Effective date: 2/4/2020
What Information does Luna Collect?
Information You Provide to Us:
We receive and store any information you knowingly provide to us. For example, through the registration process and/or through your account settings, we may collect Personal Information such as your name, home address, email address, and phone number. Certain information may be required to register with us or to take advantage of some of our features. We may communicate with you if you’ve provided us the means to do so. For example, if you’ve given us your email address, we may send you promotional email offers on behalf of other businesses, or email you about your use of the Services. If you do not want to receive communications from us, please indicate your preference by unsubscribing from those types of emails or by replying to received text messages that you wish to unsubscribe from such notifications.
Information Collected Automatically:
Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser or device, which may include your IP address, geolocation data, device identification, “cookie” information, the type of browser and/or device you’re using to access our Services, and the page or feature you requested. “Cookies” are identifiers we transfer to your browser or device that allow us to recognize your browser or device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features.
We may use this data to customize content for you that we think you might like, based on your usage patterns. We may also use it to improve the Services – for example, this data can tell us how often users use a particular feature of the Services, and we can use that knowledge to make the Services more helpful to as many users as possible.
What are my rights with respect to my PHI specifically?
Electronic copy of your medical record: You may request an electronic copy of your medical record and other PHI we have about you by contacting us at email@example.com. We will provide you with a copy or summary of your health information within 15 days of your request or as required by law. Your record will be sent via email to the address specified on your account profile.
Correct your medical record: You may request that we correct PHI about you that you think is incorrect or incomplete by contacting us at firstname.lastname@example.org. We may say “no” to your request, but we will tell you why in writing within 60 days of your request or as required by law.
Request confidential communications: You may request that we contact you in a specific way (for example, at your home or office phone) or send email/mail to a different address. We will say “yes” to all reasonable requests.
Restrict access to certain PHI: You may request that we not use or share certain PHI for treatment or payment purposes. We are not required to agree to your request, and we may say “no” if it would affect your care. If you pay for the Services out-of-pocket in full, you may request that we not share that information with your health insurer. We will say “yes” unless a law requires us to share that information.
Request a list of when and with whom we’ve shared your PHI: You may request for a list of when, with whom, and why we shared your PHI for six years prior to your request date (an “Accounting”). We will include all the disclosures except we will not disclose information specifically pertaining to treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We will provide one Accounting each year at no cost to you, however if you request an additional Accounting within such year we will charge a reasonable fee.
Assign an individual medical power of attorney: You may indicate by contacting us at email@example.com if you would like to assign an individual medical power of attorney or indicate an individual as your legal guardian. If you have so indicated, such individual may exercise your rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.
Right to Inspect And Copy Your Health Information. You have a right to inspect and copy your own health information upon request. However, we are not required to provide you access to all health information that we maintain. For example, this right does not extend to information compiled in reasonable anticipation on an administrative proceeding. Access may also be denied if disclosure would reasonably endanger you or another person.
Right to Verbally Object. You have the right to verbally object to certain disclosures that are routinely made for treatment, payment or health care operations or for other purposes without an authorization. For example, you will be given the opportunity to object to the sharing of your health information with a person or family member participating in your treatment.
Right to Opt-Out of Fundraising Communications. We may contact you for fundraising purposes or have someone contact you on our behalf. However, you have the right to opt-out of fundraising communications. You can do so by contacting us at firstname.lastname@example.org.
Right to be Notified Following a Breach of your Information. If you are affected by a breach of your unsecured protected health information by us or our business associates, you have a right to be notified following such breach.
File a complaint if you feel your rights are violated: You may complain if you feel we have violated your rights by contacting us at email@example.com. You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
Will Luna Share Any of the Personal Information it Receives?
We may share your Personal Information with third parties as described in this section:
Information that’s been de-identified: We may de-identify your Personal Information so that you are not identified as an individual, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or de-identified information to a partner (or allow a partner to collect such information) in a manner that would identify you as an individual person.
Affiliated Businesses: In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
Agents: We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you; for example, we may use a payment processing company to receive and process your credit card transactions for us. Unless we tell you differently, our agents do not have any right to use the Personal Information we share with them beyond what is necessary to assist us.
