HOW ZERIGO HEALTH COLLECTS INFORMATION ABOUT YOU
THE TYPE OF INFORMATION ABOUT YOU THAT ZERIGO HEALTH COLLECTS
1. Protected Health Information (PHI)
Zerigo Health may create, collect, receive, maintain, store, transmit, disclose and/or use PHI about you. Your PHI may include, without limitation, the following: (i) the identity of physicians and/or other health care providers that have examined and/or treated you, (ii) diagnostic and symptom information about you including, without limitation, any skin conditions such as psoriasis, eczema, or vitiligo, (iii) prescriptions, treatment plans and treatment protocols applicable to your skin conditions, (iv) medical imaging and photographs providing information about your skin conditions, including photographs of your treatment progress that you take using the camera on your smart phone, (v) laboratory and other test results relating to your skin conditions, (vi) information about your use of the Zerigo Health System (vii) information you input into Zerigo Health’s Websites and/or the Zerigo Health Mobile App, (viii) information you disclose to a ZerigoCare Guide or other Zerigo Health personnel, (ix) information you disclose to your physician and/or other health care provider about your symptoms, diagnoses and treatment progress before, during, and/or after your use of the Zerigo Health System, (x) information about your treatment experience and outcomes during and/or after using the Zerigo Health System, (xi) information obtained from other third parties including insurance providers and employers.In most instances, when Zerigo Health creates, collects, receives, maintains, stores, transmits, discloses and/or uses your PHI, we are doing so for the purposes of treatment. For example, your physician or other health care provider may send us your prescription or may provide you with a hard copy prescription that you provide to Zerigo Health. We may communicate with your physician if he or she makes any changes to your treatment plan or treatment protocol.
2. Personal Information
The personal information, including PHI, about you that Zerigo Health collects and stores may include, without limitation, your full name, email addresses, physical addresses, age, date of birth, Zerigo Health App username and password, phone numbers, employer, social security number, gender, geographic information, health insurance plan information (including, insurance identification numbers) device identifiers, and other information that you provide when you are using Zerigo Health Websites and/or the Zerigo Health Mobile App, communicating with Zerigo Health personnel, and/or that you provide to your physician and/or health care providers which they then communicate to Zerigo Health. In addition, when you access the Zerigo Health Mobile App, Zerigo Health may access or collect other information through your device’s camera functions including photographs selected by You, and Your location information. Zerigo Health may also collect your devices’ identification information, including MAC addresses and IP addresses.
3. Zerigo Health Device User Support Information
4. Text Message and Similar Notifications
Zerigo Health may collect and store the information you provide, including your telephone number, and may send text message notifications directly to your mobile device. Text message communications require the use of public networks and/or third-party service providers. Zerigo Health may send text messages to your mobile device to provide You with information about the Zerigo Health System, the Zerigo Health Mobile App, and/or information about other Zerigo Health products or services. You are able to manage delivery of text messages from your text application or from your device’s settings.
5. Technical and Usage Information from Your Devices
Zerigo Health may collect and store information about your mobile device or your computer system, including MAC address, IP address and mobile device ID. Zerigo Health may also collect usage statistics about your interactions with Zerigo Health’s Websites and/or Apps. This information is typically collected through the use of server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyze certain types of technical information. In addition, as described above, Zerigo Health may retain a record of your activity on Zerigo Health’s Websites and the information viewed.WHERE ZERIGO HEALTH STORES INFORMATION ABOUT YOUAll or some portion of Your personal information, including PHI, and other information about You as described above may be stored on (i) the Zerigo Health Device, (ii) Your computer, or mobile device that You use to access Zerigo Health’s Websites or and/or the Zerigo Health Mobile App, and (iii) Zerigo Health’s information network, including, without limitation, “cloud” storage providers.HOW ZERIGO HEALTH USES INFORMATION ABOUT YOUZerigo Health uses your PHI, and the other information collected about you as described above, for a variety of purposes as permitted by, required by, and/or in accordance with applicable law, including, but not limited to, the following:
1. In connection with your physician’s and/or other health care provider’s treatment of you;
2. To provide You with information, and to answer any questions that you may have, about the Zerigo Health Mobile App, the Zerigo Health Device, the Zerigo Health System and/or other medical devices, products and/or services which are, or may be, offered or sold by Zerigo Health;
3. To obtain a prescription from your physician and/or other health care provider so that you may acquire and use the Zerigo Health System;
4. To provide you with information as needed for you to acquire and use the Zerigo Health System;
5. To assist you in obtaining reimbursement from health insurers for your use of the Zerigo Health System although Zerigo Health has no control over insurers’ coverage decisions;
6. To obtain information from you about your medical condition and treatments;
7. To manage the operation of the Zerigo Health System and the Zerigo Health Mobile App;
8. To make improvements to the Zerigo Health System, the Zerigo Health Mobile App, and/or other Zerigo Health products and/or services;9. To provide information to your physician and/or other health care provider in connection with the treatment of your medical conditions;
10. In a de-identified format for the purposes of clinical research in compliance with applicable law;
11. In an identifiable format if authorized by you for use within clinical research, in compliance with applicable law;
12. To communicate with you about the Zerigo Health System, the Zerigo Health Mobile App, and/or other products or services offered by Zerigo Health;
