When you create an account on the Brisk Health Application or enroll as a Brisk Health registered user (“Enroll”), or login to the Brisk Health Application or Brisk Health website to create a profile, comment on articles, or complete surveys, we collect personal information that can identify you (“PII”), such as your full name, email address, mailing address, telephone number, and credit card information for payment. In addition to PII, Brisk Health may also collect your PHI or PHI of an individual for whom you are requesting health services. For example, when you use the Brisk Health Application to transmit are quest for health services to be provided at your specified location (a request for a “Visit”),you will need to provide additional health information about the individual for whom the visit is requested so that the Practices can assess the request and determine whether or not one of the Practices has an appropriate and available healthcare provider (a “Provider”) to
respond to your request. Another example of how Brisk Health may obtain your PHI and/or PII is when you grant permission for other third parties to share your information directly with Brisk Health. This would include, without limitation, the Brisk Health Application’s access and synchronization of your PHI and/or PII with the Apple Health application and/or Apple Health Records.
Ultimately, the information that Brisk Health collects varies depending upon how you use our Services and what permissions you give to us and other third-parties that also collect your PII and/or PHI. We will not use any PHI for any other purpose without your explicit authorization, or unless otherwise permitted or required by law. You may revoke, inwriting, any such authorization at any time, except to the extent we have taken action in reliance thereon.
PHI and/or PII Obtained from Apple Clinical Health Records API or through synchronization with the Apple Health application: Heal does not use data obtained through Apple Clinical Health Records API or through synchronization with the Apple Health application for advertising, marketing, or other use-based data mining purposes. Heal does not disclose any data obtained through Apple Clinical Health Records API or through synchronization with the Apple Health application to any third-party for advertising, marketing, or other use-based data mining purposes.
Brisk Health does not have any independent access to the Practices’ detailed medical records that may be created as a result of a Visit. To the extent the Practices integrate any of the information you provided into the Practice’s medical record that is created as a result of a Visit, Brisk Health has no authority to access, delete or modify any portion of the Practice’s medical records of its patients except as an agent of the Practices and incompliance with applicable law.
WE DO NOT KNOWINGLY ENROLL OR COLLECT INFORMATION DIRECTLY FROM CHILDREN UNDER THE AGE OF EIGHTEEN.
Please keep in mind that certain features on the Brisk Health Application or website may give you an opportunity to interact with us and others. These may include forums, message boards, chats, creating community profiles, and rating, tagging and commenting on articles. When you use these features, you should be aware that any information you submit, including your name, location, health issues, and email address, may be publicly available to others. We do not protect the privacy of and are not responsible for your disclosure of any information through these interactive features, including, but not limited to information that you might post related to a minor.
Also, whenever you voluntarily disclose anyone’s personal information on publicly viewable web pages, that information can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information that you voluntarily post, so we encourage you to exercise discretion and caution with respect to information you choose to disclose through these interactive features. When an individual chooses to post information that will be publicly disclosed, he or she is responsible for all legal consequences. We are not responsible under any data protection laws for information that you voluntarily post on a site that can be accessed by others. If you believe that we have violated your privacy rights, you should contact us at the mailing address or e-mail address provided below. You may also file a complaint with the government. See http://oag.ca.gov/contact/consumer-complaint-against-business-orcompanyfor more information.
Tracking and/or Analytics Services. We may use mobile application tracking and/or analytics services. These services may record unique mobile gestures such as tap, double tap, zoom, pinch, scroll, swipe and tilt but do not collect personally identifiable information that you do not voluntarily enter in the Brisk Health Application. These services do not track your browsing habits across mobile applications that do not use the same services. We are using the information collected by these services to understand user behavior and optimize site performance.
Web Beacons. We may also use web beacons (invisible images often referred to as pixel tags or clear GIFs) in order to recognize users and assess traffic patterns, and we may include web beacons and cookies in our email messages in order to count how many e-mail messages have been opened.
Non-Personally Identifiable Information. We also collect Non-Personally Identifiable Information that is not health information in the form of statistics and information regarding the Brisk Health Application user’s statistics and metrics obtained from third party devices (for example, steps, distance, calories burned, GPS coordinates, bat speed, hand speed, swing time, etc.), which may be combined with personal information you submit through the Brisk Health Application and/or Services so that you can fully enjoy the benefits of the Brisk Health Application’s tracking, monitoring, and diagnostic tools. We may also request the following optional information as part of your profile so that you can fully enjoy the features and functions of our Services: your weight, height, and gender.
