HLTH360 SOVRINHEALTH 360™
Data Privacy Protection Policy
In this Policy when we refer to SH360 we mean the Health360 Inc’s flagship product SOVRINHEALTH360™. Our registered office is at 42167 Giselle Ct, Chantilly, VA 20152 and we are a company incorporated under the laws of Delaware, USA. You can find contact details for us in our website www.hlth360.net.
We may revise this Policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are binding on you.
This Policy describes:
“Personally Identifiable information (PII)” is any information that can be used to identify you. “Protected Health Information (PHI)” is any Health information that can be associated with Patients using their PII.
As part of our service offering, we collect and process the PII and PHI about you:
We will process personal information that you give to us including when you email us or contact us through various channels as described below:
We obtain user consent through the following step:
We may use your PII and PHI for the following purposes:
We share personal information, with the individual’s consent, with your PCPs, Hospitals, Specialty doctors and other Care Providers. In addition, we also share, upon consent, the anonymized data with laboratories and Contract Research Organizations for research purposes.
Our Retention/Deletion Practice
We follow HIPAA guidelines for a Business Associate for our Retention Practice. We support at least 6 years of retention from the date of creation or last use. We ensure that all copies, digital or hard copies, of patient records are deleted after the 6-year retention period.
Dormant or Closed Account Policy
We follow standard guidelines of disabling accounts that are dormant for a period of 90-days (this applies to the Patient app only). Any dormant accounts will continue to exist in the system till the retention period is over. An account can only be closed with an explicit written request by the member. A closed account will continue to exist in the system, with no access to the account, for the retention period before it is completely deleted from the system.
We allow patients to withdraw consent through an email or written request. We will keep an audit record of the “withdraw consent” request. The system will hold the patient record through the entire retention period before deleting the data.
Mergers and Acquisitions
In the event of merger or acquisition, we notify patients via mail and/or email of any impact on the Data use practices.
Keep Your Information Secured
We will ensure that your PII and PHI that we hold are subject to appropriate security measures. We are a HITRUST assessed Business Associate and have Physical, Administrative and Technical controls that are in place to protect your data secure both at Rest and in Transit. We use NIST approved Encryption algorithms to encrypt data in the database as well as encrypt the data in transit.
Your Choices and Rights
You have several legal rights in relation to the PHI and PII that we hold about you and you can exercise your rights by contacting us using the details set out below.
These rights include:
How to Contact Us
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us.
You can do this by writing to us at:
42167 Giselle CT
Chantilly, VA 20152