PRIVACY POLICY

Last Revised: August 14th, 2023

 

The following privacy policy (the “Privacy Policy”) outlines the information Parachute Health, LLC, (“Parachute,” “we” or “us”) may collect and how we may use and disclose that information, and how you can get access to this information, to better serve visitors and users while using our website, www.parachutehealth.com (the “Website”) and our portal, dme.parachutehealth.com (the “Portal”) (collectively, the Website and Portal are the “Services”).

Please review the following carefully so that you understand our privacy practices. When you use the Services, you understand that Parachute may collect, use and disclose technical data and related information about you in various ways subject to the terms of the Privacy Policy. If you have questions about this Privacy Policy, please contact us at legal@parachutehealth.com.

I. Eligibility Requirements (age and licensing)

The Services are intended for use by licensed clinicians, the staff of licensed clinicians, and staff employed by suppliers of medical equipment and services. Persons under 18 or any individuals not described above are not allowed to register with or use the Services. Please refer to our Terms of Use ( www.parachutehealth.com/termsofuse ) for additional information about age verification and eligibility.

Parachute does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register on the Services.

In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental or guardian consent, we will delete that information. If you believe that we might have any information from or about a child under 13 without parental or guardian consent, please contact us.

II. Information We Collect

Upon registration with the Services, a user profile is required to customize the functionality surfaced to the user. We collect certain personally identifiable information, including name, email, licenses required for certain authorizations, and professional affiliation (collectively, “Personal Information”). 

A. Information We Collect about Patients 

We may collect the following information about the patient (“Patient”) from the Patient’s applicable clinician (“Clinician”) through the Portal with the Patient’s prior written consent, as applicable, and as obtained by Clinician:

  • Email

  • Name

  • Date of Birth

  • Phone Number

  • Address and Zip Code

  • Insurance Information, including a copy of Patient’s insurance card

  • Credit card information for the purpose of co-payments and private payments

  • Clinician, facility and Supplier Information

  • Emergency contact name, phone number, email

Communication with suppliers and providers

  • Prescription and other order information, including, among other things, name of equipment or services required, length of need, and usage instruction

  • Medical Diagnosis, treatment history, lab tests, height, weight, gender and any other health information necessary for filling prescription and other orders through the Portal.

Clinician agrees to obtain all required Patient consents or authorizations before submitting any Patient information to the Portal.

B. Information We Collect About Clinicians

We may collect the following information about the Clinician (or other members of the Clinician’s practice that may assist the Clinician in using the Portal):

  • Name

  • Email

  • Phone Number

  • Fax Number

  • Password

  • Address

  • Medical license information including unique identifier, credentialing, and specialty

  • Physician relationships with specific healthcare facilities

  • Communication with patients and suppliers

C. Information We Collect About Suppliers

We may collect the following information about the supplier:

  • Business name

  • Email

  • Password

  • Address

  • Supplier license information, as applicable

  • Employee Profiles

  • Insurance accepted

  • Geographies covered

  • Competitive bid pricing

  • Inventory

  • Delivery times, confirmations, personnel

  • Communication to and from providers/patients

In addition, the following additional information can be collected via the Portal:

  • Prescription and other order status information regarding whether prescriptions or orders have been filled or need to be filled

  • Transaction history information, including date of transaction, cost of prescription or order, co-pay amount, name of Patient and prescribing Clinician enrolled in the Services

  • Previous payment information for Patients enrolled in Services

D. Cookies and Authentication Tokens 

To help us serve your needs better, we use “cookies” to store and sometimes track user non-Personal Information, such as your IP address and click tracking. A cookie is a small amount of data that is sent to your browser from a web server and stored on your computer’s hard drive. A website can use cookies to recognize repeat users or track web usage behavior. Cookies work by assigning a number to the user that has no meaning outside of the assigning website. Users of the Services should be aware that non-Personal Information and data may be automatically collected by virtue of the standard operation of Parachute’s computer servers or through the use of cookies. If you do not want information to be collected through the use of cookies, your browser allows you to deny or accept the use of cookies. There may, however, be some features of the Services which require the use of cookies in order to customize the delivery of information to you.

For security purposes, an authentication token is granted when you provide valid credentials that lasts 12 hours, then cuts off access and re-prompts for credentials again [see VII security for details].

Users should be aware that Parachute cannot control the use of cookies (or the resulting information) by third-parties. The use of third party cookies is not covered by our Privacy Policy. We do not have access or control over these cookies.

We may also use services hosted by third parties, such as Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to assist in providing the Services. Google Analytics uses cookies to help us analyze how users use the Services. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to, and stored by, Google on their servers. Google will use this information for the purpose of evaluating your use of the Services, compiling reports on website activity for us and providing other services relating to website activity and Internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of the Services. By using the Services, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

III. How We Use Your Information

A. To Provide the Services

We use the information that we collect from you to provide you with the Services, support and enhance your use of the Services, to monitor which features of the Services are used most and to allow us to determine which features we need to focus on improving. If you choose to provide us with Personal Information, you consent to the transfer and storage of that information on our servers located in the United States.

