2. Definitions

“Activity Logs” are the Company’s and its CCA Service Contractors' records of when PHR Data is created, accessed, modified, deleted, released, or exported from and/or within your CCA PHR.

“Aggregate Data” is PHR Data that is: (1) grouped so it does not connect to you as an individual and (2) has names and other identifiers removed or altered. In other words, Aggregate Data is de-identified data and cannot be used to identify you as an individual.

“Authorized User” is any individual or entity authorized designated by you to receive a User ID in order to access and/or provide information to a Care Circle Account, including without limitation, any Subscriber, Care Recipient, Provider, or Wisdom Caregiver.

“Care Circle Account” is the account created by you in connection with your paid Subscription to the Service.

“Care Recipient” is a minor child or other individual over whom a Subscriber has legal authority or who has consented to the Subscriber’s caregiving and opening of a Care Circle Account on his or her behalf.

“CCA Platform” is the care management platform for which you may obtain a paid Subscription to use in connection with your Care Circle Account.

“CCA Service Contractor” is a person or entity that is hired to perform certain functions for us to support the development, maintenance, and implementation of the Service. CCA Service Contractors may include software or website designers and data storage providers.

“PHR” means Personal Health Record. A PHR is an electronic health data application that can help you collect, manage, and share health information. As a Subscriber, your Care Circle Account features a PHR, referred to herein as your “CCA PHR.”

“PHR Data” means information you provide and/or authorize all or some of your Authorized Users to provide to your CCA PHR. Any information in your CCA PHR is considered PHR Data. PHR Data might include, but is not limited to, the following:

• Your name and contact information, such as your address, phone number, or email address
• Your medical history, conditions, treatments, and medications
• Your healthcare claims, health plan account numbers, bills, and insurance information
• Demographic information, such as your age, gender, ethnicity, and occupation
• Computer information, such as your IP address and "cookie" preferences


As described further below, we may use your PHR Data to achieve the following:

• Operate and manage the CCA PHR platform, software, and website
• Maintain and protect our computer systems
• Comply with the law, such as responding to subpoenas and search warrants

PHR Data includes Personal Information and Aggregate Data.

“Personal Information” means information about you that reasonably can be linked to you such as your name, health information, and other identifiers. Personal Information may also include but is not limited to your health information, financial information or social security number.

“Provider” means a provider of Third Party Services, such as products, services or resources.

“Reporting” refers to any activity whereby CCA and our CCA Service Contractors might report about business activities and customers (you) to others, such as investors, auditors, potential business partners, or public communities. Reports will not include Personal Information without your specific permission or as permitted or required by law.

“Security Measures” may include computer safeguards, secured files, and employee security training. In addition, we may be required by law to notify you about particular data breaches.

“Third Party Services” are websites, services and Providers available on the Internet that are operated and controlled by organizations other than CCA, but may be linked to the CCA website.

“User Generated Content” is content that a Subscriber or Authorized User generates, and may include visual images, messages, posts, PHR Data, and Personal Information.

“Wisdom Caregiver” is a person that supports and assists one or more Subscribers in using the Services and with whom CCA has contracted to facilitate the provision of Services to Subscribers.


3. What Information We Collect

3.1 Before you become a Subscriber, we may collect your information in the following ways:

(a) If you contact us through the Internet and provide us with your contact information (e.g., name, mailing address, email address and other information). We will use such information for the sole purpose of informing you about the Service and inviting you to register for the Service.

(b) You post and share User Generated Content with others at your own risk. Although we limit access to certain pages, you may set certain privacy settings and alerts for such information by logging into your account profile upon subscribing to the Service. Please be aware that no Security Measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Generated Content. Therefore, we cannot and do not guarantee that your User Generated Content will not be viewed by unauthorized persons.

3.2 In order to create a Care Circle Account, you must be a Subscriber. As part of the Subscription process, you may be asked to provide certain Personal Information. You also may be asked to confirm the information that you provided to CCA prior to your Subscription, if any. As part of the Subscription process, you will also have the opportunity to provide additional information to CCA that may enhance your use of the Service.

