Washington Consumer Health Data Privacy Notice
Effective Date: March 31, 2024
Introduction
Prescryptive Health, Inc. (“Prescryptive,” “we”, or “us”) is committed to protecting your privacy. This Washington Consumer Health Data Privacy Notice (“Notice”) applies to “consumer health data” under the Washington My Health My Data Act (RCW 19.373, “MHMDA”). MHMDA exempts several categories of data, including protected health information governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Most health data that we may collect, process and share is regulated under HIPAA and is therefore not subject to MHMDA. Please see Prescryptive’s separate Privacy Policy that describes our practices with respect to this information that is subject to HIPAA.
- Categories of Consumer Health Data We May Collect. We may collect the following categories of consumer health data:
a. Health conditions, treatment, and medical history
b. Use or purchase of prescription medication
c. Diagnostic Data
d. Location Data
e. Data identifying your seeking of health care services
f. Healthcare Records and Communications: Records of your communications with healthcare providers, medical imaging data, and immunization records.
g. Medication and Treatment Adherence: Data regarding your medication adherence, treatment plans, and prescribed medications.
h. Commercial information such as transaction information.
i. Information about your usage of our website: this may include, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
j. Derived Health Data: Information processed to associate or identify you with any of the above data, derived from non-health information using algorithms, machine learning, or other methods. - Purposes of Data Collection and Use: We may collect and use your consumer health data for the following specific purposes:
a. Providing Services: We collect consumer health data to provide you with personalized services that you have requested from us.
b. Improving Health Outcomes: Consumer health data helps us tailor our services to your specific needs to improve your health outcomes.
c. Monitoring and Managing Health Conditions: We may use health data to monitor the progression of your health conditions, track treatment effectiveness, and provide timely interventions as needed.
d. Research and Development: We may use your health data for research purposes to improve our services, develop new healthcare solutions, and contribute to scientific advancements while protecting your privacy.
e. Ensuring Data Accuracy: We collect your health data to maintain accurate and up-to-date records, ensuring that we can provide you with the best possible care.
f. Health and Wellness Analytics: We use your consumer health data to generate insights and analytics on broader health trends, helping us identify public health issues and improve overall community well-being.
g. Communication and Engagement: Consumer health data enables us to communicate with you effectively.
h. Compliance with Legal Requirements: We collect and process consumer health data as necessary to meet legal requirements and protect your rights.
i. Security and Authentication: To maintain data security, we may collect health data for user authentication and authorization purposes, ensuring that only authorized individuals access your information.
j. Customer Support: We use consumer health data to provide responsive customer support, answer your inquiries, and address any concerns you may have.
k. Mergers and Acquisitions: In the event of a merger, acquisition, or sale of assets, consumer health data may be transferred to a third party as part of the transaction. Any such transfer will be in compliance with applicable laws and regulations.
l. Analytics and Reporting: Aggregated consumer health data may be shared for analytics, reporting, and statistical purposes, ensuring that individual identities remain protected.
m. Business Operations: Consumer health data may be shared with entities involved in our business operations, such as legal and financial advisors, for the purpose of ensuring compliance, protecting our interests, and managing our operations.
n. Enforcement: To enforce or apply our terms of use (Terms of Use – Prescryptive Health) and other agreements, including for billing and collection purposes.
o. Protection of Prescryptive and its Customers: If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others. - Sources of Consumer Health Data: This section describes the various sources from which we collect your consumer health data.
a. Direct Information from Consumers: We collect consumer health data directly from you. This may include information provided through our website or mobile application.
b. Healthcare Providers and Facilities: We may obtain information from healthcare professionals and facilities.
c. Contracted Third Parties: In certain instances, we may receive consumer health data from our contracted third parties, such as health information exchanges, medical data aggregators, and other service providers.
d. Health Insurance Information: We may collect information from health insurance providers, including details about coverage, claims, and other relevant data.
e. Online Tracking Technology: We may collect consumer health data automatically from you as you navigate through our website or mobile application. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies. - Third Parties and Specific Affiliates with Whom Consumer Health Data May be Shared: We may share your consumer health data described in Section 1 with the following third parties:
a. Affiliate: We may share consumer health data with our affiliated legal entity, Prescryptive Pharmacy and Patient Services, Inc., as necessary to provide you with the services that you have requested.
b. Third-Party Service Providers: We may share consumer health data with our contracted third-party service providers, such as data hosting and analytics companies, as necessary to provide you with the services you have requested.
c. Research Institutions: Consumer health data may be shared with accredited research institutions and other researchers.
d. Successors: Consumer health data may be shared with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which consumer health data held by us is among the assets transferred. - Purposes for Consumer Health Data Sharing: We may share your consumer health data for the following specific purposes:
a. Providing Services: We may share consumer health data to provide you with personalized services that you have requested from us.
