Notice of Privacy Practices & Privacy Policy
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
Last Updated: June 9, 2024
This Privacy Policy is designed to inform users of the Engine Tech LLC (DBA Skyler Health, “Skyler Health”) website (skylerhealth.com), mobile application and services (collectively, the “Services” or “Service”) about how we gather and use personal information collected by us in connection with use of the Service. You may have been invited to use, download or install the Service from a third party as part of an ongoing study or research project or your healthcare provider (such third party, the “Institutional Client”), or you may have subscribed or downloaded and installed the Service for your personal use. This Privacy Policy applies to the Services. This Privacy Policy also applies to any services provided by third parties (such as an Institutional Client) and delivered by or through the Skyler Health Services. We will take reasonable steps to protect user privacy consistent with the guidelines set forth in this Privacy Policy and with applicable U.S. laws. In this Privacy Policy, “user” or “you” means any individual using the Service, whether by downloading or browsing the Service, registering with us by creating an account, or participating in any other activities available through the Service. BY ACCESSING OR USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTAND, AND AGREE TO BE BOUND BY THIS PRIVACY POLICY AND OUR TERMS OF SERVICE. IF YOU DO NOT AGREE TO THESE TERMS, DO NOT USE THE SERVICE. FOR PURPOSES OF THIS PRIVACY POLICY, “WE”, “US” AND “OUR” MAY REFER TO Skyler Health Inc, AN INSTITUTIONAL CLIENT, OR BOTH, AS APPLICABLE.
WHAT INFORMATION DO WE COLLECT?
USER INTERACTION DATA
We may use mobile tracking technologies such as cookies, web beacons, pixel tags and clear GIFs, as well as embedded code in the Services itself, in order to operate the Service efficiently, and to collect data related to your usage of and interaction with the Service, and general use and interaction with your mobile device. All such collected data (collectively, “User Interaction Data”) may include how and when you use your mobile device for communications with others, including mobile phone and text use, and your location and speed of movement while you use your mobile device. Such User Interaction Data may also include, but is not limited to, call information, SMS information (see Safeguards below), location samples, accelerometer samples, smartphone actions, and smartphone screen-time related to, or resulting from, your use of the Services. We do not access or collect the content of your mobile phone communications, such as conversations or text messages.
User Survey Data; Personal Information:
We collect the following personal information in connection with the Service: (a) when you register to use the Service, whether in your individual capacity or on behalf of an organization, we may collect the personal information that is disclosed on our online registration form, such as your name, email address and other information detailed therein (the “Account Data”); (b) if you communicate with us by email, we will collect your email address; and (c) if you use the Services to respond to surveys and questions from an Institutional Client, we may collect the information you provide in your responses, such as health information (if any) (the “User Survey Data”). Such User Survey Data includes, but is not limited to, your answers or submissions to study surveys and health questionnaires, inferred health status for specific conditions, and survey alerts. The User Survey Data, together with the User Interaction Data, is referred to as “Unprocessed User Data.” We may also collect certain demographic information, such as age and gender, that may be disclosed by you. All of the Account Data, e-mail addresses, demographic information, and Unprocessed User Data is referred to in this Policy as “Personal Information”. Any health information that you provide is safeguarded in accordance with applicable U.S. laws.
HOW DO WE USE THE INFORMATION WE COLLECT?
CREATION OF PROCESSED DATA
Skyler Health may use its proprietary technology and the Unprocessed User Data to compile personalized features for each user. Such personalized features analysis, and other data processed from Unprocessed User Data (collectively, the “Processed User Data”), may be summarized or otherwise set forth in one or more written or computer generated report(s) (the “Reports”). Such Processed User Data and Reports may be delivered to the applicable Institutional Client (and/or to you within the mobile application or through the applicable Service to the extent Skyler Health provides such delivery as part of the applicable Service). The applicable Institutional Client may also be provided with User Survey Data.
