Privacy Policy

Last Updated: September 9th, 2016

Ratchet Technologies Inc., a British Columbia, Canada corporation (“Ratchet,” “our,” “us,” or “we”) provides a patient engagement software-as-a-service product (“Platform”), which includes email, mobile App and web-based versions of a patient portal (collectively, the “Patient Portal”). Platform is designed to assist healthcare provider (“Provider”) communicate with their users (“Patients”) and patient’s caregivers (“Caregivers”) in providing personal health information and instructions for continuing in their episode of care. The term “you” refers to a Patient and/or Caregiver end user of Platform.

Ratchet respects your privacy. In that regard, we have created this Privacy Policy to let you know what information we collect when you use Patient Portal. This Privacy Policy describes the information we collect, how we use that information and any potential disclosures of such information.

Your Consent to this Privacy Policy

The term “you,” as used in this Privacy Policy, refers to a Patient and/or Caregiver end user of Patient Portal. By using Patient Portal, you agree to this Privacy Policy. This is our entire and exclusive Privacy Policy and it supersedes any earlier version.

We may change this Privacy Policy by posting a new version through Patient Portal, and it is your responsibility to review this Privacy Policy periodically. When we do change the policy, we will also revise the “last updated” date at the beginning of this Privacy Policy and may notify you or post a message via the Mobile App and/or the Patient Dashboard. Your continued use of Patient Portal constitutes your agreement to this Privacy Policy and any updates.

What information does Ratchet collect?

Personal Information

As used in this Privacy Policy, “Personal Information” means any information that may be used to identify an individual. When you use Patient Portal, whether as a Patient or a Caregiver, we may collect certain Personal Information, such as your first and last name, email address and password, phone number, or other contact information, whether at work or at home. If you are a Patient, you acknowledge that we may collect this Personal Information from your Provider; from you directly or through your Caregiver. We may ask you or your Caregiver to provide Personal Information about you that will enable us to enhance your use of Patient Portal. It is your choice whether or not to provide that Personal Information through Patient Portal; provided that if, as a Patient, you designate a Caregiver, the Caregiver may elect to provide your Personal Information on your behalf. In such case, the Caregiver is solely responsible for obtaining your consent to provide such Personal Information. If you choose not to provide requested Personal Information, you may not be able to use certain features of Patient Portal.

 

Unencrypted Email

Unencrypted email is not a secure form of communication. There is some risk that any individually identifiable health information and other sensitive or confidential information that may be contained in such email may be misdirected, disclosed to or intercepted by unauthorized third parties. You consent to receive email from us regarding your treatment. We will use the minimum necessary amount of protected health information in any communication after we have successfully verify that the email you provided.

 

Health Information

You also acknowledge and agree that, if you are a Patient, we may collect your Health Information. “Health Information” means any information related to your physical or mental health, including your medical history, family history, health background and current health status information, age information, sexual behavior and sexual orientation, demographic information (including ethnicity, marital status, salary and education information) and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, payments for treatment and health insurance information.

 

Technical Information

We may collect and use technical data and related information, including but not limited to technical information about your device, system and application software, peripherals and your interactions with Patient Portal (“Technical Information”). Technical Information is gathered periodically to facilitate the provision of software updates, product support, product enhancements and other services to you (if any) related to Patient Portal. We may also automatically receive and record information on our server logs from your browser or mobile device, which could include your IP address, cookie information, browser information and the page you request. This information is not deemed by Ratchet to constitute Personal Information and while Ratchet will not use it in a way that associates such information with you, such information may be aggregated and used. Ratchet owns this information and may use it in any manner it deems appropriate.

 

Behavior Tracking

We may use Patient Portal to collect information from your web browser about your activities over time (“Behavioral Tracking Information”). Your web browser may allow you to opt-out of our collection of Behavior Tracking Information by selecting a “do not track” (or similar) setting. However, we do not currently have processes to address those settings or other “do not track” requests, and consequently, cannot guarantee that we will honor such requests. If you do not want us to collect this information, do not use Patient Portal.

How does Ratchet use this Information?

Except as described in this Privacy Policy or in our Terms of Service, Personal Information, Health Information, Technical Information and Behavior Tracking Information (collectively, “Information”) that Patients or Caregivers provide or that we collect from Patients or Caregivers, will be kept confidential and used to support use of Patient Portal by Patients, Caregivers and Providers (defined below) and applications that interact with it. Except as required by law, as between Ratchet, the Patient and Caregiver, the Patient owns all right, title, and interest in and to any Information (excluding Technical Information and Blind Data (defined below)) that we collect from the Patient or Caregiver via their use of and interaction with Patient Portal.

Patient Portal exists in order to allow Patients and Providers to manage and track their communication with one another. In order to provide for this type of exchange, we need to ensure that each user that contributes Information expressly permits the uses that we envision. For this reason, we need a license from you to use Patient and Caregiver Information, whether collected directly from you or, if applicable, your Caregiver. You hereby grant to Ratchet a non-exclusive, transferable, sublicensable, royalty free license to use Information in order to provide Patient Portal to Patient Caregiver, and Providers and as necessary to monitor and improve Patient Portal. The license is non-exclusive (meaning you are free to license the Information to anyone else in addition to us), fully-paid and royalty-free (meaning that we are not required to pay you for our use of the Information), sublicensable (so that we are able to use affiliates and subcontractors to provide Patient Portal), transferable (meaning that we may transfer it to a third party should we restructure our business), irrevocable (meaning that you may not revoke or rescind such license for any reason once the Information is uploaded) and worldwide (because the Internet is and the Service may be global in reach).