3.3 In general, we collect all your User Generated Content. As a Subscriber, you can add information to your Care Circle Account. You may choose to provide Personal Information, and you may opt to upload PHR Data to your CCA PHR. You may also choose to include Personal Information about others in your profile by providing us with names and contact information for emergency contacts and Authorized Users. You must have legal authority or have obtained authorization from the Care Recipient in order to share his or her data and User Generated Content with CCA and other Authorized Users. You represent and warrant that you have such legal authority or authorization. We also may collect User Generated Content from any Authorized User whom you expressly authorize to access or send information (including PHR Data and Personal Information) to your Care Circle Account. If you choose to request that an Authorized User add or upload health records or other PHR Data, it is your responsibility to obtain authorization from the Care Recipient that complies with the requirements of the Health Insurance Portability and Accountability Act of 1996, as amended.

3.4 We passively collect information from you as you navigate through our Service. We may track IP addresses, use industry standard tracking devices (e.g., session and persistent cookies, flash cookies, web beacons), and electronically gather information about the technology you use to access the Service and the areas of the Service you utilize. We passively collect this information for operational purposes such as evaluating, updating and improving the Service.

3.5 Cookies help us in many ways to make your visit to our websites more enjoyable and meaningful to you. Cookies are text information files that your web browser places on your computer when you visit a website. We may use such "cookie" technology to obtain non-personal information from you as an online visitor. As an example, this might entail recognizing several web page requests coming from the same computer and therefore the same visitor. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. If you do not wish for us to collect cookies, you may set your browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Service may then be inaccessible and you may not receive the full benefits of the Service.

4. How We Use Your Information

4.1 We use your information to provide the Service as described on the Website and Terms of Service, as well as to enhance the performance of the Service and/or to create new services. We may use Personal Information for product development or product enhancement.

4.2 If you choose to designate any Authorized User to participate in the Service with you, then we may use your information to facilitate the exchange of information and communication between you and such Authorized User.

4.3 Depending on your Care Circle Account settings (as described in Section 6 below), communications between you and your Authorized Users may be initiated by you or your Authorized User. You are under no obligation to initiate or respond to such communications. By participating in such communications, as directed by you, you agree that some or all of your PHR Data contained in your CCA PHR may be shared with your Authorized Users through the Service. Additionally, your CCA PHR may be shared, at your election, through interfaces with a health care provider’s information systems (so long as such health care provider is an Authorized User), and you agree that such PHR Data may be incorporated into your health care record maintained by your Authorized Users who provide health care services and maintain health records. We will not alter the content of User Generated Content. However, we may remove or block any content that we deem offensive, indecent, or otherwise objectionable or in violation of the Terms of Service. We may keep a record of all communications between you and your Authorized Users. We will not share the content of such communications except as permitted under this Privacy Policy, the Terms of Service, or as required by law, unless you expressly consent to or authorize disclosure.

4.4 We will not sell or rent, your Personal Information or PHR Data without your written consent. We will not use or disclose your Personal Information or PHR Data, except as described in this Privacy Policy, the Terms of Service, or as permitted or required by law.

5. Sharing Your Information With Third Parties

5.1 We may make your Personal Information available to Authorized Users or as necessary to complete transactions you authorize.

5.2 We may disclose your Personal Information to our CCA Service Contractors that provide technical support or other services to us related to the Service. All such CCA Service Contractors are subject to confidentiality obligations and may only access and utilize your data for purposes of fulfilling their obligations to CCA.

5.3 We may provide or sell Aggregate Data that is de-identified to third parties. However, Aggregate Data will not include any of your Personal Information or be individually identifiable.

5.4 We may access, preserve and disclose your Personal Information, other account information, and User Generated Content if we believe doing so is required or appropriate in order to comply with law enforcement requests and legal process, such as a court order or subpoena; defend against legal claims; respond to your requests; protect the rights, property and safety of you, CCA, or others; or as otherwise required by law.

5.5 If a third party acquires the assets or equity of CCA related to the Service (whether by sale, merger, change of control, bankruptcy or otherwise), your Subscription and User Generated Content, including but not limited to Personal Information and PHR Data may be transferred to the new owner(s). In such case, your Personal Information would remain subject to the provisions of the CCA privacy policy that was in effect immediately prior to the transfer, unless we provide you notice otherwise. You may, however, terminate your Subscription at any time.

