CLARIFY MEDICAL, INC.
CLARIFY HOME LIGHT THERAPY SYSTEM
WEBSITE AND MOBILE APPLICATION
Date of Last Revision: June 1, 2017
HOW CLARIFY COLLECTS INFORMATION
THE TYPE OF INFORMATION ABOUT YOU THAT CLARIFY COLLECTS
A. Your Health Care Information
CLARIFY may collect, store, use and/or disclose health care information about you (hereinafter referred to as “Your Health Care Information”). Your Health Care Information may include, without limitation, the following: (i) the identity of physicians and/or other health care providers that have examined and/or treated you, (ii) diagnostic information about you, (iii) various medical conditions that you may have or have had, including, without limitation, skin conditions such as psoriasis or vitiligo, (iv) your medical symptoms, (v) your medical history, (vi) your prescription history, (vii) your medical treatment history, (viii) your medical examinations, (ix) medical imaging and photographs providing information about your medical condition, (x) laboratory test and other test results, (xi) your medical treatment plans, (xii) information you input into the Clarify Apps (and/or Clarify Websites) about your symptoms and treatment progress while using the Home Light Device and Home Light System, (xiii) health information recorded in the Home Light System by your physician and/or other health care provider, (xiv) prescriptions written for you by your physician or other health care provider, (xv) your medical treatment outcomes, (xvi) all or part of your electronic medical records, (xvii) communications between you and your physician and/or other health care providers, (xviii) communications between you and a Clarify Care Partner and/or other Clarify employees or independent contractors, (xix) communications between you and other users of the Clarify Websites and/or Apps and Subscribers to the Clarify Apps, and/or (xx) any other information about your health that is input by you and/or your physician and/or other health care provider into the Clarify Websites and/or Apps and/or the Home Light System.
B. Subscriber Clinical Data
When you become a Subscriber, CLARIFY, through the normal, routine and/or regular operation of the Home Light System, collects, stores and/or uses (a) Your Health Care Information (as described in the previous section), and (b) clinical data relating to (i) your use of the Home Light Device, (ii) your use of the Clarify Apps, (iii) your symptoms, treatment progress, treatment outcome and other health related information that you input into the Clarify Apps (including, without limitation, photographs), and/or (iv) your symptoms, treatment progress, treatment outcome and/or other information that your physician or other health care provider inputs into the Home Light System (clauses (a) and (b) are hereinafter collectively referred to as “Subscriber Clinical Data”).
C. Information That We Collect, Store, Maintain, Use and/or Disclose As A Business Associate Under HIPAA
When we collect, store, maintain, use or disclose “Protected Health information” (“PHI”) on behalf of a “covered entity” healthcare provider (both as defined by HIPAA) who has entered into a Physician Services Agreement (“PSA”), we do so as its “business associate” (as also defined by HIPAA). Under the PSA, we cannot use or disclose such PHI in a way that the health care provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the PHI we store, maintain, use and/or disclose on behalf of such health care providers and to comply with HIPAA Security Rule requirements. If the PSA permits, we may also de-identify such PHI so that it does not identify the individual (in accordance with HIPAA) for certain purposes. Examples of such purposes include, but are not limited to, quality assessment and improvement activities; product/portal development; maintenance and/or evaluation; customer service trending and analysis; patient treatment adherence analysis; patient retention analysis; psycho-social trends in patient behavior; longitudinal efficacy studies; and/or clinical research to the extent permitted by law. In addition, to the extent provided by applicable law, CLARIFY may permit other persons or entities to gain access to collections and/or compilations of Subscriber Clinical Data containing PHI that has been de-identified in accordance with applicable laws.
D. Personally Identifiable Information
The personally identifiable information (“PII”) about you that CLARIFY collects and stores may include, without limitation, your full name, email addresses, physical addresses, age, birthday, password, phone numbers, job title, employer, social security number, health insurance plan information (including, without limitation, insurance identification numbers), schools attended or attending, device identifiers, and other information you provide when you are using Clarify Websites and/or Apps. Further, CLARIFY may also collect user names, gender, geographic information, likes, interests, biographical information, and contact information for and links to other websites and/or mobile applications that you have searched for, accessed, visited and/or used.
E. Information About You From Social Networking Software and Other Software On Your Device
CLARIFY may receive and store information about you from Social Networking Software (“SNS”) when you use social networking websites and mobile apps such as Facebook, LinkedIn, Instagram, Twitter, Snap Chat and/or Google. The information you allow us to access varies by SNS and the privacy settings you and your friends establish at the SNS. You should refer to the applicable SNS for more information about the settings at the applicable SNS. Depending on your privacy settings, we may access and store some or all of the following information: your public data, full name, your profile picture or its URL, your user ID number, the user ID numbers and other public data for your friends and contacts, the login email address you provided to the SNS, your geographic location, your gender, and your birthday. In addition, CLARIFY may collect other information from other software you use on your device such as contacts, calendars, emails, texts, messaging services, photographs, images, internet search information, website visit information, and the location of your devices. CLARIFY may also collect your devices’ identification information, including MAC addresses and IP addresses.
