Privacy Policy

Last updated: June 1, 2018

This privacy policy describes the types of information Brightside Health, Inc. (“Brightside,” “we,” “our,” or “us”): (1) may collect from you or that you may provide when you visit the website brightside.com and/or any affiliated mobile application (our “Website”); (2) our practices for collecting, using, maintaining, protecting, and disclosing that information; (3) what rights you have over that information and how to exercise your rights; and (4) what to do if you think we’re not complying with our legal obligations.

Brightside is committed to protecting your privacy. We provide this policy to explain the type of information we collect and to inform you of the specific practices and guidelines that protect the security and confidentiality of your personal information, including health information that individually identifies you, or Protected Health Information (“PHI”). Please read this policy carefully. If any term in this policy is unacceptable to you, please do not use the Website or provide any personal information. By accessing or using the Website, you signify your acknowledgment of this privacy policy. This privacy policy may change from time to time, and your use of the Website after we make changes is deemed to be your acceptance of those changes, so please check the policy periodically for updates.

Overview

State and federal laws (“Laws”) govern how Brightside can use and disclose health information that individually identifies you. This information is called PHI. We collect PHI when you use our Website and when you communicate with us.

Laws also specify the rights you have over your PHI. Please review the affiliated doctors’ Notice of Privacy Practices for details on your rights and options to access and amend your data. If you have any questions, please send us a message at info@brighside.com.

NOTE THAT Brightside DOES NOT PRACTICE MEDICINE. Rather, Brightside performs a service to assist doctors who are contracted with Brightside (“affiliated doctors”) with services like collecting and securely maintaining your PHI to provide your assessments and information that you or your doctors may request.

Brightside can store a request for medical services and forward that request to a licensed doctor in your state, as long as it is included as one of the “States Where We Operate,” as defined in the Terms of Use.

How We Use and Disclose Your PHI

We use and disclose your PHI so that affiliated doctors can provide you with care, to run our operations and perform operations to support the affiliated doctors, to take payment, and to comply with Laws.

As examples, we share your PHI with organizations that help us run and maintain the technology and security infrastructure that supports the Website and the care that affiliated doctors provide through the Website. We also may share your health information with physicians who are treating you. We share your PHI with our online payment processor and with our bank. We share your PHI with the pharmacy if a doctor prescribes medication to you through the Website and with intermediaries who enable us to send prescriptions electronically.

We may use your PHI to tell you about health-related products and services we offer, and we may share your PHI with a third party if we merge, are acquired, or undergo an asset sale.

We strive to make sure that any third parties with whom we share your PHI are legally bound by the restrictions of this Privacy Policy. It is not possible to bind some companies, like Google Inc. to such restrictions, in so far as Google Inc. provides us with analytical tracking services to help us understand how you use the Website. Google Inc. may have access to various technical information about you, including but not limited to your internet protocol address and your MAC address. In all such cases we endeavor to mask any personally identifying information to avoid sharing it with such parties.

Affiliated doctors use your phone number to call you for consultations and will leave voice messages if you don’t answer the phone. Voicemail messages will include the physician’s name and phone number, but not substantive medical information about you. If you do not want messages to be left, you must advise us of this in writing. If Brightside receives your permission, we will use your phone number to send you SMS/text messages.

If we ever have reason to suspect that you may harm yourself or others, we may need to share certain personal information with emergency services.

Other Information We Collect

We also collect technical information about how you use our Website. We use this information to help us improve the overall quality of the Website and the services we provide, as well as to market our services to you. Technical information we collect may include information about your mobile device, including but not limited to unique device identifiers, the operating system you use, information about when and how you use the Website, and information about your general location when you use the Website, including your internet protocol address and MAC address. We use cookies and do not respond to “do not track” signals in your browser.

Email

We may send you emails notifying you of a new message that you can access by logging into your account through our Website.

Risk of Storing PHI On Your Mobile

When you use the Website, there is a risk that your PHI will be stored unencrypted on your mobile device. We take a variety of technical safeguards to make sure that your PHI does not leak onto your mobile device but we cannot guarantee that these safeguards work.

Risk of Our Systems Getting Hacked and Compromised

We take a number of administrative, technical, and physical safeguards to look after the PHI that we hold electronically on our servers. But despite these safeguards, no system is perfect, and we cannot guarantee that our systems and your PHI will not be hacked or otherwise compromised by unauthorized third parties.

The Rights You Have Over Your PHI

Upon request to obtain a copy of your medical record, we will provide customer support to help you obtain your records; however we reserve the right to charge a fee for time-consuming requests.

You have the right to request:

  • That we limit how we use and share your PHI, though there may be occasions when we cannot agree to your request.
  • That we change or update information held in your medical record, though there may be occasions when we cannot agree to your request.
  • How we send you PHI, though the electronic nature of the Website limits our ability to agree to such requests.
  • An accounting of the disclosure of your PHI. You are entitled to one disclosure accounting in a 12-month period at no charge. An accounting does not include disclosures to carry out treatment, healthcare operations, or payment. We are allowed to charge a fee for any additional accounting in a 12-month period.
  • A paper copy of this Privacy Policy.
How to Contact Brightside Health to Use Your Rights

Please write to us at: Privacy and Security Officer, Brad Kittredge, 201 Spear Street, Suite 1600, San Francisco, CA 94105.

How to Complain

To submit a complaint to Brightside you need to do so in writing to: Privacy and Security Officer, Brad Kittredge, 201 Spear Street, Suite 1600, San Francisco, CA 94105.

In addition you can complain to: Secretary of the U.S. Department of Health and Human Services Attention: Regional Manager, 50 United Nations Plaza, Room 322, San Francisco, CA 94102. For additional information, call (800) 368-1019 or the U.S. Office of Civil Rights at (866) 627-7748 (Voice) or (866) 788-4989 (TTY)

No Retaliation

We will not retaliate against you for filing a complaint.

Effective Date

This Notice is effective dated May 9, 2018.

Changes to This Notice

If we change the terms of this Privacy Policy then we will post the new Privacy Policy on our Website. Any new Privacy Policy will apply to all PHI that we maintain, including PHI that was created prior to the change.

741-741

If you’re in emotional distress, text HOME to connect with a counselor immediately.

911

If you’re having a medical or mental health emergency, call 911 or go to your local ER.