PRIVACY POLICY

Effective Date: May 2020
Revision 1: 18th September 2022
Revision 2: 10th November 2022

Introduction

Our mission is to drive better and more affordable healthcare through innovative software and information solutions for providers throughout the care continuum, their patients, and health researchers. Our solutions include our Patient appointment management solution, Practitioner digital visibility solution and Tele-Medicine (Video consulting) solution.

This Privacy Policy (this "Policy") applies to the software and information services we offer through our website located at www.spiralshealth.com, our cloud-based solution provides services to patients, clinical coordinators and Medical Practitioners. It provides services for setting up the virtual clinic, websites of medical practitioners, digital awareness of Doctor'sachievements on the SPIRALS Health platform, Calendar management for Medical practitioners, multiple clinic management, Patient management and appointment management, Video calling and consulting with patients, Clinical Coordinator processes for the Clinic, Preferred medical practitioner search for patient, Appointment management with desired medical practitioner, TeleMedicine / Video consulting with Medical Practitioner, option to create a personal medical profile, family medical history and create dependents on one account, Authorization of access through One time Security Password (OTP), patient payment tracking option, Personal appointment tracking, Live tracker to track patient’s turn for consultation, information sharing through e-mails or SMS and information services (collectively, our "Services"). This Policy does not apply to any other services. Maintaining your trust is important to us, and we strongly encourage you to read this Policy in full.

The purpose of this Policy is to describe how we and our partners collect, use, and share information about you. This Policy may incidentally describe how our Services gather and use information about other individuals or information about you that may be submitted by another user. This Privacy Policy, however, only applies to how we and our partners collect, use, and share information about you concerning the Services covered by our SPIRALS HEALTH TERMS AND AGREEMENT ("User Agreement"), and not to any other service we may offer to any other individual or customer.

Some of our users - such as Medical Practitioners - are subject to laws and regulations governing the use and disclosure of health information they create or receive, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder ("HIPAA"). When we store, process or transmit "individually identifiable health information" (as defined by HIPAA) on behalf of a Medical Practitioner who has entered into a SPIRALS HEALTH TERMS AND AGREEMENT, we do so as its "business associate" (as also defined by HIPAA). Under this agreement, we cannot use or disclose individually identifiable health information in a way that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store and process on behalf of such providers. For this Policy, the term "Medical Practitioner" means any user who is a "health care provider" or “Doctor” (as defined by HIPAA) or any user who is a member of such health care provider's "workforce" (as also defined by HIPAA).

Collection of Information and Usage of Information:

SPIRALS Health will collect information from you when you:

  • Enter information on our Services, such as when you register for our Services, use our Services to send a message to someone else, or complete a form;
  • Upload a document, image, or other data file on our Services;
  • Contact us; or
  • Make a customer service request or attend one of our individual or group training sessions.
  • Information about the medical condition, diagnosis and treatment
  • Information and stats of medical tests, path tests and diagnostics etc.

We also collect information on your behalf when you authorize us to retrieve and import information from another user or other third party within our Service or as outlined in the Terms and Agreement.

Personal Data or Information:

  • First Name and Last Name – This information is collected to address and identify users of the system. This information is used in creating user prescriptions, medical certificates, Invoices, discharge summaries, reports etc.
  • Address, Latitude and Longitude – This information is collected to show doctors and practitioners near the patient who is opening up the App. This is also used to find driving directions which patient needs to reach the clinic or hospital.
  • Telephone number or Mobile Number – This information is collected as a unique identifier of the user. The perspective of the system is NOT to have bogus users so that the right users can be catered for correct medical needs.
  • e-mail address – This information is collected to keep users updated about system upgrades and alerts on their accounts
  • Images, Photos, PDFs or Videos– This information is collected in various forms. It could be the user’s image/pic to create the user’s profile. It could be Doctor’s or Practitioner’s image to ensure it is the right person and physical KYC (Know Your Customer) is done. It could be a patient’s medical record like a handwritten prescription by a Doctor’s picture clicked to keep medical history updated Or an image uploaded by the patient which is a Health report or prescription given by a Non-SPIRALS Doctor to keep all medical records updated.
  • Gender Type – This information is collected as key user information under KYC (Know Your Customer).
  • Date of Birth – This information is collected as key user information under KYC (Know Your Customer).
  • Device Id– This information is collected to make the user journey simple. Users from the same device id would not need two Apps or should not be counted as an additional users in Prudas user Tracker.
  • or the information you enter on or upload to our Services – This is about the rest of the information which may be related to the medical condition of the user or anything else. However, all collected information is having some or the other system requirement.