We may also use your contact information to send you push, email, SMS and other types of notifications regarding the prescription or order fulfillment process, or other information that you have requested notifications about. The frequency of these messages will be based on the number of orders placed, followed or processed by your user account on the platform.  You may opt-out of these communications if you do not wish to receive them by changing settings on your account profile.

If opting-in to receive SMS notifications, note that message and data rates may apply from the users cell phone carrier. Phone carriers or the Services are not liable for delayed or undeliverable messages.

We use non-Personal Information collected from users of the Services in the aggregate, so that we can improve the Services and for business and administrative purposes. 

B. Clinician Information 

Information regarding Clinicians is collected via the Portal and is used to create Clinician accounts that can be accessed through the Services. Suppliers are able to see the source of the prescription or other order. 

C. Vendor Information 

Information regarding Suppliers is collected via the Portal and is used to create Supplier accounts that can be accessed through the Services. Clinicians are able to see the destination of the prescription or other order. 

D. Patient Information 

Patient information submitted through the Services is used for the processing of patient prescriptions or other orders at the Supplier and for prescribing to Patients by Clinicians. 

E. Diagnose Website Problems 

Parachute uses your Internet Protocol (IP) address, browser type and other common browser metadata to help diagnose problems with our computer server, and to administer the Website. Your IP address is also used to gather broad demographic data. 

F. Service-related Announcements 

We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.

Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account. 

G. Customer Service 

We will send you a welcoming email to the address you provide at registration to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email, or by phone if that is your preferred method of communication. By providing a telephone number, you consent to us contacting you at that number for the purposes outlined in this Privacy Policy. You may revoke your consent to be contacted at any time by making the change on our user information page or by emailing us at support@parachutehealth.com. We will respond to your access request within 30 days.

IV. Our Disclosure of Your Information

Clinicians and Suppliers only have access to the information that each needs to access for purposes of fulfilling the Services. We do not share any information with external entities other than as provided below. 

A. Aggregated Data 

Parachute may share aggregated usage and log data collected from users of the Services with third parties for industry analysis and demographic profiling, but such aggregated data will not include any Personal Information. 

B. Third Party Service Providers 

We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, provide customer support, perform Services-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Services’ features) or to assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf, and we will contractually require them to protect and safeguard your Personal Information to at least the same extent that we do. We do not store any of the credit card data we collect but instead license to external PCI compliant vendors to store and transfer payment information. We contractually require these vendors to maintain PCI compliance. 

C. Law Enforcement 

Parachute cooperates with government and law enforcement officials, agencies and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials, agencies or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (including but not limited to subpoenas), to protect the property and rights of Parachute or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity. 

D. Business Transfers 

In the event that all or a substantial portion of the assets, business or stock of Parachute are acquired by, merged with or transferred to another party, or in the event that Parachute goes out of business or enters bankruptcy, your Personal Information may be one of the assets that is transferred to or acquired by the third party. You acknowledge that such transfers may occur, and that any acquirer of Parachute or its assets may continue to use your Personal Information as set forth in this Privacy Policy. If any acquirer of Parachute or its assets will use your Personal Information contrary to this Privacy Policy, you will receive prior notice. 

V. Accessing and Updating Your Personal Information and Preferences

If your Personal Information changes, or if you no longer desire our Services, or if you wish to update your preferences to receive email or other communications from us, you may correct, delete inaccuracies, or amend your Personal Information and preferences by making the change on our user information page or by emailing us at support@parachutehealth.com. We will respond to your access request within 30 days.

VI. Retention of Personal Information

All information submitted by Clinicians and Suppliers through the Services is stored in an encrypted HIPAA-compliant database supported by Amazon Web Services or directly in encrypted files.

VII. Security

Users are only granted access to our system with a username and password. Upon providing valid credentials, a user is granted an authentication token that lasts 12 hours, then cuts off access and re-prompts for credentials again.

All access to our site is conducted via https (TLS encryption). All internal communications are TLS (Transport Layer Security) encrypted as well. All information we collect is securely stored within our database, and we use standard, industry-wide, commercially reasonable security practices such as 256-bit encryption, firewalls and TSL.

However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply won’t be intercepted while being transmitted to us over the Internet, and any information you transmit to Parachute you do at your own risk. We recommend that you use unique numbers, letters and special characters in your password and not disclose your password to anyone. For your protection, Parachute may also require you to use a two-factor authentication process to verify the identity of your account. If you do share your password or Personal Information with others, you are responsible for all actions taken in the name of your account. If your password has been compromised for any reason, you should immediately notify Parachute at support@parachutehealth.com and change your password.

VIII. Individual California Residents

California Civil Code Section § 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties, if any, for their direct marketing purposes (which Parachute does not currently engage in) or choose to opt out of such disclosure. To make such a request, you may contact us by email atsupport@parachutehealth.com.

IX. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Website and in the Portal prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

X. Contact us

If you have questions or concerns regarding this Privacy Policy, you should contact us at:

 

Parachute Health, LLC

Attention: Privacy Officer

100 Overlook Center, 2nd Floor Princeton, NJ 08540

legal@parachutehealth.com