DynamiCare Health Privacy Policy


Last Updated: June 24, 2022

INTRODUCTION TO PRIVACY AT DYNAMICARE HEALTH

DynamiCare Health, Inc. (“DynamiCare”, “we”, “our”, or “us”) knows the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.

This privacy policy (and as amended from time to time as posted on our website at www.dynamicarehealth.com/privacy-policy) (“Privacy Policy”) describes the types of information we may collect from you or that you may provide when you visit or use our dynamicarehealth.com website or our Supporter or Analytics web portals (collectively, “Website”), our mobile app (“Mobile App”), or use our services (collectively, all of the foregoing referred to as “Services”). This privacy policy also describes our practices for collecting, using, maintaining, protecting and disclosing that information.

By “visitors” we mean casual visitors to our Website, users, and our current customers and members, whether you upload information to our Website, download information, or are merely visiting our Website. By “customers” we mean the person or organization that purchases our Services. By “members” we mean persons having an account and who use the Website, Mobile App, and Services to support their own recovery. By “supporters” we mean the relatives and friends that a member authorizes to access the member’s account. By “users” we mean customers, members, healthcare providers, and supporters who are authorized by a customer to access the Services.

This Privacy Policy applies to the data collected by us, and those working on our behalf, through information you enter or from the data imported from authorized and approved sources. It does not apply to data collected through other websites, products, or services not approved by us.

You also have rights concerning our access to and use of your Protected Health Information, which are described more fully in our Notice of HIPAA Privacy Practices.

ACKNOWLEDGEMENT AND CONSENT

By using or accessing our Website or the Services in any manner, you acknowledge that you accept the practices and policies described in this Privacy Policy (and as updated from time to time), and you hereby consent that we may collect, use, and share your information as described herein. You also expressly acknowledge that you have read and understood our Notice of HIPAA Privacy Practices, which describes how we may use and disclose health information about you for treatment, payment, or health care operations and for other purposes that are permitted or required by law, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time (“HIPAA”). To the extent there is any conflict between this Privacy Policy and the Notice of HIPAA Privacy Practices, the Notice of HIPAA Privacy Practices will control. If you do not agree with our policies and practices, your choice is not to use our Website or our Services. Your use of the Website and our Services is at all times subject to our Terms of Use (available at http://www.dynamicarehealth.com/terms-of-use) (the “Terms”), which incorporates this Privacy Policy. Any capitalized terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms.

AGE RESTRICTION

By accessing the Services, you represent that you are at least 13 years of age, and you hereby are giving full consent that DynamiCare will collect, use, and share your information as described below.

DynamiCare does not knowingly collect or solicit Personal Information (as defined below) from anyone under the age of 13. If you are under 13, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under age 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us Personal Information, please contact us at privacy@dynamicarehealth.com. If you are between the ages of 13 and 17, your parent or legal guardian must sign a consent form to be allowed to use the Services.

INFORMATION WE COLLECT ABOUT YOU

This Privacy Policy covers our treatment of Personal Information that we gather when you are accessing or using our Services. We may also collect Personal Information from you through means other than our Website and Mobile App. This may include offline collection, such as if you make a payment by check, or call or visit our office. It also includes emails, text messages, or other electronic communications that you send to us separate from our Website or by way of our third party service providers.

This information (“Personal Information”) may include name, mailing address, email address, telephone number, or any other information defined as personally identifiable information (or similar term) by U.S. laws applicable to you and your information, and may include information defined as “Protected Health Information” under HIPAA. We collect Personal Information during the registration process, online assessment, by telephone, and through your account settings. We will not access your camera, your contacts, your location, or any other device content without your permission. Personal Information does not include Personal Information that has been deidentified, pseudonymized, anonymized, aggregated, and/or otherwise processed so as to be unidentifiable in such a way that the data can no longer be attributed to a specific individual (by reasonable means) without the use of additional information, and where such additional information is kept separate and under adequate security to prevent unauthorized re-identification of a specific individual such that one could not, using reasonable efforts, link such information back to a specific individual (the foregoing referred to as “De-Identified Information”).

a) Information provided to us by users

We receive and store any Personal Information that all users provide to us. For members using the Mobile App’s Verified Appointment Check-in feature, we collect, via the member directly or their healthcare provider, information about the time, location, and duration of key appointments being tracked with the Mobile App, as well as the name of the appointment (e.g., a gym workout session, a Medication Assisted Treatment session where medication may be received, etc.). Certain Personal Information may be required to create an account with us, or to take advantage of some of the features within the DynamiCare Mobile App or Website. Instant messages, emails, contact requests and other forms of communication are kept confidential.

b) Information collected automatically when using our Website

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:

●       Details of your visits to our Website, including, but not limited to, traffic data, geolocation data, logs and other communication data and the resources that you access and use on the Website.

