Go to Content Go to Navigation Go to Navigation Go to Site Search Homepage

Privacy Policy & Notice of Privacy Practices
Planned Parenthood Direct

THIS PRIVACY POLICY AND NOTICE (“NOTICE”) DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

For the avoidance of doubt, this Notice is related solely to the Service available through the Planned Parenthood Direct mobile application (the “PP Direct App”) and is different from the Notice of Privacy Practices that governs any care you receive in a Planned Parenthood health center and different from Privacy Policies on Planned Parenthood websites. 

OUR PLEDGE REGARDING YOUR HEALTH INFORMATION 


We understand that health information about you and your health care is personal and we are committed to protecting such health information. We will create records of the care you receive from us. We do so to provide you with quality care and to comply with any legal requirements. 

This Notice applies to all of the records generated or received by the Planned Parenthood Affiliates, whether we documented the health information or you provided the health information. This Notice will describe the manner in which we may use your health information, your rights to the health information we keep about you, and certain obligations we have regarding the use and disclosure of your health information. This Notice also describes the risk of using electronic communications and the risk of us electronically storing your health information related to the Service. 


INTRODUCTION 

This Notice is being provided to you on behalf of Kaleido Health Solutions, Inc. (“Kaleido”, also referred to herein as “we” or “our” or “us”). Kaleido operates the Planned Parenthood Direct mobile application (the “App”). Kaleido is a contracting partner of certain regional Planned Parenthood member affiliates governed by the Bylaws of Parenthood Federation of America, Inc. (the “PP Affiliates”). The App enables the PP Affiliates to offer an online telehealth service (the “Service”) that, when clinically appropriate, allows patients to obtain a limited range of health care from the PP Affiliate providers. Kaleido is the owner and operator of the App and does not provide healthcare services. We understand that your medical information is private and confidential. Further, we are required by law, as a business associate of the PP Affiliates, to maintain the privacy of “protected health information.” “Protected health information” or “PHI” includes any individually identifiable information that we obtain from you or others that relates to your past, present or future physical or mental health, the health care you have received, or payment for your health care. We will share protected health information with one another, as necessary, to carry out treatment, payment, or health care operations relating to the services to be rendered through the PP Direct App. 

As required by law, this Notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of PHI. This Notice also discusses the uses and disclosures we may make with respect to your PHI. We must comply with the provisions of this Notice as currently in effect, although we reserve the right to change the terms of this Notice from time to time and to make the revised Notice effective for all PHI we maintain.   

PERMITTED USES AND DISCLOSURES 

We can use or disclose your PHI for purposes of treatment, payment, and health care operations. For each of these categories of uses and disclosures, we have provided a description and an example below. However, not every particular use or disclosure in every category will be listed. 

  • Treatment means the provision, coordination or management of your health care, including consultations between health care providers relating to your care and referrals for health care from one health care provider to another. For example, copies of your treatment records for contraceptive services may be shared with your primary care physician or other treating practitioner pursuant to your request or as otherwise required by law. We may also disclose health information about you to other PP Affiliate providers, or other doctors, nurses, technicians, health students, volunteers or other personnel who are involved in taking care of you. We also may share your PHI with a pharmacy network or software provider if you request or receive a prescription from a PP Affiliate provider. 

  • Payment means the activities we undertake to obtain reimbursement for the health care provided to you by the PP Affiliate provider, including billing, collections, claims management, and determinations of eligibility and coverage. For example, we will need to share the credit or debit card details you provide with our bank and payment processor. We may also need to provide PHI to your Third Party Payor to determine whether the proposed course of treatment will be covered or if necessary to obtain payment. Federal or state law may require us to obtain a written release from you prior to disclosing certain specially protected PHI for payment purposes, and we will ask you to sign a release when necessary under applicable law. 

  • Health Care Operations means the support functions of the PP Affiliates, related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient comments and complaints, practitioner reviews, compliance programs, audits, accreditation, business planning, development, legal advice, management and administrative activities. For example, we may use your PHI to evaluate the performance of PP Affiliate staff when caring for you. We may also combine PHI about many patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose PHI for review and learning purposes.  In addition, we may remove information that identifies you so that others can use the de­identified information to study health care and health care delivery without learning who you are.  

OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION 

We may also use your PHI in the following ways: 

  • To provide appointment or refill reminders. 

  • To tell you about or recommend possible treatment alternatives or other health-related benefits and services that may be of interest to you. 

  • When permitted by applicable law, we may coordinate our uses and disclosures of PHI with public or private entities authorized by law to receive such information. 

  • We will use or disclose PHI about you when required to do so by applicable law. 

  • We share your telephone number with various telecommunications providers when we telephone you, or use your telephone to message you or otherwise communicate with you. 

