Privacy Policy of Reciprocity Health, Inc. and its TheraPay™ Rewards Software Application

Effective: January, 5, 2021

Welcome to Reciprocity Health!

Reciprocity Health is an organization that has at its core purpose to partner with existing clinical care programs in chronic disease management, engage their beneficiaries and patients with our programs and financial incentives to enhance their health care status and outcomes (“Program”).   Reciprocity Health contracts with health plans and health care providers to develop and offer these Programs to beneficiaries and patients.  Once enrolled in a Recprocity Health Program, the enrollee is provided with tools, information, and financial incentives designed to assist enrollees with managing specific health issues. While Reciprocity Health is not a heath care provider, it acts asa partner to assist enrollees in meeting their health goals.

This Privacy Policy (“Privacy Policy”) is designed to provide transparency andhelp you as an enrollee in a Program understand how Reciprocity Health, Inc.(“Reciprocity Health”, “we”, “our” or “us”) collects and uses the information, including personal health information and data, that we receive from your health plan, health system, or other healthcare provider(s) as part of the Program either through (a) the Reciprocity Health’s proprietary software applications and services, including, without limitation, Therapay™ (collectively, the “Applications”) and/or (b) the Reciprocity Health’s website at www.ReciprocityHealth.com and its associated domains (together, the “Site”). The Privacy Policy also describes the choices available to you regarding our use of Personal Data provided prior to enrollment in a Reciprocity Health Program and how you can access and update this information.

Once enrolled in a Reciprocity Health Program, when you use the Site or Applications, you may be required to provide information that is considered Protected Health Information (“PHI”) under the federal Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”).  Reciprocity Health, acting as a Business Associate to various health insurance plans or health care providers (“Covered Entities”), has entered into a Business Associate Agreement with these Covered Entities, which sets the parameters surrounding Reciprocity Health’s permitted uses and disclosures of your PHI, the requirements we must follow to keep your data private and secure, and your rights to your PHI, all in compliance with HIPAA.We also ensure the privacy of your data through HIPAA Policies and Procedures, which set the rules for how we handle your PHI in accordance with the HIPAA rules.

By submitting information through the Site or Applications, and/or communicating with a Reciprocity Health agent via mail, email or telephone, you acknowledge that you have read this Privacy Policy and that you consent to the practices described in this Privacy Policy. You are responsible for the accuracy of information submitted to the Site and Applications. If you prefer that we not collect your Personal Data or PHI, please do not provide it to us. This Privacy Policy is not intended to, and does not, create any contractual or other legal right in or on behalf of any person.

How We Use Your Information

1.   Using and Disclosing Protected Health Information

Reciprocity Health is dedicated to protecting your health information.  As a business associate to health insurance plans and health care providers, we are required by HIPAA and our Business Associate Agreements to keep your PHI, including any Personal Data that becomes PHI, private.  Reciprocity Health may use and disclose PHI provided to us, or otherwise generated or maintained by us, to carry out treatment or health care operations on behalf of Covered Entities, and for other purposes that are permitted or required by law.  Reciprocity will only use or disclose your protected health information in accordance with a Covered Entity’s Notice of Privacy Practices and the Business Associate Agreement.  Typically we use or share your health information in the following ways:

  • Treatment: We may use your health information and share it with your health insurance plan or treating health care provider. For example we may provide a progress report of your activities completed to help your insurance plan or treating health care provider suggest future activites related to your treatment for your to work on.

  • Health Care Operations: We may use or disclose your health information for certain activities that are necessary for your health care provider or health insurance plan to operate their business. For example we may provide a report of your activity completion to your insurance plan in order to validate funding the incentives provided to you for completing your assigned activities.

2. Personal Data

In limited situations, Reciprocity Health may collect a users “Personal Data”, such as your name, address, email address, or other information that can personally identify you, prior to enrollment in a Program. Personal Data that we collect depends on how you use the Site or Applications and may not be considered PHI. For example, if you register to use any of the Applications or if you wish to contact us, we may collect your name, email address, IP address, and the information about other software that you use. If you use the Site and/or Applications or download the Applications through a mobile device, Reciprocity Health may collect information regarding the type of device you use, operating system version, the device identifier (or “UDID”), your IP addresses, and associated services from your mobile device.