Any Information that we receive from a Provider will be handled in accordance with our agreement with such Provider. You may have additional rights under law in and to any Information about you that we receive from a Provider.

You also grant Ratchet a perpetual, non-exclusive, transferable, sublicensable, royalty free license to use such Information and other data we collect from you via Patient or Caregiver use of and interaction with Patient Portal in order to collect, develop, create, extract or otherwise generate statistics and other information and to otherwise compile, synthesize and analyze such Information and data (“Blind Data”). Notwithstanding anything to the contrary in this Privacy Policy, to the extent that Ratchet collects or generates Blind Data, such Blind Data will be owned solely by Ratchet and may be used for any lawful business purpose without a duty of accounting to you, provided that such data is not personally identifiable and does not identify the source of such data.

Sharing of Information

Except as set forth herein and as necessary to enable third party applications that you authorize, Ratchet does not rent, sell or share Information with or to third parties, and Information is only used to provide you with Ratchet products and services and to comply with any requirements of law.

Agents, technology vendors and/or contractors of Ratchet may have access to your Information on a need to know basis for the purpose of performing services on behalf of Ratchet or providing or enabling elements of Patient Portal. All such agents or contractors who have access to such information are required to keep the Information confidential and not use it for any other purpose than to carry out the services they are performing for Ratchet or as otherwise required by law. Notwithstanding the above, Ratchet may share or disclose your Health Information to agents, contractors or others only as allowed or required under applicable law.

If, as a Patient, you validate another end user as your designated Caregiver, we may share certain Information with that Caregiver.

Additionally, Ratchet may Share your Information with Providers who registered you on Ratchet for the provision of healthcare products and services (“Enabled Provider”). We share this Information (including certain Personal Information and Health Information) with Enabled Providers in order to provide elements of Patient Portal and to allow communication between the Enabled Providers and you.

Also, Ratchet or its agents or contractors may disclose Information if required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process; (2) protect and defend the rights or property of Ratchet or its agents or contractors; or (3) act in urgent circumstances to protect the personal safety of users of Patient Portal.

Finally, if Ratchet should ever merge with another organization, file for bankruptcy, or sell our assets or capital stock, we may transfer the Information to a third party or share the Information to the company or its agents with which we enter into such transaction as a part of such transaction.

 

Security of Your Information

We maintain physical, electronic, and procedural safeguards designed to protect the Information. These safeguards include, without limitation, encrypting all Personal Information and Health Information using AES 256-bit encryption and encrypting all other Information using TLS encryption.

Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of the Information and you acknowledge and agree that you transmit it to us at your own risk.

Please keep in mind that whenever you voluntarily disclose Information on our message boards or other public forums or features or through email or group messaging, or voluntarily utilize features of Patient Portal that inherently share Information such as features that allow a Patient to share Information with a Caregiver or that allow a Patient or Caregiver to share a Patient’s Information with a Provider, that Information can be collected and used by others. In short, by posting Information online that is publicly accessible (i.e. within message boards and the like), you may receive unsolicited messages from other parties in return or make others aware of your location. We are not responsible for the security or privacy of any Information you choose to submit in connection with these public features.

 

Third-Party Mobile Apps, Services and Technologies

We may provide links to third-party websites within Patient Portal or in other communications to you. Such links may appear as a specific domain name or URL or may be activated by clicking on an advertisement or other icon or graphic. Please be aware that other websites and services, including the websites of third parties that you connect with through Patient Portal, may collect personally identifiable information about you. This Privacy Policy does not cover the information practices of those third-party websites, services or applications and cannot control and are not responsible for the information collection practices of any such websites, services or applications. We encourage you to carefully review the terms of use, privacy policies, and any other legal notifications on such websites before using or providing information through such websites, services or applications. Further, Patient Portal may employ third party technologies that require you to accept such third party’s terms. This Privacy Policy does not cover the information practices of those third-party technologies.

 

International Transfers

Information collected from you may be stored and processed in the United States in which Ratchet or its affiliates, subsidiaries, agents or contractors maintain facilities. If you are accessing Patient Portal from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your data to the United States and processing globally. By providing your Information you consent to any transfer and processing in accordance with this Privacy Policy.

HIPAA

This Privacy Policy and the privacy and security practices described in this Privacy Policy are designed to comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Providers, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA) have their own privacy and security obligations with respect to your Personal Information and Health Information. Additionally, we have agreements in place with Providers, which define certain of our security and privacy obligations. We encourage you to contact each Provider with whom you interact through Patient Portal regarding their privacy and security practices. For more information regarding your rights under HIPAA, see http://www.hhs.gov/ocr/privacy/.

 

Children’s Privacy Policy

Patient Portal is not designed to be used by children under the age of 13, although parents may use Patient Portal in a Caregiver user capacity to connect with their children’s Providers. We do not intentionally collect personal information from children through Patient Portal. If you believe that we may have collected Personal Information from someone under the age of 13, please contact us.

 

© 2020 Ratchet Technologies Inc. All rights reserved.