Privacy Policy

Table of Contents

  • Introduction
  • Collection of Your Personal Information
  • How We Share and Use Information
  • Your Choices
  • Access to Your Information
  • Security
  • Children
  • International Users
  • Business and Professional Users
  • California Disclosures
  • Updates
  • Contact Us
  • Effective Date

Introduction

Conversa Health (“Conversa”) is a service that enables patients to engage in automated digital conversation sessions with their doctors and other health care providers. These automated, interactive conversation (or “chat”) sessions are referred to in this Privacy Policy and in our Terms of Agreement as our “Automated Conversation System” or the “Services.”

The personal information in the Automated Conversation System is generally subject to a federal medical privacy law called HIPAA (Health Insurance Portability and Accountability Act.) Other privacy laws may apply as well.

Conversa is committed to protecting privacy. This Privacy Policy explains how Conversa handles and protects the personal information of our users and website visitors.

This Privacy Policy is incorporated into our Terms of Agreement. When you agree to the Terms of Agreement , you are agreeing to this Privacy Policy.

Collection of your Personal Information

  1. Information Collected from All Visitors to our Website

We may use cookies, web beacons, log data, and similar technologies to help us verify your identity upon return visits to Conversa, improve your user experience with our services, and improve and measure the effectiveness of our products. We may also use web beacons in communications with you to assure proper operation of the service, such as determining if a message to you was delivered and opened. We may also use third-party web analytic tools to analyze website traffic or improve our services. We will not, however, use cookies, web beacons, or similar technologies to track users for targeted advertising, nor will we permit anyone else to do so.

As background, cookies are small text files that websites can send to your browser, which your computer stores, that can automatically collect server domain names, IP addresses, type of computer, type of browser, and information about what pages are visited. We may use both session cookies and persistent cookies. You can set your browser to decline cookies or notify you before accepting cookies, although if you decline them, the website may not function properly. Web beacons, which are small bits of code embedded invisibly in web pages or emails, can be used to communicate with cookies, count visitors, and understand usage patterns. Web log data may include visitors’ IP address, browser data, operating system, prior web page, pages visited and how long visits lasted, links clicked on, and similar statistics.

If you visit our website from a mobile device, our site may collect certain information sent by your mobile browser, such as device identifier, user settings, your device’s operating system, and information about your visit and use of the site.

  1. Information Collected about Patients Who Use Conversa Services

Users may create Conversa accounts through a variety of methods, depending on how their provider chooses to make Conversa Services available to them. For example, some providers place a link on their websites for their patients to click through to a webpage where they can create Conversa accounts and start using the Services. Other providers talk to their patients in person about whether the patients would like to use the Conversa Services and if so, the provider initiates the enrollment process with the patient’s input. Your provider may provide us with certain information about you so that we can initiate Services, which may include your name, email address, phone number, gender, age, whether you prefer to receive invitations to chat sessions via text or email, etc. Your provider may also provide us with certain medical information, which may come from your electronic health record, to help us provide you the appropriate type of Services. For example, the automated chat sessions used with patients who have diabetes are different from those used with patients recovering from knee surgery.

In any case, before you can use the Services, you will need to agree to our Privacy Policy and Terms of Agreement.

If you use the Services, you will be receiving regular invitations to start an automated chat session. These invitations will come to you via email or text. ( See below for more information about these emails or texts.) Once you click on a link in the email or text, you’ll be taken to a website where you’ll be asked automated questions and you’ll select answers based on your experience. For example, you might be asked if your knee pain today is better than, worse than, or the same as yesterday. Your responses to the questions you’re asked in these automated chat sessions will be part of your personal information that we collect.

Whether you provide personal information to us directly or we obtain it from your provider, we will protect it and use and disclose it only in accordance with this Privacy Policy

How We Share and Use Information

We use information about our users to perform and provide Services, to improve and expand Services, and for related business operations, including communicating with you.

Disclosures of personal information about our users can be grouped as follows:

1) Routine disclosures

  • We will share with your provider certain responses from your automated conversations that took place using the Services. In some cases, what is shared with providers is summary information produced from the automated conversations.
  • We will share personal information with vendors that help us provide the Services, subject to contractual limitations imposed on the vendors and applicable law.
  • We may share statistical and/or anonymous information with third parties for research and analysis, marketing or business operations, or similar purposes.

