Effective Date: January 27, 2020
Last Updated: January 27, 2020
Healthcare providers with whom we enter into contractual relationships are subject to laws and regulations governing the use and disclosure of health information they create or receive, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). When we store, process or transmit “individually identifiable health information”, as defined by HIPAA, on behalf of a Healthcare Provider who has entered into a [HEALTHCARE PROVIDER USER AGREEMENT], we do so as its “business associate”, as also defined by HIPAA. We cannot use or disclose PHI that has not been de-identified. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store.
- Information We Collect
- Information We Collect From You
As a condition to receiving all or a portion of the App and/or Services, we may ask you to provide us certain information that personally identifies you or could be used to personally identify you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) e-mail address, mailing address, billing address, full name, phone number and other identifying information; (2) demographic data (such as your gender, your date of birth and your zip code); (3) information regarding your past and present Healthcare Providers, such as the Healthcare Providers you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us; and (4) other identifying information that you voluntarily choose to provide to us, including without limitation unique identifiers such as passwords. Personal Information includes any information in the foregoing categories that is sent via the App or Site or as part of the Services as well as any applicable information that is sent via emails, letters or text messages. We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent.
- Information We Collect Automatically
We may automatically collect the following non-personally identifiable information about your use of the App or Site: domain name; browser type and mobile operating system; IP address and/or cellular network device ID; and features of the App used. In addition, some features of the App require location services to be enabled on your mobile device, meaning we may temporarily collect location information as reported by your mobile device (“Location Data”) in order to provide the features you requested. If you would prefer not to send us Location Data, you should disable location services on your mobile device before using the App or Site, with the understanding that any features that require Location Data to function will be disabled as a result. Additionally, we may use the technologies described below (“Engagement Tools”) to gather information necessary to enhance and operate our Services in a number of ways, such as to (i) save user preferences and information;(ii) preserve session settings and activity; (ii) authenticate users; (iv) enable support and security features; (v) tailor the delivery of informational messages, media, advertising and other content; and (vi) analyze the performance and use of our Services and its various features and content.
Device Information. When you interact with our App and/or Services, we collect information about your computer, mobile phone, or tablet (“Device”) such as the URL of services your Device is requesting and the referring web pages, your IP address, Device type, operating system, browser type, application identifier, and, under certain circumstances, the location information your Device sends to us.
Cookies & Similar Technologies. We may also collect information about you and your Devices through cookies, web beacons, and similar technologies. A “cookie” is a small data file sent from a website and stored on your Device to identify your Device in the future and allow for an enhanced personalized user experience based on your previous activity on the website. A “session cookie” disappears after you close your web browser, or may expire after a fixed period of time. A “persistent cookie” remains after you close your web browser and may be accessed every time you use our Services. We may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services.
- Billing, Collection and Payment Information
- Traffic Data
We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Some Traffic Data may be considered Personal Information.
- HIPAA and PHI
Under HIPAA, individually identifiable demographic, health and/or health-related information that Laso Health collects as part of providing the Services on behalf of Healthcare Providers may be considered “protected health information” or “PHI.”
- How We Collect Information
We collect information (including Personal Information and Traffic Data) when you use and interact with the Services, and in some cases from third party sources. Such means of collection include:
- When you use the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms (“Medical History Forms”) prior to Healthcare Provider appointments;
- When you voluntarily provide information in free-form text boxes through the Services or through responses to surveys, questionnaires and the like;
- If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information regarding when you are logged on and available to receive updates or alert notices; If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable;
- Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
- When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.
- Tracking Tools and “Do Not Track”
- Tracking Tools
We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our partners use Tracking Tools to display Laso Health ads on other websites or services based on information about your use of the Services or your interests (as inferred from online activity). Such partners may include third-party service providers, advertisers, advertising networks or platforms, and agencies.
- Options for Opting out of Cookies and Mobile Device Identifiers
Some web browsers (including some mobile web browsers) allow you to reject cookies or to alert you when a cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Laso Health’s cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.
Please note that even after opting out of interest-based advertising, you may still see Laso Health advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Laso Health is no longer using Tracking Tools — Laso Health still may collect information about your use of the Services even after you have opted out of interest-based advertisements and may still serve advertisements to you via the Services based on information it collects via the Services.
- How Laso Health Responds to Browser “Do Not Track” (DNT) Signals
Some browsers have a Do Not Track (“DNT”) feature that lets you tell websites that you do not want your online activities tracked. When you choose to turn on the DNT setting in your browser, your browser sends a special signal to websites, ad networks, plug-in providers, and other web services you encounter while browsing to stop tracking your activity via cookies or other Tracking Tools. Laso Health does not proactively monitor or respond to DNT signals.
- Laso Health’s Use of Information
We use the information that we gather about you for the following purposes:
- To provide our services to you, to communicate with you about your use of our services, and for other customer service purposes. We use information, including Personal Information and PHI, consistent with your Laso Health Information Authorization, to provide the Services and to help improve the Services, to develop new services, and to advertise (for example, to display Laso Health ads on other websites).
