Please take a moment to review our privacy policy below and feel free to reach out with any questions!
This Privacy Policy applies to all information of visitors to, and users of, SENA Health websites and SENA Health services (collectively, “SENA Health’s products and services”).
We collect information from and about users of SENA Health kits and services. This Privacy Policy defines the types of information we may collect from users, or that they may provide, and our practices for collecting, using, keeping, protecting, and sharing that information.
The information we collect, includes information about user’s health such as the medical history, age, health conditions, and laboratory test results (Protected Health Information or PHI). It also includes personal information such as name, phone number, and home address (Personally Identifiable Information or PII). The complete definitions of PHI and PII are in the Terms and Definitions section at the end of this document.
SENA Health respects the privacy of all visitors and users of SENA Health’s products and Services and is committed to protecting privacy by following this Privacy Policy. We understand that PHI and PII are private, and we are dedicated to keeping this information accessible, confidential and consistent. Users will, by using a user name, password and/or other security methods, have access to and can use SENA Health products and services.
When using SENA Health’s products and services, we may collect and use or share PHI and PII, but only to the extent minimally necessary and in line with our Notice of Privacy Practices. The user can accept that we may collect this PHI and PII from the user directly, or from third parties that share his/her PHI or PII with SENA Health. It is fully the user’s choice whether to give PHI and PII through SENA Health’s products and services. If he/she chooses not to give PHI or PII we need, he/she may not be able to use some features of SENA Health products and services.
A. Protected Health Information (PHI) As used in this Privacy Policy, “Protected Health Information” means information related to physical or mental health, such as: The user’s medical history, family history, medical diagnosis, health background, and current health status
i. Age, gender, sexual behavior and sexual orientation
ii. Information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, and payments for treatment and health insurance information
iii. Other information under an applicable law such as HIPAA or an equal State law covering the use or sharing of PHI and as defined by HIPAA
B. Personally Identifiable Information (PII)
As used in this Privacy Policy, “Personally Identifiable Information (PII)” means any information that may be used to identify the user, such as:
i. First and last name, age, and gender
ii. Postal address, email address, telephone number, and other contact information
iii. Certain health information
iv. Other personally identifiable information under any law that applies, such as HIPAA or an equivalent State law covering the use or sharing of health information
C. Technical information
We may collect and use technical data (data from the user’s device hardware or software) and related information (“Technical Information”), including but not limited to:
i. Technical information about devices the user may receive such as manufacturer, service provider, IP address, operating system, browser type, and mobile number
ii. System and application software and peripherals
iii. The user’s interactions with SENA Health’s products and services, including automatically recording the dates and times of visits to SENA Health’s products and services, traffic data, and the search queries
iv. We sometimes gather Technical Information to:
1. Help perform software updates and product support
2. Improve products and services to the user that are related to SENA Health
3. Measure the number of our users and how they use SENA Health’s products and services
4. Store information about the user’s preferences, allowing us to customize our products and services to his/her interests
5. Speed up searches and recognize when the user returns to our website and uses SENA Health’s products and services
We may also automatically receive and record information on our server logs from the user’s browser or mobile device, which could include IP address, cookie information, browser information, and the pages the user visits/requests.
SENA Health does not consider nor intend Technical Information to constitute PHI or PII. SENA Health may use Technical Information in any way it believes is proper and lawful.
a. On our website
b. Through email, text, video, and voice communications between user and us
c. Through offline community activities and communications
d. From physicians, hospitals, clinics, schools, and any other organizations or groups that the user gives permission to share information with SENA Health
e. Through any or all of SENA Health’s kits and services
f. Data and information collection
SENA Health services exist to simplify healthcare experience and help our business partners (health plans, direct service providers, and community partners) to collectively provide seamless service. SENA Health’s exclusive software platform connects a nationwide network of community organizations and digital solutions for its programs with technology that manages service referrals, telemedicine, collects data, and simplifies processes while supporting greater participant engagement and choice.
To support this, we need to ensure that each user who gives Information, clearly allows it to be used or shared, whether we get it directly from the user, the user’s caregiver or, if applicable, from third parties the user identifies.
We use the user’s data and information:
a. To help give SENA Health services to and on the behalf of the user
b. To give information, products, or services upon the user’s request
c. To give notices and communications found suitable by us or the attending physician
d. To carry out our duties from any contracts we have executed related to the user
e. To let the users, know about changes to the SENA Health’s Privacy Policy, products and services
f. To allow customers, partners and others join in interactive or educational features on our website
g. To obey any court order, law, or legal process, including responding to any government or regulatory request
h. To enforce or apply our Terms of Use
i. If we believe sharing Information is needed to protect SENA Health’s rights, privacy, security, property, and access to information
j. In any other way we may define when the user gives Information
k. For any other purpose with the user’s lawful consent
Except as described in this Privacy Policy or in our Terms of Use, PHI, PII, Technical information, location-based information and behavior-tracking information (collectively, “Information”) that the user gives or that we collect from third parties, will be kept private and used or shared only to the extent minimally necessary to support SENA Health services.
At all times, we will only use or share PHI and PII to the extent minimally necessary for the intended use or disclosure.
SENA Health will never share personal information with third parties without the prior authorization from the information owner or subject.
SENA Health minimum necessary policy follows the current industry standard that PHI and PII shouldn’t be used or shared when it is not necessary to satisfy a certain purpose or carry out a function.
The full definition of “minimum necessary” in the Terms and Definitions section at the end of this document.
