Privacy Policy

PRIVACY POLICY - Last updated on Nov 3, 2020

Summary of Changes:

1. Introduction

At Coral Health, our goal is to help you take control of your healthcare. To that end, our services help you manage your prescriptions and track your health records data. We are committed to protecting the security and privacy of your personal information. We know that the success of our services depends on earning and maintaining your trust. We have taken considerable steps to protect the confidentiality, security and integrity of your information.

This Privacy Policy applies to your use of the Coral Health mobile device application (the “App”) and related website located at www.mycoralhealth.com (including the mobile-optimized versions of such website, the “Site”) owned by Coral Health Research & Discovery Inc. (“we” or “us” or “Coral Health”), a registered Delaware corporation. The App and the Site are referred to together as the “Service”. ‘You’ refers to any user of the Service, including individuals who use the Service to track medication compliance or health improvements. Terms of Service (“Terms”) include defined terms that we use in this Privacy Policy.  This Privacy Policy is incorporated by this reference to the Terms.  Conflicts or inconsistencies between this Privacy Policy and the Terms are interpreted with precedence given to the Privacy Policy with respect to its subject matter.

The policy sets out our commitments to you and explains the rights that you have with respect to your personal information. We encourage you to review the following information carefully. If you do not agree to the terms of this Privacy Policy, please do not use the Service.

Use of our Services is not intended to provide or replace the consultation, guidance, or care of a health care professional or other qualified provider. Use of our Services is for informational and educational purposes only. Health care professionals and other qualified providers should continue to consult authoritative records when making clinical decisions.

2. Overview

This Privacy Policy outlines:

Coral Health complies with all local, state and federal privacy laws regulating the transmission, processing and storing of health information, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). We also comply with the ONC Model Privacy Notice, the CARIN Alliance Code of Conduct, the Veterans Affairs API Terms of Service, and the rules and regulations of the US Centers for Medicare & Medicaid Services.

3. What Information We Collect from You

We collect Personal Information as part of providing Services to all of our users. Personal Information may include information you report about yourself and/or information collected from devices or third parties. We believe in keeping confidential all personally identifiable information that identifies an individual, including your past, present, or future physical or mental health condition. To do so, we de-link your personally identifiable information, such as your account information, from your health records before storing any data. We also encrypt all information by default.

Account Information. We may collect Personal Information that includes, but is not limited to, identifying data such as name, email address, and address information, date of birth.

Profile Information. We collect the information that you voluntarily enter into a user profile. This may include pictures, nicknames, and other personal details.

Health Information. With your permission, we may collect information such as personal activities, health and wellness data, medications, tests, medical records, and health issues submitted through the Services.

Sensitive Information. Certain information you provide is considered Sensitive Information and may include genetic information, HIV testing or status, mental health, race, ethnicity, and sexual orientation. This information may be recorded in information shared with us by a third party such as a doctor.

Device Information. We may collect device identifiers such as serial number, device type, IP address and browser type, language preferences and location, operating system, date and time of your access, internet service provider or mobile carrier, internet domain and host name, and referral URL.

Cookies and Similar Technologies. We use cookies and similar technologies as described in our Cookie Policy below. We recommend that you review that policy to learn about our practices and the controls available to you.

Information From Your Use of Services. We collect information related to your use of our Services, such as which healthcare provider you search for, which menus you use, pages you view, or search results you click on. You may interact with our support team during the use of our Services, in which case, we would collect information about your communications.

If you visit the Site, whether or not you become a user of our Services, be advised that we will maintain web logs to record data about all visitors and customers who use this Site and interact with the Services, and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and, if you are a user of our Services, information about the type of any personal tracker or other device or service you connect to the Services and information about the data uploaded from any such device or service.

All web logs are stored securely and have restricted access by a very limited number of employees that have to adhere to strict guidelines regarding user data security and privacy.

4. How We Use Your Information

We use your Personal Information to provide Services to you. Examples of how we use your information include:

Coral Health Services.  If you elect to create a Coral Health account, we may use your Personal Information to tell you about or present to you products or services that we believe may be of interest to you. 

5. How You Control Sharing of Information

We do not sell, lease, or rent your individual-level information to any third party.

In certain, limited circumstances, we may share your Personal Information with third parties without further notice to you, unless required by the law, as set forth below:

Anonymized Data Sharing. Coral Health may use and share your anonymized or aggregated information for services improvements, analytics and other legally permissible purposes. No health information, even de-identified, anonymized or pseudonymized data will be shared with any third-party, unless you expressly authorize it.

