Homestretch Privacy Policy

Last Updated: September 11, 2012

Purpose and Scope

This Privacy Policy describes our privacy practices in connection with our collection, use, access, maintenance, disclosure, and transmission of information we receive about you when you use of Homestretch (the “Service”), a Web-based service provided by Tanglewild Partners, LLC d/b/a Homestretch (“we” or “us”) that enables a physical therapy provider (“Practitioner”) to assist his or her patients (each a “Patient”) with their therapy by providing them with access to selected videos and other information (the “Content”) and internal communications tools (collectively, the “Tools”) that can help Patients obtain answers to questions about their therapy. We provide the Service from our Web site with the primary domain name www.homestretchhealth.com (the “Site”).

This Privacy Policy is not a HIPAA privacy notice. Instead, it describes our privacy practices on the Service that we offer to Practitioners. If you are a Patient, your Practitioner maintains a separate HIPAA privacy notice. If you have questions about your Practitioner’s privacy practices, consult with your physical therapist.

We take the privacy of Patient and Practitioner information seriously. This Privacy Policy applies to your personal information whether you are a Patient, Practitioner, or an authorized employee or independent contractor of a Practitioner using the Service on the Practitioner’s behalf. It applies to the information we collect online, but does not apply to information collected in different forums, including information collected offline by us or by a Practitioner. Please be sure to read this Policy before using or submitting information to the Service. The Policy may change from time to time, so please check back periodically.

Access to Service

A Practitioner may register to use the Service for him or herself or as an administrator for a practice. In order to register, a Practitioner must provide personally identifiable information to create access credentials and establish an account for the Service. For example, we may request a first and last name, email address, and payment information in order to register for the Service. A Practitioner who serves as administrator for a practice will be responsible for creating user credentials for other Practitioners in his or her practice and for establishing security controls governing their access to data.

A Practitioner also may sign Patients up to use the Service by providing a Patient’s name and email address to the Service. This results in the transmission of an email to Patient with a link to the Site where the Patient may create his or her unique user credentials.

The Practitioner also may select videos and other content to be viewed by the Patient and may leave specific instructions or comments for the Patient using the communications tools in the Service. This information may include information about the Patient’s health.

Use of the Service by Minors

This Service is not intended to collect information on children younger than 13 years of age. A parent or legal guardian may access and use the Content and Tools on the Service for the benefit of a child age 13 or older, but must register and be responsible for any such use.

Types of Information Collected; Use of Information

Access to the Service requires information that can be used to identify a Practitioner or Patient individually (“Personally Identifiable Information” or “PII”). Establishing Patient user credentials and communications between Patients and Practitioners using the Tools may also include information about individuals’ past, present and future physical health, illness, injury or treatment that is identifiable to the Patient (“Personal Health Information” or “PHI”). The Patient and Practitioner share responsibility for ensuring that the information collected on the Service is accurate and complete, and for making appropriate changes or corrections when necessary. The specific types of information collected through use of the Service are as follows:

  • Personal Information Collected at Registration. When you register to use the Service as a Patient or Practitioner, we require you to provide certain Personally Identifiable Information, including first and last name, credentials (for Practitioners), email address, and (for Practitioners) practice affiliation. Registration with the Service will also generate additional identifiers in the form of a user ID and password. Finally, Patients or Practitioners may provide further personally identifying information through their use of the Tools. We use all of this information to provide the Service and to contact you in connection with your use of the Service.
  • Medical Information. In using the Service, Practitioners and Patients may submit information to our Site regarding the Patient’s diagnosis, current plan of treatment, assigned therapy(ies), symptoms and medications may be included in registrations, progress notes and records created using the Tools on the Service, or in questions that Patients submit to Practitioners via the Service. We use this information only to provide the Service and facilitate these communications. If you are a Patient, our use and disclosure of the PHI you submit to the Service is governed by this Privacy Policy. Your Practitioner’s use and disclosure of your PHI, however, is described in your Practitioner’s separate HIPAA privacy notice. If you have questions about your Practitioner’s privacy practices, consult with your physical therapist and request to see his or her HIPAA privacy notice.
  • Activity/Log files. We receive and store certain types of information whenever users interact with our Service, and use this information to authenticate users, analyze trends, administer the Services and Tools, and monitor traffic and usage patterns. We obtain certain types of information when your Web browsers accesses our Service, such as the Internet Protocol (IP) address of your computer, information about your browser software and operating system, and the date and time you access our Site. We use “cookies” to collect this information. “Cookies” are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser to enable our systems to recognize your browser and to provide certain features on the Site. The “Help” feature in most Web browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable some cookies altogether. Keep in mind, however, that disabling cookies may result in some features of the Service not working properly or becoming inaccessible to you. To maintain Practitioner and Patient privacy, we do not associate cookies or IP addresses with any records containing personal information.