USE OF PERSONAL INFORMATION
We will use and store Personal Information for the purpose of delivering the Service to you and, where applicable, to Institutional Clients, and to analyze and enhance the operation of the Service. We also store and use Personal Information and, where applicable, any information obtained from Institutional Clients for proprietary analysis and development of personalized features for you and/or, where applicable, the Institutional Client. Personal Information may also be used for the internal operational and administrative purposes of the Service. We will not sell or use Personal Information for purposes other than what is authorized pursuant to your End User License Agreement (“Terms of Use”). For example, we will not sell your identifying Personal Information to third party direct marketers or advertisers. In order to share insights across Institutional Clients, allow for additional research and product development, and to garner insights about the data that we gather over time, Skyler Health Inc may anonymize your Personal Information, or de-identify your health information in a way that meets the Health Insurance Portability and Accountability Act of 1996 (HIPAA) de-identification standard, so that the data will no longer be identifiable to you.
AGGREGATE INFORMATION
We will create statistical, aggregated data relating to our users and the Service for analytical purposes. Aggregated data includes data derived from Personal Information and obtained by Skyler Health Inc from other sources in aggregated, anonymous form and does not identify any individual (such data, “Aggregate Information”). Subject to applicable laws and regulations, we use Aggregate Information to understand our customer base and to develop, improve and/or market our Services. We may provide Aggregate Information to third parties.
LEGAL EXCEPTION
Under certain circumstances, Personal Information may be subject to disclosure pursuant to judicial or other government subpoenas, warrants, or orders. As such, notwithstanding the above, we may in any event use Personal Information, Aggregate Information and any other information collected and created through the Service to the extent required by law or legal process, to resolve disputes, to enforce our agreements (including this Privacy Policy and the Terms of Use) with you, or if in our reasonable discretion use is necessary to protect our legal rights, to protect you against self-harm, or to protect third parties.
EMAIL AND OTHER COMMUNICATIONS
If you register and provide your email address, we may send you administrative emails. If you wish to opt out of these emails, you may do so by following the “unsubscribe” instructions in the email; provided however, Skyler Health may maintain the right to send you important emails about your account or the Services. Email and text messaging allows healthcare providers to exchange information efficiently for the benefit of users/patients. At the same time, we recognize that email and text messaging are not a completely secure means of communication because these messages can be addressed to the wrong person or accessed improperly while in storage or during transmission. Your use of the Service means that you agree and consent to the use of email and/or text messaging as an acceptable form of communication.
User Testimonials:
We value your feedback on, and appreciate any testimonials about, our Services. If you send us any such feedback or testimonials, they shall be deemed, and shall remain, the property of Skyler Health and none shall be subject to any obligation of confidence on our part. However, Skyler Health Inc shall obtain prior written approval of any usage of your identity or contact information, if Skyler Health wishes to reference you in connection with that feedback or testimonial.
WHAT INFORMATION DO WE DISCLOSE TO THIRD PARTIES?
PERSONAL INFORMATION
We will not disclose your identifying Personal Information, including identifiable health information, to any third party except as follows: (i) Skyler Health may disclose your Personal Information to an Institutional Client on whose behalf the information was collected. (ii) Skyler Health may disclose your Personal Information to third party contractors engaged to provide services on our behalf (“Contractors”), such as performing marketing, analyzing data and usage of the Service, operating the Service or providing support and maintenance services for the Service, or providing customer service. We enter into confidentiality agreements with all Contractors that require Contractors to use the Personal Information they receive only to perform services for us. (iii) Skyler Health may otherwise disclose your Personal Information when we have your consent to share the information. In such cases, we will have written contracts in place with the third parties requiring them to comply with terms of confidentiality similar to the applicable terms of this Privacy Policy as well as all applicable statutes, regulations and laws pertaining to the protection of such Personal Information.
AGGREGATE INFORMATION
We may disclose Aggregate Information (which has been de-identified) to third parties, such as the Institutional Client, potential customers, business partners, advertisers, and funding sources, as part of our business and operations. We may also license, sell, or otherwise use or provide Aggregate Information.
NETWORK OPERATORS
Use of the Service may involve use of the services of third party telecommunications carriers. Such carriers are not our contractors, and any information that a carrier collects in connection with your use of the Service is not “Personal Information” and is not subject to this Privacy Policy. We are not responsible for the acts or omissions of telecommunications carriers.