Mobile Device Information. Your use of the Brisk Health Application may also include collection of information from your mobile device. For example, the Brisk Health Application may request your permission to collect location data and/or may request access to multimedia (photos or videos) stored on your mobile device. You have the option of declining collection of geolocation data, but this may limit your ability to participate in certain activities through the Brisk Health Application. If you do not wish for your location data to be shared with Brisk Health, please respond accordingly when prompted on your mobile device, or visit your mobile device settings. Multimedia will only be collected from your device if you affirmatively select it to upload to the application (i.e., you choose an image or video to store within the Brisk Health Application). Multimedia will not be shared with other Brisk Health Application users (with the exception of your profile photo, to the extent such feature is offered, which will appear in your user profile).
• For the purposes for which you specifically provided it including, without limitation, to enable us to process your registration, provide the Services or other requests.
• To transmit a request for a Visit per your request.
• To send you information about your relationship or transactions with us.
• To notify you about our products, services, and special offers, except that we will not use PHI for marketing purposes without your prior written consent for yourself or your minor child.
• To otherwise contact you with information that we believe will be of interest to you.
• To enhance or develop features, products and services. To allow us to personalize the content that you and others see on the Brisk Health Application.
• To provide advertisers and other third parties with aggregate information about Brisk Health Application users and Brisk Health Application usage patterns.
• To allow other select companies to send you promotional materials about their products and services, provided that no PHI will be used for this purpose without your prior written consent.
Sharing Your Information
• Visits: We will share your information, at your direction, to transmit a request for a Visit with a Practice. The Provider and/or other representative of a Practice may contact you prior to the Provider being dispatched to your location or to treat you virtually, to assess whether he or she is equipped to handle your healthcare needs. The Practices’ treatment of your information is subject to the Practices’ own policies and procedures. Any PHI that we collect and save from you will be kept private and secure, as required by law.
• With Affiliates: We may share your information with affiliated companies and businesses, provided that your PHI will not be shared for any marketing purposes without your prior written consent, in accordance with applicable law.
• With Service Providers: We may use other companies to perform services including, without limitation, facilitating some aspects of our Brisk Health Application such as processing credit card transactions sending emails, fulfilling purchase requests, and data analysis on our behalf. These other companies may be supplied with or have access to your information solely for the purpose of providing these services to you on our behalf. Such service providers shall be bound by appropriate confidentiality and security obligations, which may include, as applicable, business associate contract obligations.
• With Business Partners: When you make purchases or engage in promotions offered through our Brisk Health Application, we may share PII, but not your PHI, with the businesses with which we partner to offer you those products, services, and promotions. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner.
We also may disclose your information:
SPECIAL NOTICE FOR USERS OF THE APPLICATION: IF YOU ELECT TO MAKE YOUR PROFILE (OR THAT OF A MINOR OR FAMILY MEMBER) VIEWABLE BY PROVIDERS, ALL INFORMATION THAT YOU INCLUDE IN THAT PROFILE MAY BE VIEWED BY PROVIDERS. YOU SHOULD NOT ENTER ANY INFORMATION IN THE PROFILE THAT YOU (OR ANOTHER PERSON) WISH TO REMAIN CONFIDENTIAL. A PROVIDER WILL NOT BE ABLE TO CONTACT YOU EXCEPT THROUGH THE PERSONAL CONTACT INFORMATION YOU PROVIDE THROUGH THE APPLICATION. BRISK HEALTH IS NOT RESPONSIBLE FOR THERE TENTION, USE OR PRIVACY PRACTICES OF THE PRACTICES AFTER THEY HAVE RECEIVED YOUR INFORMATIONConfidentiality of Health Information
The Practices and Providers may be subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder, and applicable state laws. When Brisk Health stores, processes, or transmits “individually identifiable health information” (as such term is defined by HIPAA)on behalf of such a health care provider, Brisk Health does so as its “business associate” (as also defined by HIPAA). Brisk Health is prohibited from, among other things, using individually identifiable health information in a manner that the health care provider itself may not. Brisk Health is also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such healthcare providers. For more information regarding our treatment of health information, please see our Privacy Practices.
