Last Updated: 11/13/2020
PLEASE READ THIS PRIVACY POLICY CAREFULLY TO UNDERSTAND HOW WE TREAT YOUR PERSONAL INFORMATION AND WHAT CHOICES AND RIGHTS YOU HAVE IN THIS REGARD. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, YOU SHOULD NOT ACCESS OR USE THE SITE, THE PLATFORM, OR ENGAGE IN COMMUNICATIONS WITH US.
THIS SITE AND OUR SERVICES ARE INTENDED FOR USERS LOCATED IN THE UNITED STATES, AND THEY ARE NOT INTENDED FOR USERS LOCATED IN OTHER COUNTRIES, INCLUDING THE EUROPEAN UNION AND THE EUROPEAN ECONOMIC AREA. BY USING THE SITE OR THE PLATFORM, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE USING IT FROM WITHIN THE UNITED STATES.
HOW DO WE PROCESS PERSONAL INFORMATION?
HOW LONG DO WE STORE AND USE YOUR PERSONAL INFORMATION?
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
RIGHTS AND CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
CHILDREN’S ONLINE PRIVACY PROTECTION ACT
UPDATES AND CHANGES TO THIS POLICY
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA THE SITE
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA THE PLATFORM
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA OTHER WAYS
INTRODUCTION
Epion Health (also referred to herein as “we,” “us,” and “our”) is committed to protecting the privacy and security of the personal information we collect, use, share, and otherwise process as part of our business. We also believe in transparency, and we are committed to informing you about how we treat your personal information. This Policy will provide you with a description of our online and offline practices regarding your personal information and the rights you have regarding your personal information. You may obtain an accessible version of this Policy by contacting us via the methods identified in the “Contact Us” section of this Policy.
HOW DO WE PROCESS PERSONAL INFORMATION?
Personal Information We Collect and Process. We collect and process personal information via the methods described below. Please do not provide another person’s personal information to us.
| Method of Interaction | Description of Practices |
| On our Site | Click here to learn more about how we collect and process personal information on our website, www.epionhealth.com and any subdomains (the “Site”). |
| On our Platform | We collect and process personal information via Epion Check-In or Epion PreVisit (the “Platform”) in two ways: When we are providing check-in services for a customer (your doctor) via the Platform, we act as a “Business Associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In that capacity, we collect, receive, maintain, use, and disclose Protected Health Information as permitted or required under applicable law, and our customer’s (your doctor’s) privacy notice controls how we collect and process PHI. We also give individuals an opportunity to receive personalized information about health-related products and services that may be interesting to them on the Platform. We do not act as a Business Associate in this capacity, as this service is provided on behalf of the individuals who choose to share data with us pursuant to a HIPAA Authorization. Click here to learn more about how we collect and process personal information on the Platform in this capacity. |
| Other Ways We Interact with You | Click here to learn more about how we collect and process personal information in other ways, including on social media and in your communications with us. |
How We Use Personal Information. To the extent permitted by applicable law, we may use the types of personal information listed above in order to:
- Operate our business;
- Honor our Terms of Use and contracts;
- Provide our products and services;
- Ensure the privacy and security of our Site, Platform, and services;
- Maintain our databases and back-ups;
- Manage our relationships with you;
- Communicate with you;
- Keep records of our communications with you;
- Send you notifications and newsletters;
- Promote our products and services to you;
- Contact you about other products and services;
- Improve our marketing efforts;
- Operate the Site and the Platform;
- Analyze use of our Site, Platform, and services;
- Serve you the content and functionality you request;
- Develop new products and services;
- Track visits to the Site and the Platform;
- Enhance your experience;
- Provide you with a more personal and interactive experience on the Site and the Platform;
- Process payments or other transactions;
- Comply with federal, state, or local laws;
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities;
- Cooperate with law enforcement agencies concerning conduct or activity that we, a service provider, or a third party reasonably and in good faith believe may violate federal, state, or local law;
- Exercise or defend legal claims; and
- Collect, use, retain, sell, or disclose consumer information that is deidentified or aggregated under applicable law.