 

Payment Information: Depending on the Services you use, we may also collect your billing information, including credit or debit card account information, or other forms of payment ("Payment Card Information"). By submitting your Payment Card Information, you expressly consent to the sharing of your information with third-party payment processors and other third-party services (including but not limited to vendors who provide fraud detection services to us and other third parties). These third parties may store your Payment Card Information for future use in our Services. We do not store your Payment Card Information, nor do we have direct control or responsibility for your Payment Card Information. The third-party services that we utilize are contractually obligated to keep your Payment Card Information secure and confidential.

Automatically Collected Information:

We and our partners automatically gather information whenever you visit, log in, or otherwise interact with our Services, including when you receive emails delivered via our Services. We and our partners use the technologies described below and similar technologies that may not be expressly described (which we collectively call " Engagement Solutions ") to gather this information to enhance and operate our Services in several ways, such as to:

  • Save user preferences and information;
  • Preserve session settings and activity;
  • Authenticate users;
  • Enable support and security features;
  • Tailor the delivery of informational messages, media, advertising and other content; and
  • Analyse the performance and use of our Services and their various features and content.

Even if you do not register with us or submit any information on our Services, our Engagement Solutions will automatically receive information about, and the software running on, the computer, mobile phone, or tablet (each, a "Device") you use to interact with our Services.

Device Information: When you interact with our Services, we collect information about your Device such as the URL of services your Device is requesting and the referring web pages, your IP address, Device type, operating system, browser type, application identifier, and, under certain circumstances, the location information your Device sends to us.

Cookies & Similar Technologies: We and our partners collect information about you and your Devices through cookies, web beacons, and similar technologies. A "cookie" is a small data file sent from a website and stored on your Device to identify your Device in the future and allow for an enhanced personalized user experience based on your previous activity on the website. A "session cookie" disappears after you close your web browser, or may expire after a fixed period. A "persistent cookie" remains after you close your web browser and may be accessed every time you use our Services. We and our partners may use both session and persistent cookies on our Services. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may not be able to use certain features of our Services.

Some of our partners deploy these technologies directly on our Services. These third parties may collect information over time about your use of our Services, as well as your online activities across other websites or online services. Some third parties may allow you to opt out of targeted advertising based on this information.

Information from Other Sources:

We may receive or proactively gather information about you from other sources and add it to information we otherwise have about you for any purpose described in this Policy. This may include situations where a third party seeks to communicate with you through the Services or establish an "Integration" (as more fully described below under the heading, Third Party Integrations).

How We Use Information

We may use the information we collect for the following purposes:

  • Operating our Services and developing new functionality and features;
  • Responding to questions and communications, or obtaining your feedback about our Services;
  • Administering and logging your participation in educational and informational programs, including webinars and other classes, and any product or support matters that may arise from such programs. However, this information will be used as an Anonymous patient and the patient’s personally identifiable information (PII) would be completely secured;
  • Preparing and delivering announcements about features, functionality, terms of use, Clinical information or other aspects of our Services or your interests and informing you about offers for services or products we believe may be of interest to you, including from third-party sponsors;
  • Providing you with more relevant content, including clinical support tools, assessments or medical-related information or services, patient support programs, advertising, or other programs appearing on our Services or third-party services;
  • Analysing usage trends and patterns and measuring the effectiveness of content, programs, advertising or the features or functionality of the Services, including emails that may be sent by us to you;
  • Preparing reports for any of the purposes described in this Policy, including for current or future sponsors, advertisers or other partners to show utilization or trends about the use of our Services. Such reports may include demographic or other general user information, but will not include personally identifiable information unless the recipient has agreed to confidentiality obligations;
  • Safeguarding and protecting our Services, the information we collect, and the rights of us, our users or third parties, in response to legal process;
  • We may use your Payment Card Information as stated in the "Payment Information" Section above;
  • Any other purpose described in this Policy or your User Agreement; or
  • When we otherwise have your permission.