2) Disclosures we might make under unusual circumstances

  • We will make disclosures of personal information where we have a reasonable belief that the disclosures are required by law. This may include disclosures in response to subpoenas, court orders, and discovery requests, as permitted by HIPAA or other applicable law.
  • We may report what appears to be illegal or fraudulent conduct to law enforcement authorities.
  • We may disclose personal information if we reasonably believe the disclosure is needed to respond to a threat of physical harm or to defend or assert legal rights.
  • If we were to transfer assets or operations in connection with a sale, merger, bankruptcy, or other transaction, we may transfer personal information to the merging or acquiring entity. If so, we would make a good faith effort to require that your personal information remains subject to essentially the same restrictions as in our Privacy Policy.

Except as explained here, we will not share your personal information with third parties unless you specifically authorize us to do so.

Your Choices

Conversa gives you important choices about your personal information, including:

  • Whether you want to create an account and use the Services;
  • Whether you want to receive informational emails or newsletters from us;
  • Whether you want to discontinue the Services at any time – you can simply ignore the invitations to chat sessions you will receive, or you can contact us to unsubscribe through the unsubscribe methods we provide.
  • Whether you want to receive the invitation to each automated chat session via ordinary email or text message (SMS). Once you’ve chosen ordinary email or text, you can switch to the other method by notifying us.

Important note about privacy and security - ordinary email and text messages are not considered secure. That’s why we will not include any details about your health conditions in the invitations to automated chat sessions that we send via ordinary email or text. Instead, your email or text invitation to a chat session will take you to a dedicated website where the actual session discussing your health will take place. Still, before you can begin to use the Services, you will have to tell us (or, in some cases, you’ll tell your provider) that you want to receive your invitations to chat sessions via ordinary email or text messages.

By agreeing to use the Services, which involve sending you invitations to individual chat sessions via ordinary email or text messages, you are indicating that you understand that ordinary email or text may not be secure and you nonetheless want to receive your invitations to chat sessions via ordinary email or text messages.

Access to Your Information

You may have certain rights under HIPAA or other applicable law to access the personal information we have collected about you. Some providers require that requests for access to information be handled through them. If you’d like a copy of personal information we have about you, you can contact your provider, or you may contact us atprivacy@conversahealth.com. Please be aware that we may need to direct you to send your request to your provider for handling your request.

Security

We are committed to maintaining the security of personal information. We use reasonable and appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. If we share personal information with vendors, we subject them to contractual and legal controls regarding the protection, use, and disclosure of the information. However, because there is always some risk that unauthorized or illegal access to your information could occur or that data sent over the Internet could be intercepted, we cannot guarantee absolute data security.

Children

At this time, children under the age of 18 cannot create Conversa accounts. Our website is not directed to children and we do not knowingly collect personal information from children.

International Users

The Services are intended for residents of the United States. If you are not a U.S. resident and you register or submit personal information through the Services, you agree that we may collect, use, store, and disclose that information in the U.S. or any other country outside your country of residence. You understand that data protection laws outside of your jurisdiction may not be as protective as those in your jurisdiction. By providing your information to Conversa, you are consenting to the international transfer and processing of your information for the purposes explained in this Privacy Policy, the Terms of Agreement , or elsewhere in the Services.

Business and Professional Users

This Privacy Policy describes the way that personal information of individual users is protected and handled. Businesses and professionals doing business with Conversa should review the terms of any contractual or legal requirements applicable to them.

California Disclosures

California recently enacted a law requiring websites to explain certain online practices regarding tracking of visitors. Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. Our website and Services currently do not respond to such browser-initiated signals.

Conversa does not disclose personal information to third parties for their direct marketing purposes.

Updates

We may modify this Privacy Policy at any time. If we make only minor, editorial changes, we’ll let you know about the updated Privacy Policy when you access the Services, and the new Privacy Policy will apply to you. If, however, we make any material changes, we’ll ask if you consent to the new Privacy Policy before you continue to use the Services, and if you decline to consent, the Services might not be available to you.

The current version of the Privacy Policy will be dated and posted here.

Contact Us

Conversa welcomes your comments. If you have any questions or concerns about this Privacy Policy or our information practices, please contact us at privacy@conversahealth.com.

Effective Date

This Privacy Policy is effective September 5, 2017.