●       Information about your computer and internet connection, including your IP address, operating system, browser type, clickstream patterns, the URL of the most recent website you visited before coming to our Website, the amount of time you spent on our Website, and the pages you viewed while on our Website.

The information we collect automatically is De-Identified Information and only used in aggregate or de-identified form (for example, as a statistical measure), and not in a manner that would permit us to identify you personally. This type of information helps us to improve our Website and to deliver a better and more personalized service, including, but not limited to, by enabling us to: (a) estimate our audience/visitor size and usage patterns; (b) store information about your preferences, allowing us to customize and improve our Website; (c) speed up your searches; and/or, (d) recognize you when you return to our Website. We may provide this de-identified and/or aggregate data to our partners and/or customers to identify how our users use our Site, Mobile App and/or Services.

c) Cookies

Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your browser to enable our systems to recognize your browser and tell us how and when pages in our Site are visited and by how many people. We use cookies to enhance visitors’ experiences by understanding how visitors and / or users engage with and navigate our Site. Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers and in some but not all instances can be blocked in the future by selecting certain settings. Each browser that you use will need to be set separately, and different browsers offer different functionality and options in this regard. Also, these tools may not be effective with regard to certain types of cookies (e.g., Adobe Flash or HTML5 cookies). Please be aware that if you disable or remove cookies on your Device, some parts of our Site or Services may not function properly and when you revisit our Site or Services your ability to limit cookies is subject to your browser settings and limitations.

We may choose to serve ads on the Site or the Mobile App. These ads may be delivered to users by our advertising partners, who may set cookies. These cookies allow the ad server to recognize your Device each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy refers only to the use of cookies by DynamiCare and does not cover the use of cookies by any third parties (e.g., advertisers).

You may refuse to accept browser cookies by activating the appropriate setting in your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.

We also use cookies to implement tracking technology on our Website. This allows us to display advertising that is tailored to you on our Website which parts of our content interest you the most and which Service categories you request. This tracking uses De-Identified Information data (i.e., data that cannot be identified as being specifically associated with you) and does not use your Personal Information. We will not combine this data with your other Personal Information without your express permission. Some of our contracted vendors and affinity partners are allowed to place cookies on our Website. Those companies may also provide you with the option of preventing the use of cookies in the future. For more information, contact the relevant third-party provider.

At any time, you can prevent the use of cookies in the future by adjusting your browser settings. However, if you do, your experience on our Website may be affected.

d) Enabling the “Do Not Track” feature on your browser

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and Services (including behavioral advertising Services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. When you turn on the Do Not Track function in your browser, we stop collecting the information from your browser that allows us to tailor advertisements and other content specifically to you that is based on your visits to our advertising partners’ websites. Specifically, we stop collecting information from the unique browser cookie that links your browser to visits to third party sites. Do Not Track signals are set on a browser-by-browser basis, so you must set them on every browser you use if you do not wish to be tracked. Remember that this is just our Do Not Track policy, and we can’t and don’t make any promises about how third parties respond when you set this signal on your browser. Not all third parties will allow you to opt out of tracking or cookies.

e) Geo-tracking

The Mobile App uses the built-in Global Positioning System (GPS) data and location capabilities built into your mobile device. This data is used to track your location as well as the length of your stay at appointments, typically beginning 15 minutes prior to your scheduled appointment, and ending 10 minutes after your appointment's scheduled completion time. This feature enables you to check into required locations as a part of ongoing treatment. You can choose whether this feature is enabled on your device. Please note that if you choose to turn off the location capabilities on your mobile device you will not be able to benefit from some of the features of this application. The Mobile App will log that the user has disabled tracking.

f) Substance testing

The Mobile App conducts breath and saliva tests through selfie video. The results of these tests are stored on our secure servers and reviewed by our staff authorized to handle this information. The videos are automatically deleted after one week, unless a member disputes the results. Healthcare providers and our recovery coaches using our system may also enter in the results of substance tests collected outside of our Services to be stored in our system.