 

How our Services Allow Users to Share Information:

One-on-One Communications:

Our Services can be used to facilitate one-on-one communications between users and other persons. Examples include:

  • Finding details of any on-boarded Medical Practitioner through their system-generated website;
  • Reading blogs written by Medical Practitioners or other information provided by them on their website;
  • Understand services and expertise held by Medical Practitioners;
  • See Calendar of Medical Practitioners and available time slots for appointments among multiple clinics;
  • Book appointments by unregistered patients with just One-Time Security Passwords (OTSP / OTP);
  • Logging into the personal dashboard through a password or One Time Security Password (OTSP / OTP);
  • Allow to share personal information with specific Medical Practitionerclinics by authorizing them through system generated One Time Security Password (OTSP / OTP);
  • Sending an appointment confirmation or other notification to another user;
  • Making a referral to another Medical Practitioner; or
  • Sending a message to a patient through SMS or e-mail.

In any one-on-one communication, users are sending information to one another or to an individual or entity who may not be a user of the Services. Depending on the message, this could include the sharing of contact and other personally identifiable information.

Directories and Personal Website:

If you are a Medical Practitioner who has entered into a SPIRALS HEALTH TERMS AND AGREEMENT, you will have the ability to have your contact and directory information listed in one or more of our professional directories of Medical Practitioners on our Services that users and/or the general public may be able to view. These directories include profile information (e.g., contact, speciality and other information) and other features that allow users and/or the general public to locate and contact those listed in the directory.

SPIRALS Health provides a system-generated website for every Medical Practitioner on SPIRALS Health subdomain. These sites are renewable every year with service renewal by the Practitioner.

Medical Practitioners can add, update or remove content, photos, blogs, articles, clinical information, awards and recognitions, educational information and so on from the website by themselves through SPIRALS Health's provided simplified tool.

If you visit our Services seeking to contact or schedule an appointment with a provider listed in one of our directories, you may need to submit personally identifiable and other information.

Public Forums:

Our Services include public forums that allow users to communicate with groups of users or the general public. Information, Blogs, Informative Videos and articles posted by any user in one of our communities may be available to a wide range of individuals and should be presumed public. We strongly advise users to exercise care in selecting what information they share with our communities or public forums, and strongly recommend against sharing any personally identifiable, health, or other sensitive information that could directly or indirectly be traced to any individual, including themselves.

Surveys, Feedback, and Informational Programs:

From time to time you may receive survey requests through emails or displays within our Services that request feedback on a variety of topics. These programs may be sponsored or funded by third parties and may include branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources. If you choose to engage with or use one of these requests, you may be asked to provide information that may be used to supplement the information that you submitted to our Services. This information may be shared with the sponsor of the program.

Records:

Our Services allow users to store personally identifiable health information ("Records"), including Records that identify other individuals, including other users. Certain of our Services permit users to share all or portions of these Records at their discretion. Such Records are not mandatory and are at the discretion of the user to create or not to create.

You should be aware that this Policy covers only the information you submit through our Services. If you contact or exchange information with another user in person or through a means other than our Services, such activity is not covered by this Policy. Because our Services enable users to share information you share with them, you should take care in selecting with whom you share your Records and other information. Although our Services process such transmissions, we are not responsible for the actions of persons with whom you share your Records and other information.

Emails and Other Communications:

Our Services allow users to communicate with others through our in-product instant messaging services, Service-branded emails, and other electronic communication channels. Communications that are sent by or on behalf of a user are indicated as being "From" that user, such as when our Services send an appointment notification from, and on behalf of, a Medical Practitioner to his or her patient. Additionally, we may communicate administrative or Service-related announcements through email or other communications within our Services. These communications may be "real-time" communications triggered automatically upon certain events or dates, such as a repeated sign-in failure or an appointment notification. Please note that you may not be able to opt-out of receiving certain messages from us.

Emails and other communications from individuals who are not users of our Services, or that we send in connection with business agreements or subject matter other than the User Agreements, are not covered by this Policy. If, for example, you contact us regarding a job opening, that communication to us is not covered by this Policy even though that job opening may have been posted on our Services.