How to Access or Update Your Information
How We Protect Your Information
We use commercially reasonable administrative, technical, and physical measures to safeguard your information in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over the internet is 100% secure, however. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information. Certain of the administrative, technical, and physical measures in place are as follows. Brisk Health’s infrastructure is kept in a secured data center that protects from unauthorized access to the physical servers, backups and any element used to store and/or process personal data. Only authorized personnel can access the data center. Heal systems and databases are backed up regularly to help protect the data in case of an uncontrollable catastrophe. The data center that stores Heal servers has policies and procedures in place designed to safeguard the equipment that our data is stored on. Heal regularly upgrades its system software to include the latest security features. Heal servers are protected by a firewall system, which is designed to keep unwanted traffic or access out of our computer network. Heal also employs an intrusion prevention service (IPS) provided by a secured data center operated by a professional company and uses security methods to determine the identity of each registered user, so that appropriate rights and restrictions can been forced for that user. Reliable verification of user identity is called “authentication.” All communication between Brisk Health’s Web server, your browser and the Brisk Health Application is encrypted with SSL (Secure Sockets Layer) to guard against network eavesdroppers. Your password is internally encrypted in Brisk Health’s system to prevent unauthorized access to the system. Validations are built throughout the application to capture the most reliable information. Only the last 4 digits of your credit card number is stored on our servers.
Children’s Online Privacy Protection Act
We support and comply with the Children’s Online Privacy Protection Act (COPPA) and we do not knowingly collect information from children under the age of 18, nor do we share such information with third parties. Children under the age of 18 may not use the Brisk Health Application. If you seek a Visit for a minor, you will be responsible for providing information related to the minor and for paying for the Visit requested for the minor.
Links to Third Party Sites
For California Residents
• Identifiers (e.g. name, postal address, online identifier, Internet Protocol address, email address, account name, passport number, or other similar identifiers)
• Personal information categories listed in the California Customer Records statute, Cal. Civ. Code 1798.80(e) (e.g., Social Security number, physical characteristics or description, education, employment, employment history, financial information)
• Protected classification characteristics under California or federal law (e.g. age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, health condition, physical or mental disability, sex, sexual orientation, veteran or military status, genetic information)
• Commercial information (e.g. records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies)
• Biometric information (e.g., genetic, behavioral, and biological characteristics or activity patterns, such as fingerprints or retina scans)
• Internet or other similar network activity (e.g., browsing history, search history)
• Geolocation data (e.g., physical location or movements)
• Sensory data (e.g., audio, electronic, visual, thermal, or similar information)
• Professional or employment-related information (e.g., current or past job history)
• Non-public education information pursuant to FERPA (e.g., educational records maintained by an educational institution)
• Inferences drawn from other personal information (e.g., profile reflecting a person’s preferences, characteristics, trends, behavior)
Right to Know. You have the right to know and see what personal information we have collected about you over the past 12 months, including:
• The categories of personal information we have collected about you;
• The categories of sources from which the personal information is collected;
• The business or commercial purpose for collecting your personal information;
• The categories of third parties with whom we have shared your personal information; and
• The specific pieces of personal information we have collected about you.
Right to Delete. You have the right to request that we delete the personal information we have collected from you (and direct our service providers to do the same). There are a number of exceptions, however, that include, but are not limited to, when the information is necessary for us or a third party to do any of the following:
• Complete your transaction;
• Provide you with the Services;
• Perform a contract between us and you;
• Detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and prosecute those responsible for such activities;
• Fix our system in the case of a bug;
• Protect the free speech rights, including the free speech rights of you or other users, or exercise another right provided by law;
• Comply with the California Electronic Communications Privacy Act(Cal. Penal Code § 1546 et seq.);
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interests that adheres to all other applicable ethics and privacy laws;
• Comply with a legal obligation; or
• Make other internal and lawful uses of the information that are compatible with the context in which you provided it.
Right to Opt-Out of the Sale of Your Personal Information. We do not sell any of your personal information.
Right to Non-Discrimination. We will not discriminate against those who exercise their rights under this section. If you exercise your rights, we will not deny you goods or services, charge you different prices or rates for goods or services, or provide you with a different level or quality of goods or services.
Response Time. We aim to respond to a consumer request for access or deletion within 45days of receiving a verifiable request. If we require more time, we will inform you of the reason and extension period in writing.
Do Not Track Symbols. We do not have the capability to respond to “Do Not Track” signals received from various web browsers at this time.
How to Contact Us
If you have a CCPA request, you may contact us at firstname.lastname@example.org