ADDITIONAL DISCLOSURES
We reserve the right to disclose any information we collect in connection with the Service, including Personal Information, (a) to a subsidiary or parent company or to any successor to our business as a result of any merger, acquisition, asset sale or similar transaction; and (b) to any law enforcement, judicial authority, or governmental or regulatory authority, to the extent required by law or if in our reasonable discretion disclosure is necessary to enforce or protect our legal rights, to protect you, or to protect third parties.
THIRD PARTIES
We reserve the right to use third parties to provide or support the Service.These third parties are used to provide a more efficient service to users/patients. Such third parties have their own policies and procedures around information security. Your use of the Service means that you agree and consent to the security and privacy policies of such third parties.
ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
Whenever you use our Services, we aim to provide you with access to your Personal Information. If that information is wrong, we strive to give you ways to update it quickly, or to delete it – unless we have to keep that information for legitimate business or legal purposes. You may send us an email to help@skylerhealth.com requesting that we remove your account and delete all of your Personal Information, that we stop collecting data from your mobile phone, or to otherwise provide us with the necessary changes to update your Personal Information. We aim to maintain our Services in a manner that protects information from accidental or malicious destruction. Subject to applicable law and necessary record retention requirements, your identifying Personal Information shall be deleted from our records within 90 days of your request or the termination of the Terms of Use you enter with us. Notwithstanding, we have the right to continued use of any Aggregate Information or de-identified information even if we have deleted the underlying Personal Information. Furthermore, even when your Personal Information is deleted from Skyler Health Inc system, you acknowledge data is not removed from existing personalized features, the Processed User Data or Reports that were built off of that data, including without limitation those that may have been previously provided to Institutional Clients.
PRIVACY SETTINGS
Skyler Health Inc is happy to allow you to review or amend your email address or account information held in our database. Please contact us by sending an email to: help@skylerhealth.com. If you would like your account permanently removed from our database, please contact us at help@skylerhealth.com. We will then terminate your account, and you will no longer receive emails from Skyler Health. Termination of your account will not result in the deletion of any Aggregate Information and de-identified information that Ginger.io holds relating to you, and we will retain this information and may use and disclose it in accordance with this Privacy Policy. As stated above, applicable laws may require Skyler Health Inc to retain certain information following termination of your account. Skyler Health Inc may still contact users who have deleted their information for administrative purposes in connection with the Services.
CCPA Privacy Rights
Under the CCPA, among other rights, California consumers have the right to:
Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
Request that a business delete any personal data about the consumer that a business has collected.
Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
GDPR Data Protection Rights
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us.
SECURITY
We use reasonable security precautions to protect the security and integrity of your Personal Information in accordance with this Privacy Policy and applicable law. However, no Internet transmission is completely secure, and we cannot guarantee that security breaches will not occur. Without limitation of the foregoing, we are not liable for the actions of hackers and other unauthorized third parties that breach our security procedures. Nor are we responsible for other breaches to your Personal Information outside our control, such as resulting from loss, theft or unauthorized use of your mobile device or third party systems. You are responsible for maintaining the security of your login ID and password. If you believe that your login ID or password have been compromised you should immediately change your password and contact support. We are not responsible if someone else accesses your account through registration information they have obtained from you or through a violation by you of this Privacy Policy or your Terms of Use.
SAFEGUARDS
We have implemented the following technical safeguards to minimize the potential risk of a privacy breach: – During analysis, data is linked only to coded identifiers for the participants, and not to any personal identifiers. – Contents of SMS messages or phone calls are not captured. Only SMS and phone call events are logged. – Incoming and outgoing phone numbers and names from your contacts are stored encrypted. – Raw audio is not captured or stored. – Email addresses used during the Mobile Application install process and to send notifications will be inaccessible for analysis, and stored in encrypted form.
LINKS
The Skyler Health Service may contain links to other websites. Skyler Health is not responsible for the privacy practices or the content of those websites. Users should be aware of this when they leave our Service and are encouraged to review the privacy statements of each third party website. This Privacy Policy applies solely to information collected by Us.
