Privacy Policy


Data Privacy Protection Policy


  • 1. Purpose

This Privacy Policy (the Policy) describes how Health360 Inc (‘HLTH360’) collects, protects, uses and shares the information that our customers and users provide to us.

In this Policy when we refer to SH360 we mean the Health360 Inc’s flagship product SOVRINHEALTH360™. Our registered office is at 42167 Giselle Ct, Chantilly, VA 20152 and we are a company incorporated under the laws of Delaware, USA. You can find contact details for us in our website www.hlth360.net.

We may revise this Policy at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we make, as they are binding on you.

  • 2. Scope

This Policy describes:


  • 3. Policy Statement


The Information that We Collect

“Personally Identifiable information (PII)” is any information that can be used to identify you. “Protected Health Information (PHI)” is any Health information that can be associated with Patients using their PII.

As part of our service offering, we collect and process the PII and PHI about you:

  • Information that you provide to us

We will process personal information that you give to us including when you email us or contact us through various channels as described below:

  • Signing up for services: when you register through our Mobile App or when you contact us with queries or respond to our communications the personal information you provide may include your full name, telephone number, email address, birth date, zip code, date and time of your correspondence and information about you.
  • In connection with our provision of member services: if you are a registered member of Health360 through your Primary Care Physician (PCP) or Specialty Care Physician, you will provide us with PII and/or PHI that we collect from your PCP during pre-enrollment period.
  • Information we obtain from other sources
    • We collect PII and PHI information about your clinical visit to your PCP, Specialty doctors or admittance to Hospitals.
    • The information includes encounters, diagnostics, procedures, lab reports, medications, allergies, vitals and others.
    • We collect this information from your PCP, Specialty Doctor, Hospital Electronic Health Record systems, Laboratories, and Pharmacies.
    • We also collect information via Medical and Fitness devices that we interface with.



How We Obtain User Consent

We obtain user consent through the following step:

  • Patients provide explicit consent to grant the application access, when connecting to the data source.
  • We also obtain patient data from our clients (Medical Groups, Health systems). The Business Associate agreement that we signed with them allows us to access records of the patients who have opted in to share their information.


How We Use the Information that we Collect

We may use your PII and PHI for the following purposes:

  • to provide access to the members to their own information
  • to provide analytical services using the information we have collected.
  • to engage in activity in relation to our member services. This may include sending you newsletters, wellness suggestions, Medication reminder etc.,
  • to allow you to share your information with care givers and providers.
  • to share with ACOs, MCOs and other Healthcare Networks with whom you have been associated or attributed with. This is for the purpose of proper Care Coordination, well ness guidance and other Care and Health related services.


How We Share Information with Third Parties

We share personal information, with the individual’s consent, with your PCPs, Hospitals, Specialty doctors and other Care Providers. In addition, we also share, upon consent, the anonymized data with laboratories and Contract Research Organizations for research purposes.


Our Retention/Deletion Practice

We follow HIPAA guidelines for a Business Associate for our Retention Practice. We support at least 6 years of retention from the date of creation or last use. We ensure that all copies, digital or hard copies, of patient records are deleted after the 6-year retention period.


Dormant or Closed Account Policy

We follow standard guidelines of disabling accounts that are dormant for a period of 90-days (this applies to the Patient app only). Any dormant accounts will continue to exist in the system till the retention period is over. An account can only be closed with an explicit written request by the member. A closed account will continue to exist in the system, with no access to the account, for the retention period before it is completely deleted from the system.


Withdraw Consent

We allow patients to withdraw consent through an email or written request. We will keep an audit record of the “withdraw consent” request. The system will hold the patient record through the entire retention period before deleting the data.


Mergers and Acquisitions

In the event of merger or acquisition, we notify patients via mail and/or email of any impact on the Data use practices.


Keep Your Information Secured

We will ensure that your PII and PHI that we hold are subject to appropriate security measures. We are a HITRUST assessed Business Associate and have Physical, Administrative and Technical controls that are in place to protect your data secure both at Rest and in Transit. We use NIST approved Encryption algorithms to encrypt data in the database as well as encrypt the data in transit.


Your Choices and Rights

You have several legal rights in relation to the PHI and PII that we hold about you and you can exercise your rights by contacting us using the details set out below.

These rights include:

  • Obtaining information regarding the processing of your PII and PHI and access to the information which we hold about you.
  • Requesting that we correct your PII and PHI information if it is inaccurate or incomplete.
  • Withdrawing your consent
  • In some circumstances, receive some PHI and PII in a structured, commonly used and machine-readable format and/or requesting that we transmit such information to a third party where this is technically feasible.
  • Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us.
  • We can, on request, tell you which data protection authority is relevant to the processing of your personal information.


How to Contact Us

If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us.

You can do this by writing to us at: 

Health360 Inc

42167 Giselle CT

Chantilly, VA 20152

United States