How We Share and Disclose Personal Information. We may share your personal information in the following contexts.
| Category | Disclosure Contexts |
| Corporate Affiliates | We may share your personal information with our corporate subsidiaries and affiliates and with their respective officers, directors, employees, accountants, attorneys, and agents. |
| Acquisitions and Similar Transactions | We may disclose your personal information in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our company assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred. For example, if another company acquires us, we will share your personal information with that company. |
| Disclosures with Your Consent | We may ask if you would like us to share your personal information with other unaffiliated third parties who are not described elsewhere in this Policy. We will only disclose your personal information in this context with your consent. |
| Legal Obligations and Rights | We may disclose your personal information in response to subpoenas, warrants, court orders or other legal processes, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our legal rights, to defend against a legal claim, and to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our contract. |
| Public | Some areas of our Site may offer forums or provide the opportunity for users to post comments or reviews in a public forum. Please remember that any information that is disclosed in these areas becomes public information, and you should exercise caution when deciding to disclose your personal information. If you decide to submit your personal information in these areas, you do so at your own risk and acknowledge that the information will be publicly-available. |
| Service Providers | We may share your personal information with our service providers that need access to your information to provide operational or other support services on our behalf. Among other things, service providers help us to administer the Site/Platform; support our provision of services/products requested by you; provide technical support; send marketing, promotions and communications to you about our services/products; provide payment processing; and assist with other legitimate purposes permitted by law. |
| Professional Advisors | We may share your personal information with our insurers and other professional advisors, including attorneys and accountants, that need access to your information to provide operational or other support services on our behalf. |
| Deidentified or Aggregated Data | We may disclose aggregated information about our users and information that does not identify any specific individual, such as groupings of demographic data and customer preferences, for new product and marketing development. |
| Third Parties | We may provide personal information about you to third parties that may offer products and services specifically requested by you. |
HOW LONG DO WE STORE AND USE YOUR PERSONAL INFORMATION?
We will retain and use your personal information for as long as is necessary to fulfill the purposes for which it was collected, to comply with our business requirements and legal obligations, to resolve disputes, to protect our assets, to provide our products and services, and to enforce our agreements.
We take reasonable steps to delete the personal information we collect when (1) we have a legal obligation to do so, (2) we no longer have a purpose for retaining the information, and (3) if you ask us to delete your information, unless we determine that doing so would violate our existing, legitimate legal, regulatory, dispute resolution, contractual, or similar obligations. We may also decide to delete your personal information if we believe it is incomplete, inaccurate, or that our continued storage of your personal information is contrary to our legal obligations or business objectives.
To the extent permitted by law, we may retain and use anonymous and aggregated information for performance reporting, benchmarking, and analytic purposes and for product and service improvement. When we delete personal information, it will be removed from our active servers and databases; but, it may remain in our archives when it is not practical or possible to delete it.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We have put security measures in place to protect the personal information that you share with us from being accidentally lost, used, altered, or disclosed or accessed in an unauthorized manner. From time to time, we review our security procedures to consider appropriate new technology and methods.
We use SSL technology to encrypt data in transit, and we also encrypt data at rest on our systems. We do not store or save your financial information. While our security measures seek to protect your personal information in our possession, no security system is perfect, and no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee or warrant the security of any information you transmit to or from our Site or Platform, and you do so at your own risk. We cannot promise that your personal information will remain absolutely secure in all circumstances.
We have implemented reasonable security measures to detect fraudulent identity verification activity and to prevent the unauthorized access to or deletion of personal information.
If a data breach compromises your personal information, we will notify you and any applicable regulator when we are required to do so by applicable law.
RIGHTS AND CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
Please use the “Contact Us” details at the end of this Policy to exercise your rights and choices under this Policy. If you would like to manage, change, limit, or delete your personal information or if you no longer want to receive any email, postal mail, or telephone contact from us in the future, such requests may be submitted via the “Contact Us” details at the end of this Policy. If you are exercising a right that is the responsibility of our customers, we will direct you to contact the appropriate customer who is responsible for responding to your request.
Email Opt-Out. If you no longer wish to receive communications from us via email, you may opt-out by clicking the “unsubscribe” link available at the bottom of our email communications or by contacting us at privacy@epionhealth.com. Once we receive your instruction, we will promptly take corrective action.
