1upHealth Privacy Policy


Last Updated: March 30, 2020


1upHealth, Inc. (“1upHealth” or “we” or “our”) is committed to maintaining security and privacy of information of its customers. 1upHealth offers a platform and services to give patients access to their electronic health information and facilitates data interoperability between patients, health care providers, health care systems, third party payors and other authorized health care solutions partners. This Privacy Policy describes 1upHealth’s information collection practices in connection with use by patients of our platform at https://1up.health/products/patient, the 1upHealth website at www.1upHealth.com, software we offer through our website, mobile applications, and web-based tools (collectively, our “Services”). 1upHealth collects and uses information in the course of our customers’ (“you” or “your”) use of our Services.

Use of our Services does not provide or replace the consultation, guidance, or care of a health care professional or other qualified provider. Use of our Services provides a supplement for informational and educational purposes only. Health care professionals and other qualified providers should continue to consult authoritative records when making clinical decisions.

Consent of use of Personal Information

By accepting our Terms of Use at https://1up.health/policies/terms, you consent to the collection, use, storage, and disclosure of personally identifiable information as outlined therein and in this Privacy Policy.

Information we collect

The information 1upHealth collects from you depends on your activities and use of our Services. We comply with all local, state and federal privacy laws regulating the transmission, processing and storing of health information, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). We also comply with the CARIN Alliance Code of Conduct, Veterans Affairs API Terms of Service, ONC Model Privacy Notice, and the rules and regulations of the Centers for Medicare & Medicaid Services. References in this Privacy Policy to “data” applies to all types of data, including de-identified, anonymized or pseudonymized data.

Information you provide to us

  • Account and Profile Information:When you register and use the Services, we may collect a information about you such as your name, title, email address, phone number, address, payment information (when and if applicable), and similar information by which you may be personally identified (“Personal Information”). We may collect this information directly from you or from another user (administrator or other authorized person).
  • Health Information:You may also provide us with Protected Health Information (as defined under HIPAA) or authorize us to obtain Protected Health Information from third parties. This may include:
    • Information about your health care providers health care coverage
    • Health information that might be included in electronic health or medical records (including medications) or Medicare claims and encounter data, if you elect to have that information shared with us. You are responsible for determining uses and disclosures of your personal health information and the potential impact such uses and disclosures might have on your family members when it involves data regarding genetic and family health histories.
  • Together, we refer to Personal Information and Protected Health Information as “Your Information.” We will specifically ask for your permission to get Your Information from a third party.
  • Content of Information:We collect and store content you create, input, transmit, or store in the process of using our Services, including Your Information and data you post (i.e., upload) to our platform. Such content may include Protected Health Information and other regulated and/or personal information. We also collect information on your behalf when you authorize us to retrieve and import information from business customers, vendors or other third parties. We may collect other data you may submit when using our website or that you may submit to us directly such as when you request customer support or apply for employment through our website.

Information we automatically collect from your use of our website

  • 1upHealth and our third-party partners (such as analytics service providers) may automatically receive and record certain non-Personal Information from you using web logs when you interact with our website (such as your IP address, browser type, internet service provider, operating system, URLs, date/time stamps, and system configuration information). We also collect and store analytics (e.g., usage) information to help us improve our Services.
  • 1upHealth uses various technologies to collect information about your use of our website, including cookies and other tracking mechanisms. We gather this information to allow you to access and use the website more easily and to improve our services to you more generally. For example, we use these tools to save user preferences, preserve session settings and activity, help authenticate users, allow users to auto-fill pages of websites they frequently visit, and debug and evaluate the performance of our website. Our third party service providers also may collect such information about your online activities over time and on other websites or apps. Our systems do recognize browser “do-not-track” requests. You may be able to disable certain tracking, cookies, and change browser settings to block and delete cookies when you access our website through a web browser, however doing so may affect its functionality.

Information we collect from third party sources

  • We may obtain information about you from our partners, service providers and other sources and add it to information we otherwise have about you.

Other

  • 1upHealth also collects certain information about you automatically through your smartphone and/or other wearable devices. Your smartphone and/or wearable device(s) may have a built in app that allows you to collect Your Information on the same device on which 1upHealth’s app is also loaded and store and share Your Information with us and with other apps and devices. For example, we may automatically collect data via Apple’s health application and HealthKit and you may enable sharing between 1upHealth, Apple and other health applications as well as choose which information is shared. You may also enable sharing between 1upHealth and cloud-based health and fitness platforms and applications such as Google Fit. Because the settings in your smartphone and/or wearable device(s) and such other apps will affect how your information is used and disclosed, it is important that you review the privacy policies and settings of those applications and platforms.

How we use information

We may use the information we collect for a variety of purposes, including to:
  • Provide, operate, maintain, improve, promote, and personalize our Services to you;
  • Communicate with you, including responding to your comments and questions; providing customer service and support; providing you with information about our Services, including technical notices, security alerts, changes in our terms, administrative messages, or advertising or marketing messages; and providing other news or information about us and our partners;
  • Investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities;
  • Evaluate candidacy for employment if you applied for a job through our website;
  • For business purposes, such as data collection and analysis, developing new products, services, features, and functionality; we may anonymize and aggregate data collected through our Services; and
  • Monitor and analyze trends, usage, and activities in connection with our Services to better understand how users access and use our Services and platform, both on an aggregated and individualized basis, in order to improve our Services, platform and our services to our customers, and for other research and analytical purposes. We may combine and compile Your Information with other individuals’ information for the purpose of analysis.
It should be noted that some data, even if it has been anonymized, can still be used to identify people with specific medical conditions. The aggregation process involves de-identification of Your Information such that you and other individuals cannot be reasonably identified specifically.