Third-Party Integrations

Our Services may allow you to connect your account on our Services with third parties, such as when a Medical Practitioner seeks to integrate our electronic prescribing module into our partner's national electronic prescribing network, or when a Medical Practitioner approves us integrating or linking his or her account with a third parties' billing software (any such integration, an "Integration"). Integrations can also be initiated by third parties seeking to establish Integrations with you, such as when a clinical laboratory desires to transmit lab results directly into a Medical Practitioner's electronic health record account rather than transmitting the result by fax or other means. Your use of these Integrations is entirely optional. Should you choose to utilize these Integrations, you may be prompted to permit us to perform certain actions in your account, such as creating, updating or deleting certain information. Please note that if you choose to utilize any Integration, any information you elect to provide to third parties will be subject to whatever agreement you have with them, including, if applicable, their terms of use or privacy policy, and not this Policy. To disable an Integration, you can share your request and information over email with us at support@spiralshealth.com.

Sharing of Information

We may share the information you submit to us with third parties under the following circumstances:

  • When you choose to share such information through our Services, such as "one-on-one" communications between a provider and a patient or another Medical Practitioner;
  • When your account has been issued by an account administrator with administrative rights over your account, your account administrator will have access to your account information;
  • With third-party service providers that have agreed to confidentiality obligations, which may include, as applicable, business associate contract obligations;
  • If you are a Medical Practitioner who has entered into a SPIRALS HEALTH TERM AND AGREEMENT, we may share information with the third parties who are subject to confidentiality obligations that you have elected to establish Integrations with, or who seek to establish Integrations with you, and to facilitate, maintain and monitor the utilization of such Integrations;
  • If you are a Medical Practitioner who has entered into a SPIRALS HEALTH TERM AND AGREEMENT, we may also share information with third parties who are subject to confidentiality obligations who are funding or administering certain branded or unbranded content about medical conditions, treatments and products, or safety and regulatory information resources, such as clinical decision support tools, patient savings offers, co-pay offset or discount programs, medication adherence programs, and other similar programs, and with sponsors of advertising appearing within our Services. The purposes of such sharing may include administration, recordkeeping or compliance obligations, and assessing the effectiveness or utilization of any such program;
  • If you receive any honoraria or payment in connection with a survey or request for feedback, your information may be shared with the funding source or sponsor of such survey or program;
  • When we share your Payment Card Information as described in the "Payment Information" Section above;
  • To protect our Services, the information we collect, and the rights of us, our users, and any third parties, including to verify your identity;
  • To detect, prevent, investigate, or address fraud, illegal activity, or violations of our terms and agreements;
  • In response to legal processes, such as a search warrant, court order, or subpoena, or when we have a good faith belief that the law requires us to do so;
  • With our current and future subsidiaries or corporate affiliates or actual or potential investors;
  • In connection with a potential or actual sale, merger, transfer, exchange, reorganization or other disposition (whether of assets, stock, or otherwise) of all or a portion of the business conducted by our Services. If such a transaction occurs, the acquiring company's use of your information will remain subject to this Policy, as may be subsequently amended;
  • Any other purposes described in this Policy or your User Agreement; or
  • When we otherwise have your permission.

Security

To help prevent unauthorized access, maintain data accuracy, and protect against the inappropriate use of the information we collect, store, and transmit, we deploy a range of technical, physical and administrative safeguards. Under our SPIRALS HEALTH TERM AND AGREEMENT and applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information residing on, and processed by, those elements of our Services that we operate as a business associate on behalf of Medical Practitioners. However, it is important to remember that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.

Permissions required by Mobile App (Android and iOS)

Users of SPIRALS Health are having apps for their simple usage. These Apps need certain permissions for the purposes mentioned here. SPIRALS Health Apps may request permissions as below:

  • Camera–The app is equipped with an end-to-end encrypted Video consulting option. With this feature, a patient can book a video appointment with a Doctor and they can connect over a secured App. SPIRALS Health understands the risk of losing patients’ health information and prescriptions over social media platforms. Hence, an end-to-end integrated and fully featured functionality is provided. This function needs access to the Camera.Apart from this, the Doctor may also use a Camera to click a pic of a handwritten prescription. This clicked pick would be stored in SPIRALS Heath secured database. It would be available to patients or their respective Doctors through SPIRALS Health Apps only.
  • GPS Location – One core functionality of this App is to ensure patientsdo need not to search for the clinic location manually or over any mapping service. SPIRALS Health integrates functionality to invoke google maps and share directions to the Doctor’s clinic from the current location. Location service is used and enabled in App for this purpose.
  • Microphone – Speaking to Doctor over the video or audio call needs enabling and access to the Microphone
  • Telephone – Telephone functionality is enabled for patients or Doctors to get immediate help from our back office. They should not be required to search for the number and dial it. They can just go to Help and click on any number to start calling immediately.
  • Storage – Storage modification or read permission is asked automatically due to Camera enabling. However, SPIRALS Health does not store any data on the mobile device (in a cloud-based system).
  • Images / PDF / Files Access: To upload and store the medical prescription during a doctor consultation. This is an action performed by the User.