Cookies. You may set your browser to refuse all or some browser cookies or to alert you when cookies are being set. For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
Online Tracking Signals. Except as otherwise required by law, we do not currently recognize browser settings or signals of tracking preferences, which may include “Do Not Track” instructions. “Do Not Track” is a web browser setting that seeks to disable the tracking of individual users’ browsing activities. We adhere to the standards set out in this Policy and do not currently respond to “Do Not Track” signals on the Site/Platform or on third-party websites or online services where we may collect information.
Accuracy and Updating Your Personal Information. Our goal is to keep your personal information accurate, current, and complete. If any of the personal information you have provided to us changes, please let us know via the “Contact Us” details at the end of this Policy. For instance, if your email address changes, you may wish to let us know so that we can communicate with you. If you become aware of inaccurate personal information about you, you may want to update your information. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient, or incomplete personal data that you provide to us.
Preferences. If you wish to change your communication preferences or ask that we restrict how we use your personal information, please contact us via the “Contact Us” details at the end of this Policy. You may follow opt-out links on any marketing communications sent to you.
Complaints. If you believe that your rights relating to your personal information have been violated, you may lodge a complaint with us by contacting us via the “Contact Us” details at the end of this Policy.
Nevada Residents. Effective October 1, 2019, you may submit a verified request to us at privacy@epionhealth.com to request that we not make any sale (as defined under Nevada law) of any covered information (as defined under Nevada law) that we have collected or will collect about you. Please provide your name and contact information in your request, and we will respond to your request in accordance with Nevada law.
THIRD-PARTY SITES
This Policy is applicable only to the Site and the Platform, and it does not apply to any third-party websites.
The Site and the Platform may contain links to, and media and other content from, third-party websites. These links are to external websites and third parties which have their own privacy policies. Because of the dynamic media capabilities of the Site and the Platform, it may not be clear to you which links are to the Site/Platform and which are to external, third-party websites. If you click on an embedded third-party link, you will be redirected away from the Site/Platform to the external third-party website. You can check the URL to confirm that you have left this Site.
We cannot and do not (1) guarantee the adequacy of the privacy and security practices employed by or the content and media provided by any third parties or their websites, (2) control third parties’ independent collection or use or your personal information, or (3) endorse any third-party information, products, services or websites that may be reached through embedded links on this Site.
Any personal information provided by you or automatically collected from you by a third party will be governed by that party’s privacy policy and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy policy and practices applicable to each linked website.
CHILDREN’S ONLINE PRIVACY PROTECTION ACT
The Children’s Online Privacy Protection Act (“COPPA”), as well as other data privacy regulations, restrict the collection, use, or disclosure of personal information from and about children on the Internet. Our Site and services are not directed to under the age of 13, nor is information knowingly collected from children under the age of 13. No one under the age of 13 may access, browse, or use the Site/Platform or provide any information to or on the Site/Platform. If you are under 13, please do not use or provide any information on the Site/Platform (including, for example, your name, telephone number, email address, or username). If we learn that we have collected or received personal information from a child under the age of 13 without a parent’s or legal guardian’s consent, we will take steps to stop collecting that information and delete it. If you believe we might have any information from or about a child under the age of 13, please contact us using the contact information provided below.
For more information about COPPA, please visit the Federal Trade Commission’s website at: https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule.
UPDATES AND CHANGES TO THIS POLICY
We reserve the right, at any time, to add to, change, update, or modify this Policy to reflect any changes to the way in which we treat your personal information or in response to changes in law. Should this Policy change, we will post all changes we make to this Policy on this page. If we make material changes to how we treat your personal information, we will also notify you by posting a notice on the home page of the Site and within the Platform for a reasonable period of time. Any such changes, updates, or modifications shall be effective immediately upon posting. The date on which this policy was last modified is identified at the beginning of this Policy.
You are expected to, and you acknowledge and agree that it is your responsibility to carefully review this Policy prior to using the Site or the Platform, and from time to time, so that you are aware of any changes. Your continued use of the Site or the Platform after the “Last Updated” date will constitute your acceptance of and agreement to such changes and to our collection and sharing of your personal information according to the terms of the then-current Policy. If you do not agree with this Policy and our practices, do not access, view, or use any part of the Site or the Platform.