When we share information

To the extent that you provide us with Your Information, we will use and disclose it only to the extent disclosed and permitted in this Privacy Policy. We apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of Your Information we store and process on behalf of you.

We may share Your Information in the following ways:
  • With your consent:We will share Your Information with companies, organizations, or individuals outside of 1upHealth when we have your prior proper consent to do so, except as otherwise specified herein.
  • Vendors and other third parties:We may share Your Information with third party vendors, service providers, contractors or agents who perform function or services on our behalf and require access to such information to do that work and perform our business. in each such case in compliance with HIPAA. Examples include data analysis, payment processing, hosting services, marketing and advertising services, and customer support functions. Such third-party service providers will only have access to the Your Information as necessary to perform their functions and pursuant to agreements they enter into with us that require them to fully comply with our data protection policies and this Privacy Policy.
  • Compliance with laws and protection of our rights:We may use and disclose Your Information to a third party if: (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; (ii) to enforce our agreements, policies and terms of service; (iii) to protect our operations and the security or integrity of 1upHealth’s products and services; (iv) to protect the property, rights, and safety of 1upHealth, you, our customers or the public from harm or illegal activities; or (v) to investigate and defend ourselves against any third-party claims or allegations and to allow us to pursue available remedies or limit the damages that we may sustain.
  • Sale of the Business:We may share or transfer Your Information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company. In the event of such an event, an acquiring company will be responsible for informing you about material changes to the way your data is used.
  • Aggregate or non-identifying data:We may share aggregate or other non-Personal Information that does not directly identify you with third parties in order to improve the overall experience of your using our website and the Services that we provide.
We do not rent, sell or share Personal Information about you with other persons for their direct marketing or other purposes, without your permission.

How we secure your information

Maintaining the privacy and security of Your Information is important to us. 1upHealth has implemented appropriate safeguards to prevent unlawful use or disclosure of information. These include administrative, physical, and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of information we receive, maintain, or transmit. Nevertheless, while security of information is of tremendous importance to us, no data transmission (over the internet or any wireless network) or method of electronic storage can be guaranteed to be 100% secure. In the event of a security breach, we will notify affected individuals, regulatory authorities, and others consistent with requirements under federal and state law or contractual obligations.

Information retention

1upHealth’s collection, use, and disclosure of information are generally governed by this Privacy Policy and by law, including by HIPAA. Information maintained to provide our Services to our customers is retained only for as long as we have a valid business purpose and in accordance with applicable law. 1upHealth may retain Your Information as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Privacy Policy. Upon termination of your account, you can request deletion of Your Information. For accounts that have been dormant with no activity for an extended period of time, we will contact individuals directly prior to removing the account and associated health information. Please note that if you are an individual user, closing your account affects only Your Information that is stored on 1upHealth servers. It does not affect, alter or accomplish the deletion of any of Your Information that is stored or maintained on other systems, such as those of your healthcare providers or our other customers that may have, with your permission, provided us with Your Information. 1upHealth indefinitely stores non-Personal Information.

Access and changes to your information

You may modify Your Information that you have submitted by logging into your account and updating your profile information. You may discontinue use of the Services and 1upHealth’s use of Your Information by contacting support@1up.health. In the event you withdraw your consent for use of Your Information, 1upHealth will permanently delete all of your health data from our data stores. However, your Personal Information may persist in Backup Files for up to a year and in our Audit Files for longer periods of time consistent with federal and state laws as well as private organization guidelines that pertain to analogous categories of data and information.

Please note that copies of information that you have updated, modified or deleted may remain viewable in cached and archived pages of the site or application for a period of time. You may also contact us directly if you would like to review, correct, amend, delete or otherwise limit our use of Your Information that has been previously provided to us by contacting us at support@1up.health. Although we will use reasonable efforts to do so, it may not be technologically possible to remove from our systems every record of Your Information. The need to back up our systems to protect information from inadvertent loss means a copy of Your Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

If you have used our Services to share information with another user or a third party, you will not be able to access, update, or delete that shared information. You will need to contact that other user or third party directly. Further, if another user of our website or services submits information that identifies you, you will not be able to access, update, or delete that information.

Certain users - such as health care providers - may be required under applicable laws or regulations to retain information about you for extended periods of time, even indefinitely. Additionally, we may have independent obligations under applicable laws or regulations to retain such information indefinitely. We also retain copies of data stored by our website for indefinite periods of time for disaster recovery and business continuity purposes.

Children’s privacy

1upHealth’s website and Services are not intended for use by individuals under the age of 18. By using this Services, you warrant that you are 18 years of age or older.

International users

Our website is hosted in the United States and our website and services are intended for users located within the United States. No one located outside of the United States should access our website, use our services, or provide us with individually identifiable information.

California privacy rights

California Civil Code Section § 1798.83 permits users of our website who are California residents to request certain information regarding our disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact our Privacy Officer at notices@1up.health.

Third party websites

We are not responsible for the practices employed by websites linked to or from our website nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our website. Please remember that when you use a link to go from our website to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including websites which have a link on our website, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.

Acceptance and Updates to this Privacy Policy

By using our website, you signify your acceptance of this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use our website or our services. We may update this Privacy Policy by posting changes on this website or otherwise notify you directly. Any Privacy Policy changes will be effective for all information that we maintain, even information in existence before the change. Your use of our website following any changes to the Privacy Policy signifies your acceptance of those changes.

Contacting Us

If you have any questions or concerns about the Privacy Policy or 1upHealth, please email us at notices@1up.health.