non-Personally-Identiﬁable Information
- Information that does not identify an individual.
- “PHR” means Personal Health Record.
- PHR Data
- PHR User
- An individual who has registered themselves within the Service (Quil Health Platform).
- “PHI” means Protected Health Information, which is defined as any information (PII) in a medical record that can be used to identify an individual, and that was created, used, or disclosed in the course of providing a health care service, such as a diagnosis or treatment
- Visitor / Non-PHR User
- An individual who has not registered themselves within the Service (Quil Health Platform).
- Service Providers
- A service provider is an entity that is hired to perform certain functions for and operate under the direction and control of Quil.
Last Updated: March 19, 2020
Copyright © 2020 1819, LLC. All rights reserved.