CONTACT US
For more information, or if you have any questions or concerns regarding this Privacy Policy, wish to exercise your rights, or wish to lodge a complaint with us, you may contact us using the information below, and we will do our best to assist you. Please note, if your communication is sensitive, you may wish to contact us by postal mail.
In Writing: Epion Health, 111 River Street, Suite 1230, Hoboken, NJ 07030
By Email: privacy@epionhealth.com
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA THE SITE
We collect, receive, and process the following personal information via the Site.
| Category | Description |
| Customer Information | We collect the name, title, telephone number, email address, and mailing address of the individual designated to be the customer’s contact person. We also collect the practice’s name and EHR ID. We track which services have been purchased from us. |
| Cookies and Similar Technologies | When you visit the Site, we collect cookies and use similar technologies as described in the “Personal Information Collected Via Cookies and Similar Technologies” section below. If you choose to disable cookies and similar technologies, some areas and features of the Site may not work properly. |
| Usage Information | When you visit the Site, we automatically collect information from your browser and your device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address or unique device identifier, domain server, browser type, access time, and data about which pages you visit. |
| Job Applicant Information | We collect your name, address, telephone number, email address, resume, cover letter, citizenship/employment eligibility, LinkedIn URL, and information about your professional experience. |
| Webinar Registrations | We collect your name, email address, job title, and organization name. |
| Blog Comments | We collect your name, email address, website, and any information you provide in your comment. |
Personal Information Collected Via Cookies and Similar Technologies
First and Third-Party Cookies – Description
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website.
First-party cookies are set by the Site, and they can only be read by the Site. Third Party Cookies are set by a party other than us. We use first-party and third-party session, persistent, and/or flash cookies and the information collected by them as set forth herein.
Similar Technologies – Description
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with the Site:
- Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisible on web pages when you open a page.
- Social Widgets: These are buttons or icons provided by third-party social media providers that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
- UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the http or https address entered to go to a web page) when you move from one web page or website to another, where the string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
Google Analytics. We use Google Analytics to collect and process statistical data about the number of people using the Site and to better understand how they find and use our webpages. The data collected includes data related to your device/browser, your IP address, and on-site activities to measure and report statistics about user interactions on the Site. The information stored in the cookie is reduced to a random identifier. Any data collected is used in accordance with this Privacy Policy and Google’s privacy policy. You may learn more about Google Analytics and the cookies used by Google by visiting https://www.google.com/policies/privacy/partners/ and https://support.google.com/analytics/answer/6004245. You can learn more about Google’s restrictions on data use by visiting the Google Privacy Policy at: https://www.google.com/policies/privacy. Google Analytics relies on the following cookies:
| Domain | Cookie Name | Description | Duration |
| epionhealth.com | _ga | Google Analytics | 2 years from the date it was last refreshed |
| epionhealth.com | _gat | Google Analytics | 2 years from the date it was last refreshed |
| epionhealth.com | _gid | Performance cookie used to collect information about how our visitors use the website. | 24 hours after inactivity |
To opt-out of Google Analytics, visit https://tools.google.com/dlpage/gaoptout and install the opt-out browser add-on feature. For more details, visit the “Google Analytics opt-out browser add-on” page (located at https://support.google.com/analytics/answer/181881?hl=en).
Google Tag Manager. We use Google Tag Manager, which allows marketed website tags to be managed using an interface. The tool itself (which implements the tags) is a cookie-less domain and does not register identifiable data. The tool causes other tags to be activated which may, for their part, register personal data under certain circumstances. Google Tag Manager does not access this information. Google Tag Manager is subject to the Google Privacy Policy located at https://www.google.com/intl/en/policies/privacy.
| Domain | Cookie Name | Description | Duration |
| epionhealth.com | _gcl_au | Google Tag Manager, Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. | 1 week |
Google Marketing Platform. We use the Google Marketing Platform (Google Analytics Advertising Features, DoubleClick, Google AdWords Conversion, Google Conversion Tracking, Google Conversion Linker, Google Remarketing, and GA Audiences) to track user activity on the Site and to serve personalized advertisements. Your browser is assigned a pseudonymous ID used to track the ads that have been served to your browser and to identify those on which you’ve clicked. The cookies enable Google and its partners to select and display ads based on your browsing behavior.
