Consumer Health Data Privacy Policy

This Consumer Health Data Privacy Policy (the “Policy”) supplements our general Privacy Policy, and applies specifically to the collection and processing by Medisafe of Consumer Health Data, as such term is defined by applicable laws, including Washington’s My Health My Data Act (“MHMD Act”), Nevada’s Consumer Health Data Privacy Law, Connecticut’s Data Privacy Act, and other United State health privacy laws, as each are amended and become effective (collectively, “US Privacy Laws”).

This Policy sets out our commitments and explains the rights that you have with respect to your Consumer Health Data.

We may update this Policy from time to time.  Any change will be effective immediately upon the posting of the revised Policy (as reflected in the effective date mentioned below). In cases of material changes to the Policy, we will notify our user by presenting message on our Services.  If you do not agree to the terms of this Policy, please do not use the service provided by Medisafe.  For more information about Medisafe’s privacy practices, please review our Privacy Policy.

Definitions

“Consumer Health Data” is defined as Personal Information that is linked or reasonably linked to a consumer and that identifies the consumer’s past, present, or future physical or mental health status. It includes information such as individual health conditions, treatment, diseases, or diagnosis; social, psychological, behavioral, and medical interventions; use or purchase of prescribed medication; diagnosis or diagnostic testing, treatment, or medication; and precise location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies.

“Personal Information” is defined by the MHMD Act as information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with a particular consumer.  “Personal Information” includes but is not limited to, data associated with a persistent unique identifier, such as a cookie ID, an IP address, a device identifier, or any other form of persistent unique identifier. Personal Information does not include publicly available information or deidentified data.

Categories of Consumer Health Data We Collect

Medisafe only collects, uses and discloses Consumer Health Data as needed to provide you with the services that you request or with your consent.

Medisafe may collect Consumer Health Data related to the following categories of Consumer Health Data:

• Individual Health Conditions, Treatments and Diseases. Information about your health history and treatment, including prescribed treatment information, treatment start/end date, adherence information, assigned medical devices/medications and insurance or healthcare payor information.
• Research Programs or Companion Programs. Information you provide when participating in research or companion programs or responding to our surveys including any of the above categories about physical or mental health, medical history or other health-related information.
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies. Some of the features of our services (such as medication reminders you have set to display when you arrive home) require you to enable background location access on your device.
• Data that identifies individuals seeking health care services.
• Information we derive from non-health data to associate or identify individuals with any of the above-referenced categories of Consumer Health Data.

Purpose for Collection of Consumer Health Data

We collect Consumer Health Data from you for the following Processing purposes:

• Provision of Services. We use the Personal Information and Consumer Health Data you provide us for the provision and improvement of our service to you, operate our business, and provide information that you request from us or communicate directly with you. This may include marketing purposes such as providing you information regarding research or companion programs that might be of interest to you.

• Artificial Intelligence. We may use the Personal Information and/or Consumer Health Data you provide through use of the services to create insights regarding medication adherence, including, but not limited to, best time availability to send notifications and to predict schedule changes.  Other AI uses may include voice and tone personalization. We will only provide suggested insights based on your input, we will not use AI to make any decisions on your behalf that would impact your rights or freedoms.
• Legal/Compliance. We also use your Personal Information and Consumer Health Data as required by law, regulation or other governmental authority, to comply with a subpoena or similar legal process, for risk management, audit, investigations, other reporting requirements, and other legal and compliance reasons.
• Analytics, surveys and research. We are always trying to improve our services and think of new and exciting features for our users. From time to time, we may conduct surveys or test features, and analyze the information we have to develop, evaluate and improve these features.

Sources of Consumer Health Data

We collect Consumer Health Data from the following sources:

• From you directly when you provide us the information when requesting certain health-related services, joining certain tools within the Medisafe environment, joining a companion or research program or volunteer information in connection with surveys, or through third-party apps or services (such as, Apple Health Kit, Android Fit, etc.) which you have chosen to integrate or link to your Medisafe account;
• From your interactions with the Medisafe application or a web companion;
• From our business and pharmaceutical partners who provide us with information about their consumers who are interested in receiving our health services or enrolling in one of our companion or research programs;
• From other third-party sources, such as data brokers who provide us with information about consumers that may be interested in our health services. 

Disclosures of Consumer Health Data

We may share your Consumer Health Data and Personal Information with the following categories of third parties:

• Research Partners. We may share your Consumer Health Data and Personal Information with third parties, such as research institutes, pharmaceutical manufacturers, healthcare systems and healthcare providers. They may associate it with other information that they have about you, for improved healthcare, research purposes and the improvement of our Service.
• Providers of Research of Companion Programs. We may share your information with a third party who has partnered with us to sponsor a research or companion program. If you chose to participate in such a program, you will be provided with additional information and consent requests specific to the program.  You should be aware that Medisafe will still collect and process your information under this Policy in addition to any additional consents you may agree to as a participation in such a program.
• Corporate Affiliates. It may be necessary to share your information with our corporate affiliates in order to provide you the services you have requested or respond to your requests.
• Service Providers. We may share your Consumer Health Data and Personal Information, as is reasonably necessary, with our service providers, including vendors and suppliers that provide us with development services, technology (such as AWS), services, or content for the operation, development and maintenance of our service or data and analysis on service use, who are bound by an obligation of confidentiality, provided that we will only share Consumer Health Data and Personal Information to the extent necessary with such service providers.
• Auditors and advisers. we share your Consumer Health Data with our external auditors, advisors and professional ‎service providers (e.g. lawyers, accountants, insurers etc.) for ensuring our ‎compliance with regulatory requirements and industry standards, auditing, ‎managing disputed etc.‎
• Law enforcement, legal proceedings, and as authorized by law. We may disclose Consumer Health Data to satisfy any applicable law, regulation, legal process, subpoena or governmental request if such disclosure is necessary in order for us to comply with legal requirements to which we are subject, or to exercise or defend from legal claims.

We may also disclose Consumer Health Data as permitted by law, such as (i) with your consent, (ii) if needed to protect your vital interests, such as in the event of a medical emergency or natural disaster, (iii) to an acquiring organization if we are involved in a sale or a transfer of our business, (iv) as needed to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, (v) as needed to preserve the integrity or security of our systems, or (iv) to investigate, report, or prosecute those responsible for any action that is illegal under applicable state or Federal law.

Your Privacy Rights

In accordance with US Privacy Laws, you have specific rights with respect to your Consumer Health Data.  Specifically, you have the right to:

• confirm whether we are collecting, sharing, or selling your Consumer Health Data;
• right to access your Consumer Health Data, including a list of all third parties and affiliates to whom we have shared or sold the Consumer Health Data and an active email address or other online mechanism that you may use to contact these third parties. We currently do not sell your Consumer Health Data;
• withdraw your consent for our collection or sharing of your Consumer Health Data;
• request deletion of your Consumer Health Data that is in our possession; and
• correct or amend any Consumer Health Data that is in our possession.

Your rights may be exercised by using the Data Subject Request Form, which includes instructions for submitting, the general description of the process, verification requirements, when applicable, and any additional information necessary for us to review the request.  Please note that if you are enrolled in a research or companion program, if you wish to exercise any of your rights regarding Consumer Health Data collected within that program, please refer to the supplemental policy you were presented with when enrolling in the specific program.

We will not discriminate against you for exercising any of your rights. However, if you withdraw consent for collection and/or request deletion of your Consumer Health Data, we may not be able to provide you with certain services that rely on your Consumer Health Data to provide you those services.

If your request is denied and your information is protected by the MHMD Act, you may file a complaint to the Washington Attorney General’s office at the following link: https://www.atg.wa.gov/file-complaint

If your request is denied and your information is protected under the Nevada Consumer Data Privacy Law, you may file a complaint to the Nevada Attorney General’s office at the following link: https://ag.nv.gov/Complaints/File_Complaint/

Policy Effective as of September 7, 2024