Last Revised: Oct 17th, 2016
I. Eligibility Requirements (age and licensing)
Parachute does not knowingly collect or solicit Personal Information from anyone under the age of 13 or knowingly allow such persons to register on the Services.
In the event that we learn that we have collected Personal Information from a child under age 13 without verification of parental or guardian consent, we will delete that information. If you believe that we might have any information from or about a child under 13 without parental or guardian consent, please contact us.
II. Information We Collect
Upon registration with the Services, a user profile is required to customize the functionality surfaced to the user. We collect certain personally identifiable information, including name, email, licenses required for certain authorizations, and professional affiliation (collectively, “Personal Information”).
A. Information We Collect about Patients
We may collect the following information about the patient (“Patient”) from the Patient’s applicable clinician (“Clinician”) through the Portal with the Patient’s prior written consent, as applicable, and as obtained by Clinician:
- Date of Birth
- Phone Number
- Address and Zip Code
- Insurance Information, including a copy of Patient’s insurance card
- Credit card information for the purpose of co-payments and private payments
- Clinician, facility and Supplier Information
- Emergency contact name, phone number, email
Communication with suppliers and providers
- Prescription and other order information, including, among other things, name of equipment or services required, length of need, and usage instruction
- Medical Diagnosis, treatment history, lab tests, height, weight, gender and any other health information necessary for filling prescription and other orders through the Portal.
Clinician agrees to obtain all required Patient consents or authorizations before submitting any Patient information to the Portal.
B. Information We Collect About Clinicians
We may collect the following information about the Clinician (or other members of the Clinician’s practice that may assist the Clinician in using the Portal):
- Phone Number
- Fax Number
- Medical license information including unique identifier, credentialing, and specialty
- Physician relationships with specific healthcare facilities
- Communication with patients and suppliers
C. Information We Collect About Suppliers
We may collect the following information about the supplier:
- Business name
- Supplier license information, as applicable
- Employee Profiles
- Insurance accepted
- Geographies covered
- Competitive bid pricing
- Delivery times, confirmations, personnel
- Communication to and from providers/patients
In addition, the following additional information can be collected via the Portal:
- Prescription and other order status information regarding whether prescriptions or orders have been filled or need to be filled
- Transaction history information, including date of transaction, cost of prescription or order, co-pay amount, name of Patient and prescribing Clinician enrolled in the Services
- Previous payment information for Patients enrolled in Services
D. Cookies and Authentication Tokens
For security purposes, an authentication token is granted when you provide valid credentials that lasts 4 hours, then cuts off access and re-prompts for credentials again [see VII security for details].
Parachute does not track users across third party websites, and therefore does not use or respond to “do not track” signals in your web browser.
III. How We Use Your Information
A. To Provide the Services
We use the information that we collect from you to provide you with the Services, support and enhance your use of the Services, to monitor which features of the Services are used most and to allow us to determine which features we need to focus on improving. If you choose to provide us with Personal Information, you consent to the transfer and storage of that information on our servers located in the United States.
We may also use your contact information to send you push, email and other types of notifications regarding the prescription or order fulfillment process, or other information that you have requested notifications about. You may opt-out of these communications if you do not wish to receive them.
We use non-Personal Information collected from users of the Services in the aggregate, so that we can improve the Services and for business and administrative purposes.
B. Clinician Information
Information regarding Clinicians is collected via the Portal and is used to create Clinician accounts that can be accessed through the Services. Suppliers are able to see the source of the prescription or other order.
C. Supplier Information
Information regarding Suppliers is collected via the Portal and is used to create Supplier accounts that can be accessed through the Services. Clinicians are able to see the destination of the prescription or other order.
D. Patient Information
Patient information submitted through the Services is used for the processing of patient prescriptions or other orders at the Supplier and for prescribing to Patients by Clinicians.
E. Diagnose Website Problems
Parachute uses your Internet Protocol (IP) address to help diagnose problems with our computer server, and to administer the Website. Your IP address is also used to gather broad demographic data. It is not stored or linked to your personal profile information, such as name or contact information.
F. Service-related Announcements
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account.
G. Customer Service
IV. Our Disclosure of Your Information
Clinicians and Suppliers only have access to the information that each needs to access for purposes of fulfilling the Services. We do not share any information with external entities other than as provided below.
A. Aggregated Data
Parachute may share aggregated usage and log data collected from users of the Services with third parties for industry analysis and demographic profiling, but such aggregated data will not include any Personal Information.
B. Third Party Service Providers
We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, provide customer support, perform Services-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Services’ features) or to assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf, and we will contractually require them to protect and safeguard your Personal Information to at least the same extent that we do. We do not store any of the credit card data we collect but instead license to external PCI compliant vendors to store and transfer payment information. We contractually require these vendors to maintain PCI compliance.
C. Law Enforcement
Parachute cooperates with government and law enforcement officials, agencies and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials, agencies or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal processes (including but not limited to subpoenas), to protect the property and rights of Parachute or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, an illegal, unethical or legally actionable activity.
D. Business Transfers
V. Accessing and Updating Your Personal Information and Preferences
If your Personal Information changes, or if you no longer desire our Services, or if you wish to update your preferences to receive email or other communications from us, you may correct, delete inaccuracies, or amend your Personal Information and preferences by making the change on our user information page or by emailing us at firstname.lastname@example.org . We will respond to your access request within 30 days.
VI. Retention of Personal Information
All information submitted by Clinicians and Suppliers through the Services is stored in an encrypted HIPAA-compliant database supported by Amazon Web Services or directly in encrypted files.
Users are only granted access to our system with a username and password. Upon providing valid credentials, a user is granted an authentication token that lasts 4 hours, then cuts off access and re-prompts for credentials again.
All access to our site is conducted via https (TLS encryption). All internal communications are TLS (Transport Layer Security) encrypted as well. All information we collect is securely stored within our database, and we use standard, industry-wide, commercially reasonable security practices such as 256-bit encryption, firewalls and TSL.
However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information you supply won’t be intercepted while being transmitted to us over the Internet, and any information you transmit to Parachute you do at your own risk. We recommend that you use unique numbers, letters and special characters in your password and not disclose your password to anyone. For your protection, Parachute may also require you to use a two-factor authentication process to verify the identity of your account. If you do share your password or Personal Information with others, you are responsible for all actions taken in the name of your account. If your password has been compromised for any reason, you should immediately notify Parachute at email@example.com and change your password.
VIII. Individual California Residents
California Civil Code Section § 1798.83 permits users of our Services that are California residents to request certain information regarding our disclosure of Personal Information to third parties, if any, for their direct marketing purposes (which Parachute does not currently engage in) or choose to opt out of such disclosure. To make such a request, you may contact us by email firstname.lastname@example.org.
X. Contact us
Parachute Health, LLC
Attention: Privacy Officer
120 E 23rd St, FL 5, New York, NY 10010