Last Updated: January 23, 2020
What Information Does Jaspr Health Collect?
- Typing in data (such as when you register for our Services, type a message to send to us, type a search request, or complete a measure or other form);
- Uploading a document, image or other data file;
- Authorizing us to retrieve and import information from another user or other third party on your behalf, including, without limitation, from your provider or patient or electronic health record;
- Authorizing us to export information on your or your provider’s or provider organization’s behalf to your provider or patient or electronic health record;
- Jaspr Health does not knowingly collect any information from anyone under 13 years of age.
Who Can Access Information?
Information inputted by patients and reports compiled by Jaspr Health using this information may be viewed by patients, the healthcare organization providing treatment, providers at the healthcare organization and Jaspr Health. Jaspr Health information and reports may be added to the patient’s electronic health record, becoming part of the record shared by healthcare and other organizations as part of the patient’s treatment.
Information inputted by providers and other healthcare organization representatives may be viewed by subject patients and other healthcare organization representatives, depending on their administrative permissions, and access to patient electronic health records within those organizations. Jaspr Health does not control and is not responsible for the administrative permissions of healthcare organizations.
Protected health information collected by Jaspr Health is used and disclosed only as is permitted by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Only persons explicitly authorized by patients to have access to their healthcare information will be provided access.
We do not sell or rent your personal information to third parties. We may disclose your information to third parties as described previously. We may disclose personal information to our service providers and vendors in order to provide the services you have requested from us, such as use of our software applications if you authenticate through a third-party service. These third parties are obligated to protect your personal information in strict accordance with our policies, HIPAA, and HITECH.
We may at times be required to disclose personal information you provide us as required by a legal obligation, such as in response to a court order or applicable statute. In the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), we may have a legitimate interest in disclosing or transferring your information to a third party — such as an acquiring entity and its advisers.
Why Do We Gather Your Personal Information?
We gather personal information for the following purposes:
- Personal and healthcare information inputted by patients is gathered by healthcare providers and healthcare organizations for purposes of allowing a healthcare provider to plan and deliver care to patients
- Information inputted by healthcare providers and healthcare organizations regarding patients, which may include healthcare information and personal information, is gathered for purposes of health care delivery
- Administrative announcements about features, functionality, terms, or other aspects of our Services
- Research purposes—anonymized data (stripped of all personally identifying information) is aggregated with the anonymous data of other users into a data repository for data analysis and clinical research to better understand behavioral and other health problems and improve health care; anonymous data may be shared with other third party recipients for the purposes of research (depending on our agreement with the third party, Jaspr Health may or may not charge for this information)
- Product development purposes and improvement activities
- Any other purpose described in this Policy or the Terms of Service
How Is Information Viewed, Updated, and Deactivated?
Upon written request by the account holder, an account will be deactivated and archived. We retain archived information for a period of five (5) years (or longer if required by applicable law or regulation) as necessary to comply with legal obligations, resolve disputes, enforce our agreements and other authorized uses under this Policy. Unless otherwise required by law, Jaspr Health shall be under no obligation to retain any of your account information and may delete the same immediately following deactivation of your account.
HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to their healthcare providers. Certain personal information can also be corrected within our application or through our webpage. If you believe that we have inaccurate personal information, and are unable to correct it through the application or webpage, please contact us at: firstname.lastname@example.org
Please note that de-identified health information is stored indefinitely in our anonymized data repository.
How We Protect Your Personal Information
Jaspr Health takes administrative, technical, and physical measures to safeguard your personal information against loss, theft, and misuse, as well was unauthorized access, disclosure, and destruction.
Changes to this Policy
As is standard practice on many webpages, Jaspr Health uses “cookies” and other technologies to help us understand how our users interact with our website. Cookies contain information that is transferred to your computer’s hard-drive. These cookies are used to store information, such as the time that the current visit to our webpage occurred, whether you have visited our webpage before, and what third party page, if any, referred you to our webpage.
If you prefer not to enable cookies, you can disable them in your browser. Please note that certain features of our webpage and application may not be available once cookies are disabled. As is true of most webpages, we gather certain information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type, Internet Service Provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
Jaspr Health is committed to protecting the privacy of children and abiding by the provisions of the Children’s Online Privacy Protection Act (COPPA). Our website and services are not designed or intended to attract children under the age of 13. In the event that Jaspr Health is notified or becomes aware that the site or services have been used by a child under the age of 13 to store information of that child without parental consent, Jaspr Health shall be and is authorized to delete, in its entirety, any of the information stored by that child. Jaspr Health also reserves the right to revoke any license to use the site and service which is being used or has been used by a child under the age of 13.
Data Privacy for California Residents
This section applies solely to visitors and users of our Site and Services who reside in the State of California. We have adopted this notice to comply with the California Consumer Privacy Act of 2018 (the “CCPA”) and the California Online Privacy Protection Act (“CalOPPA”), and any terms defined in the CCPA or CalOPPA have the same meaning when used in this notice.
For the purposes of this section “California Data Subject” shall mean: (1) an individual who is in the State of California for other than a temporary or transitory purpose, and (2) an individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose.
Information We Collect
Jaspr Health collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular California Data Subject or device (“personal information”). In particular, Jaspr Health has collected the following categories of personal information from California Data Subjects within the last twelve (12) months: