Privacy Policy

GrayInstitute.COM
PRIVACY POLICY/NOTICE

Effective Date: February 1, 2015

THIS PRIVACY POLICY/NOTICE (“NOTICE”) DESCRIBES HOW INFORMATION ABOUT YOU, MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THIS POLICY DESCRIBES OUR POLICIES WITH REGARD TO “PERSONAL INFORMATION” AND WITH REGARD TO “PROTECTED HEALTH INFORMATION.

This Notice applies to the Web site owned and operated by Gray Institute and GoMotive, Inc. (“GrayInstitute.com” “app.grayinstitute.com” “we” or “us”) located at www.grayinstitute.com (the “Site”). It does not address the privacy practices that your personal health care provider may use in his/her/its office. By using our Site, you represent that you are 18 years old or older and you consent to the information collection and use practices described herein.

WHAT IS “PERSONAL INFORMATION”?

As used herein, the term “personal information” generally means information that specifically identifies an individual (such as user’s name, address, telephone number, e-mail address, credit card or other account number) or that is associated with an identifiable person (such as demographic information or information about a person’s activities when such information is linked to personally identifying information). Personal information includes personal health information (if any). Personal information does not include “aggregate” information, which is data we collect about the use of the Site or categories of Site users, from which any personal information has been removed. For example, information that forty-six percent of the Site’s registered users identify themselves as male, is aggregate information. We collect aggregate data for a number of purposes, including to help us understand trends and user needs so that we can better consider new publications, products and services, and tailor existing publications, products and services to user desires. This Notice in no way limits or restricts our collection of aggregate information.

WHAT PERSONAL INFORMATION DO WE COLLECT?

When you register for the Site, we collect your name, address, email address, date of birth, mobile phone number, primary practitioner, sex, referring physician, emergency contact information, medical notes and symptoms, and insurance information. As you use Gray Institute Exercise Library, we collect basic information about your exercise prescription(s), responses to questionnaires about your health, and your use of the program. All protected information is encrypted and made anonymous. Your email address may be collected when you send us an email.

WHAT OTHER INFORMATION DO WE COLLECT?

When you visit our Site, some information is also automatically collected through the use of log files, such as your computer’s Internet Protocol (IP) address, your computer’s operating system, the browser type, the address of a referring web site and your activity on the Site. We use this information for purposes such as analyzing trends, administering the Site, improving customer service, diagnosing problems with our servers, tracking user movement, and gathering broad demographic information for aggregate use. We may also automatically collect certain information through the use of “cookies.” Cookies are small data files that are stored on a user’s hard drive at the request of a Web site to enable the site to recognize users who have previously visited them and retain certain information such as customer preferences and history. If we combine cookies with or link them to any of the personally identifying information, we would treat this information as personal information. If you wish to block, erase, or be warned of cookies, please refer to your browser instructions or help screen to learn about these functions. However, if your browser is set not to accept cookies or if a user rejects a cookie, you will not be able to sign in to your GrayInstitute.com account and will not be able to access certain Site features or Services.

We may also use third parties to provide certain functionalities or to collect, track and analyze non-personally identifiable usage and statistical information from users, such as the user’s browser type, operating system, browsing behavior and demographic information. These third parties may collect personal information from you in connection with the Services they provide and may place cookies, web beacons or other devices on your computer to collect non-personal information which may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visitation of our Site and the other sites tracked by these third parties. We are not responsible for, and do not control, any actions or policies of any third party service providers.

OUR DUTIES REGARDING YOUR HEALTH INFORMATION

We are required by law to protect the privacy of any of your information that qualifies as “protected health information” and to provide you with notice of these legal duties with regard to any such information. This Notice explains how, when and why we typically use and disclose your health information as well as your personal information and your privacy rights regarding all such information. In our Notice, we refer to our uses and disclosures of your information as our “Privacy Practices.” Protected health information generally includes information that we create or receive that identifies you and your past, present or future health status or care or the provision of or payment for that health care. We are obligated to abide by these Privacy Practices as of the effective date listed above.

We may, however, change our Privacy Practices in the future and specifically reserve our right to change the terms of this Notice and our Privacy Practices. We will communicate any change in our Notice and Privacy Practices as described at the end of this Notice. Any changes that we make in our Privacy Practices will affect any protected health information that we maintain.

Generally, our Privacy Practices strive:

To make sure that information that identifies you is kept private;

To give you this Notice of our Privacy Practices and legal duties with respect to both personal information and protected health information;

To follow the terms of the Notice that is currently in effect; and

To make a good faith effort to obtain from you an electronically signed acknowledgement that you have received or been given an opportunity to receive this Notice.