6. Choices You Have About How We Use Your Information

CCA offers you a number of ways to control collection and use of your information when you use the Service. Your options include:

6.1 Managing Your Account. You can review User Generated Content that has been shared with Authorized Users by logging into your Care Circle Account. You can modify or delete any User Generated Content at any time. You may also choose to modify or delete User Generated Content that others have shared with you. Modifications to your CCA PHR are not automatically communicated to your Authorized Users. If you want your Authorized User to know of changes or additions within your CCA PHR, you must inform the Provider or third-party of such changes or set alerts in your account to notify them of changes and additions.

6.2 Modifying Your Account Settings. Your Care Circle Account settings are designed to provide you with control over the information that you share. We encourage you to review your Account settings and adjust them in accordance with your preferences. You may customize and control each Authorized User’s scope of access to your Care Circle Account, as well as the information and data available to such Authorized User. You may permit each Authorized User to: (a) have the same level of access to your Care Circle Account as you have, i.e., the Authorized User will be authorized to access your Care Circle Account (including your CCA PHR) and to communicate with you and other Authorized Users to the same extent that you are able using the Service; and/or (b) have "read-only" access to all or certain types of information in your Care Circle Account, i.e., the Authorized User will be authorized only to access and read those types of information that you allow, but will NOT be authorized to communicate with other Authorized Users or to upload information to your Care Circle Account. You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized User you designate to receive a User ID and password; and (b) CCA has no responsibility or liability in connection with any access to, or use of, your Care Circle Account and information by any such Authorized User or by a person to whom the Authorized User has provided his username and password.

6.3 Deactivating an Authorized User. You may revoke any Authorized User’s authorization to access your Care Circle Account through your account settings. Once revoked, such Authorized User may no longer access and use the Service with respect to you and your User Generated Content including, but not limited to, Personal Information and PHR Data. Any disclosure of your PHR Data or Personal Information made prior to the revocation cannot be recalled, removed, or retrieved by us. By using the Service, you agree that we cannot, and have no obligation to, remove User Generated Content, including but not limited to Personal Information or PHR Data from the records of an Authorized User previously disclosed.

6.4 Terminating Your Account. As a Subscriber, you may terminate your Care Circle Subscription at any time by notifying us in accordance with the Terms of Use. Upon termination of the Subscription, we will maintain all User Generated Content associated with your Care Circle Account for a period of ninety (90) days, at which time we may destroy the User Generated Content, or in accordance with our then current document retention and destruction policies. Please note that copies of your User Generated Content may remain in the records of your Authorized Users as described in Section 6.3, above.

7. Data from Care Recipients Under the Age of 18

7.1 The Service is not intended for use by children younger than 18 years old. We will not knowingly collect information from site visitors younger than 18 years. However, a Subscriber may elect to establish a Care Circle Account for a Care Recipient who is under age 18 and, in doing so, expressly consents to CCA utilizing such information as set forth in this Privacy Policy and the Terms of Service. Subscriber represents and warrants that the Subscriber is authorized to establish the Care Circle Account for the Care Recipient who is under the age of 18 or who is not competent.

 7.2 A Care Recipient’s CCA PHR will be linked to a Subscriber’s Care Circle Account until the earlier of the following to occur: (i) CCA receives written instruction from a Care Recipient who is at least 18 years old to remove the information, or (ii) CCA receives formal instruction from a court of law or agency or as otherwise required by law to remove the Care Recipient’s CCA PHR from the Subscriber’s account.

8. How We Protect Your Information

8.1 We use both technical and procedural Security Measures to maintain the integrity and security of the Service and other databases, including the use of firewalls. The Service encrypts all PHR Data during transmission between you or your Authorized User and CCA. Within your Care Circle Account, all Personal Information and PHR Data is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted.

8.2 The safety and security of your Personal Information and PHR Data also depends on you. Never share your password with anyone else. Notify us immediately if you believe your password has been breached. Also, remember to log off of the Website before you leave your computer.

9. Security Breach Notification Requirements

Pursuant to applicable law, we may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information. In the unlikely event that we must provide you a notice of a security breach, we will send you security breach notices to the e-mail address contained in your account information, unless we are otherwise required by law. Please note: many e-mail systems have built in SPAM filters. If you have one in place, you should check with your system administrator or the available instructions to confirm that e-mails from CCA are not blocked by the filter e.g., by confirming that the service domain names www.ccadvocates.org, and www.myhana.org. are permitted domain names.

10. Changes to this Privacy Policy

We reserve the right to change the Privacy Policy in our sole discretion. In such case, we will post the new Privacy Policy on the Website and the effective date of the new Privacy Policy will be clearly marked. If we update this Privacy Policy, your continued use of the Service (following the posting of the revised Privacy Policy) means that you accept and agree to the terms of the revised Privacy Policy. Remember, by using any part of the Service, you accept and agree to our Privacy Policy and privacy practices.


11. More information

If you have additional questions, please contact myHana™ any time. Or email us at:

support@myhana.io

Date last modified: August 19, 2022

privacy policy

Unless otherwise requested and authorized by you, the following summarizes our Data Practices:

Release

PHR Data

Do we release your PHR Data for the following purposes?

Personal Information

Aggregate
Data

Marketing and Advertising

no

no

Medical and pharmaceutical research

no

no

Reporting about our company and our customer activity

no

yes

To your insurer and employer

no

no

For developing software applications 

no

no

Do we require limiting agreements that restrict what myHana™ Service Contractors can do with your Personal Information?

yes

n/a

Welcome to the Chronic Care Advocates website (the “Website”).

This Privacy Policy describes how Chronic Care Advocates, Inc., a Delaware corporation (“CCA,” “Company,” “we,” “our” or “us”), protects your personal information when you use the Website, the CCA Platform, MyHANA and any other related features, contents, applications, products or services including our advertising and applications on third-party websites and services, if those applications or advertising include links to this Privacy Policy (collectively, the "Service or “Services").

In this Privacy Policy, all references to CCA include its subsidiaries or affiliates involved in providing the Service. As used in this Privacy Policy, the words “Subscriber,” “you” and “your” refer to each individual or entity that has entered into a Subscription with us to establish a Care Circle Account for a Care Recipient through the Service as the Care Recipient’s guardian or representative, and the term “Subscription” consists of this Privacy Policy, our Terms of Service and the transactional rates and certain other terms and conditions related to the creation of your Care Circle Account, which are incorporated herein by reference. Additionally, as instructed by the context and nature of the provision contained herein, the words “you” and “your” may also apply to each Care Recipient, Authorized User, Provider, Wisdom Caregiver, and other visitor of the Website who, when visiting the Website, is bound by the Terms of Service, except for such provisions that implicate a Subscription, or Subscriber or Authorized User status.

“Authorized User” refers to any individual or entity (including, without limitation, any Care Recipient, Provider or Wisdom Caregiver) whom you authorize to receive a user ID (“User ID”) in order to access, use and/or upload information to your Care Circle Account. Any references to “you” and “your” in these Terms of Service shall be construed as including Authorized Users, based on the context and nature of the provision contained herein. Each Subscriber will be responsible and liable for all acts and omissions of his or her Authorized Users in connection with their use of the Services and compliance with the underlying Subscription.

This Privacy Policy is incorporated by reference into CCA’s Terms of Service, which you may review below. Please review this Privacy Policy and the Terms of Service carefully. If you have any questions about our privacy practices, please refer to the end of this Privacy Policy for information on how to contact us. If you do not agree with our practices, do not access or use any part of the Service. We reserve the right to change the Privacy Policy in our sole discretion. In such case, we will post the new Privacy Policy on the Website and the effective date of the new Privacy Policy will be clearly marked.

Do we have Security Measures that are reasonable and appropriate to protect PHR Data, in any form, from unauthorized access, disclosure, or use?

yes

yes

Do we store PHR Data in the U.S. only? 

yes

yes

Do we keep Personal Information Activity Logs for your review?

yes

n/a