AMENDMENTS
We may modify or amend this Privacy Policy from time to time. If we make any material changes, as determined by Skyler Health, in the way in which Personal Information is collected, used or transferred, such changes to this Privacy Policy will be available via a link to the most current terms of the Privacy Policy (which can be found at Skyler Health’s website for the Services). Notwithstanding any modifications we may make, any identifying Personal Information collected by Us from you will be treated subject to applicable laws and regulations. The date last revised appears at the bottom of the Privacy Policy. Changes take effect immediately upon posting.
DO NOT TRACK BROWSER REQUESTS
Skyler Health does not use services that track your behavior across the Web. Therefore, our Service does not alter its behavior or change its services upon receiving Do Not Track requests from your web browser.
CHILDREN
Skyler Health does not knowingly collect or maintain personally identifiable information from persons under 13 years of age, and no part of the Service is directed at persons under 13. If you are under 13 years of age, then please do not use the Service. If Skyler Health learns that personally identifiable information of persons less than 13 years of age has been collected without verifiable parental consent, then Skyler Health will take the appropriate steps to delete this information. To make such a request, please contact us at help@skylerhealth.com.
GENERAL INQUIRIES & CONCERNS
To submit a general inquiry or concern, please contact us at help@skylerhealth.com or write to us at the following address: Skyler Health, Inc. c/o Customer Support – Privacy Policy 221 Main Street, #148, Los Altos CA 94023.
SERVICE VISITORS FROM OUTSIDE THE UNITED STATES
Skyler Health and its servers are located in the United States and are subject to the applicable state and federal laws of the United States. If you choose to access or use the Service, you consent to the use and disclosure of information in accordance with this Privacy Policy and subject to such laws.
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
Last Updated: June 9, 2024
OVERVIEW
This notice will tell you about the ways Engine Tech LLC (DBA Skyler Health, “Skyler Health”) and our health insurance partner Headway, (collectively referred to as “Practice,” “we,” or “us”), may disclose health information about you and will also describe your rights and certain obligations that we have regarding the use and disclosure of your health information. Skyler Health uses Headway for all health insurance credentialing of it’s providers and billing health insurance companies. Headway is a behavioral health group that is operated across multiple legal entities which are referred to by the HIPAA Privacy Rule as an "organized health care arrangement." Skyler Health and Headway have relationships with the providers listed on this website and provide services via telehealth and at the service delivery sites of the providers listed on this website. Skyler Health and Headway's legal entities share protected health information with each other, as necessary to carry out Practice's treatment, payment and health care operations. All of the legal entities that comprise Skyler Health and Headway agree to comply with the terms of this Notice of Privacy Practices.
We are required by law to: make sure that health information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to your health information; notify you following a breach of your unsecured protected health information; and follow the terms of the notice that are currently in effect. Although this notice is being provided to you electronically, and by signing an acknowledgment of receipt of this notice, you consent to the provision of this notice electronically, you have the right to request a paper copy of this notice. We reserve the right to change our privacy practices and the terms of this notice at any time. You may obtain a copy of the revised notice on this website. This notice is effective as of June 9, 2024.
HOW YOUR INFORMATION IS USED
We may use and disclose your health information for the purposes of providing services and quality care. For the avoidance of doubt, providing treatment services, collecting payment and conducting healthcare operations are all necessary activities for quality care. State and federal laws allow us to use and disclose your health information for these purposes.
Here are some helpful examples, but this list is not exhaustive:
Using your information for providing treatment. For example, If your treating provider cannot prescribe medications but wants to refer you to a prescriber in your insurance network, he or she may use your health information for the purpose of referring you to a prescriber who is affiliated with the Practice.
The Practice or its business associates may use and disclose health information in order to verify your insurance and coverage.
Example of using and disclosing your health information for collecting payment
The Practice or its business associates will submit claims for reimbursement to your insurance company in order for them to pay us for the services we provide to you, which requires using your health information.
Examples of using and disclosing your health information for healthcare operations
The Practice or its business associates will use and disclose your health information for the review of treatment procedures, and may use it to review documentation to ensure provider compliance.