HOW WE MAY USE AND DISCLOSE INFORMATION ABOUT YOU

We gather, use and disclose your information, which may be deemed protected health information in a variety of circumstances and for different reasons. Some of these uses and disclosures may require your prior authorization. There are situations, however, in which we may use and disclose your information without your authorization. We may use the information that you provide when we provide services to you and we may disclose your information to the clinic that referred you to us for our services.

Special Circumstances When We May Disclose Your Information Related To Treatment, Payment Or Health-Care Operations.

After removing direct identifying information (such as your name, address, and social security number) from your information, we may use your information for research, public health activities or business planning. While only limited identifying information will be used, we will also obtain certain assurances from the recipient of such information that they will safeguard the information and only use and disclose the information for limited purposes.

Additionally, we may disclose your information to outside organizations or providers in order for them to provide services to you on our behalf. We will also seek written assurances from these providers to safeguard the information that they receive.

For Permitted Or Required By Law Activities

There are situations where we may use and/or disclose your information without first obtaining your written authorization for purposes other than for treatment, payment or health-care operations. Except for the specific situations where the law requires us to use and disclose information (such as reports of births to the health department or reports of abuse or neglect to social services), we have listed all these permitted uses and disclosures in this section.

For Public Health Activities. We may use or disclose your information to a public health authority that is authorized by law to collect or receive information in order to report, among other things, communicable diseases and child abuse, or to the FDA to report medical device or product related events. In certain limited situations, we may also disclose your information to notify a person exposed to a communicable disease.

For Health Oversight Activities. We may disclose your information to an oversight agency that includes, among others, an agency of the federal or state government that is authorized by law to monitor the health-care system.

For Law Enforcement Activities. We may disclose your information in a limited manner in response to a law enforcement official’s request for information to identify or locate a victim, a suspect, a fugitive, a material witness or a missing person (including individuals who have died) or for reporting a crime that has occurred on our premises or that may have caused a need for emergency services.

For Judicial and Administrative Proceedings. We may disclose your information in response to a subpoena, or order of a court or administrative tribunal.

To Avoid Harm to a Person or for Public Safety. We may use and disclose your information if we believe that the disclosure is necessary to prevent or lessen a serious threat or harm to the public, or the health or safety of another person.

For Specialized Government Functions. We may use and disclose your information of certain military individuals, for specific governmental security needs, or as needed by correctional institutions.

For Workers’ Compensation Purposes. We may disclose your information to comply with the workers’ compensation laws or other similar programs.

For Appointment Reminders Motivational Tips, and to Inform You of Health Related Products or Services. We may use or disclose your information to contact you to remind you of appointments, motivational tips, or other scheduled services, or to provide you with information about treatment alternatives or related products and services.

Personal information may be disclosed as part of any merger, acquisition, debt financing, sale of GrayInstitute or GoMotive assets, as well as in the event of an insolvency, bankruptcy or receivership.

When Your Preferences Will Guide Our Use Or Disclosure

While the law permits certain uses and disclosures without your authorization, the law also provides you with an opportunity to inform us of your preference, in certain limited situations, concerning the use or disclosure of your information. For these limited uses and disclosures, we may simply ask and you may simply tell us your preference concerning the use or disclosure of your information.

All Other Uses And Disclosures Require Your Prior Written Authorization

For situations not generally described in our Notice, we will ask for your written authorization before we use or disclose your information. You may revoke that authorization, in writing, at any time to stop future disclosures of your information. Information previously disclosed, however, will not be requested to be returned, nor will your revocation affect any action that we have already taken. In addition, if we collected the information in connection with a research study, we are permitted to use and disclose that information to the extent it is necessary to protect the integrity of the research study.

THIRD PARTY LINKS

The Site may contain links to other sites, or interactive forums hosted by a third party. Please be aware that although we may participate in or utilize such other sites, we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy policies of any Web site that collects personally identifiable information. Similarly, if you entered this Site through another Web site, we are also not responsible for the privacy practices of that site, and you should review the privacy policy of the originating site before providing any personal information to that site. This Notice applies solely to information collected by us.

WHAT STEPS DO WE TAKE TO PROTECT YOUR INFORMATION ONLINE?

GrayInstitute.com endeavors to secure your personal information from unauthorized access, use or disclosure by putting into place physical, electronic and managerial procedures to safeguard the information we collect through this Site. Additionally, your account information is accessible online only through the use of a password. Please be aware, however, that despite our efforts, no security measures are perfect or impenetrable. To protect the confidentiality of your personal information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of the Site by any person using your password. Please advise us immediately by emailing us at support@GoMotive.com or support@grayinstitute.com if you believe your password has been misused. You should also note that email is not secure, and you should not send any confidential or sensitive information to us via an unsecured email.