6. How We Secure Your Information

The protection of your data is of the utmost importance to us. We use all reasonable technical, physical, and administrative controls to protect your Personal Information from unauthorized access or disclosure and to ensure the appropriate use of information. We store your data in the United States. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and data encryption both in transit and at rest. We also delink your personally identifiable information from your health records to further minimize the risk that your information is compromised. Creating a Coral Health account is optional and not required for use of some features of the app. Despite these measures, no data transmission or storage system is guaranteed to be 100% secure. In the event of a security breach, we will notify affected individuals, regulatory authorities, and others consistent with requirements under federal and state law or contractual obligations. App users will be notified by email if possible, and push notification if not. If you have questions about security or possible reason to believe that your interaction with our Site or Services is no longer secure (e.g., you feel that your account’s security may be compromised), please contact us immediately at [email protected]

If we believe that the security of any personal information in our care may have been compromised, we may seek to notify you. If we have your email address, we may notify you by email to the most recent e-mail address you have provided us in your account profile. Please keep your email address in your account up to date. You can change that e-mail address anytime in your account profile. If you receive a notice from us, you can print it to retain a copy of it. To receive these notices, you must check your email account using your computer or mobile device and email application software. We may also post a conspicuous notice on our site or notify you through the mobile application.  You consent to our use of email, text message and/or notification through the app as a means of such notification. If you prefer for us to use the postal service to notify you in this situation, please let us know by submitting a request to [email protected] You can make this election any time, and it will apply to notifications we make after a reasonable time thereafter for us to process your request.

7. How You Control Your Information

You are the owner of your health data. We help you access your health information and give you the option to share that information with whomever you choose. You have the ultimate control over who has access to which information.

Coral Health does not currently monetize your information, either personal or health-related. Coral Health may monetize your information in the future, and will notify you by in-app notification or email before any such changes. Coral Health will never monetize your information without your explicit consent.

You can review your Personal Information that is stored and available within our Services at any time. You also have choices concerning the Personal Information you authorize to be stored within our Services and the export of your Personal Information. Please review the following options you have to control the management, use, change, and deletion of your Personal Information that is stored within our Services.

For additional information on the risks, benefits, and limitations of sharing your data, please refer to the Health and Human Services website. You can find their latest press release on patient data sharing here.

8. Deleting Your Data

You may request to delete any Personal Information and to de-authorize the collection, use, storage, and disclosure of Personal Information in the future by sending us an email at [email protected] Any such deletion or de-authorization will have no effect on sharing of Personal Information before we receive and are able to act upon such a request.

During the use of our Services, you may authorize us to send your Personal Information to third parties who are providing you value. You will have full transparency regarding whom within the ecosystem you previously sent your Personal Information. To delete a copy of your records from these entities, you will need to follow their policies and procedures for data deletion.

9. Exporting a Copy of Your Data

You can export a copy of your Personal Information that is stored within our Services. If you have questions about exporting Personal Information from our Services, please contact [email protected]  

10. Changes to Your Personal Information

We work with thousands of medical providers to enable you to obtain and hold copies of your Personal Information. We may also provide tools for you to manually enter health data or collect data from devices. While we strive to collect complete and accurate information from the sources provided to us, we do not have control over the accuracy, completeness, or quality of information entered or sent to us. For example, you may identify incorrect, incomplete, or outdated information from a third-party provider. If you have questions or find issues with your Personal Information, it is your responsibility to identify issues and ensure corrections are made to the original source of information.

  • For a device, you should contact the device’s manufacturer.
  • Your Responsibility to Protect Your Personal Information

    You are responsible for your handling, sharing, re-sharing and/or distribution of your Personal Information. We will have no responsibility or liability for any consequences that may result from your disclosure of your Personal Information. Moreover, if you forward Personal Information electronically to another person on or off the Site or Services, we are not responsible for any harm or other consequences from third party use or re-sharing of your information. We recommend sharing Personal Information only with individuals and other third parties that you know and trust.

    In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal accounts and log-in username and password information. If you use a public computer, such as the library or a university, or a shared device, always remember to log out of the Site or Services.

    If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand with the company’s privacy and security policy with respect to Internet use.

    We cannot guarantee the identity of any other non-employee person with whom you may interact in the course of using the Site or Services, or the authenticity of any information that others may provide.

    11. Third Party Sites and Trusted Relationships

    Our Site contains links to other sites. We do not share your Personal Information with those sites except as authorized under the End User Terms of Service and are not responsible for their privacy policies and procedures. We encourage you to learn their particular privacy policies but we seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards.

    12. Account Closure

    You may close your account by sending a request to [email protected] We will close your account and delete the Personal Information within your account within thirty (30) days of our receipt of your request. Please note that deletion of Personal Information within our Services does not include any information that you previously provided to a third party through our Services. You must contact third parties separately regarding controls and choices for the personal information that you shared. We cannot remove personal information from third parties with whom you have chosen to send your information.

    As stated in our Terms of Service and in Section 5 of this Privacy Policy, we may retain your personal information in backup copies as required by law or contractual obligations with third parties. We will not store this information for any longer than is necessary. For example, we retain your personal information in backup database copies for up to a week in order to prevent service interruptions. We may also retain de-identified personal information, and limited account registration information such as demographic info or metadata needed for accounting, audit, and compliance purposes for up to 6 months.

    13. Data Retention

    Identifiable information about you is held no longer than necessary for our business purposes or to meet legal requirements.