13. For internal quality assessment, business improvement, and product development;
14. For customer service trending and analysis;
15. For patient treatment adherence, longitudinal efficacy studies, and retention analysis;
16. For treatment, payment, or health care operation purposes as defined in HIPAA; and/or
17. For any other purpose not prohibited by applicable law.
HOW ZERIGO HEALTH DISCLOSES INFORMATION ABOUT YOU
Permitted Sharing of Your Personal Information
Zerigo Health may disclose your PHI and/or other information about you, as described above, as permitted by, required by, and/or in accordance with applicable law including, without limitation: (a) to your physician and/or other health care provider; (b) to persons and/or entities, authorized by you in writing to receive such information , such as your health insurer; and (c) to third parties who perform services on Zerigo Health’s behalf. Zerigo Health will not sell or rent Your personal information to any other company or organization.
Sharing Personal Information with Your Health Care Provider
Zerigo Health discloses information about your use of the Zerigo Health System and the Zerigo Health Mobile App to your physician and/or other health care provider including progress reports, treatment adherence and, if provided, photographs of your treatment sites.
Sharing Personal Information with Third Parties
To facilitate the provision of services, Zerigo Health may share some personal information, including PHI, with third parties that we engage to perform services or functions on our behalf. For example, Zerigo Health may use vendors to ship You the Zerigo Health Device. To facilitate the shipping of the device, Zerigo Health will provide the shipping vendor with Your name and address. When Zerigo Health shares Your personal information with our third-party partners, we do not authorize them to use, share or disclose Your personal information with others for purposes other than the provisions of services that they have been retained to provide.
De-Identified and Aggregate Data
Once personal information, including PHI, has been fully de-identified so that it cannot be tied to any specific individual, it is no longer considered personal information or PHI. Zerigo Health de-identifies personal information and compiles this data to create anonymous aggregate statistics. This aggregate data is used to help Zerigo Health to continually improve the user experience and to better understand the efficacy of the Zerigo Health System in the treatment of medical conditions.
Zerigo Health may disclose de-identified treatment information to third parties to the extent not prohibited by applicable law.
Disclosure Required Under Law
Zerigo Health may disclose or report information about you as permitted by, required by, and/or in accordance with applicable law: (i) if we have a good faith belief that we are required to disclose the information in response to legal process (for example, a court order, search warrant or subpoena); (ii) to comply with applicable laws, (iii) if we believe that Zerigo Health’s Websites and/or Apps are being used to commit a crime, including, without limitation, to report such criminal activity or to exchange information with other companies and organizations for the purposes of fraud protection and credit risk reduction, (iv) if we have a good faith belief that there is an emergency that poses a threat to the health or safety of a person or the general public, and/or (v) in order to protect the rights or property of Zerigo Health.
If Zerigo Health sells all or a portion of our business, we may transfer all of your information that we collect as described above including, without limitation PHI, and/or other information about you, to the successor organization as permitted by, and in accordance with, applicable law.
HOW ZERIGO HEALTH PROTECTS YOUR PERSONAL INFORMATION INCLUDING PHI
Zerigo Health protects the personal information it has collected about you, including PHI, by using industry standard security precautions against loss, unauthorized access, destruction, misuse, modification, or disclosure. Zerigo Health complies with the HIPAA Security Rule requirements applicable to medical device providers (as defined in HIPAA).
You may be required to register for an account to access Zerigo Health Websites and/or the Zerigo Health Mobile App. You will be required to download the Zerigo Health Mobile App to your smart phone in order to be able to use the Zerigo Health System. You will be provided with or asked to create a username and password, and to provide information relevant to your account. You are responsible for securing the confidentiality of your username and password and any other account access credentials and/or information used to identify you. When choosing a password, select a combination of letters and numbers that isn’t likely to be guessed or discovered by someone. It is important that you protect and maintain the security of your account and that you immediately notify us of any unauthorized use of your account.
