Effective Date: September 14, 2017
We collect health and other information from you as a Patient User so that we can show it to you in useful ways within the AppPractice Apps. You may choose to share your health information with others and with applications that connect to the AppPractice Apps or the AppPractice Platform.
1.1 What Patient User information does AppPractice collect and for what purposes?
1.1.1 Registration and Contact Information
To register as a Patient User for a AppPractice account, you must provide your email address and create a password. You use your email address and password to log in to your account. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.
We may use this information to: deliver, administer and improve the AppPractice Apps; provide customer service; improve and personalize your experience; better understand your needs; fulfill requests you make; deliver special announcements and updates about the AppPractice Apps; and contact you about any of the above as well as any changes to or notifications regarding your AppPractice account.
1.1.2 Other Information You Provide to Us
We may also collect health and other information you provide to us through the AppPractice Apps. This includes your gender, age and birth date, weight, height, treatment and diagnosis information, health and well-being related information (including diet and activity information), information identifying the diabetes monitoring and treatment devices you use, and data you upload from your diabetes monitoring and treatment devices using AppPractice Uploader, other AppPractice Apps or through third-party applications that connect to the AppPractice Platform.
We use the information you provide to us to deliver, administer, and improve the AppPractice Apps. We also use this information to provide the visualization, data analysis, and other features available to you through the AppPractice Apps, which are also available to any of your Care Team Members. As we add new AppPractice features for Patient Users, we may use your information to provide those features to you. When you seek support from us, the individual(s) providing you with support may need to access your information in order to identify the problem you are seeking support for, though your information will only be used to help provide you with support.
With your permission, and only with your permission, we may also provide your health information and internal, diagnostic data from your diabetes device to the maker of that device, include your information in a research database, or share your information with third-party applications that you choose to connect with.
1.1.3 Third-Party Applications
You may have the option to link or connect AppPractice Apps or the information collected with AppPractice Apps with certain third-party applications. We will not share the information in your AppPractice account with a third-party application without your direction.
1.1.4 Study Management for Academic and Clinical Research
1.2 What choices do Patient Users have?
1.2.1 Care Team Access
You can grant access to your AppPractice account to health care professionals, family, friends, or anyone else, creating what we call a Care Team. The Care Team Members to whom you provide access will be able to view and comment on the health and other information in your account. Only if you grant them permission will Care Team Members be able to upload information to your account or, if applicable, edit information in your account. Patient Users own all content in their AppPractice accounts added or altered by their Care Team Members.
1.2.2 Custodial Accounts
A Clinician such as your doctor or other health care provider, or a Researcher conducting a study in which you participate, may establish an account to store information about you in AppPractice. That Clinician or Researcher may invite you to open a AppPractice account. If you accept that invitation, you will become a Patient User and will have control of all the information associated with that account, which will be your AppPractice account. When you open the account, the Clinician or Researcher who invited you to open the account will automatically be a member of your Care Team. You may remove the Clinician or Researcher from your Care Team at any time.
If your Clinician or a Researcher told you to expect such an invitation and you did not receive it, please contact that Clinician or Researcher and ask them to verify your email address and re-send the invitation.
1.2.3 Options for Sharing Information with Device Makers
You may have the option of granting the maker of your diabetes monitoring or treatment device with access to the information you upload to the AppPractice Platform. Providing your device maker with access to this information may assist the device maker to provide customer support or diagnose and address issues with the device. Providing data access to device makers also helps them understand how their devices are being used, which helps them make better devices in the future. We may charge device makers a fee to access this data.
Your device manufacturer may be able to identify you based on the serial number associated with the device.
Please note that any information you may have previously shared with a device maker may remain with the device maker if they have stored that information and cannot be removed or deleted by changing your sharing preference.
1.2.4 Options for Sharing Anonymized Information with Researchers or Other Research Databases
You may have the option to donate your anonymized data with different Researchers or Research organizations, or with diabetes device or pharmaceutical companies in need of longitudinal datasets. Diabetes researchers have a very difficult time gaining access to quality diabetes data. We will give you the opportunity to make your anonymized information available to these organizations. By doing this we hope to contribute to a dramatic acceleration in the rate of innovation in diabetes care.
