The personal information in the Automated Conversation System is generally subject to a federal medical privacy law called HIPAA (Health Insurance Portability and Accountability Act.) Other privacy laws may apply as well.
Information Collected from All Visitors to our Website
As background, cookies are small text files that websites can send to your browser, which your computer stores, that can automatically collect server domain names, IP addresses, type of computer, type of browser, and information about what pages are visited. We may use both session cookies and persistent cookies. You can set your browser to decline cookies or notify you before accepting cookies, although if you decline them, the website may not function properly. Web beacons, which are small bits of code embedded invisibly in web pages or emails, can be used to communicate with cookies, count visitors, and understand usage patterns. Web log data may include visitors’ IP address, browser data, operating system, prior web page, pages visited and how long visits lasted, links clicked on, and similar statistics.
If you visit our website from a mobile device, our site may collect certain information sent by your mobile browser, such as device identifier, user settings, your device’s operating system, and information about your visit and use of the site.
Information Collected about Patients Who Use Conversa Services
Users may create Conversa accounts through a variety of methods, depending on how their provider chooses to make Conversa Services available to them. For example, some providers place a link on their websites for their patients to click through to a webpage where they can create Conversa accounts and start using the Services. Other providers talk to their patients in person about whether the patients would like to use the Conversa Services and if so, the provider initiates the enrollment process with the patient’s input. Your provider may provide us with certain information about you so that we can initiate Services, which may include your name, email address, phone number, gender, age, whether you prefer to receive invitations to chat sessions via text or email, etc. Your provider may also provide us with certain medical information, which may come from your electronic health record, to help us provide you the appropriate type of Services. For example, the automated chat sessions used with patients who have diabetes are different from those used with patients recovering from knee surgery.
If you use the Services, you will be receiving regular invitations to start an automated chat session. These invitations will come to you via email or text. ( See below for more information about these emails or texts.) Once you click on a link in the email or text, you’ll be taken to a website where you’ll be asked automated questions and you’ll select answers based on your experience. For example, you might be asked if your knee pain today is better than, worse than, or the same as yesterday. Your responses to the questions you’re asked in these automated chat sessions will be part of your personal information that we collect.
How We Share and Use Information
We use information about our users to perform and provide Services, to improve and expand Services, and for related business operations, including communicating with you.
Disclosures of personal information about our users can be grouped as follows:
1) Routine disclosures
We will share with your provider certain responses from your automated conversations that took place using the Services. In some cases, what is shared with providers is summary information produced from the automated conversations.
We will share personal information with vendors that help us provide the Services, subject to contractual limitations imposed on the vendors and applicable law.
We may share statistical and/or anonymous information with third parties for research and analysis, marketing or business operations, or similar purposes.
2) Disclosures we might make under unusual circumstances
We will make disclosures of personal information where we have a reasonable belief that the disclosures are required by law. This may include disclosures in response to subpoenas, court orders, and discovery requests, as permitted by HIPAA or other applicable law.
We may report what appears to be illegal or fraudulent conduct to law enforcement authorities.
We may disclose personal information if we reasonably believe the disclosure is needed to respond to a threat of physical harm or to defend or assert legal rights.
Except as explained here, we will not share your personal information with third parties unless you specifically authorize us to do so.
Conversa gives you important choices about your personal information, including:
Whether you want to create an account and use the Services;
Whether you want to receive informational emails or newsletters from us;
Whether you want to discontinue the Services at any time – you can simply ignore the invitations to chat sessions you will receive, or you can contact us to unsubscribe through the unsubscribe methods we provide.
Whether you want to receive the invitation to each automated chat session via ordinary email or text message (SMS). Once you’ve chosen ordinary email or text, you can switch to the other method by notifying us.
Important note about privacy and security - ordinary email and text messages are not considered secure. That’s why we will not include any details about your health conditions in the invitations to automated chat sessions that we send via ordinary email or text. Instead, your email or text invitation to a chat session will take you to a dedicated website where the actual session discussing your health will take place. Still, before you can begin to use the Services, you will have to tell us (or, in some cases, you’ll tell your provider) that you want to receive your invitations to chat sessions via ordinary email or text messages.
By agreeing to use the Services, which involve sending you invitations to individual chat sessions via ordinary email or text messages, you are indicating that you understand that ordinary email or text may not be secure and you nonetheless want to receive your invitations to chat sessions via ordinary email or text messages.
Access to Your Information
You may have certain rights under HIPAA or other applicable law to access the personal information we have collected about you. Some providers require that requests for access to information be handled through them. If you’d like a copy of personal information we have about you, you can contact your provider, or you may contact us firstname.lastname@example.org. Please be aware that we may need to direct you to send your request to your provider for handling your request.
We are committed to maintaining the security of personal information. We use reasonable and appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. If we share personal information with vendors, we subject them to contractual and legal controls regarding the protection, use, and disclosure of the information. However, because there is always some risk that unauthorized or illegal access to your information could occur or that data sent over the Internet could be intercepted, we cannot guarantee absolute data security.
At this time, children under the age of 18 cannot create Conversa accounts. Our website is not directed to children and we do not knowingly collect personal information from children.
Business and Professional Users
California recently enacted a law requiring websites to explain certain online practices regarding tracking of visitors. Some web browsers have a “Do Not Track” feature that lets a user have the browser notify websites that the user does not want to have his or her online activities tracked. Our website and Services currently do not respond to such browser-initiated signals.
Conversa does not disclose personal information to third parties for their direct marketing purposes.