BIG HEALTH INC. & BIG HEALTH LTD.
Clinical Partners are hospitals, clinics, practices or other medical groups or healthcare systems that have contracted with Big Health to permit use of the Service by their respective Health Care Providers and patients; Health Care Providers are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors to a Clinical Partner) provide healthcare or related services to patients; and patients are individual patients of the Clinical Partner who receive medical treatments or other healthcare services from one or more Health Care Providers, or individuals who are properly authorized representatives of any such patient; Service Partners are service partners that have contracted with Big Health to facilitate the use of the System by their respective Health Care Providers.
Through their provision of health care services to patients, Health Care Providers and Clinical Partners may have access to and be responsible for patient PII and patient protected health information as defined by Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules or other applicable laws. Health Care Providers and Clinical Partners are responsible for the privacy and security of such information and for obtaining consent from patients for the use and disclosure of such information.
You must register with the Sites and set up an account in order to use the Service. We may receive PII about you from your Health Care Provider or their Clinical Partner in order to identify you as an authorized user of the Service. When you register, we collect your name and email address. It is always your choice whether or not to provide us with such information. Big Health uses PII to:
- Provide the Service
- Communicate with you
- Communicate with your patients and clinical partners as applicable
- Create user profiles
- Create de-identified analytical information
- Reply to your request for information or comments
To find out more information about Cookies, including information about how to manage and delete Cookies, please visit https://www.allaboutcookies.org/
Protection of Your Information
Big Health utilizes end-to-end encryption, leveraging both encryption-in-motion and encryption-at-rest, to protect your PII from unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
We will retain PII for as long as necessary to provide our services and in accordance with the requirements of applicable healthcare record retention laws. We will retain and use PII as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
On at least an annual basis, Big Health undergoes third-party penetration testing by qualified consulting firms. Big Health intends to address vulnerabilities identified within defined timeframes based on severity level, which is determined using the Common Vulnerability Scoring System (CVSS) and exploitability of the vulnerability.
Information Sharing and Disclosure
We will also disclose your information in response to a valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information in response to a law enforcement agency’s request or other request for information from the U.S. or other government entities, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may, upon notice to you and/or your Clinical Partner, transfer your information to an entity or individual that acquires, buys, or merges with Big Health, or an affiliate.
We share Analytics with Health Care Providers, Clinical Partners and Service Partners for their internal use and with other third parties to market and promote Big Health and the Service.
You have certain specific rights with regard to your PII. We will respond to your request(s) in accordance with the law that applies to you. Your PII which we processed prior to your request may not be deleted from our Sites or Service records but will be blocked from further processing without your permission. A request to withdraw consent may not apply to information collected by tracking technologies or used internally to recognize you and/or facilitate your visits to the Sites, or information we may keep to comply with legal requirements.
Right to Access
You have the right to view all PII that Big Health has collected about them. In order to receive this information, please contact the Security, Privacy, and Compliance Officer. The first copy of this information is provided free of charge, and in a portable / common electronic form (e.g., CSV file).
Right to Correct
You have the right to ensure that the PII we have stored is accurate. In most cases, the system allows you to directly modify PII about you. However, if there is incorrect PII within our system that you are not able to change, please contact us at email@example.com and we will work directly with you to update the PII.
Right to Deletion
You have the right to request deletion of all data within the system. To request your data be deleted, please contact the Security, Privacy, and Compliance Officer. In most cases, this request will be completed within 30 days. If circumstances require a delay to this deletion, Big Health will notify you directly explaining the reason for the delay. Note also that in some cases, there may be a legal requirement to hold on to your data. Again, Big Health will notify you directly if this is the case.
Right to Withdraw Consent
You have the right to withdraw their consent relating to our processing of PII at any time by contacting us at firstname.lastname@example.org. Please note that without consent to process Health Information, we will be unable to provide the System to you.
Right to Object
Under certain circumstances, you have the right to object at any time to our processing of your personal information for reasons relating to your particular situation (e.g., direct marketing).
Right to Restrict Processing and/or Sharing
Under certain circumstances, you may have the right to ask us to restrict processing of your personal information and/or sharing of your personal information to third parties.
Right to Data Portability
Under certain circumstances, you may request that your personal information that you provide to us be handled without hindrance in a certain format (structured, commonly used, machine-readable format) and may have the right to transfer it to another company or organization.
Links to Other Sites; Third Party Apps; Transactions with Third Parties
Big Health is not responsible for and will not be a party to any transactions between you and a third-party provider of products, information or services. Big Health does not monitor such transactions or ensure the confidentiality of your PII, including credit card information, for any third-party transaction. Any separate charges or obligations you incur in your dealings with these third parties linked to the Sites are solely your responsibility.
Our Service is intended for individuals who are over the age of age 18. If you believe a child under the age of 13 has provided information to the Service please contact us using the information provided below.
Your California Privacy Rights; California Do Not Track Disclosures
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information, as defined in California Civil Code Section 1798.83(e)(7), by Big Health to a third party for the third party’s direct marketing purposes. Upon your request, Big Health will provide (i) the types of personal information Big Health shared with third parties for the third parties’ direct marketing purposes during the immediately preceding calendar year; and (ii) the identities of the companies with which we shared the information. You may make this request once per calendar year.
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities, over time and across different websites. We do not honor “Do Not Track” signals. To find out more about “Do Not Track,” you can visit www.allaboutdnt.com.
Big Health is committed to resolving complaints about your privacy and our collection or use of your PII. If you believe your privacy rights have been violated or you disagree with any action Big Health has taken with regard to your PII, you may file a complaint with Big Health by emailing us at email@example.com.
If you have questions or suggestions, please email us at firstname.lastname@example.org. You may also contact us at:
Big Health Inc.
Attn: Security Official / Head of Information Security
461 Bush Street
San Francisco, CA 94108
DOC-3323 Effective 09/2023