This Healthper Health Information Privacy Policy (this “Policy”) describes our privacy practices that are specific to our treatment of individually identifiable health information (“Health Information”) when you use www.healthper.com or related websites owned and operated by Healthper, Inc. (“Healthper”) (collectively and each separately, the “Site”). The Healthper Website Privacy Policy more broadly describes how Healthper treats all individually identifiable information, including Health Information, when you use the Site.

This Policy is effective on July 1, 2011 for current members of the Site and upon use of the Site by new members of the Site.

Healthper reserves the right to modify this Health Information Privacy Policy at any time. Such modifications will be effective immediately and incorporated into this Policy without notice. It is your responsibility to check Healthper health information privacy policy to inform yourself of any such changes. Your continued use of the Site will be deemed acceptance and understanding of this Policy at the time of such use.

You are in control of your Health Information.

1. To store your Health Information on the Site, you will need an account on the Site (an “Account”). You control what Health Information is stored in your Account and can store as much or as little information in your Account as you want. If you so choose, your Health Information may include your medical record and history information (e.g., conditions, allergies, test results, medications, immunizations or health insurance information) and/or your wellness data and goals (e.g., personalized wellness goals around weight or exercise).
2. While you can edit Health Information that you have personally entered into your Account at any time, you cannot edit Health Information that third parties send to your Account at your request. You can, however, partially or completely delete your Health Information at any time. Deletion will be initiated immediately, and your Health Information will be purged from your Account shortly thereafter. Additional backup copies of deleted information may persist for a short time. Since deleted data will not be restored, you may want to print information before deleting it. Deletion will not revoke your prior consent or authorization for uses and disclosures of your Health Information prior to your deletion.
3. You control who can access your Health Information through the Site. By default, you are the only member of the Site who can view and edit your Health Information, but you have the option to share your Health Information with other members of the Site or, as outlined below, third-party service providers. You can revoke access to your Health Information at any time.
4. Health Information stored in your Account is not publicly accessible through internet searches on Google.com or other internet search engines. Healthper will not sell, rent, or share your Health Information without your explicit consent, except in the limited situations described in this Policy or the Healthper Website Privacy Policy – for example, when Healthper believes it is required to do so by law.

How you can share your Health Information.

1. If you share your Health Information with others, you can view a list of who has access to your Health Information and, as mentioned above, you can revoke sharing privileges at any time. When you revoke someone’s ability to read your Health Information, that party will no longer be able to read your information, but may have already seen or may retain a copy of the Health Information. You should be aware that some of the Health Information you share may show up on the pages of other members to whom you have allowed access and may be shared or copied by such other members. Healthper is not responsible for actions taken with respect to your Health Information by third parties (including other members of the Site) to whom you disclose such Health Information.
2. Healthper contains links to third-party service providers that are capable of securely sending information to Healthper. These service providers (which may include your medical providers) may provide information about certain health conditions or extend the functionality of the Site in other ways. By creating a link to these service providers, you give them permission to send your Health Information (such as medical records, prescription histories or test reports) to your Account.
3. [You can approve access for some of these service providers to view and copy your Health Information. If a service provider accesses your Health Information and stores a copy of your Health Information, that copy will be governed by that service provider’s privacy policy. Others at that service provider – for example, a doctor or nurse – may be able to view your Health Information. Healthper is not responsible for the content, performance, or privacy policies of third-party service providers.]
4. Some of these third-party service providers will be covered by federal and state health privacy laws (such as the Health Insurance Portability and Accountability Act, or “HIPAA”), and those laws will also govern how they may use and share your information. HIPAA requires (as does Healthper) that you must authorize these providers to send information to your Account. Click here for a sample Authorization form. With that authorization, you also give them permission to send certain especially sensitive types of health information (such as mental health or substance abuse records) that are protected by federal and state laws and require special authorization for disclosure to third parties. If you disclose this information yourself, these protections do not apply.
5. Healthper service providers are entities or business associates covered by HIPAA are contractually required by law and by healthper to comply with HIPAA’s applicable rules related to collection, use, and sharing of your information.
6. However, Healthper is not a “covered entity” under HIPAA. As a result, HIPAA does not apply to the transmission of health information by Healthper to any third party. If you authorize a HIPAA covered entity such as your healthcare provider to provide Health Information to Healthper on your behalf, that Health Information will no longer be subject to HIPAA.

How Healthper uses and shares your Health Information.

1. When you create your Account, Healthper asks for your email address and a password, which is used to protect your Account from unauthorized access.
2. Within Healthper, a limited number of employees in particular job functions may have access to your Health Information in order to operate and improve the Site, and they are bound by strict policies to not disclose this information to others, either within Healthper or to the outside world. In addition, Healthper may grant certain third-party contractors and vendors access to your Health Information subject to Healthper’s strict security and confidentiality requirements and solely to the extent necessary to assist Healthper with the operation or improvement of the Site.
3. Healthper’s servers automatically record log information about your use of the Site (such as number of sign-ins and number of times a link was clicked). This information is temporarily stored in association with your Account for [insert period of time], at which point it is aggregated with other data and is no longer associated with your Account. The log information will be used to operate and improve the Site. Except as provided in this Policy or the Healthper Website Privacy Policy, de-identified information, including the anonymous log information is restricted and will not be shared by Healthper with third parties.
4. Healthper periodically publishes trend statistics and associations. Healthper may use data from your Account as part of an aggregated data set when publishing these trends statistics and associations. These aggregated data sets do not contain any personally identifiable information.
5. [Insert other uses by Healthper of Health Information – e.g., sharing aggregate e-identified information with third-party providers of awards/deals?]
6. To the extent necessary, Healthper may share your Health Information to protect against imminent harm to the rights, property or safety of Healthper, users of the Site or the public, or to address fraud or violations of the Terms and Conditions of Use.

   More information about Healthper’s Privacy Policies.

   Although Healthper is not covered by HIPAA, we are committed to protecting your privacy and have implemented strict data security policies and measures and ensure that users of the Site control access to their Health Information. Any violation of this Policy or the Healthper Website Privacy Policy can be enforced by the Federal Trade Commission, which takes action against companies that engage in unfair and deceptive trade practices (including violations of their privacy policies) and may impose civil and criminal penalties. If you have any questions regarding this Policy, please contact the Healthper Privacy Officer, Healthper, Inc. 124 Brookstone Dr., Princeton, NJ 08540.<