b. Improving Health Outcomes: Sharing consumer health data helps us tailor our services to your specific needs to improve your health outcomes.
c. Monitoring and Managing Health Conditions: We share consumer health data to monitor the progression of your health conditions, track treatment effectiveness, and provide timely interventions as needed.
d. Research and Development: We may share your health data for research purposes to improve our services, develop new healthcare solutions, and contribute to scientific advancements while protecting your privacy.
e. Ensuring Data Accuracy: We share your consumer health data to maintain accurate and up-to-date records, ensuring that we can provide you with the best possible service.
f. Health and Wellness Analytics: We share your consumer health data to generate insights and analytics on broader health trends, helping us identify public health issues and improve overall community well-being.
g. Communication and Engagement: Sharing Consumer health data enables us to communicate with you effectively, whether it’s sending appointment reminders, health-related tips, or relevant updates about our services.
h. Compliance with Legal Requirements: We may share consumer health data as necessary to meet legal requirements and protect your rights.
i. Security and Authentication: To maintain data security, we may share consumer health data for user authentication and authorization purposes, ensuring that only authorized individuals access your information.
j. Customer Support: We share consumer health data to provide responsive customer support, answer your inquiries, and address any concerns you may have.
k. Emergency Situations: In emergency situations where your health and safety are at risk, your relevant health data may be shared with healthcare providers, first responders, or authorized individuals to ensure immediate medical care and support.
l. Legal and Regulatory Compliance: We may share consumer health data as required by law or to comply with legal processes, court orders, or government regulations. This includes sharing data with law enforcement agencies, governmental bodies, or judicial authorities when necessary.
m. Analytics and Reporting: Aggregated consumer health data may be shared for analytics, reporting, and statistical purposes, ensuring that individual identities remain protected.
n. Business Operations: Consumer health data may be shared with entities involved in our business operations, such as legal and financial advisors, for the purpose of ensuring compliance, protecting our interests, and managing our operations.
o. Enforcement: We may share consumer health data to enforce or apply our terms of use (Terms of Use – Prescryptive Health) and other agreements, including for billing and collection purposes.
p. Protection of Prescryptive and its Customers: We may share consumer health data if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our customers, or others. - Consumer Rights and How to Exercise Them:
a. Rights: You have the following rights related to your consumer health data:
i. Right to Confirmation: You have the right to confirm whether we are collecting, sharing, or
selling your consumer health data.
ii. Access: You have the right to access your consumer health data, including receiving a list of
all third parties and affiliates with whom we have shared or sold your consumer health data.
Upon your request, we will provide you with an active email address or other online mechanism
that you can use to contact these third parties.
iii. Right to Withdraw Consent: You have the right to withdraw your consent for our collection
and sharing of your consumer health data concerning you.
iv. Right to Deletion: You can request the deletion of consumer health data concerning you by
informing us of your request.
b. How to Exercise Rights: You can exercise your consumer rights by submitting a request to us at any time. To make a request, please contact membersupport@prescryptive.com. You can also write to us at: Privacy Office, Prescryptive Health, Inc., P.O. Box 403, Redmond, WA 98073. If we are unable to authenticate your request using commercially reasonable efforts, we may request additional information from you to verify your identity and your request.
c. Fees: Requests for information provided in response to a consumer’s rights will be provided free of charge, up to twice annually per consumer. However, If we find that requests are unfounded, excessive, or repetitive, we may charge a reasonable fee to cover administrative costs or decline the request.
d. Response Time: We will respond without undue delay but in all cases within 45 days of receiving your request. In complex cases or when the number of your requests is substantial, we may extend the response period by 45 additional days, provided we inform you of the extension and the reasons within the initial 45-day period. If you request deletion of your consumer health data, and such data is stored on archived or backup systems, then we may extend the response time to enable restoration of the archived or backup systems, provided that such delay may not exceed six (6) months from our authentication of your deletion request.
e. Right to Appeal: If you disagree with our decision or refusal to take action on your request, you have the right to appeal the decision. Our appeal process is available and similar to the process for submitting requests. Within 45 days of receiving your appeal, we will inform you in writing of any action taken or not taken and provide a written explanation for our decisions. - Changes to This Notice. It is our policy to post any changes we make to this Notice on this page. The date the Notice was last revised is identified at the top of the page. You are responsible for periodically visiting our website and this Notice to check for any changes.
- Contact Information. To submit questions or comments regarding this Notice, contact us at membersupport@prescryptive.com. You can also write to us at: Privacy Office, Prescryptive Health, Inc., P.O. Box 403, Redmond, WA 98073.