    After 1 year of inactivity, your account will be considered inactive and may be deleted by Coral Health. We will notify you via push notification or email at least 7 days before deleting your account. Dormant accounts will be deleted after 2 years of inactivity.

    14. Minors

    Coral Health’s website and Services are not intended for use by individuals under the age of 18. By using this Services, you warrant that you are 18 years of age or older. If you discover that your child has been using the Service without your consent, or that someone has been using the Service for or on behalf of your child without your consent, please contact us at [email protected] and we will take reasonable steps to delete the child’s information from our active databases. Coral Health reserves the right to check its user base from time to time and remove users whom Coral Health has grounds to believe they are in fact minors, including without limitation, restricting those user accounts, or deleting them, as Coral Health may deem appropriate.

    15. Tracking Technologies – Cookies

    A cookie is a small piece of text that is sent to a visitor’s browser. A browser provides this piece of text to the device of the originating visitor when this visitor returns. We use cookies to help personalize your Coral Health experience.

    A “persistent” cookie may be used to help save your settings and customizations. Also, if you log in to the Site, such a cookie will be used to recognize you as a valid user so you will not need to log in each time you use the Site.

    Most Web browsers automatically accept cookies however allow you to modify security settings so you can approve or reject cookies on a case-by-case basis or reject all cookies. You can configure your web browser to remove cookies by following the directions provided in your Internet browser’s “help” section.

    16. EEA Residents Rights

    If you are a resident of the European Economic Area, you have the following data protection rights:

    At any time, you can stop the collection of your information by uninstalling the App and refraining from using the Service.

    You may request to:

    1. Request rectification of your Personal Information that is in our control.
    2. Receive confirmation as to whether or not Personal Information concerning you is being processed, and access your stored Personal Information, together with supplementary information.
    3. Receive a copy of Personal Information you directly volunteer to us in a structured, commonly used and machine-readable format.
    4. Request erasure of your Personal Information.
    5. Object to the processing of Personal Information by us.
    6. Request to restrict processing of your Personal Information by us.
    7. Lodge a complaint with a supervisory authority.

    However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements.

    If you wish to exercise any of the above rights, or ask us a question please contact us at [email protected]

    17. Residents of California: Your California Privacy Rights

    If you are a consumer with a Coral Health account that resides in California, the California Consumer Privacy Act (“CCPA”) may provide you with rights that are in addition to those set forth elsewhere in this Privacy Policy, as follows: 

    Notices for California Residents

    California Privacy Act Notice. under California Civil Code sections 1798.83-1798.83, California residents are entitled to ask us, once per year, for a notice identifying any categories of information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for these affiliates and/or third parties. Requests will apply to information provided during the previous calendar year (for example, if your request information in 2019, you will receive information regarding 2018).

    If you are a California resident and would like a copy of this notice, please submit a written request by email to [email protected] subject heading: “California Privacy” or by regular mail to Coral Health. (ATTN: PRIVACY), 52 Hubbard St, Malden, MA.

    California Consumer Privacy Act (CCPA) Notice. under California Civil Code sections 1798.100-1798.198 and their implementing regulations, California residents can request a disclosure in machine readable format of the categories and specific pieces of personally identifiable information that we have collected about you and your household during the 12 months preceding our receipt of a verifiable consumer request (limit two times per 12-month period). You can also ask where this information came from, what we use it for, and whether we disclose or sell it to others. If we disclose or sell it to others, you have the right to easily opt out of this practice. please contact us by email at [email protected] subject heading: “California Privacy” or by regular mail to Coral Health (ATTN: PRIVACY), 52 Hubbard St Malden, MA.

    18. Medicare Beneficiaries: Access to Your Medicare Claims Data Through CMS Blue Button 2.0

    Blue Button 2.0 from CMS is an application programming interface (API) that contains years of Medicare Part A, B and D data for the nation’s Medicare beneficiaries. This data reveals a variety of information about a beneficiary’s health, including type of Medicare coverage, drug prescriptions, primary care treatment and cost. Beneficiaries also have full control over how their data can be used and by whom, with identity and authorization controlled by MyMedicare.gov.  If you are a Medicare beneficiary, and wish to include available Medicare claims data in your Coral Health account, you can do so through our Services. 

    19. Changes to This Privacy Policy

    We may amend our Privacy Policy in the future. We will post an effective date when an update is published, including a summary of changes and the relevant sections. If we make material changes to this Privacy Policy, we will make you aware of them where we post the updated policy and and notify you through an in-app notification or email. If we make material changes to this Privacy Policy that will result in a new use, disclosure, or permission of access to your Personal Data that we previously collected and stored, we will obtain any consent that may be required by law. The app will prompt you to re-consent to this policy in the event of any such changes. You agree that if you use our Services after the effective date of the updated Privacy Policy, we consider your use as acceptance of it. If you object to any changes, you may delete your account through the Settings screen on the app or by contacting us at [email protected]

    20. Questions

    If you have any questions or suggestions on ways we can improve our privacy policy with respect to personal information, please email us at [email protected]

     

     

    © 2020 Coral Health Research and Discovery Inc. All Rights Reserved.