To the extent that DynamiCare uses outside lab or testing as part of your recovery services, you hereby authorize any outside healthcare provider to share your test results with DynamiCare as part of your treatment and for healthcare operations.

g) Smart debit card

We use a smart debit card to provide incentive funds, when applicable. We track and store all transaction data on this card. The debit card issuer does not receive any of your Personal Information, only De-Identified Information.

h) Other features

The Mobile App will store other types of data as you interact with the Mobile App and enter information into it. For example, any information you enter in the Surveys or Cognitive Behavioral Therapy modules in the Mobile App will be stored by us and made available to your identified healthcare provider, which could include a DynamiCare recovery coach, social worker, counselor, primary care physician, or other professional.

The Mobile App will also collect device health check information that is pertinent to the performance of the Mobile App, including system uptime, battery strength, battery saving mode, signal strength, location information during appointments, and system settings such as doze mode.

i) Aggregated or anonymized data

Unless prohibited by HIPAA, we may use, reproduce, publicize, or otherwise exploit De-Identified Information in any way, in our sole discretion. Such data can be used to improve user experience and application efficacy by giving us insights into the demographics and behaviors of our users. We also may combine your De-identified Personal Information with that of other users to create aggregate de-identified data that may be disclosed to third parties who may use such information to understand and analyze our Services. These data will not contain individual identifiers, nor will any constellation of information be collated which can identify an individual.

j) Google tools

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. This Privacy Policy covers the use of cookies by us only and not the use of cookies by third parties.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

Google Ads. We use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service. Google’s advertising requirements can be summed up by Google’s Advertising Principles. We have implemented the following: (a) Remarketing with Google AdSense and (b) Google Display Network Impression Reporting.   

OWNERSHIP OF YOUR PERSONAL INFORMATION

When you provide Personal Information, use the Services, or otherwise disclose or authorize others to disclose Personal Information to us, you, as between us and you, remain the owner of all such Personal Information. By providing such Personal Information to us, you agree to and do here grant us a nonexclusive, worldwide, perpetual, royalty-free, irrevocable (other than as restricted by law applicable to you and your data) right and license to use your Personal Information as described herein.

HOW WE USE YOUR INFORMATION

We gather various types of Personal Information from our users for a variety of reasons. We use Personal Information internally in connection with our Services, including as a means of identifying you as a DynamiCare member, to personalize and improve our Services, to allow you to set up a user account and profile, to contact you, to provide and improve the Services, and to analyze how you use the Services.

We collect both Personal Information and non-personal information through the standard operation of the Services. This information is used to identify you as a DynamiCare member, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services.

We use the Personal Information (and other information) you provide to us to personalize and improve your experience with our services. Sometimes our healthcare partners need to access these data in order to partner with us effectively. The following sections explain how the data we collect are employed. Members, providers, supporters, and our authorized recovery coaches and our personnel will have access to certain aspects of your Personal Information.

Communication With DynamiCare

We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers with opportunities to participate in research studies, or email you about your use of the Services. These offers are independent of the Service the application provides, and your participation will not affect your receipt of the Services. Also, we may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our Services, and is in no way associated with your receipt of the Services. If you do not want to receive communications from us, please indicate your preference by emailing us at privacy@dynamicarehealth.com.

By providing us with your email address (including by “following,” “liking,” linking your account to our Service or other services, etc., on a third party website or network), you consent to our using the email address to send you Service-related notices by email, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity on the Service to the email address you give us, in accordance with any applicable privacy settings. We may use your email address to send you other messages or content, such as, but not limited to, newsletters, additions or changes to features of the Service, or special offers. If you do not want to receive such email messages, you may opt out by emailing us your opt-out request or by clicking “unsubscribe” at the bottom of our e-newsletter. Opting out may prevent you from receiving email messages regarding updates, improvements, special features, announcements, or offers. You may not opt out of Service-related emails.