For uses and disclosures for purposes other than treatment, payment and operations, we are required to have your written authorization, unless the use or disclosure falls within an exception, such as those described below. Most uses and disclosures of psychotherapy notes (as that term is defined in the HIPAA Privacy Rule), uses and disclosures for marketing purposes, and disclosures that constitute the sale of Personal Information require your authorization. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we may have already taken any action in reliance on your authorization.
DISCLOSURES THAT CAN BE MADE WITHOUT AN AUTHORIZATION
Emergencies. Sufficient information may be shared to address an immediate emergency you are facing.
Judicial and Administrative Proceedings. We may disclose your personal health information in the course of a judicial or administrative proceeding in response to a valid court order or other lawful process, including if you were to make a claim for Workers Compensation.
Public Health Activities. If we felt you were an immediate danger to yourself or others, we may disclose health information about you to the authorities, as well as alert any other person who may be in danger.
Child/Elder Abuse. We may disclose health information about you related to the suspicion of child and/or elder abuse or neglect.
Criminal Activity or Danger to Others. We may disclose health information if a crime is committed on our premises or against our personnel, or if we believe there is someone who is in immediate danger.
Health Oversight Activities. We may disclose health information to a health oversight agency for activities authorized by law. These activities might include audits or inspections and are necessary for the government to monitor the health care system and assure compliance with civil rights laws. Regulatory and accrediting organizations may review your case record to ensure compliance with their requirements. The minimum necessary information will be provided in these instances.
Business Associates. The Practice may disclose the minimum necessary health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, the Practice contracts with a vendor for filing claims with insurance companies. In the process of filing claims, that organization will come into contact with your information. We also contract with a vendor that collects and manages internet or other electronic network activity on our sites and services and internally encodes it so that we can determine and manage information that might be health information. All of our business associates sign agreements to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.
Research. Under certain circumstances, we may use and disclose health information for research. We may permit researchers to look at non-identifying information to help them plan research projects.
Marketing. We may send you newsletters or information about services we provide in which we feel you might be interested. You may at any time request that your name be removed from our mailing list.
Scheduling appointments. We may email or call you to schedule or remind you of appointments.
YOUR INDIVIDUAL RIGHTS
Right to Inspect and Copy. You have the right to look at or get copies of your health information, with limited exceptions. Your request must be in writing. If you request a copy of the information, a reasonable charge may be made for the costs incurred.
Right to Amend. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We have the right to deny your request under certain circumstances.
Right to an Accounting of Disclosures. You have the right to receive a list of instances in which we have disclosed your health information for a purpose other than treatment, payment, or health care operations. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer. Such accountings remain available for six years after the last date of service at the Practice.
Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you. For example, you could ask that we not share information with an insurance company, in which case you would be responsible to pay in full for the services provided. While you are in treatment, a written request should be made with your therapist. To request a restriction after therapy is completed, you must make your written request to the Privacy Officer. We are not required to agree to your request, but we will consider the request very seriously. If we agree, we will abide by our agreement unless the information is needed in an emergency or by law.
Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only by mail or at work. You must make this request in writing and it must specify the alternative means or location that you would like us to use to provide you information about your health care. We will make every attempt to accommodate reasonable requests.
Right to File Complaints. You may complain to us and to the Secretary of Health and Human Services if you believe your privacy rights have been violated. You may file a complaint with us by contacting the Privacy Officer at compliance@headway.co or (646) 453–6777 or compliance@skylerhealth.com or (650)-208-3893. You will not be retaliated against for filing a complaint. You may also contact the Privacy Officer for further information about this notice.
EMAIL AND TEXT MESSAGES
Some of our patients prefer to communicate with their provider via email or text message. Email and text messages have inherent privacy and security risks, and you should be aware of those before using emails and text messages. Errors in transmission or interception of messages can occur. Your email or text message is not a secure communication between you and your treating provider. At your health care provider’s discretion, your email or text message any and all responses may become part of your medical record. Additionally, for urgent or an emergency situation, you should not rely on email communication with providers affiliated with the Practice. In those situations, you should call 911.