You will not be directly identifiable based on the information you choose to donate. However, it may be possible for others to identify you if you have made your information available publicly in other ways; for example, if you post pictures or information to social media that describes you or your health condition, such as tweeting a picture of your continuous glucose monitor readings, it may be possible for someone to correlate that with information in a AppPractice dataset. Donated, anonymized information will be stored and made available without any of your personal AppPractice account information. If you agree to donate your information, here is the information that will and will not be included (if provided):
We will not include in the anonymized datasets (1) freeform text and notes entered by you or your Care Team Members, or (2) any other data that could identify a specific individual.
The data from your device will be correlated across time and with the donated Patient User information using a random, cryptographically secure user key (a “one-way hash”). Having this key allows researchers to correlate multiple data points over time from a single person, but does not allow them (or anyone else without internal access to AppPractice servers) to identify the person.
You may be asked to donate your information via email or via using AppPractice Apps.. If you would like to change your donation preference, you may do so by using the appropriate interface in AppPractice Apps. If you change your preference to stop donating your information, you will not be able to remove or delete anonymized information that was previously donated prior to the change.
1.2.5 Export, Delete, or Change Your Information
You can change the contact information you provided when you registered by going to Account Settings. You can change or delete other information and data you have provided by editing or deleting that information directly using the utilities and features available in the AppPractice Apps. To learn how to export or delete your information, please visit support.AppPractice.org.
1.2.6 Cancel Your Account
You can cancel your account at any time. Upon cancellation, we will delete your account information and data. Please visit support.AppPractice.org to learn how to cancel your account.
1.2.7 Other Rights You May Have Under HIPAA
AppPractice may enter into relationships with a number of institutions or health care providers, such as Clinicians, Researchers, or others, for whom AppPractice will act as a “business associate” under the federal Privacy and Security Rules issued under the Health Information Portability and Accountability Act (“HIPAA”). If you are a patient of one of these institutions or other providers, or are participating in a research study conducted by one of these organizations, AppPractice may have obligations to that institution or other provider under HIPAA and AppPractice’s business associate contract with the institution or other provider that affect the information about you that the institution or provider stores in the AppPractice platform. These “business associate” relationships will not affect information in your AppPractice account.
1.2.8 Email Communications
You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.
1.4 What about the practices of third-party applications that Patient Users can connect to AppPractice Apps or the AppPractice Platform?
1.5 Who else has access to my information?
Only you can see who your information. Sharing is not allowed at this time
Some Clinicians or Researchers who you include on your Care Team may participate in other information sharing agreements, and may share some or all of your health information as part of those agreements. For example, your Clinician may participate in the T1D Exchange Registry, QI Collaborative, or other similar information sharing registry, which provides information collection and research services for a network of clinical sites. Please check with your health care provider, clinic, Clinician or Researcher to ask how they may be sharing your health information.
Patient Users have control of the information in their AppPractice accounts. This means that as a Care Team Member your access to a Patient User’s data and information is controlled by the Patient User and that any comments or information that you add may be deleted by the Patient User at any time.
2.1 What information does AppPractice collect from Care Team Members and for what purposes?
2.1.1 Registration and Contact Information
To register as a Care Team Member, you must provide an email address and create a password. You use your email address and password to log in. We may also collect contact information, such as your name, address, phone number, and certain non-personal information that does not itself identify you, such as your IP address.
We may use this information to: deliver, administer and improve the AppPractice Apps; provide customer service; improve and personalize your experience; better understand your needs and interests; fulfill requests you make; deliver special announcements and updates about the AppPractice Apps; and contact you about any of the above as well as any changes to or notifications regarding your account.
2.1.2 Other Information You Provide to Us
We may also collect other information you provide to us through the AppPractice Apps. As a Care Team Member, this information will mostly be information or comments about the Patient User or Patient Users that add you as a Care Team Member using the AppPractice Apps. We use the information you provide as a Care Team Member to display notes, comments and other features of the AppPractice Apps. A Patient User has the ability to delete information or comments you add to his or her account at any time.
A Patient User has the option to donate anonymized information from his or her account to the AppPractice Anonymized Diabetes Database. If the Patient User donates his or her information, information or data that you add to the Patient User’s account that is being donated will exclude comments that you make on that account.
2.2 What choices do Care Team Members have?
A Patient User owns all content you generate on that Patient User’s accounts and you have no control over that information, except in the course of editing comments you have made as long as the Patient User permits such changes. However, you can delete or change your personal information.
2.2.1 Change Your Information
You can change the contact information you provided when you registered by going to Account Settings.
2.2.2 Cancel Your Account
You can also cancel your account at any time. Upon cancellation, we will delete your account information but not information or comments you have added to any Patient User accounts.