Access, Use and Disclosure of Information

We do not disclose PII or PHI collected by the Service to any third party, except as set forth in this Privacy Policy or with your consent.

The circumstances under which we disclose PHI and PII are as follows:

  • To Avoid Liability or Harm to Us or Others. We will disclose PII or PHI when we believe in good faith that (a) the law requires it; (b) the disclosure is necessary to protect, defend or assert our legal or property rights; (c) act to protect the personal safety of a Patient, Practitioner, or other person in an emergency. In the event that we believe in good faith that we are legally required to disclose your PII or PHI, we will notify (or require the requestor to notify, as appropriate) you unless doing so would violate an applicable law or court order.
  • To Support Interactions Between Practitioners and Patients. Practitioner may access PHI or PII submitted to the Service by Patients or other Practitioners in their practice to provide support, respond to questions or communications, adjust treatment, and or assign different content for Patients to view.
  • Third Party Service Providers. We rely on third party service providers to assist us in certain aspects of hosting, operating and maintaining the Site and Service. We may provide these Service Providers with access to your PHI or PII, or activity or log files for your computer, on a limited basis, but we limit any such disclosure to the information reasonably necessary to perform its limited function for us, and require all contractors and affiliates who have access to PII and PHI to execute binding agreements obligating them to (a) protect the PII and PHI consistently with this Privacy Policy, and (b) not further use or disclose PII or PHI for any purpose other than fulfilling their obligations to us with respect to the Service or as required by law.
  • Aggregate Information. We may share with any contractor, affiliate, agent or other U.S. Government agency, non-personally identifiable information and statistical information about Patients and/or Practitioners as a group, such as usage habits, demographics and similar information that is stripped of components that we believe could permit direct identification or contact of such individuals.
  • Business Transfers. If we (or our assets) are acquired by another company, PII and PHI posted to the Service would be among the assets transferred to the acquirer. In the event of such an acquisition, the Privacy Policy in force at the time of this transfer, together with your Practitioner’s HIPAA privacy notice, would continue to apply your information.

Storage and Maintenance of Information

Information collected on this Service is maintained in databases that are located on servers hosted by our service provider. With the exception of information created using the Tools, PII is not stored in the same database as PHI. Access credentials likewise are stored separately and are accessible only to individuals whose roles require that they have access.

Security

We use physical, technical and administrative safeguards to help prevent the loss, misuse or alteration of personal information under our control. Data, including the nature of content assigned to a Patient is stored in databases in encrypted form. We use industry standard encryption to protect communications between Practitioner or Patient computers and the Service. In addition, the servers housing the Site and these databases are behind firewalls. Firewalls are hardware and software systems configured to block access by unauthorized parties. Data collected and stored by the Site also is located in a data center that is electronically and physically secured. Despite these precautions, neither humans nor security systems, including encryption, are foolproof. People also may commit crimes, fail to follow policies or make other mistakes. While we believe the safeguards we maintain are reasonable and appropriate in light of the nature, type and amount of data collected by the Service, we cannot guaranty the security of your personal information. Practitioners and Patients should take reasonable security precautions and to check their security settings periodically.

Email Communications

The Service provides the means to send electronic mail messages to therapists using your own email account. These communications do not take place within the Service and are not covered by this Policy. Practitioners and Patients also may send electronic mail to us. By sending us an electronic mail message, a Practitioner or Patient may be sending us additional personal information not already in our database. We may store the name and address of the requester in order to respond to the request or to otherwise resolve the subject matter of the e-mail.

Compliance and Changes

If you have questions or concerns related to privacy, please contact us at info@homestretch.com.

We may change this Privacy Policy at any time by posting revisions to our Site. Your use of the Service after such changes constitutes acceptance of the revised Privacy Policy. If you do not agree to the terms of this Privacy Policy or any revised version, then you should not use the Service.