To download and store the prescription/lab reports of the User

  • Other permissions required are:
    1. Run at Startup – This is required to enable receiving of Doctor’s Video consultancy calls as soon as the patient logs In
    2. Advertisement ID Permission – SPIRALS Health will be monetising through ads running on mobiles of any specific or identified group of users i.e. All unpaid Users using premium services etc.
    3. Run foreground service – SPIRALS Health uses only foreground service.
    4. Read Badge Notifications – For correct and timely notification to the right patient and Doctors etc.
    5. View network connection – This is a cloud-based solution and hence network connection matters a lot in almost every feature
    6. Prevent the phone from sleeping – This happens only when sleeping offthe phone may interrupt secured data transmission or some process is not completed.
    7. View wi-fi connections – This is covered along with View Network connection permission
    8. Use Fingerprint Hardware – It is used to unlock App by an authorised person through a fingerprint
    9. Receive data from the Internet – This cloud-based App transmits and receives secured data between App and the SPIRALS Heath database.
    10. Control Vibration – To ensure the patient is not missing Doctor’s call, it vibrates the phone too while receiving calls
    11. Have full network access – Again this is self-picked permission by the system because we using a View Wi-Fi connection
    12. Use Biometric Hardware – It is used to unlock App by an authorised person through Biometric
    13. Play Install referrer API – For the referral of users promoting and helping SPIRALS Health understand gaps and upgrade Apps
    14. Change Audio settings – Audio settings might need change when Doctor and Patient are connected over the Video call.
    15. Play with Bluetooth devices –This is also required to ensure that users do not face any issues while using Bluetooth to connect over Video consultations

 

Third-Party Services

This Policy applies only to our Services. It does not apply to services offered by third parties, including websites and other online services that our Services may display links to or to advertisements appearing within the Services. When you click on such links or advertisements, you will be visiting websites or interactive services operated by third parties, who have their information collection practices and may also collect information through the use of Engagement Solutions. We do not have control over how any third party collects or uses information, so you should review their privacy policies to learn of their practices.

Changes to this Policy

We believe in continuous innovation, which, along with changes in our business, may require that we amend this Policy from time to time. We will post a revised Policy along with its effective date on this page. Because this Policy can change at any time, we encourage you to reread it periodically to see if there have been any changes, amendments, or updates. If you object to the changes or any terms within this Policy or the User Agreements, you should discontinue using our Services. Your continued use of our Services following the effective date means that you have consented to the Policy, as amended, changed, or updated.

Viewing and Updating Your Information

Our Services aim to provide you with access to the information you submit and the means to update it within our Services consistent with applicable law. This can be accomplished by logging into our Services and updating that information, or contacting a customer support representative, although please be advised of the important limitations described below. Under certain circumstances, we may ask you to verify your identity before your request is processed.

Please note that, unless you have administrative rights over another user's account under our SPIRALS HEALTH TERM AND AGREEMENT, you are not entitled to access, update, or delete the content of another user's account.

If you have used our Services to share information with another user or a third party, you will not be able to access, update, or delete that shared information. Further, if another user of our Services submits information that identifies you, you will not be able to access, update, or delete that information.

Certain users - such as Medical Practitioners - may be required under applicable laws or regulations to retain information about you for an extended period or indefinitely. Additionally, we may have independent obligations under applicable laws or regulations to retain such information indefinitely. Finally, for disaster recovery and business continuity purposes, we retain copies of data stored by our Services for indefinite periods.

HIPAA grants patients certain rights to access and amend certain health information that their Medical Practitioners retain about them. Patients should submit requests to access or amend their health information directly to their Medical Practitioners.

Contact Us

If you have questions regarding this Policy, please contact us at:

legal@spiralshealth.com

Signup For Newsletter

You can signup our newsletter on just a single click. Enter your email and get our newsletter in your inbox.

Enquire Now