Last Updated: September 9th, 2016
Ratchet Technologies Inc., a British Columbia, Canada corporation (“Ratchet,” “our,” “us,” or “we”) provides a patient engagement software-as-a-service product (“Platform”), which includes email, mobile App and web-based versions of a patient portal (collectively, the “Patient Portal”). Platform is designed to assist healthcare provider (“Provider”) communicate with their users (“Patients”) and patient’s caregivers (“Caregivers”) in providing personal health information and instructions for continuing in their episode of care. The term “you” refers to a Patient and/or Caregiver end user of Platform.
What information does Ratchet collect?
Unencrypted email is not a secure form of communication. There is some risk that any individually identifiable health information and other sensitive or confidential information that may be contained in such email may be misdirected, disclosed to or intercepted by unauthorized third parties. You consent to receive email from us regarding your treatment. We will use the minimum necessary amount of protected health information in any communication after we have successfully verify that the email you provided.
You also acknowledge and agree that, if you are a Patient, we may collect your Health Information. “Health Information” means any information related to your physical or mental health, including your medical history, family history, health background and current health status information, age information, sexual behavior and sexual orientation, demographic information (including ethnicity, marital status, salary and education information) and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, payments for treatment and health insurance information.
We may collect and use technical data and related information, including but not limited to technical information about your device, system and application software, peripherals and your interactions with Patient Portal (“Technical Information”). Technical Information is gathered periodically to facilitate the provision of software updates, product support, product enhancements and other services to you (if any) related to Patient Portal. We may also automatically receive and record information on our server logs from your browser or mobile device, which could include your IP address, cookie information, browser information and the page you request. This information is not deemed by Ratchet to constitute Personal Information and while Ratchet will not use it in a way that associates such information with you, such information may be aggregated and used. Ratchet owns this information and may use it in any manner it deems appropriate.
We may use Patient Portal to collect information from your web browser about your activities over time (“Behavioral Tracking Information”). Your web browser may allow you to opt-out of our collection of Behavior Tracking Information by selecting a “do not track” (or similar) setting. However, we do not currently have processes to address those settings or other “do not track” requests, and consequently, cannot guarantee that we will honor such requests. If you do not want us to collect this information, do not use Patient Portal.
How does Ratchet use this Information?
Patient Portal exists in order to allow Patients and Providers to manage and track their communication with one another. In order to provide for this type of exchange, we need to ensure that each user that contributes Information expressly permits the uses that we envision. For this reason, we need a license from you to use Patient and Caregiver Information, whether collected directly from you or, if applicable, your Caregiver. You hereby grant to Ratchet a non-exclusive, transferable, sublicensable, royalty free license to use Information in order to provide Patient Portal to Patient Caregiver, and Providers and as necessary to monitor and improve Patient Portal. The license is non-exclusive (meaning you are free to license the Information to anyone else in addition to us), fully-paid and royalty-free (meaning that we are not required to pay you for our use of the Information), sublicensable (so that we are able to use affiliates and subcontractors to provide Patient Portal), transferable (meaning that we may transfer it to a third party should we restructure our business), irrevocable (meaning that you may not revoke or rescind such license for any reason once the Information is uploaded) and worldwide (because the Internet is and the Service may be global in reach).
Any Information that we receive from a Provider will be handled in accordance with our agreement with such Provider. You may have additional rights under law in and to any Information about you that we receive from a Provider.
Sharing of Information
Except as set forth herein and as necessary to enable third party applications that you authorize, Ratchet does not rent, sell or share Information with or to third parties, and Information is only used to provide you with Ratchet products and services and to comply with any requirements of law.
Agents, technology vendors and/or contractors of Ratchet may have access to your Information on a need to know basis for the purpose of performing services on behalf of Ratchet or providing or enabling elements of Patient Portal. All such agents or contractors who have access to such information are required to keep the Information confidential and not use it for any other purpose than to carry out the services they are performing for Ratchet or as otherwise required by law. Notwithstanding the above, Ratchet may share or disclose your Health Information to agents, contractors or others only as allowed or required under applicable law.
If, as a Patient, you validate another end user as your designated Caregiver, we may share certain Information with that Caregiver.
Additionally, Ratchet may Share your Information with Providers who registered you on Ratchet for the provision of healthcare products and services (“Enabled Provider”). We share this Information (including certain Personal Information and Health Information) with Enabled Providers in order to provide elements of Patient Portal and to allow communication between the Enabled Providers and you.
Also, Ratchet or its agents or contractors may disclose Information if required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process; (2) protect and defend the rights or property of Ratchet or its agents or contractors; or (3) act in urgent circumstances to protect the personal safety of users of Patient Portal.
Finally, if Ratchet should ever merge with another organization, file for bankruptcy, or sell our assets or capital stock, we may transfer the Information to a third party or share the Information to the company or its agents with which we enter into such transaction as a part of such transaction.
Security of Your Information
We maintain physical, electronic, and procedural safeguards designed to protect the Information. These safeguards include, without limitation, encrypting all Personal Information and Health Information using AES 256-bit encryption and encrypting all other Information using TLS encryption.
Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of the Information and you acknowledge and agree that you transmit it to us at your own risk.
Please keep in mind that whenever you voluntarily disclose Information on our message boards or other public forums or features or through email or group messaging, or voluntarily utilize features of Patient Portal that inherently share Information such as features that allow a Patient to share Information with a Caregiver or that allow a Patient or Caregiver to share a Patient’s Information with a Provider, that Information can be collected and used by others. In short, by posting Information online that is publicly accessible (i.e. within message boards and the like), you may receive unsolicited messages from other parties in return or make others aware of your location. We are not responsible for the security or privacy of any Information you choose to submit in connection with these public features.
Third-Party Mobile Apps, Services and Technologies
Patient Portal is not designed to be used by children under the age of 13, although parents may use Patient Portal in a Caregiver user capacity to connect with their children’s Providers. We do not intentionally collect personal information from children through Patient Portal. If you believe that we may have collected Personal Information from someone under the age of 13, please contact us.