ConnectedHealth is a platform (the “Service”) that aims to aggregate users’ health data from smart devices and to enable users and researchers to have a comprehensive picture of a user’s health condition. ConnectedHealth takes seriously its obligation to protect the privacy of every individual. This Privacy Policy is to inform you (“you” means the users of the Service) about what information ConnectedHealth collects, how your personal information is protected in database and transit and how this information is used.
When you create a ConnectedHealth account for the Service, we will collect the username, a valid email address and password from you. The username is a unique name on ConnectedHealth to identify a user. The email address is used to activate your account or reset your password. To connect ConnectedHealth account to other service accounts for aggregating health data, you will also be asked to provide your usernames and passwords of those services. For example, if you connect your Fitbit account to enable the Service to collect your Fitbit data, you will be asked to provide your Fitbit account username/email and password. Please note that these usernames and passwords are not stored or retained in ConnectedHealth servers. This information is only used for creating secure credentialing mechanisms to exchange data between ConnectedHealth Service and other services at the time of connection.
ConnectedHealth may also collect your connection information, such as your IP address, browser information, date, time, and duration of your connection, navigated pages, and performed actions. This information will only be used to improve our Service. We may also store cookies on your computer to improve and/or enhance the browsing experience. Declining cookies may affect your internet browsing experience.
“Anonymous Information” is information that can not be used to identify an individual user. This includes aggregated information about the users and the Service. Anonymous Information is also used only to provide better service for the users. Anonymous Information of users who participate in research studies may also be disclosed in research abstract, paper, conference, etc., with the consent of participants. For all research studies conducted on ConnectedHealth, researchers are required to obtain an IRB approval. ConnectedHealth makes its best effort to comply the Health Insurance Portability and Accountability Act (HIPAA).
ConnectedHealth may also share Anonymous Information with the third parties that provide services to the platform. The use of this Anonymous Information by the third parties are determined by their privacy policy.
Your privacy is paramount to us. We employ various administrative, technical and physical safeguards to protect privacy of every users and confidentiality of user health information. For instance, ConnectedHealth enforces a strong password by providing password strength score when a user registers an account. We prevent brutal force attack of accounts by locking out the account for a specific amount of time. In addition, your account will be logged out if it is inactive for 10 minutes.
All sensitive data is encrypted before saving to database so that database administrators and intruders won’t be able to see it. We also use Transport Layer Security (TLS, successor protocol to SSL, Secure Sockets Layer) certificate technology to protect data exchange between us and other services and between us and users. Data transfer with TLS protocol are strongly encrypted and information can only be decrypted and visible between the two with connection. The URL under TLS protocol starts with https rather than http. By default, all http requests to ConnectedHealth will be redirected to https. It is recommended that you use a modern browser so that it informs you a secure connection.
All users on the platform have equal privileges. Each user can request permission to view other users’ health data or authorize users to view your health data. The consent is made between the two accounts involved. This consent is inevitable for all users regardless of their participant in research study with a signed consent form. By sharing Personal Information with other users, you by default understand the risk and agree to take your own responsibility to the confidentiality between you and the user you share with.
You can choose to close your Service account at any time by sending a request to us. Upon the request, all your Personal Information will be deleted permanently on the server. This does not include the data obtained by the researchers. Research participants need to refer to the consent form from the research for the life cycle of Personal Information. By closing your Service account, the connection between ConnectedHealth and your other service accounts are automatically terminated. Please note that your accounts with other services are not affected by this.
ConnectedHealth may make changes to this Privacy Policy from time to time. Service users will be notified by their registered email address if there is an update of Privacy Policy.
If you have any questions regarding this Privacy Policy or concerns about our use, disclosure or handling of your Personal Information, please contact us by emailing SmartHealth@uthscsa.edu, with 'Privacy Policy' in the subject.