Privacy Policy

This policy applies to all information collected or submitted on PatientSphere’s website and our apps for iPhone and any other devices and platforms.

Information we collect

New PatientSphere accounts are created using email addresses and/or phone numbers. Email addresses are only used for logging in, password resets, responding to emails that you initiate, and sending notifications that you request. We don’t send promotional emails.

We store information about your symptoms and enable you to share this data with your doctor, friends or family. We also collect anonymous statistics for scientific research purposes.

Technical Safeguards (HIPAA 164.312). To further protect sensitive data, OHN enforces unique software architecture that includes user identification, various database audit logging, data integrity systems and verified backups, entity authentication programs, digital certificates, various levels of encryption and other custom architecture to further obscure sensitive data from threats.

Technical basics

If you enable notifications, we must store a token to send them. We never use notifications for marketing.

If you upload data to PatientSphere, we need to store them until you delete them.

We use cookies on the site and similar tokens in the app to keep you logged in.

Our server software may also store basic technical information, such as your IP address, in temporary memory or logs.

iCloud

PatientSphere stores some of your data in Apple’s iCloud service, such as login tokens for your account(s), to enable some sync features between all devices signed into your Apple ID.

Ads and analytics

PatientSphere’s app collects aggregate, anonymous statistics, such as the percentage of users who use particular features, to improve the app.

No personal data is used for advertising or marketing purposes.

Information usage

We use the information we collect to operate and improve our website, apps, and customer support.

We do not share personal information with outside parties except to the extent necessary to accomplish PatientSphere’s functionality, or by explicit permission of the user.

We may disclose your information in response to subpoenas, court orders, or other legal requirements; to exercise our legal rights or defend against legal claims; to investigate, prevent, or take action regarding illegal activities, suspected fraud or abuse, violations of our policies; or to protect our rights and property.

In the future, we may sell to, buy, merge with, or partner with other businesses. In such transactions, user information may be among the transferred assets.

Security

We implement a variety of security measures to help keep your information secure. For instance, all communication with the app and website requires HTTPS with certificate pinning. Passwords are hashed, not stored, using industry-standard methods (currently bcrypt).

Accessing, changing, or deleting information

You may access or change your information or delete your account from the PatientSphere iOS app.

Deleted information may be kept in backups for up to 90 days. Backups are encrypted and are only accessed if needed for disaster recovery.

PatientSphere may delete your information at any time and for any reason, such as technical needs, legal concerns, abuse prevention, removal of idle accounts, data loss, or any other reason.

Personal Health Information

Developer of PatientSphere, Open Health Network(OHN) is committed to and has implemented many safeguards to ensure its devices, services, websites and data systems (collectively “Products”) are compliant with the regulations and conditions set forth in the Health Insurance Portability and Availability Act of 1996 (HIPAA). OHN is committed to continuous improvement to ensure OHN Products incorporate state-of-the-art information technology privacy and security measures.

As a “Business Associate” per the definition in the HIPAA Act, and by assignment of the HIPAA covered entity, OHN is subject to the following controls:

Administrative Safeguards (HIPAA 164.308). OHN has implemented policies to ensure appropriate assignment of data access permissions and proper movement and handling of that data. HIPAA training is an annual mandated event for all staff, as well as annual review of policy effectiveness during internal or 3rd party auditing of our Products.

Physical Safeguards (HIPAA 164.310). OHN primary physical safeguard is to not retain sensitive data in any public or private OHN location other than those assigned for database management and quality assurance activities. Specific workstation usage, disposal, reuse and security measures are in place. Access to OHN facilities are all independently controlled preventing walk-up intrusion. OHN’s data center uses a cloud based architecture with inherent security measures including 24 hours monitoring, advanced fire protection systems, uninterruptible power and database redundancy. Annual audit of the facility security plan, disaster recovery plan, and contingency plans are in place.

California Online Privacy Protection Act Compliance

We comply with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

Children’s Online Privacy Protection Act Compliance

We never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Information for European Union Customers

By using PatientSphere and providing your information, you authorize us to collect, use, and store your information outside of the European Union.

International Transfers of Information

Information may be processed, stored, and used outside of the country in which you are located. Data privacy laws vary across jurisdictions, and different laws may be applicable to your data depending on where it is processed, stored, or used.

Your Consent

By using our site or apps, you consent to our privacy policy.

Contacting Us

If you have questions regarding this privacy policy, you may email privacy@PatientSphere.fm. Please note that account deletion should be done within the PatientSphere app, not via email requests, for security reasons.

Changes to this policy

If we decide to change our privacy policy, we will post those changes on this page. Summary of changes so far:

  • May 29, 2020: First published.