To help prevent unauthorized access, maintain data accuracy, and to protect against the inappropriate use of the information we collect, store, and transmit, Zerigo Health has implemented a range of technical, physical, and administrative safeguards. In accordance with HIPAA, and other applicable laws, we apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of all personal information, including PHI, that Zerigo Health uses, maintains, stores and/or discloses as part of the services it provides. However, as indicated above, no website, mobile application or internet transmission is completely secure. Unauthorized access, hacking, data loss, data breach, or other types of data misuse may occur. Accordingly, any transmission of your PHI, insurance information, and/or any other information about you provided by you, your physician, and/or other health care provider to Zerigo Health is at your own risk. You acknowledge and agree that Zerigo Health will not be liable for any harm or damage to you or anyone else for any unauthorized access, hacking, data loss, data breach, or other type of data misuse.
RIGHT OF ACCESS TO PHI ABOUT YOU THAT ZERIGO HEALTH MAINTAINS
You may choose to decline to share certain personal information with Zerigo Health. In addition, You may choose to revoke Your consent for Zerigo Health to use Your personal information for purposes other than those pertaining to your care and treatment, payment for services and other healthcare operations.
To exercise Your right to revoke consent, contact Zerigo Health, in writing, at:
Zerigo Health Privacy Officer
12651 High Bluff Drive, Suite 300
San Diego, CA 92130
You also have the right to access, inspect, and receive a copy of Your personal information maintained by Zerigo Health in Your designated record set. The exercise of this right is more fully explained in the Zerigo Health Notice of Privacy Practices. To exercise this right, submit a written request to Zerigo Health at the above contact and address. Zerigo Health may charge a reasonable, cost-based fee to cover the expense of providing the requested copies.
As described above, some of the PHI about you that Zerigo Health collects and stores originates from your physician and/or other health care provider in connection with their providing medical treatment to you, and through other written and/or oral communications relative to your medical treatment. Accordingly, Zerigo Health has no authority or means of permitting you to review and/or request changes of such information, and any such requests will have to be directed to the specific physician and/or other health care providers.
OUR POLICY TOWARD CHILDREN
Zerigo Health Websites and the Zerigo Health Mobile App are not intended for use by children under the age of 13. Zerigo Health does not intend to or knowingly collect any personal information regarding children under the age of 13 unless a parent or guardian approves such collection and provides such information on behalf of the child. Children under the age of 13 should not use the Zerigo Health Websites and the Zerigo Health Mobile App at any time, and only a parent or legal guardian should use the same on behalf of the child. If we learn that we have collected personal information, or PHI, directly from a child under the age of 13, we will delete such information. Notwithstanding the foregoing, Zerigo Health Websites and the Zerigo Health Mobile App may be used for the benefit of any minor child by the child’s parent(s) or legal guardian.
PRIVACY POLICIES OF LINKED SITES
Zerigo Health is not responsible for the privacy practices, security, or the content of any non-Zerigo Health websites or mobile apps that are linked to Zerigo Health’s Websites or the Zerigo Health Mobile App. If you have any questions about how these other websites or mobile apps use your information, you should review their policies and contact them directly. Zerigo Health is not responsible for the actions of third-party advertisers, service providers and/or any other third parties.
YOUR CALIFORNIA PRIVACY RIGHTS
Zerigo Health does not knowingly disclose to third parties any personal information about you as defined in Cal. Civ. Code Section 1798.83 for their use for direct marketing purposes. For further detail review the Cal. Civ. Code Section 1798.83, which sets forth rights held by California residents regarding privacy rights applicable to disclosures to third parties for direct marketing purposes. If you have any reason to believe that Zerigo Health may have made such a disclosure, you may request the information required by Section 1798.83 by contacting Zerigo Health in writing at the contact information provided above.
YOUR WRITTEN AUTHORIZATION RIGHTS
Certain uses or disclosures of your, your minor child, and/or any other person on whose behalf you are acting’s personal information, including PHI, may require your specific written authorization. You agree that your authorization may be effectuated by use of your electronic signature, including your electronic expression of your agreement on Zerigo Health’s Websites and the Zerigo Health Mobile App, to the fullest extent not prohibited by applicable law. If you change your mind after authorizing such a use or disclosure, you may submit a written revocation of the authorization to the above contact information. However, your decision to revoke authorization will not affect or undo any use or disclosure of information that occurred before you notified Zerigo Health of your decision to revoke your authorization.
If you have any questions, comments, or complaints regarding your privacy rights or concern that your privacy rights may have been violated, contact Zerigo Health’s Privacy Officer, in writing, at the contact information provided above.
You will not be penalized or otherwise retaliated against for filing a complaint. To protect your privacy and security, we will also take reasonable steps to verify your identity before granting access or making corrections.