No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties
By using our services, the user agrees to our Privacy Policy. When we have the user’s consent, he/she accepts that we may collect this PHI from him/her directly or from third parties that the user may allow to share PHI with SENA Health. We may ask the user or allowed third parties to give the PHI that will allow us to enhance how we serve the user’s needs and use of SENA Health products and services. It is fully the user’s choice whether he/she gives PHI through SENA Health products and services. If the user chooses not to give the PHI we need, he/she may not be able to use some parts of SENA Health products and services.
The user also gives SENA Health a lasting, non-exclusive, transferable, sub-licensable, royalty-free license to use their Information and other data we collect to develop, create, and extract statistics and other information, and to use this information and de-identified data known as “blinded data”.
Aside from any contractual obligations contrary to this Privacy Policy, any blinded data SENA Health collects or creates will be owned solely by SENA Health. This data may be used for any lawful business purpose without the user’s consent if: this data is not PHI or PII and doesn’t identify the source of such data.
Please refer to our internal guideline for the exclusion/inclusion criteria.
We have applied reasonable and suitable administrative, technical, and physical safeguards designed to protect the user’s Information from illegal access, use or sharing. All Information provided to us by the user is stored with an approved cloud services provider. These safeguards include, without limitation, encrypting all PHI and PII.
The safety and security of Information also depends upon the user who is also responsible for keeping this information private. It is in his/her best interest to not share SENA Health user name, password, or other security factor with anyone.
If Information was willingly shared on message boards or other public forums and features, or through email or group messaging, that Information can be collected and used by others who may or may not have consent. By posting Information online that is publicly accessible, the user may receive unwanted messages from other parties or reveal location. We are not responsible for the security or privacy of any Information sent outside the scope of SENA health’s products and services.
Information collected from a user in the United States will be stored and processed in the United States. For data originating outside the US in which SENA Health or its affiliates, subsidiaries, agents or contractors are located, the Information will also be stored and processed within the US. If the user is accessing SENA Health products or services from other regions with laws governing data collection and use, please note that the user is agreeing to the transfer of his/her data to the United States, and processing globally. By receiving the user’s Information, he/she consents to any transfer and processing following this Privacy Policy.
Links may be provided to third-party websites within SENA Health products and services. Such links may appear as a specific domain name or URL. Note that other websites and services, including the websites of third parties that the user connects with through SENA Health products and services, may collect PII about the user. This Privacy Policy does not cover the information practices of those third-party websites, services, or applications and SENA Health cannot control and is not responsible for the information collection practices of any such websites, services or applications. The user should carefully review the terms of use, privacy policies, and any other legal notices on such websites before using or giving Information to them.
Physicians or other health care providers, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA), are responsible to have their own privacy and security policies with respect to our users’ PHI and PII. For more information about HIPAA rights, see www.hhs.gov/ocr/privacy/.
All SENA Health websites will post this Privacy Policy. All users of SENA Health websites will get a prompt to review the SENA Health Privacy Policy and Notice. The Privacy Officer will review and update this policy at least once a year.
i. This Privacy Policy and our Terms of Use may change from time to time, and while we will do our best to let the users know of any changes, it is up to the user to review this Privacy Policy and the Terms of Use over time. The continued use of SENA Health products and services after we make changes is considered as acceptance of those changes. When the Privacy Policy or Terms of Use are changed, the “Effective” date will also be updated on the relevant document.
ii. If material changes to how we treat users’ PHI or PII were made, we will let the user know by emailing the primary email address provided, and/or through a notice on the home page of our website.
X. Terms and definitions
Disclosure – The sharing, release, transfer, provision of access to, or divulging in any other manner of information to others outside the entity holding the information.
HIPAA – (United States Health Insurance Portability and Accountability Act of 1996) – two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs; HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. For more information, visit www.hhs.gov/ocr/privacy/.
HITECH Act (Health Information Technology for Economic and Clinical Health Act) – The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States. The HITECH Act also expands the standards that aid in electronic exchange of health information nationally and provides incentives for covered entities that adopt Electronic Health Records (EHR).
Individual – shall mean the person who is the subject of the Protected Health Information or Personally Identifiable Information.
Information – All aspects of Protected Health Information, Personally Identifiable Information, Technical Information, Location-Based Information, and Behavior Tracking Information (collectively known as “Information”)
Minimum Necessary (Need to Know) – Minimum necessary, (or informally, need to know rule), is a key protection of the HIPAA Privacy Rule.
The SENA Health minimum necessary policy adheres to the current industry standard that PHI and PII should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices, and enhance safeguards as needed to limit unnecessary or inappropriate access to, and disclosure of, PHI and/or PII.
When using or disclosing PHI and/or PII, or when requesting PHI and/or PII from another health care provider or health organization, SENA Health will limit the request to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Minimum Necessary does not apply in the following circumstances:
Disclosures by a health care provider for treatment (students and trainees are included as health care providers for this purpose).
Uses and disclosures based upon a valid consent to use and disclose PHI and/or PII or treatment, payment and health care operations or a valid authorization to use and disclose PHI and/or PII.
Disclosures made to the Secretary (or designee) of the United States Department of Health and Human Services, or any other State or Federal agency requesting disclosure under prevailing law.
Uses and disclosures required by law or regulatory guidance.
Uses and disclosures required by other sections of the HIPAA privacy regulations.
Privacy and Security Officials (PSOs) – The SENA Health Privacy Officer is responsible for HIPAA privacy and security compliance issues.
Personally Identifiable Information (PII)/ Protected Health Information (PHI) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context including health information transmitted or maintained in any form or medium, including oral, written, and electronic. PHI relates to an individual’s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered PII where there is a reasonable basis to believe the information can be used to identify an individual.