F. Payment Information
CLARIFY (or a third party payment processor) may collect and store financial information about you to facilitate payment transactions. Such information may include, without limitation, (i) credit card, debit and other financial institution information, (ii) credit reporting information, (iii) credit score, and (iv) identifying information.
G. Subscriber Support Information
H. Text Message Notifications and Similar Notifications
CLARIFY may collect and store the information you provide, including your telephone number, and may have text message notifications sent directly to your device. The sending of text message notifications may be handled through a third party service provider. CLARIFY may send push notifications to your device to provide information about the Home Light Device, the Home Light System, communications from your physician and/or other health care provider, and/or information about other products or services. You may be able to manage push notifications from the applicable application or from your device’s settings.
I. Technical and Usage Information From Your Devices
CLARIFY may collect and store information about your mobile device or computer system, including MAC address, IP address and mobile device ID. CLARIFY may also collect usage statistics about your interactions with Clarify’s Websites and/or Apps. This information is typically collected through the use of server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyze certain types of technical information. Some of the cookies CLARIFY places on your computer are linked to your user ID number.
J. Information from Communications Features
You may be able to communicate and share information with your physician and/or other health care provider, CLARIFY, and/or other users of Clarify’s Websites and/or Apps. These include messaging, participating in forums and message boards, posting comments to other users’ profiles or boards, sending private or group messages or invitations, chatting with other users, and posting photos, videos and other files. CLARIFY may record and store these communications on our servers. You acknowledge and consent to the recording and storage of these communications.
K. Other Sources
CLARIFY may collect or receive information from other sources including, without limitation, (i) other users of Clarify Websites and/or Apps who choose to upload their device contacts, and (ii) third party information providers. This information may be combined with other information about you that we collect.
WHERE CLARIFY STORES INFORMATION ABOUT YOU
All or some portion of Your Health Care Information, Subscriber Clinical Data and other information about you as described above may be stored on (i) the Home Light Device, (ii) your computer, smart phone or other device you use to access Clarify’s Websites and/or Apps, (iii) the computers or other devices the Subscriber’s physician(s) (and/or other health care providers) use to access the Home Light System, (iv) CLARIFY’s computers and/or other devices containing electronic storage, and/or (v) computer servers and/or other devices containing electronic storage owned and/or operated by other persons or entities at the direction of CLARIFY.
HOW CLARIFY USES INFORMATION ABOUT YOU
A. CLARIFY uses Your Health Care Information and the other information collected about you as described above for a variety of purposes as permitted by, required by, and/or in accordance with applicable law, including, but not limited to, the following:
- To provide you with information, and to answer any questions that you may have, about the Clarify Apps, the Home Light Device, the Home Light System and/or other medical devices, products and/or services which are or may be offered or sold by CLARIFY and/or any other person or entity;
- To provide physicians and/or other health care providers with information about the Home Light Device, the Home Light System and/or other medical devices, products and/or services which are or may be offered or sold by CLARIFY and/or any other person or entity;
- To provide you with information about how you may acquire and use the Home Light Device;
- To obtain a prescription from your physician and/or other health care provider so that you may acquire and use the Home Light Device;
- To enable you to acquire and use the Home Light Device and the Clarify Apps and to have access to the Home Light System;
- To assist you in obtaining reimbursement from health insurance providers for the Home Light;
- To obtain information from you about your medical condition and treatments; and/or
- For any other lawful purpose.
- To manage the operation of the Home Light System, including the Home Light Device;
- To make improvements to the Home Light System, including the Home Light Device, and/or other Clarify products and/or services;
- To provide information to the Subscriber’s physician and/or other health care provider in connection with the diagnosis and/or treatment of medical conditions of the Subscriber;
- To engage in clinical research if authorized by your physician or other health care provider;
- To communicate with you about the Home Light System, including the Home Light Device, and/or other products or services offered by CLARIFY;
- For quality assessment and improvement activities, product/portal development, maintenance and/or evaluation;
- For customer service trending and analysis;
- For patient treatment adherence analysis;
- For patient retention analysis;
- For psycho-social trends in patient behavior;
- For longitudinal efficacy studies, and/or
- For any other lawful purpose.
HOW CLARIFY DISCLOSES INFORMATION ABOUT YOU
CLARIFY may disclose Your Health Care Information and/or Subscriber Clinical Data, and/or other information about you as described above as permitted by, required by, and/or in accordance with applicable law, including, without limitation, (a) to your physician and/or other health care provider, (b) to persons and/or entities authorized by you in writing, such as your health insurer, and/or (c) to third parties who perform services on our behalf. Please note that if you post content, communicate with other users and/or comment on content, such information may be exposed publicly.
CLARIFY may disclose Your Health Care Information and/or Subscriber Clinical Data after it has been de-identified to third parties to the extent permitted by and/or in accordance with applicable law. CLARIFY may permit other persons or entities to gain access to collections and/or compilations of Subscriber Clinical Data that has been de-identified in accordance with applicable laws We may share de-identified, aggregated information and certain technical information to develop and deliver targeted advertising to the extent permitted by law. We may also use this information for behavioral advertising and for web analytics to the extent permitted by law.