You can add, update, or delete information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your account by emailing us. It is your responsibility to maintain your current email address with us.

Referrals

From time to time, we may invite you to refer our Services to supporters, such as family members, colleagues, or friends. In these cases, it is your responsibility to ensure that these persons are indeed family members or people with whom you have a personal relationship. In short, we ask you to limit your invitations to people in your inner circle that may have an interest in our Services. We will send them an email saying that you have suggested that they may be interested to try our Services. We will not contact them again if they do not reply or if they request that we do not contact them again.

DISCLOSURE OF YOUR PERSONAL INFORMATION

We will never disclose your Personal Information (unless in De-Identified form) to other businesses for their marketing purposes. If you are a member, we will never disclose your Personal Information to your employer, unless you specifically permit us to in writing.

Member’s healthcare providers

If you are a member, we may share your Personal Information with your healthcare providers, such as your treatment facility, physician, counselor or coach.

Member’s health plan    

If you are a member, we may share your Personal Information with your health plan     .

Member’s information to supporters

If you are a member, we will share your Personal Information with a supporter if you have provided consent for us to do so.

Member’s information to emergency contact and/or local authorities

In order to use DynamiCare, there are some fundamental terms to which you must agree. The first pertains to your safety. You must provide an emergency contact and their contact information. You must agree to allow DynamiCare Health to contact this individual(s) and/or local authorities, if you are deemed to be at-risk or unsafe, or if you place others at-risk. DynamiCare will do what we feel is necessary to ensure your and/or other’s safety. Failure to provide this information or failure to grant DynamiCare permission to release information about the circumstances of an unsafe situation you are involved in will prevent you from being able to participate in our program.

Partners

We work with a variety of business and research partners to assist in providing our Services or relate to our Services. “Partners” are businesses and institutions, such as, but not limited to, technology providers (e.g., data processing or storage providers, website and other software developers), financial transactions processors, electronic medical record management providers, fulfillment services, academic research institutions, etc. It is likely that the types of such partners will change during the life of your account. We have agreements with our partners to protect the confidentiality and security of your Personal Information.

When we refer to our “partners,” we mean independent companies or institutions with whom we may work, and they are not related to us or in a legal partnership with us. Our partners may provide Services to you through or in connection with our Services (either alone or jointly with us) or may provide services to us. We will share your Personal Information with that partner only to the extent that it is related to your care or is needed for us to provide our Services.

De-Identified Information

We may share De-Identified Information or anonymous information (including, but not limited to, anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain Services, and for any other purpose we deem appropriate.

Required Disclosures

Except as otherwise described in this Privacy Policy and as permitted by applicable law, we will not disclose Personal Information to any third party unless required to do so by law, court order, legal process, or subpoena, including to respond to any government or regulatory request, or if we believe that such action is necessary to (a) comply with the law, comply with legal process served on us or our affiliates, subsidiaries, contracted vendors, or affinity partners, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) enforce our Terms (including for billing and collection purposes); (c) take precautions against liability; (d) investigate and defend ourselves against any third-party claims or allegations; (e) assist government enforcement agencies or to meet national security requirements; (f) to protect the security or integrity of our Website, our Services, or any software we provide related thereto; or, (g) exercise or protect the rights, property, or personal safety of us, our users or others.

We will attempt to notify you about these requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon us, our users, our Website, or our Services. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify that user about the request after the fact if we determine in good faith that we are no longer legally prohibited from doing so and that no risk scenarios described in this paragraph apply.

YOUR CONSENT TO DISCLOSURE/TRANSFER OF YOUR PERSONAL INFORMATION

You consent to our disclosure of your Personal Information and other information to a potential or actual buyer of our company or other successor for the purpose of considering a merger, divestiture, restructuring, reorganization, dissolution, or sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or other proceeding, in which Personal Information held by us is among the assets transferred. You agree to and do hereby consent to (and shall not object to) our assignment, conveyance, transfer, and/or license (whether by contract, merger or operation of law) of any or all of our rights to your Personal Information and your consents, in whole or in part, and other information, with or without notice to you and without your further consent.