| Domain | Cookie Name | Description | Duration |
| doubleclick.net | IDE | This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. | 10 years after your last visit to a page containing a Google Map. |
| google.com | 1P_JAR | This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website. | 24 hours after the date of the session |
| google.com | NID | This cookie is set by DoubleClick (which is owned by Google) to help build a profile of your interests and show you relevant ads on other sites. | 6 months |
For more information on how Google uses this information, visit https://support.google.com/displayvideo/answer/7621162. To block certain ads served by Google, please visit https://support.google.com/ads/answer/2662922.
Typekit by Adobe. We use Typekit by Adobe to enhance the Site’s typography. Adobe uses cookies within Typekit to track usage statistics, and they collect usage information about the fonts being served on the Site.
Hubspot. This website uses a HubSpot tracking code which uses cookies or similar technologies to track visitors of this website and gather demographic information about them. HubSpot keeps track of the Site and pages you visit within HubSpot. This data is used to deliver customized content and promotions to users whose behavior indicates that they are interested in a particular subject area. For more information about HubSpot’s Privacy Policy, see https://legal.hubspot.com/privacy-policy.
| Domain | Cookie Name | Description | Duration |
| epionhealth.com | __hssc | This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. | 30 min |
| epionhealth.com | __hssrc | Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session. | end of session |
| epionhealth.com | __hstc | The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). | 13 months |
| epionhealth.com | hsfirstvisit | HS Performance cookie | end of session |
| epionhealth.com | hubspotutk | This cookie is used to keep track of a visitor’s identity. This cookie is passed to HubSpot on form submission and used when deduplicating contacts. | 13 months |
| js.hs-analytics.net | X-OpenDNS-Session | Hubspot web tracking code | permanent |
| hsforms.com | __cfduid | Hubspot form tracking code | permanent |
| hubspot.com | __cfduid | Hubspot form tracking code | permanent |
| hubspot.com | __hluid | In-app usage tracking | 1 Year |
Other Cookies. We also use other third-party cookies to provide certain aspects of the Site:
| Domain | Cookie Name | Description | Duration |
| google.com | OGPC | This cookie enables the functionality of Google Maps. | 24 hours after the date of the session |
| www.google.com | OTZ | These cookies allow the website to remember choices you make | 30 days |
Other Third-Party Technologies
Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
Choices About Cookies
We provide you with choices regarding the personal information you provide to us, and we have created ways to give you control over your information. Most web browsers are set by default to accept cookies. If you do not wish to receive cookies, you may set your browser to refuse all or some types of cookies or to alert you when cookies are being sent by website tracking technologies and advertising. You may adjust your browser settings to opt out of accepting a “persistent” cookie and to only accept “session” cookies, but you will need to log in each time you want to enjoy the full functionality of the Site.
Please be aware that, if you decline the use of cookies, you may not have access to the full benefits of the Site. In addition, adjusting the cookie settings on the Site may not fully delete all of the cookies that have already been created. To delete them, visit your web browser settings after you have changed your Cookie Settings on the Site. Additional information is provided below about how to disable cookies or manage the cookie settings for some of the leading web browser providers:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471
To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website at: https://www.macromedia.com/support/documentation/en/flashplayer/help/help09.html. You may also wish to use an internet browser that is designed with users’ privacy in mind, such as Brave or Firefox Quantum.
For more information on how to modify your browser settings to block or filter cookies, visit http://www.aboutcookies.org/ or http://www.cookiecentral.com/faq/. You may learn more about internet advertising practices and related consumer resources at http://www.aboutads.info/consumers/, http://www.networkadvertising.org/choices, and http://youronlinechoices.eu/.
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA THE PLATFORM
When we are providing check-in services for a “Covered Entity” customer (your doctor) via the Platform, we act as a “Business Associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In that capacity, we collect, receive, maintain, use, and disclose Protected Health Information as permitted or required under applicable law, and our Covered Entity customer’s (your doctor’s) privacy notice controls how we collect and process PHI.