User Profiles and Submissions: Certain user profile information, including your name, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users (such as your Luna Physical Therapist and/or the Luna Concierge) to facilitate user interaction within the Services or address your request for our services. Please remember that any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by anyone. Your user name may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.
Business Transfers: We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
Will Luna Share Any of the PHI it Receives?
We will never (i) rent or sell your PHI; (ii) share your PHI for marketing purposes; or (iii) use or share your PHI other than as described below unless you have given us explicit permission in writing to do so. We may share your PHI with third parties as described in this section:
Family members, guardians, specified individuals: We may share your PHI with your family member, guardian or other individual, only as specifically requested by you or in those circumstances where such individuals are involved in your care or treatment and you have had the opportunity to verbally agree or object and have been notified in advance of such use or disclosure.
Business Associates. With an acknowledgment or proper authorization or as otherwise permitted under HIPAA, we are permitted to disclose your health information to business associates and to allow business associates to receive your health information of our behalf. A business associate is defined under HIPAA as an individual or entity under contract with us to perform or assist us in a function or activity which requires the use of your health information. Examples of business associates include, but are not limited to, consultants, accountants, and third-party billing companies.
Physical Therapists: We may share your PHI with your Luna Physical Therapist in order to provide you the Services, manage your treatment, and improve your health.
Outpatient Clinic Partners of Luna: We may obtain, use, and disclose PHI and related health to any physical therapist or physical therapy clinic that is engaged (for example, co-treatment via Luna and an outpatient clinic) in connection with the provision of physical therapy services to you for purposes of coordinating treatment and payment for services.
Other professionals: If you have communicated to us that you are receiving treatment from a physician, we may share your PHI with that physician’s office.
Emergency: In the event of an emergency or a serious or imminent threat to your health or safety (e.g., you are unconscious), we may share your PHI if we believe it is in your best interest.
Public good and/or Research Purposes: We may share your PHI if we believe it is for the benefit of public health, such as (i) preventing disease; (ii) helping with product recalls; (iii) reporting adverse reactions to medications; (iv) reporting suspected abuse, neglect or domestic violence; (v) preventing or reducing a serious threat to anyone’s health or safety, or for health research purposes. We will only share your PHI in accordance with the law. To find out more, please go to: https://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html
Compliance with law: We reserve the right to access, read, preserve, and disclose any PHI that we believe is necessary to comply with law or court order, including requests from the Department of Health and Human Services to ensure our compliance with federal privacy law.
Address workers’ compensation, law enforcement, mandated reporting and other government requests: We may share PHI about you: (i) for workers’ compensation claims; (i) for law enforcement purposes or with a law enforcement official; (iii) with health oversight agencies for activities authorized by law; (iv) for special government functions such as military, national security, and presidential protective services; (v) for any applicable mandated reporting purposes such as child abuse, sexual assault, intimate partner violence or other mandated reporting.
Treatment Payment and Healthcare Operations. We are permitted to use and disclose your health information in the provision and coordination of your healthcare, in determining coverage, billing, claims management, medical data processing and reimbursement, and as part of Luna’s routine healthcare operations such as utilization reviews, auditing, certification, licensing or credentialing activities.
Authorization. We can use and disclose your health information for purposes other than treatment, payment or healthcare operations with your written authorization. For example, with your authorization we can provide your name and medical condition to companies who might be able to provide you useful items or services. You may revoke your authorization; however, such revocation will not have any effect on uses or disclosures of your health information prior to our receipt of the revocation.
Is Personal Information about me secure?
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We are required by law to maintain the privacy and security of your PHI. If a breach occurs that may have compromised the privacy or security of your PHI, we will promptly inform you by a notice on the website(s) and applications, and follow any applicable laws.
What Personal Information can I access?
Through your account settings or by contacting us, you may access, and, in some cases, edit or delete the following information you’ve provided to us: Name, password, home address, email address, insurance details, and other related user profile information.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at firstname.lastname@example.org.
What choices do I have?
You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
You may be able to add and/or update information as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information will remain in our records after you suspend use of your account as required by law. We may use any aggregated data derived from or incorporating your Personal Information after you add and/or update it, but not in a manner that would identify you personally.
What if I have questions about this policy?
If you have any questions or concerns regarding our privacy policies, please send us a detailed message to email@example.com, and we will try to resolve your questions or concerns.