The information we collect, includes information about user’s health such as the medical history, age, health conditions, and laboratory test results (Protected Health Information or PHI). It also includes personal information such as name, phone number, and home address (Personally Identifiable Information or PII). The complete definitions of PHI and PII are in the Terms and Definitions section at the end of this document.
When using SENA Health’s products and services, we may collect and use or share PHI and PII, but only to the extent minimally necessary and in line with our Notice of Privacy Practices. The user can accept that we may collect this PHI and PII from the user directly, or from third parties that share his/her PHI or PII with SENA Health. It is fully the user’s choice whether to give PHI and PII through SENA Health’s products and services. If he/she chooses not to give PHI or PII we need, he/she may not be able to use some features of SENA Health products and services.
i. Age, gender, sexual behavior and sexual orientation
ii. Information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, and payments for treatment and health insurance information
iii. Other information under an applicable law such as HIPAA or an equal State law covering the use or sharing of PHI and as defined by HIPAA
B. Personally Identifiable Information (PII)
i. First and last name, age, and gender
ii. Postal address, email address, telephone number, and other contact information
iii. Certain health information
iv. Other personally identifiable information under any law that applies, such as HIPAA or an equivalent State law covering the use or sharing of health information
C. Technical information
We may collect and use technical data (data from the user’s device hardware or software) and related information (“Technical Information”), including but not limited to:
i. Technical information about devices the user may receive such as manufacturer, service provider, IP address, operating system, browser type, and mobile number
ii. System and application software and peripherals
iii. The user’s interactions with SENA Health’s products and services, including automatically recording the dates and times of visits to SENA Health’s products and services, traffic data, and the search queries
iv. We sometimes gather Technical Information to:
1. Help perform software updates and product support
2. Improve products and services to the user that are related to SENA Health
3. Measure the number of our users and how they use SENA Health’s products and services
4. Store information about the user’s preferences, allowing us to customize our products and services to his/her interests
5. Speed up searches and recognize when the user returns to our website and uses SENA Health’s products and services
We may also automatically receive and record information on our server logs from the user’s browser or mobile device, which could include IP address, cookie information, browser information, and the pages the user visits/requests.
SENA Health does not consider nor intend Technical Information to constitute PHI or PII. SENA Health may use Technical Information in any way it believes is proper and lawful.
a. On our website
b. Through email, text, video, and voice communications between user and us
c. Through offline community activities and communications
d. From physicians, hospitals, clinics, schools, and any other organizations or groups that the user gives permission to share information with SENA Health
e. Through any or all of SENA Health’s kits and services
f. Data and information collection
SENA Health services exist to simplify healthcare experience and help our business partners (health plans, direct service providers, and community partners) to collectively provide seamless service. SENA Health’s exclusive software platform connects a nationwide network of community organizations and digital solutions for its programs with technology that manages service referrals, telemedicine, collects data, and simplifies processes while supporting greater participant engagement and choice.
To support this, we need to ensure that each user who gives Information, clearly allows it to be used or shared, whether we get it directly from the user, the user’s caregiver or, if applicable, from third parties the user identifies.
We use the user’s data and information:
a. To help give SENA Health services to and on the behalf of the user
b. To give information, products, or services upon the user’s request
c. To give notices and communications found suitable by us or the attending physician
d. To carry out our duties from any contracts we have executed related to the user
f. To allow customers, partners and others join in interactive or educational features on our website
g. To obey any court order, law, or legal process, including responding to any government or regulatory request
i. If we believe sharing Information is needed to protect SENA Health’s rights, privacy, security, property, and access to information
j. In any other way we may define when the user gives Information
k. For any other purpose with the user’s lawful consent
VI. We collect and share only the data we need
At all times, we will only use or share PHI and PII to the extent minimally necessary for the intended use or disclosure. SENA Health minimum necessary policy follows the current industry standard that PHI and PII shouldn’t be used or shared when it is not necessary to satisfy a certain purpose or carry out a function.
The full definition of “minimum necessary” in the Terms and Definitions section at the end of this document.
The user also gives SENA Health a lasting, non-exclusive, transferable, sub-licensable, royalty-free license to use their Information and other data we collect to develop, create, and extract statistics and other information, and to use this information and de-identified data known as “blinded data”.
Please refer to our internal guideline for the exclusion/inclusion criteria.
We have applied reasonable and suitable administrative, technical, and physical safeguards designed to protect the user’s Information from illegal access, use or sharing. All Information provided to us by the user is stored with an approved cloud services provider. These safeguards include, without limitation, encrypting all PHI and PII.
The safety and security of Information also depends upon the user who is also responsible for keeping this information private. It is in his/her best interest to not share SENA Health user name, password, or other security factor with anyone.
If Information was willingly shared on message boards or other public forums and features, or through email or group messaging, that Information can be collected and used by others who may or may not have consent. By posting Information online that is publicly accessible, the user may receive unwanted messages from other parties or reveal location. We are not responsible for the security or privacy of any Information sent outside the scope of SENA health’s products and services.
Physicians or other health care providers, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA), are responsible to have their own privacy and security policies with respect to our users’ PHI and PII. For more information about HIPAA rights, see www.hhs.gov/ocr/privacy/.
ii. If material changes to how we treat users’ PHI or PII were made, we will let the user know by emailing the primary email address provided, and/or through a notice on the home page of our website.
Disclosure – The sharing, release, transfer, provision of access to, or divulging in any other manner of information to others outside the entity holding the information.
HIPAA – (United States Health Insurance Portability and Accountability Act of 1996) – two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs; HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. For more information, visit www.hhs.gov/ocr/privacy/.
HITECH Act (Health Information Technology for Economic and Clinical Health Act) – The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States. The HITECH Act also expands the standards that aid in electronic exchange of health information nationally and provides incentives for covered entities that adopt Electronic Health Records (EHR).
Individual – shall mean the person who is the subject of the Protected Health Information or Personally Identifiable Information.
Information – All aspects of Protected Health Information, Personally Identifiable Information, Technical Information, Location-Based Information, and Behavior Tracking Information (collectively known as “Information”)
Minimum Necessary (Need to Know) – Minimum necessary, (or informally, need to know rule), is a key protection of the HIPAA Privacy Rule.
The SENA Health minimum necessary policy adheres to the current industry standard that PHI and PII should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices, and enhance safeguards as needed to limit unnecessary or inappropriate access to, and disclosure of, PHI and/or PII.
When using or disclosing PHI and/or PII, or when requesting PHI and/or PII from another health care provider or health organization, SENA Health will limit the request to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Minimum Necessary does not apply in the following circumstances:
Disclosures by a health care provider for treatment (students and trainees are included as health care providers for this purpose).
Uses and disclosures based upon a valid consent to use and disclose PHI and/or PII or treatment, payment and health care operations or a valid authorization to use and disclose PHI and/or PII.
Disclosures made to the Secretary (or designee) of the United States Department of Health and Human Services, or any other State or Federal agency requesting disclosure under prevailing law.
Uses and disclosures required by law or regulatory guidance.
Uses and disclosures required by other sections of the HIPAA privacy regulations.
Privacy and Security Officials (PSOs) – The SENA Health Privacy Officer is responsible for HIPAA privacy and security compliance issues.
Personally Identifiable Information (PII)/ Protected Health Information (PHI) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context including health information transmitted or maintained in any form or medium, including oral, written, and electronic. PHI relates to an individual’s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered PII where there is a reasonable basis to believe the information can be used to identify an individual.