However, we also give individuals an opportunity to receive personalized information about health-related products and services that may be interesting to them on the Platform. We do not act as a Business Associate in this capacity, as the service is provided on behalf of the individuals who choose to share data with us pursuant to a HIPAA Authorization. When individuals opt-in to receiving this information via the Platform, we receive and process the following personal information:
| Category | Description and Purpose |
| End User (Patient) Medical Information | If you, as an end user of our Platform, direct your health care provider to share your medical information with us, we will receive the information provided by your health care provider. This may include the health information entered during the check-in process or on file with your healthcare provider. |
| Cookies and Similar Technologies | When you use the Platform, we collect cookies and use similar technologies as described in the “Personal Information Collected Via Cookies and Similar Technologies” section below. |
| Usage Information | When you use the Platform, we automatically collect information from the browser and device, which includes the date and time of your visit as well as your location, Internet Protocol (IP) address or unique device identifier, domain server, browser type, access time, and data about which pages you visit. |
Personal Information Collected Via Cookies and Similar Technologies
First and Third-Party Cookies – Description
A “cookie” is a small file created by a web server that can be stored on your device (if you allow) for use either during a particular browsing session (a “session” cookie) or a future browsing session (a “persistent” cookie). “Session” cookies are temporarily stored on your hard drive and only last until they expire at the end of your browsing session. “Permanent” cookies remain stored on your hard drive until they expire or are deleted by you. Local stored objects (or “flash” cookies) are used to collect and store information about your preferences and navigation to, from, and on a website.
First-party cookies are set by the Platform, and they can only be read by the Platform. Third Party Cookies are set by a party other than us. We use first-party and third-party session, persistent, and/or flash cookies and the information collected by them as set forth herein.
Similar Technologies – Description
In addition to cookies, there are other automatic data collection technologies, such as Internet tags, web beacons (clear gifs, pixel tags, and single-pixel gifs), and navigational data collection (log files, server logs, etc.) that can be used to collect data as users navigate through and interact with the Platform:
- Web beacons: These are tiny graphics (sometimes called “clear GIFs” or “web pixels”) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on a user’s computer hard drive, web beacons are rendered invisible on web pages when you open a page.
- Social Widgets: These are buttons or icons provided by third-party social media providers that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
- UTM Codes: These are strings that can appear in a URL (the “Uniform Resource Locator,” which is typically the http or https address entered to go to a web page) when you move from one web page or website to another, where the string can represent information about browsing, such as which advertisement, page, or publisher sent the user to the receiving website.
What Cookies and Similar Technologies Are in Use and Why Do We Use Them?
| Domain | Cookie Name | Description | Duration |
| epionhealth.com | epion_device_password | Unique device identifier for the Epion Platform | permanent |
| epionhealth.com | _patient-check-in_session | Unique session identifier for the Epion Platform | permanent |
| epionhealth.com | rack.session | Unique session identifier for the Epion Platform | permanent |
Other Third-Party Technologies
Some third parties may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal information and used to provide you with targeted content. We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
PERSONAL INFORMATION WE COLLECT AND PROCESS VIA OTHER WAYS
Outside of our Site and Platform, we may collect, receive, and process personal information from you via the methods described below.
| Your Communications and Feedback | When you communicate with us or provide feedback, we will receive and may retain your communications and the information included in those messages. If you receive email communications from us, we may use certain tools to capture data related to if/when you open our message and if/when you click on any links or banners it contains. Other information collected through this email tracking feature may include: your email address, the date and time of your “click” on the email, a message number, the name of the list from which the message was sent, a tracking URL number, and a destination page. We use this information to enhance our marketing efforts. |
| Financial and Payment Information |
If you purchase products or services from us, you will be asked to provide your bank account number, bank routing information, and other data necessary to process payments, including credit card numbers, security codes, expiration dates, and other related billing information. This information is passed directly to our payment processors and is not accessed by us. By submitting your payment card information, you expressly consent to the sharing of your information with third-party payment processors and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). Please note that credit card numbers and account information are not stored on our servers. |
| Third-Party Sources | We may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly-available sources. |