The following is Humetrix’s full statement of privacy practices for its iBlueButton app. A SHORTER PRIVACY NOTICE IS AVAILABLE HERE.

Humetrix is dedicated to protecting the privacy rights of users of the Apps. Our policies with respect to the handling of personal information with respect to these Apps are described within this Privacy Statement.

We may change, add, or remove portions of this Statement of Privacy Practices at any time, and such changes shall become effective immediately upon posting. A USER’S CONTINUED USE OF THE APPS FOLLOWING THE POSTING OF CHANGES TO THE PRIVACY POLICY WILL MEAN THAT THE USER ACCEPTS THOSE CHANGES.

Information We Collect, Why We Collect It and Who Sees It.
Humetrix automatically collects technical data and related information about the user’s device, operating system and application software that is gathered periodically to facilitate the provision of application updates, product support and other services to the user of the Apps. This information does not identify the user.

Humetrix automatically collects anonymous information about the use of the Apps, such as information indicating that the Apps have been downloaded, that the Apps have been used to retrieve a patient record, or that the Apps have been used to push a record to another user of the Apps. This Application is not supported via advertising and does not use the data it collects for advertising purposes.

Information We Do Not Collect
Patients who use the Apps enter or receive individually identifiable health information into and through the Apps. This information includes demographic information (name, address and date of birth), information about the patient’s past, present or future physical or mental health conditions, health care services the patient receives and past, present or future payment for healthcare. Humetrix does not collect this information. This information resides on the user’s smartphone or tablet and is not collected by or accessible by Humetrix. When a user pushes patient information to another user (such as a patient pushing a Blue Button^® record to a treating physician), the information may temporarily reside on Humetrix’s server to enable the exchange. The information is encrypted and Humetrix does not have access to the encryption key (meaning that Humetrix cannot read the information), and the information is deleted after the exchange is completed or after a short period of time if the exchange is not completed.

The Apps allow users to schedule appointments or take photos from within the Apps. Humetrix does not collect or have access to any information that the user stores through the Apps’ appointment and camera functionalities.

The Apps do not collect personally identifiable information about a user’s online activities over time and across third-party Web sites or online services. The Apps do not collect precise information about the location of a user’s mobile device.

Patients who use the iPhone iBlueButton Apps may choose to backup encrypted information to the iCloud server. No backup data is stored by Humetrix.

Data Retention
Humetrix does not retain personally identifiable information about its users.

Managing Your Information
A user may edit or delete his or her own information through the Apps. Please note that some personal data may be required in order for the Apps to function properly.

Children
We do not knowingly solicit data from or market to children under the age of 13.

Security
The App encrypts stored data that resides within the App. Additionally, when the App is used to take pictures using the mobile device’s camera, the pictures are stored by the App and are similarly encrypted. Users should be cautious when using the App to transfer ePHI to other software programs on the mobile device (such as an e-mail program), after which the ePHI will no longer be encrypted by the App. When the App "Pushes" ePHI to another mobile device running an iBlueButton App, the ePHI is encrypted during transfer using a one-time key. The encrypted PHI transferred to the cloud server is deleted immediately after the transfer or after a short period of time (if no transfer occurs). Humetrix does not have access to the encryption/decryption key or any unencrypted PHI. If the User chooses to transfer ePHI to the mobile devices e-mail program, the App will not encrypt the e-mail.

Humetrix does not collect or store individually identifiable health information or other personal information from users. It is the user’s responsibility to protect the personal information that resides on his or her device. Users should use a strong password using a combination of letters and numbers that are not easily guessed and they should not share the password with others. If a user shares a device, the user should always close all active Apps and log out before leaving the device unattended.

Even with the above described security, Humetrix cannot guarantee that a user’s information will be 100% protected. For example, a user’s individually identifiable health information may be accessed by an unauthorized party if the user’s smartphone or tablet is lost or stolen and the user has chosen a weak password for the Apps, or if the user chooses to use the Apps to e-mail individually identifiable health information and the e-mail is intercepted or misdirected. Users enter individually identifiable health information into the Apps at their own risk and should take appropriate steps to maintain the security of their information, such as by choosing a password that is not easily guessed.

Questions, complaints, and contacts
If you have any questions about this Statement of Privacy Practices or Humetrix’s policies and practices concerning the Apps, you can contact Humetrix by telephone at 1-888-702-2227 or by U.S. mail at the address below:

Humetrix
1155 Camino Del Mar, #503
Del Mar, California 92014

Phone: 888-702-2227
Email: [email protected]

Updated May 14, 2018