- To tailor the content and information that we may send or display to you, to offer location customization, and personalized help and instructions, and to otherwise personalize your experiences while using the App. As part of the Services, you may receive email, mobile phone notifications and other communications from us, such as communications relating to your account. Communications relating to your account will only be sent for purposes important to the Services, such as password recovery and expiring account notices. By creating an account, you are, by default, opted in to receiving promotional email communications from us. Upon downloading our mobile application, you will be provided the option to opt in to receiving push notifications or in-app notifications from us on your mobile device. We may use your name, and email address, or mobile device identifiers to send you email messages, text messages, in-app messages or push notifications regarding advertising new services offered by Laso Health and or the Healthcare Providers. In addition, we may present offers to you on behalf of third party partners. If you engage with such offers or advertisements (e.g., clicking on a banner ad), we may share your name, address, credit card information and other identifying information with this third party;
- To better understand how users access and use our App, both on an aggregated and individualized basis, in order to improve our App and respond to user desires and preferences, and for other research and analytical purposes. Our customer service representatives may use your telephone number, e-mail address, mobile device identifier and other identifying information to contact you. Laso Health reserves the right to use the information collected from the Site to send pricing, advertisements and information about Healthcare Providers on behalf of Healthcare Providers.
- We may use your information to fulfill our legally required obligations, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
- User profile information including your username and other information you enter may be displayed to other users to facilitate user interaction within the Services.
- Disclosure of Information
In certain circumstances, consistent with your Laso Health Information Authorization, and in order to perform the Services, we may disclose certain information (including Personal Information) that we collect from you:
- Healthcare Providers. We may share your Personal Information with Healthcare Providers with whom you choose to schedule through the Services. For example, if you complete a Medical History Form using the Services in advance of an appointment, we may share your Medical History Form with such selected Healthcare Providers. We may also share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments, or to provide you with treatment in the event of an emergency.
- Health Information Exchanges. We may share your Personal Information with Health Information Exchanges and related organizations that collect and organize your information (such as Regional Health Information Organizations).
- Business Affiliates. We may share your Personal Information with our partners to customize or display advertising. We may also share your Personal Information and Traffic Data with our partners who perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, Website analytics, or ad serving) and/or who make certain services, features or functionality available to our users.
- Business Transfers. If we are acquired by or merged with another company, if substantially all of our assets are transferred to another company, or as part of a bankruptcy proceeding, we may transfer the information we have collected from you to the other company. However, if we do so, their use and disclosure of your personally identifiable information will be subject to this Policy
- In Response to Legal Process. We may share your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with or fulfill our obligations under applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of you, Laso Health or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.
- Aggregate and De-Identified Information. We may disclose information that is neither Personal Information nor PHI (including Personal Information that has been de-identified and/or aggregated) at our discretion.
- Public Information; Public Forums
You agree that any information that you may reveal in a review posting or online discussion or forum is intentionally open to the public and is not in any way private. Do not disclose information in these public forums that might be considered confidential or proprietary or that you do not wish to be publicly available or that you are prohibited from disclosing. We strongly recommend against sharing any personally identifiable, health, or other sensitive information that could directly or indirectly be traced to any individual, including themselves. We do not undertake any review of posts or online discussions to determine if any Personal Information is included in such posts or online discussions; provided that Laso Health will review posts or online discussions that are flagged for inappropriate content such as the inclusion of Personal Information.
- Surveys, Feedback, Informational Programs:
From time to time you may receive survey requests through emails or displays within our Services that request feedback on a variety of topics. These programs may be sponsored or funded by third parties, and may include branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources. If you choose to engage with or use one of these requests, you may be asked to provide information that may be used to supplement information that you submitted to our Services. This information may be shared with the sponsor of the program.
- Changing Your Information
HIPAA grants patients certain rights to access and amend certain health information that their healthcare providers retain about them. Patients should submit requests to access or amend their health information directly to their healthcare providers.
- Third Party Analytics
We may use automated devices and applications to evaluate usage of our App. We also may use other analytic means to evaluate the services provided via our App. We use these tools to help us improve our services, performance and user experiences. We do not share your personal information with these third parties.
- Storage and Security of Information
We have implemented commercially reasonable precautions, including, where appropriate, password protection, encryption, SSL, firewalls, and internal restrictions on who may access data to protect the personal information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.
You should take steps to protect against unauthorized access to your username, password, and mobile device, by among other things, signing out of the App or Site once your session is complete, choosing a robust password that nobody else knows or can easily guess, and keeping your username and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity. You should change your password and contact us immediately if you believe your password has been compromised or there has been any unauthorized access to your account.
- Controlling Your Personal Information & Notifications
If you have an account, you can modify certain Personal Information or account information by logging in and accessing your account. If you wish to close your account, please email us at [email protected] Laso Health reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law.
You must promptly notify us if any of your account data is lost, stolen or used without permission.
- Information Provided on Behalf of Children and Others
The Services are not intended for use by children and children are prohibited from using the Services. Laso Health does not knowingly collect any information from children, nor are the Services directed to children.
By accessing, using and/or submitting information to or through the- Services, you represent that you are not younger than age thirteen (13). If we learn that we have received any information directly from a child under age thirteen (13) without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services, and we will subsequently delete that information.
If you are a California resident under 18 years old and have an account, you can request that we remove content or information that you have posted to our website or other online services. Note that fulfilment of the request may not ensure complete or comprehensive removal. To request removal of content or information, please email us using the contact information below.
If you use the Services on behalf of another person, regardless of age, you agree that Laso Health may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.
- Third Party Websites
Our App or Site may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy, but instead is governed by the privacy policies of those third party websites. We are not responsible for the information practices of such third party websites. A link to any third party site does not mean that we endorse it or the quality or accuracy of information presented on it.
Laso Health, Inc.
215 N. San Saba
San Antonio, Texas 78207
Phone: (210) 728-6977
Fax: (210) 572-3322