Privacy Statement
Effective Date: January 1, 2024
INTRODUCTION
Welcome to OneLoop Health! OneLoop Health is a HIPAA compliant application (“Application”) designed for healthcare providers (“Users”) to perform and track task management functions across their organizations. Please review our Privacy Policy carefully and click “I Accept” to acknowledge that you understand the ways in which OneLoop Health may process personal information in connection with your use of the Application.
You may be asked additional questions to ensure we have your consent to collect and use personal information for specific purposes. Please note however that failure to provide requested information in various circumstances may make it impossible for you to access certain Application features. In this Privacy Policy, we will explain the information gathering, use, security, and dissemination practices of OneLoop Health related to the Application.
This Privacy Policy addresses OneLoop Health’s practices regarding information collected only directly through or from the Application – it does not address or govern any information gathering, use, or dissemination practices related to information collected other than directly through or from the Application.
OneLoop Health also has an End User License Agreement (EULA) for the Application. Click here to view the EULA. In the event of a conflict between this Privacy Policy and the EULA, this Privacy Policy shall govern.
PROTECTED HEALTH INFORMATION
As a HIPAA-compliant task management Application specifically designed for healthcare providers, we treat, for security and privacy purposes, all of your personal information and patient data collected through your use of the Application as “Protected Health Information” or “PHI” (as that term is defined at 45 C.F.R. § 160.103) subject to protection under the Health Insurance Portability and Accountability Act of 1996 and Subtitle D of the Health Information Technology for Economic and Clinical Health Act. When we store, process or transmit your PHI, we do so as a “Business Associate” (as also defined at 45 C.F.R. § 160.103). When we operate as a Business Associate, we are required to, among other things, apply reasonable and appropriate security measures to safeguard the confidentiality, integrity and availability of your PHI that we store and process on your behalf. For the purposes of this Privacy Policy, “Personal Information” shall include PHI and other personal information collected on your behalf that OneLoop Health safeguards with equivalent protections applicable to your PHI.
COLLECTION OF PERSONAL INFORMATION FROM APPLICATION USERS
(1) Information You Provide
The general types of Personal Information that OneLoop Health collects to register your account or when otherwise provided by the User include: name, email address, phone number, and credentials. We use this information to manage your account, verify your identity, and deliver the Application services to you.
(2) Patient Data
Patient Information may also be collected and utilized through the Application, either by manual entry or through connectivity via an electronic health record (EHR). Such data may include demographics such as patient name, date of birth, medical record number, gender, and contact information, along with clinical or diagnostic information about the patient. In addition, tasks generated on behalf of the patient through use of the Application will be saved to the record of that specific patient in the Application (not in the EHR).
(3) Cookies and Web Beacons
OneLoop Health may place “cookies” on the hard drives of Application Users. Cookies save data about individual Users, such as the User’s name, user-name, screen preferences, and the pages of the Application viewed by the User. When the User revisits the Application, OneLoop Health may recognize the User by the cookie and customize the User’s experience accordingly. Users may decline cookies, if any, by using the appropriate feature of their web browser, if available.
OneLoop Health also may use web bugs (a.k.a. web beacons) to gather, store, and track certain information related to the User’s visit to and activity on the Application. A web bug is a file object, which can be a graphic image such as a transparent one pixel-by-one pixel graphics file, which is placed on a web page or in an email message to monitor user activity. A web bug can gather, for example, the IP address of a visitor’s computer, the time the web page was viewed, and the type of browser used.
We further explain the use of Cookies and web beacons on our website and in our Application in our OneLoop Health Cookie Policy, which is accessible: at https://OneLoop.health/cookie-policy. Acceptance of this Privacy Statement also includes the acceptance of our Cookie Policy.
(4) User Behavior Analytics
OneLoop Health may collect data about the User’s behavior and their devices to present them with opportunities to get work done in the right context. This includes, for example, access to the User’s calendar and geographic location so we can analyze when and where the User typically completes various tasks. The Application may send the User push notifications or email notifications to remind or prompt actions based upon the User’s behavior data. You can choose to disable the notifications in the Application settings.
(5) Do Not Track
This Application does not support “Do Not Track” signals or other mechanisms, so it does not do so. For more information on Do Not Track signals, see https://allaboutdnt.com/.
(6) Minors
Minors are not allowed to register for or use the Application. OneLoop Health does not knowingly allow any minors to register for the Application on their own. If we learn that Personal Information has inadvertently been collected from a person under age 13, we will delete that information.
