1. What Information do we collect?
Body Health IQ collects information about you, our clients (“Clients” or “you”) that you provide and that we collective as part of our Services being offered. Collectively, the information we collect when you use our Services and the information you provide when ordering Services are referred to herein as “Information”.
Client Information: When Clients register for our Services, we ask them for personal information including, but not limited to, name and contact information, company name and title (where applicable), address, telephone number, email address, user name and password, and billing information, which may include credit card information. Clients also provide us with Information regarding the Services they have ordered, including the nature of the tests requested, which may include, “Protected Health Information” (or “PHI”) as those terms are defined under the HIPAA rules within 45 C.F.R. § 160.103, et seq.,(“HIPAA Rules”).
Confidential Lab Records: We recognize the sensitivity of PHI, and utilize encryption and security software to safeguard its confidentiality. This software protects the personal information we collect from unauthorized access or disclosure and accidental loss, alteration or destruction. All lab orders and results reports are uploaded to each Client’s “Confidential Lab Record” on our secure server. Reports are only available through secure download through the individuals account. Under no circumstances will this information be made available to third parties such as insurance carriers or representatives of any healthcare provider without our Client’s prior consent.
Before receiving such Information, we contractually require that you warrant that, you are the person who’s information you are providing that that you have the authority to order the Services.
We may also log a Client’s Internet Protocol addresses for location specific information, and for system administration purposes, including tracking a web session so that we know when, how often and what web-pages of our websites are visited. We also use your Internet Protocol address to analyze and develop reports on the number and frequency of your use of our Services. To prevent the need to re-insert user-name and password as you move from one page of our websites to the next, we use “cookies” – short pieces of information used by web browsers to temporarily remember information provided by a user. But, cookies are generally deleted once the web browser used to access a web-site is closed.
2. How do we use information?
We may use your PHI solely to provide the Services, including to process your laboratory test requests and to connect you with medical providers to assist you.
We have partnered with “Braintree”, a subsidiary of PayPal, and leading payment gateway, ensuring safe and secure credit card processing. Braintree services include an optional “Vault” to securely store customer information and payment methods. Our Clients enjoy the peace of mind that comes with knowing their information is secure and the added convenience of not having to re-enter their information each time a purchase is made. When a payment method is stored in the “Vault”, the information is encrypted by the Braintree gateway and associated with a unique payment method token.
3. With whom do we share information?
We never sell Client Information, and we do not share your Client Information with any third parties except under the following very limited circumstances:
3.2. As You Explicitly Allow: We may share or otherwise use your Client Information as you explicitly allow us. For example, you may instruct us to provide your information to a laboratory to complete a blood test and report.
3.3. Agents Acting on Our Behalf: We may share some of your Information with other companies who provide us with technical, billing, web-support, and other type of essential supporting services. They will be contractually granted access to only that Information which is necessary for them to do their jobs and they will be prohibited from using the Information for any other purpose including sharing the Information with any other party.
3.6. We acknowledge that the use and dissemination PHI is governed by state and federal laws, including, but not limited HIPAA, and we operate in compliance with the mandates of HIPAA.
4. Can the information be changed?
Your Client Information may be viewed and modified in our active database in real-time, at any time. The changed Information may remain in archives and records for some period of time.
We reserve the right to delete any and all Information, including any reports, reminders, etc., within our possession without advance notice – and therefore, you are encouraged to download any and all information you want to save.
5. How is the information protected?
Our Site has substantial and elaborate security measures in place to protect your Information. Unique user names and passwords must be entered each time a person logs on. Our Service web-sites are hosted in a secure server environment that uses a firewall and other technology to prevent access from outside intruders, in line with prevailing industry standards. Internally, we use security-logs, train our employees, and limit access to Body Health IQ personnel who need to know the Information to deliver the Services. When transmitting sensitive Information, we use encryption technology. All of our technology and processes are not, however, guarantees of absolution security. Clients must actively protect their Information by maintaining the confidentiality of all usernames and passwords and by adequately installing the appropriate anti-virus programs and security measures on their own systems. You must immediately notify Body Health IQ if any information security breach is suspected.
Contact us at firstname.lastname@example.org.