2.2.3 Email Communications
You can choose to stop receiving marketing or informational emails from us by clicking the “unsubscribe” link at the bottom of any such email.
As a Clinician or Researcher, you will be able to create accounts and collect information on behalf of people that you provide care for, or people that are participating in a research study that you are conducting. These accounts are called Custodial Accounts. You can optionally provide an email address that will cause an account invitation to be sent to an individual, allowing that person to sign up for and claim the AppPractice account, and become a Patient User. When you create a Custodial Account, you have control over that account and information at the outset. Once the account is claimed by a Patient User, that Patient User takes over control and ownership of the information and account, and you become a member of that Patient User’s Care Team.
4.1 Are there any territorial restrictions for using AppPractice Apps?
At this time, AppPractice Apps are only intended for use in the United States. The AppPractice Apps and AppPractice Platform are hosted in the United States and all information is stored in the United States. By using the AppPractice Apps and AppPractice Platform you consent to processing and storage of your information in the United States.
4.2 Do any third party service providers have access to my information?
We may employ independent companies or other third parties and individuals to help us provide, facilitate or improve the AppPractice Apps (such as customer service support or data hosting). These service providers may have access to your personal information and data as necessary to perform their services for AppPractice.
4.3 When can AppPractice disclose my information?
We may disclose your information in the following circumstances:
AppPractice may disclose anonymous or statistical information about the use of the AppPractice Apps at any time without restriction.
4.4 How long does AppPractice keep my information?
AppPractice will retain your account and related information on your behalf as long as needed to support your use of the AppPractice Apps and comply as necessary with our legal obligations, resolve disputes, and enforce our agreements. We may delete your account due to inactivity, but we will notify you by email prior to doing so and give you a reasonable opportunity to either transfer your information or begin active use of your account again.
4.5 How does AppPractice secure my information?
To help protect the privacy of personal information and data you transmit using AppPractice Apps, we use technology designed to encrypt your personal information and data before it is sent to us over the internet. In addition, we take reasonable physical, administrative, and technical steps to protect the personal information and data that you provide us against unauthorized access. However, the software, hardware and networks that support the AppPractice Apps may, from time to time, require maintenance or experience problems or breaches of security beyond our control.
While we take steps to protect your personal information and data and keep it secure, you also play a role in protecting your information. You can help to maintain the security of this information by using a unique, strong password, not sharing your account information and password with anyone, and by preventing unauthorized use of your computers and mobile devices.
4.6 What about information about children?
AppPractice does not allow children under the age of 13 to register or use the AppPractice Apps and we require that children between 13 and 18 must have their parent’s or legal guardian’s consent to register or use AppPractice Apps. AppPractice does not knowingly collect information from children under the age of 13. If we discover that a person under 13 has registered as a Patient User or Care Team Member we will delete that person’s account.
4.7 What are my Texas Privacy Rights?
More information can be found here: Texas Privacy Rights
4.9 Does AppPractice collect information automatically when I use the AppPractice Apps?
We receive and store certain types of information whenever you interact with AppPractice Apps. We automatically receive and record information on your activity on our server logs, including your IP address. Generally, we also automatically collect usage information, such as the features of the AppPractice Apps that you use and how you use them, the number of Care Team Members, devices you upload, and how Patient Users and Care Team Members interact. We may use this information, as well as your personal information such as your email address, to provide personalized features and functionality, for example to provide reminders to upload data from your diabetes devices. We may also use this data to help us understand how you and other Users use parts of the AppPractice Apps so that we can improve them. We may disclose anonymous statistical information to third parties about how AppPractice Apps are used without your permission.
4.10 Can third parties collect information about me when I use the AppPractice Apps?
We do not allow third parties to place cookies through the AppPractice Apps or to collect information about a consumer’s online activities over time and across different websites when he or she uses our AppPractice Apps. We do not permit third parties to place cookies through our AppPractice Apps to perform marketing functions but we may allow service providers to place cookies to assist us with analytic functions.
4.11 Does AppPractice recognize Do Not Track signals?
We currently do not use technology that recognizes a “do-not-track” signal from your web browser.
4.12 Where can I send questions, comments or suggestions about AppPractice’s privacy practices?
We welcome your questions and feedback and will work to improve our practices based on useful input we receive. Please contact us at firstname.lastname@example.org or via mail at:
Attn: Legal Department
9539 Huffmeister Rd
Hosuton, TX 77095