CLARIFY may disclose or report information about you as permitted by, required by, and/or in accordance with applicable law: (i) if we have a good faith belief that we are required to disclose the information in response to legal process (for example, a court order, search warrant or subpoena); (ii) to satisfy applicable laws, (iii) if we believe that Clarify’s Websites and/or Apps are being used to commit a crime, including, without limitation, to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, and/or (v) in order to protect the rights or property of CLARIFY. If CLARIFY sells all or a portion of our business, we may transfer all of your information that we collect as described above, including Personally Identifiable Information, Your Health Care Information, Subscriber Clinical Data, to the successor organization.
HOW CLARIFY PROTECTS INFORMATION ABOUT YOU
CLARIFY protects the personal information it has collected from you by using industry standard security precautions against loss and unauthorized access, destruction, use, modification or disclosure of that information. CLARIFY complies with HIPAA security requirements applicable to CLARIFY as a Business Associate (as defined in HIPAA). When credit card information and other financial information is transmitted over the Internet to CLARIFY, CLARIFY takes reasonable steps to protect that information. Even though CLARIFY takes precautions to maintain the confidentiality of your information, it is important to keep in mind that any information that you input or message that you send using Clarify’s Websites and/or Apps or by e-mail or other means may not be secure and may be susceptible to third party interception. As a result, you transmit information to us at your own risk.
You may be required to register for an account to access Clarify Websites. You will be required to become a Subscriber to be able to use the Clarify Apps and the Home Light Device. You will be asked to create a user name and create a password, and to provide information pertinent to your account. You are responsible for securing the confidentiality of your user name and password. When choosing a password, select a combination of letters and numbers that isn’t able to be guessed or discovered by someone who knows you. It is important that you protect and maintain the security of your account, and that you immediately notify us of any unauthorized use of your account.
To help prevent unauthorized access, maintain data accuracy, and protect against the inappropriate use of the information we collect, store, and transmit, CLARIFY has implemented a range of technical, physical and administrative safeguards. Under our Business Associate Agreement and applicable laws, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of personal health information (PHI) we use, maintain, store and/or disclosure as part of the services we provide. However, as indicated above, no website, mobile application or Internet transmission is completely secure. Unauthorized access, hacking, data loss, and/or other data breaches or other type of misuse may always occur. Any transmission of Your Health Care Information, Subscriber Clinical Data, credit card and other financial information, and/or any other information about you by you and/or your physician and/or other health care provider to CLARIFY is at your own risk, and you acknowledge and agree that CLARIFY will not be liable for any harm or damages to you or anyone else for any unauthorized access, hacking, data loss, and/or other data breaches or other type of misuse.
OUR POLICY TOWARD CHILDREN
Clarify Websites and/or Apps are not intended for use by children under the age of 13, and we do not knowingly collect any personal information from such children unless a parent or guardian provides such information on behalf of their child. Children under the age of 13 should not use Clarify Websites and/or Apps at any time, and only a parent or legal guardian should use Clarify Websites and/or Apps on their behalf. If we learn that we have collected personal information, personally identifiable information and/or health care information from a child under the age of 13 without having received it from such child’s parent or legal guardian, we will delete such information. Notwithstanding the foregoing, Clarify Websites and/or Apps may be used for the benefit of any minor child by one of the child’s parents or legal guardian.
PRIVACY POLICIES OF LINKED SITES
CLARIFY is not responsible for the privacy practices, security, or the content of any websites or mobile apps that are linked to Clarify’s Websites and/or Apps. If you have any questions about how these other websites or mobile apps use your information, you should review their policies and contact them directly. We are not responsible for the actions of third-party advertisers, service providers and/or any other third parties.
YOUR CALIFORNIA PRIVACY RIGHTS
CLARIFY does not knowingly disclose to third parties any personal information about you as defined in Cal. Civ. Code Section 1798.83 for their use for direct marketing purposes. Here is the URL to Cal. Civ. Code Section 1798.83, which sets forth your California privacy rights applicable to disclosures to third parties for direct marketing purposes: https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.83.&lawCode=CIV. If you have any reason to believe that CLARIFY may have made such a disclosure, you may contact CLARIFY and request the information required by Section 1798.83 by mail, email or phone as follows:
401 West A Street, Suite 775
San Diego, CA 92101
YOUR WRITTEN AUTHORIZATION RIGHTS
Certain uses or disclosures of Your Health Care Information, Subscriber Clinical Data, and/or any other information about you may require your specific written authorization, which you agree on behalf of yourself, your minor child and/or any other person for whom you are acting may be effectuated by use of your electronic signature (including your electronic expression of your agreement on Clarify’s Websites and/or Apps) to the full extent permitted by applicable law. If you change your mind after authorizing such a use or disclosure, you may submit a written revocation of the authorization. However, your decision to revoke the authorization will not affect or undo any use or disclosure of information that occurred before you notified us of your decision to revoke your authorization.
If you would like to submit a comment, correction, or complaint that your privacy rights have been violated, you may do so by sending a letter outlining your concerns by email to: firstname.lastname@example.org and/or by regular mail to:
401 West A Street, Suite 775
San Diego, CA 92101