  • We use a number of technologies to collect technical information about you. We use this technical information to understand how you and others use the Service. These technologies include Cookies, navigational data like Uniform Resource Locators (URLs), and third party tracking software, including Google Analytics, Facebook SDK and AppsFlyer. These technologies let us do a number of things to improve our operations and specifically enable us to collect: data on websites you visited before downloading the App; tracking data on some of the actions you take within the App; information such as your IP address; geo-location data; data about the model and make of your mobile telephone handset and the operating system you have running on your handset and the mobile telephone carrier you are using. Because we use Google Analytics, Facebook SDK and AppsFlyer, a sub-set of your personal information will be captured by Google, Facebook and AppsFlyer, including your IP address, MAC address, click data, location data, data about your mobile handset including make, model and operating system, order number, and the fact that you are using the Service. While we do not enter into agreements with Google, Facebook or AppsFlyer to protect your information to the same extent that we protect your information, Google, Facebook and AppsFlyer are restricted in how they use your information by their respective Terms of use and their respective Privacy Policies. 

Because the PP Affiliate providers provide the Service on a mobile application, we do not respond to ‘Do not track’ requests from web browsers. However when you have registered and created an account on the App, you can turn off analytical tracking within the App by going into Settings and turning off ‘Allow Tracking’. 

Note: incidental uses and disclosures of PHI sometimes occur and are not considered to be a violation of your rights. Incidental uses and disclosures are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented. 

CONSENT TO MARKETING COMMUNICATIONS FROM PLANNED PARENTHOOD 

When you register for this Service on the PP Direct App, we will send an email to the email address you provide and a text message to the phone number you provide. If you click on the initial email we send you, we may also send you marketing emails to encourage you to use our Service again or to tell you about new online services we are launching. 

By giving us your email address you are agreeing to us sending you emails. It will be clear to anyone who sees the emails we send you on behalf of the PP Affiliates that the emails come from Planned Parenthood. Anyone who gets or has access to an email we send you can read, forward, copy, delete or change it. This includes people who have permission to read your emails and those who do not. 

By giving us your telephone number you are agreeing to us calling you and leaving voice messages and sending you text messages on the number you provide. It will be clear to anyone who has access to your telephone or voicemail or text messages that messages we send you come from Planned Parenthood. 

SPECIAL SITUATIONS 

Subject to the requirements of applicable law, we will make the following uses and disclosures of your PHI: 

  • Military and Veterans. If you are a member of the Armed Forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority. 

  • Research. There may be situations where we want to use and disclose health information about you for research purposes. For example, a research project may involve comparing the efficacy of one medication over another. For any research project that uses your health information, we will either obtain an authorization from you or ask an Institutional Review or Privacy Board to waive the requirement to obtain authorization. A waiver of authorization will be based upon assurances from a review board that the researchers will adequately protect your health information. 

  • Public Health Activities. We may disclose PHI about you for public health activities, including disclosures:  

  • to prevent or control disease, injury or disability; 

  • to report births and deaths; 

  • to report child abuse or neglect; 

  • to persons subject to the jurisdiction of the Food and Drug Administration (FDA) for activities related to the quality, safety, or effectiveness of FDA-regulated products or services and to report reactions to medications or problems with products; 

  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; 

  • to notify the appropriate government authority if we believe that an adult patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if the patient agrees or when required or authorized by law. 

  • Health Oversight Activities. We may disclose PHI to federal or state agencies that oversee PP Affiliates’ activities providing health care, seeking payment, and civil rights. 

  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI subject to certain limitations. 

  • Law Enforcement. We may release PHI if asked to do so by a law enforcement official: 

  • In response to a court order, warrant, summons or similar process; 

  • To identify or locate a suspect, fugitive, material witness, or missing person; 

  • About the victim of a crime under certain limited circumstances; 

  • About a death we believe may be the result of criminal conduct; or 

  • In emergency circumstances, to report a crime, the location of the crime or the victims, or the identity, description or location of the person who committed the crime. 

  • Coroners, Medical Examiners and Funeral Directors. We may release PHI to a coroner or medical examiner. We may also release PHI about patients to funeral directors as necessary to carry out their duties. 

  • National Security and Intelligence Activities. We may release PHI about you to authorized federal officials for intelligence, counterintelligence, other national security activities authorized by law or to authorized federal officials so they may provide protection to the President or foreign heads of state. 

  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release PHI about you to the correctional institution or law enforcement official. This release would be necessary (1) to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution. 

  • Serious Threats. As permitted by applicable law and standards of ethical conduct, we may use and disclose PHI if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or is necessary for law enforcement authorities to identify or apprehend an individual. 

Note: HIV-related information, genetic information, alcohol and/or substance abuse records, mental health records and other specially protected health information may enjoy certain special confidentiality protections under applicable state and federal law. Any disclosures of these types of records will be subject to these special protections. 

OTHER USES OF YOUR HEALTH INFORMATION 

Certain uses and disclosures of PHI will be made only with your written authorization, including uses and/or disclosures: (a) for marketing purposes, and (b) that constitute a sale of PHI under the HIPAA Privacy Rule. Other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written authorization. You have the right to revoke that authorization at any time, provided that the revocation is in writing, except to the extent that we already have taken action in reliance on your authorization. 