Gray Institute and GoMotive utilize state of the art HIPAA and personally identifiable information (PII) controls. Each clinic for which Gray Institute provides services is set up with a unique encryption code so that no other clinic or outside party may access confidential data. Patient data is encrypted, as is clinic information. The creation, modification, and viewing of patient records is tracked by Gray Institute within its structured database.

Gray Institute and GoMotive have no direct access to individual patient names, demographic information, medical records, exercise prescriptions, or exercise compliance with two exceptions. If a clinic provides time limited access to data records for purposes of fixing a data corruption issue or assisting a clinic in setting up or reviewing a patient record, Gray Institute and GoMotive are able to view patient information, but only upon your clinic granting this access via website control. In such an event, this access is tracked and recorded. Once the limited time period expires, Gray Institute and GoMotive no longer have access to patient data, and all patient data fields return to their normal encrypted state.

The second exception to preventing direct access to patient data occurs if a patient elects to share their exercise prescription and their progress in completing their exercises with the general public. Gray Institute and GoMotive have built in social media sharing options, and patients are free to share this data. In this event, Gray Institute and GoMotive will have access to individual patient exercise prescriptions and compliance.

Gray Institute and GoMotive retain access to patient data on an anonymous basis for purposes of reporting back to your clinic patient progress in healing, as well as to promote patient health and wellness, and to improve the program effectiveness and other uses.

YOUR RIGHTS TO INSPECT AND COPY, RESTRICT, AND OBTAIN AN ACCOUNTING OF DISCLOSURES OR CHANGE YOUR INFORMATION

This portion of our Notice describes your rights to inspect and copy, restrict, request or change your information and how you may exercise those rights.

Requesting Restrictions of Certain Uses and Disclosures of Information

You may request, in writing, a restriction on how we use or disclose your protected information for your treatment, for payment of your health-care services, or for activities related to our health-care operations. You may also request a restriction on what information we may disclose to someone who is involved in your care, such as a family member or friend. To make a request, please contact the individual listed in the Contact Section of this Notice.

We are not required to agree to your request. Additionally, any restriction that we may approve will not affect any use or disclosure that we are legally required or permitted to make under the law, including our facility directory.

Requesting Confidential Communications

You may request and receive reasonable changes in the manner or the location where we may contact you for appointment reminders or other related information. You must make your request in writing and specify the alternate method or location where you wish to be contacted. To make a request, contact the individual listed in the Contact Section of this Notice. We will accommodate your reasonable request but in determining whether your request is reasonable, we may consider the administrative difficulty it may impose on us.

Inspecting and Obtaining Copies of Your Information

You may ask to look at and obtain a copy of your information. You must make your request in writing. Please submit your request to the individual listed in the Contact Section of this Notice. We may charge a fee for copying or preparing a summary of requested information. We will respond to your request for information within 30 days of receiving your request, unless your information is not readily accessible, or the information is maintained in an off-site storage location.

Requesting a Change in Your Information

You may request, in writing, a change or addition to your information. To make a request, please submit your request to the individual listed in the Contact Section of this Notice. The law may limit your ability to change or add information. These limitations include whether we created or include the information within our records or if we believe that the information is accurate and complete without any changes. Under no circumstances will we erase or otherwise delete original documentation upon your request.

Requesting an Accounting of Disclosures of Your Information

You may ask, in writing, for an accounting of certain types of disclosures of your information. The law excludes from an accounting many of the typical disclosures, such as those made to care for you, to pay for health services, or where you provided your written authorization to the disclosure.

To make a request for an accounting, please submit your request to the individual listed in the Contact Section of this Notice. Generally, we will respond to your request within 60 days of receiving your request unless we need additional time.

OBTAINING A NOTICE OF OUR PRIVACY PRACTICES

We provide you with this Notice to explain and inform you of our Privacy Practices and it shall be maintained on this website for your review. You may also request a paper copy at any time by request to the individual listed in the Contact Section of this Notice.

CHANGES TO THIS NOTICE

We reserve the right to change this Notice concerning our Privacy Practices affecting your information, including information that we may receive in the future. We will provide you with the revised Notice by making it available to you upon request and by posting it on our website.

COMPLAINTS

We welcome an opportunity to address any concerns that you may have regarding the privacy of your information. If you believe that the privacy of your information has been violated, you may file a complaint with the individual(s) listed below. You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services.

You will not be penalized or retaliated against for filing a complaint.

CONTACT PERSONS

GoMotive, Inc.

Address:

Attn: Customer Relations

1501 4th Ave., #550

Seattle, WA 98101

Telephone: 206-462-6379

Gray Institute.

Address:

Attn: Customer Relations

5353 West US 223 Suite B

Adrian, Michigan 49221

Telephone: (866) 230-8300