(7) Support Information
If you contact us regarding questions, issues, or requests related to the use of our Application, our support team may view your Personal Information, as well as any additional information you provide, in order to assist. We may also ask follow-up questions to gather more information as necessary to address your issue. This information is stored as a record of your support request.
(8) Audit Trails
OneLoop Health also tracks all data entered or changed in the Application via audit trails as per state and federal regulations, to discover and respond to events to protect our Application from security threats, fraud, or other illegal activity. We may also use this information to enforce our EULA, compliance, and other legal obligations. Where feasible we limit the identifiable and sensitive information contained in these audit trail files.
Additional Personal Information collected may be described in other sections of this Privacy Policy or by dedicated explanation text contextually with the data collection.
USE OF PERSONAL INFORMATION COLLECTED THROUGH THE APPLICATION
Personal Information collected by OneLoop Health through the Application may be used by OneLoop Health for many reasons, for example, managing your account, verifying your identity, delivering services, and storing your User preferences. We may also track and examine your use of our Application, including preparing reports to help improve User workflows and experience within the Application.
If you create an account and provide your email address, we will send you administrative emails (i.e., updates on a task, Users in your list, invitations to new lists, etc.). All Users receive administrative emails, you cannot opt-out of them while you remain an account holder.
DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES
OneLoop Health does not license or sell your Personal Information to third parties.
We may use third parties to help provide Application services to you on our behalf and may share your Personal Information with them for this purpose, including our cloud host provider. These third parties are contractually bound to protect your Personal Information.
We may provide your Personal Information to third parties with your express consent, such as a valid HIPAA Authorization.
Additionally, we may be required to disclose your Personal Information to comply with a legal request or to fulfill regulatory requirements (i.e., disclosure to public authorities in response to a subpoena).
Finally, we may transfer your Personal Information to an entity or individual that acquires, buys or merges with OneLoop Health, or through some other business reorganization.
DE-IDENTIFIED INFORMATION
In addition to the Personal Information categories, uses and disclosures discussed above, we may remove the identifiable parts of your Personal Information to create de-identified information (“De-identified Information”). This De-identified Information does not contain any PHI or details of a task. De-identified Information may be combined with other data into aggregated datasets. We use De-identified Information in the following ways, to the extent permitted by HIPAA and other applicable laws:
(1) Disclosure for Business Purposes: We may license, sell or otherwise share De-identified Information with other clients, partners, investors and contractors for any purposes related to our business practices.
(2) Product Improvement and Analytics: We may use De-identified Information for product improvement purposes or to understand our customer base and better serve our market.
(3) Research: We may use De-identified Information for research whether scientific, marketing, or business in nature. This research may be made public through publications such as within a scientific journal.
SECURITY
OneLoop Health has a legal duty to protect your Personal Information. We have put in place reasonable physical, technical, and administrative controls to safeguard and help prevent unauthorized access to your Personal Information. All Personal Information collected through the Application is encrypted in transit and at rest in HIPAA-compliant databases. While we endeavor to protect the privacy of the Personal Information we maintain in our Application, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of your Personal Information at any time.
Some of these security measures rely upon you. Our Users are required to abide by industry-accepted security practices, including but not limited to, keeping your login credentials secret, avoiding public WiFi networks, and password protecting your mobile device. If you ever suspect a security issue with your account, contact support@OneLoop.health immediately.
STORAGE AND RETENTION
OneLoop Health itself stores and processes all Personal Information provided to it through the Application in the United States of America. We retain your data for as long as reasonably necessary to provide you with services related to the Application or to comply with applicable law.
RIGHTS TO PERSONAL INFORMATION
You may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at support@OneLoop.health. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your Personal Information as soon as possible. Your rights to access, change, or delete your Personal Information are not absolute. For example, we may deny you such rights when required by law.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time by posting a new version within our Application. You should check this page periodically to review any changes as well as within the settings section of our Application. If we make any material changes affecting you, as determined by OneLoop Health, we will notify current Users by providing notice through the Application. We may request you to agree to the new terms; otherwise your continued use of the Application, and/or continued provision of Personal Information to us, will be subject to the terms of the then-current Privacy Policy.
CONTACT INFORMATION
If you have any questions or suggestions about this Privacy Policy, please contact us at support@OneLoop.health.