YOUR RIGHTS 

  1. You have the right to request restrictions on our uses and disclosures of PHI for treatment, payment and health care operations. However, we are not required to agree to your request unless the disclosure is to a health plan in order to receive payment, the PHI pertains solely to your health care items or services for which you have paid the bill in full, and the disclosure is not otherwise required by law. To request a restriction, you may make your request in writing to Celine Chan,  Privacy Officer at [email protected] 
  2. You have the right to reasonably request to receive confidential communications of your PHI by alternative means or at alternative locations. To make such a request, you may submit your request in writing to our Privacy Officer. 
  3. You have the right to inspect and copy the PHI contained in our records, except: 
    • for information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; 
    • for PHI involving laboratory tests when your access is restricted by law; 
    • if you are a prison inmate, and access would jeopardize your health, safety, security, custody, or rehabilitation or that of other inmates, any officer, employee, or other person at the correctional institution or person responsible for transporting you; 
    • if we obtained or created PHI as part of a research study, your access to the PHI may be restricted for as long as the research is in progress, provided that you agreed to the temporary denial of access when consenting to participate in the research; 
    • for PHI contained in records kept by a federal agency or contractor when your access is restricted by law; and 
    • for PHI obtained from someone other than us under a promise of confidentiality when the access requested would be reasonably likely to reveal the source of the information. 

In order to inspect or obtain a copy of your PHI, you may submit your request in writing to Celine Chan, Privacy Officer at [email protected] If you request a copy, we may charge you a fee for the costs of copying and mailing your records, as well as other costs associated with your request. 

We may also deny a request for access to PHI under certain circumstances if there is a potential for harm to yourself or others. If we deny a request for access for this purpose, you have the right to have our denial reviewed in accordance with the requirements of applicable law. 

4. You have the right to request an amendment to your PHI but we may deny your request for amendment, if we determine that the PHI or record that is the subject of the request: 

  • was not created by us, unless you provide a reasonable basis to believe that the originator of PHI is no longer available to act on the requested amendment; 

  • is not part of your medical or billing records or other records used to make decisions about you; 

  • is not available for inspection as set forth above; or 

  • is accurate and complete. 

In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records. In order to request an amendment to your PHI, you must submit your request in writing to Celine Chan, Privacy Officer at [email protected], along with a description of the reason for your request. 

5. You have the right to receive an accounting of disclosures of PHI made by us to individuals or entities other than to you for the six years prior to your request, except for disclosures: 

  • to carry out treatment, payment, and health care operations as provided above;  

  • incidental to a use or disclosure otherwise permitted or required by applicable law; 

  • pursuant to your written authorization; 

  • to persons involved in your care or for other notification purposes as provided by law; 

  • for national security or intelligence purposes as provided by law; 

  • to correctional institutions or law enforcement officials as provided by law; 

  • as part of a limited data set as provided by law. 

To request an accounting of disclosures of your PHI, you must submit your request in writing to our Privacy Officer. Your request must state a specific time period for the accounting (e.g., the past three months). The first accounting of disclosures you request within a 12-month period will be free. For additional requests for an accounting, we may charge you for the costs of providing the accounting. We will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred. We will mail you a list of disclosures in paper form within 30 days of your request, or notify you if we are unable to supply the list within that time period and by what date we can supply the list; but this date should not exceed a total of 60 days from the date you made the request. 

6. By using the App, you forgo your right to request that we communicate with you in a certain way. The nature of the Service is that, other than the hard copy communications we mail to you with a prescription, all other communications will be electronic or by telephone. 

7. You have the right to receive a notification, in the event that there is a breach of your unsecured PHI, which requires notification under the Privacy Rule. 

RISKS ASSOCIATED WITH ELECTRONIC COMMUNICATIONS AND THE STORING OF YOUR PHI ELECTRONICALLY 

We understand the importance of protecting your PHI and take our security obligations very seriously. We take a number of steps to safeguard the privacy and security of all electronic communications we send to you and that you may send to us through the PP Direct App. We also take a number of steps to safeguard the security of your PHI that we store in our various electronic systems. However, any device or application connected to the Internet is susceptible to a security breach, despite the level of administrative, technical, and physical safeguards employed. This means that there is a risk that unauthorized parties may be able to access and read electronic communications about you or pertaining to the care that we provide to you through the PP Direct App. By using the App, you agree that you have read, understand, and accept this risk. 

We also take safeguards to ensure that any photo that you upload through the PP Direct App is only accessible through the PP Direct App. Despite the safeguards we take, however, there is a risk that any photo you upload may be accessible to third parties, including elsewhere on your mobile phone and visible to others who may access your phone. If you back-up data from your phone, there is a risk that your PHI may be backed up and stored elsewhere. 

COMPLAINTS 

If you believe that your privacy rights have been violated, you should immediately contact Celine Chan, Privacy Officer at [email protected] We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

CONTACT PERSON 

If you have any questions or would like further information about this Notice, please contact  Celine Chan, Privacy Officer at [email protected]  

This Notice is effective as of August 14, 2017