SECURITY AT DYNAMICARE

We are committed to ensuring that your information is collected, applied and stored in the securest manner. We have implemented a variety of commercially standard encryption and security technologies and procedures to protect your personal information stored by us from unauthorized access. We also maintain standard physical and electronic procedural safeguards that limit access to your personal information to our employees (or people working on our behalf and under confidentiality agreements) who, through the course of standard business activities, need to access your personal information.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do use security measures designed to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to us or which we obtain. This is especially true for any information that you transmit to us via email or text message since we have no way of protecting that information until it reaches us. Email and text messages and the communication lines they travel over do not have the security features that are built into our Website and Services and may not be secure. Any transmission of Personal Information is at your own risk. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We are not responsible for circumvention of any privacy settings or security measures contained on the Website or used with our Services.

In addition, by downloading the Mobile App from a digital distribution platform such as the Apple App Store or Google Play the platform owner and its agents may be able to identify you as a user of our Services.

YOUR ACCOUNT SECURITY

The safety and security of your information also depends on you. You should maintain good internet security practices. Access to the Service is enabled only by passwords. You should maintain your password in strict confidence. Under no circumstances should you share your password with any third party, or allow another person to access the Service using your username and password. Please notify us immediately if you have any reason to believe that your password has been lost, compromised or misused in any way. You are fully and solely responsible for any and all use of the Service using your password. We reserve the right to revoke or deactivate your password at any time. You should prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser. If your email account is compromised it could be used to ask us to reset a password and gain access to your account with us. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular make sure any compromised account does not allow access to your account with us. The information you share in public areas may be viewed by other users. We’ll never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate. If you have security concerns, questions, or need to reset your password, contact us at privacy@dynamicarehealth.com.

DATA RETENTION

We maintain the Personal Information as a business record according to the requirements of applicable law.

Additional Information for Apple iOS Users - Deleting Your Account

If you choose to delete your DynamiCare account you will be automatically logged out and have your access to the app and its features revoked. You will have up to 72 hours after deletion to restore your account if you wish.

Please note that in accordance with HIPAA regulations, any medical information and/or associated data pertinent to your account will be retained in order to meet state and federal regulations. 

Please know that DynamiCare Health takes your data security and privacy very seriously. Details about your rights and choices when it comes to your medical information and how it may be used or disclosed can be read here: DynamiCare Health: Notice Of HIPAA Privacy Practices

SPECIAL PROVISIONS FOR RESEARCH SUBJECTS

We apply tight controls for research studies conducted under oversight from an Institutional Review Board. Minimal Personal Information is collected from research subjects and is used only to enable our access and use of the Services or as otherwise directed by the study principal investigator. Research study data may be connected to subject’s unique identifier rather than person name or other identifying information. We may terminate research subject’s subscriptions to their services upon completion of the research study or as directed by study principal investigator. We agree to let study principal investigators control all communications with research subjects and we will not initiate communication with research subjects for any purpose other than as directed by study investigators.

DYNAMICARE SUBSCRIPTION

Downloads of the DynamiCare Mobile Apps are processed by Google, Inc. and Apple, Inc. Our Privacy Policy and practices are not extensible to these entities. Please refer to Google’s privacy policy for questions about downloading Android apps, and Apple’s Privacy Policy for questions about the Apple App Store. These entities do not share any data of a personal nature with us.

JURISDICTION

All information passed through us is handled in the United States. By using the Services, you agree that the handling of your Personal Information and any communication through the Services will be governed by the laws of the United States.

NOTIFICATION OF CHANGES

DynamiCare reserves the right to change and update this privacy policy. Our current Privacy Policy will always be on our Website and any updates will be effective upon posting. If we make any changes to this Privacy Policy, we will notify you by posting an announcement and the updated Privacy Policy on our Website, and for users of the Mobile App, we will have a pop-up notice when you open it. By continuing to access or use the Services after we have posted a modification or have provided you with notice of a modification, you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease accessing the Site and using the Services.


COMPLAINTS

You can complain if you feel we have violated your rights by contacting us at:

Privacy Officer
privacy@dynamicarehealth.com
(855) 539-6264
DynamiCare Health, Inc.
6 Liberty Square #2102, Boston, MA 02109

You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/ .

We will not retaliate against you for filing a complaint.