3. General Web Browsing Information

When you visit the Site or use the Applications, we may collect various categories of general non-personally identifiable information (“General Information”). General Information includes browser information, operating system information, and the date, time, length of stay and specific pages accessed during your visits to the Site. If necessary, Reciprocity Health may link General Information to your Personal Data in order to improve the Site’s and Applications’ analytics and to improve the website services we offer you.

4. Tracking

Our Applications do not ask for access to or track any location-based information from your mobile device at any time while downloading or using the Applications. We may occasionally send you push notifications through the Application’s mobile application,  send you emails, and/or relevant event notifications. You may opt-out from receiving these types of communications at any time by turning them off through the settings of your device.  Turning push notifications off may affect your ability to use the Applications. 

5. Mobile Analytics

Our Applications do not ask for access to or track any location-based information from your mobile device at any time while downloading or using the Applications. We may occasionally send you push notifications through the Application’s mobile application,  send you emails, and/or relevant event notifications. You may opt-out from receiving these types of communications at any time by turning them off through the settings of your device.  Turning push notifications off may affect your ability to use the Applications. 

We may use mobile analytics software to allow us to better understand the functionality of our Applications’ mobile app on your phone. This software may record information such as how often you use the mobile app, the events that occur within the mobile app, aggregated usage, performance data, and the platform that was used to download the mobile app. Analytics services are not used to gather, request, record, require, collect, or track any PHI or Personal Data you submit within the Applications’ mobile app.

6. Third-Party Links and Features

Our Site may include features, links, or other interactive mini-programs, including but not limited to the Facebook “Like” or “Share” button, that run on our Site from third-party services. These features may collect your IP address, the page you are visiting on our Site, or may set a cookie to enable the feature to function properly. Reciprocity will not disclose your PHI to these third parties.  These third party features have separate and independent privacy policies and we recommend that you review and understand their privacy practices before sharing your information with those services.

7. Other Users of PHI

Except as otherwise specified in this Privacy Policy, Reciprocity Health does not rent, sell or disclose your PHI to third parties without your authorization.

Specific examples of how Reciprocity Health may use your PHI are:

  1. to customize, analyze, adjust and improve the Site and Applications to better meet your needs;

  2. to facilitate communication between you and Reciprocity Health or a Reciprocity Health sponsor regarding any incentive program that you participate in;

  3. to provide you with relevant information that may interest you, such as our newsletters or emails about our products and services (this information contains a subscriber link allowing you to opt out);

  4. to provide you with marketing and promotional information about products and services we believe may interest you (this information contains a subscriber link allowing you to opt out);

  5. to administer a survey (if you consent to participate in the survey via a response email);

  6. to enforce Reciprocity Health’s agreements with you;

  7. to provide you with important administrative information regarding the Site and Applications, such as changes to this Privacy Policy, our Terms of Use and our other policies; and

  8. And to prevent fraud and other prohibited or illegal activities.

  1. to customize, analyze, adjust and improve the Site and Applications to better meet your needs;

  2. to facilitate communication between you and Reciprocity Health or a Reciprocity Health sponsor regarding any incentive program that you participate in;

  3. to provide you with relevant information that may interest you, such as our newsletters or emails about our products and services (this information contains a subscriber link allowing you to opt out);

  4. to provide you with marketing and promotional information about products and services we believe may interest you (this information contains a subscriber link allowing you to opt out);

  5. to administer a survey (if you consent to participate in the survey via a response email);

  6. to enforce Reciprocity Health’s agreements with you;

  7. to provide you with important administrative information regarding the Site and Applications, such as changes to this Privacy Policy, our Terms of Use and our other policies; and

  8. And to prevent fraud and other prohibited or illegal activities.


8. Cookies & Other Online Identification Tools

Reciprocity Health uses cookies and web beacons on our Site and Applications.  A cookie is a small amount of data sent to your browser from a web server and stored on your computer’s hard drive.  Cookies and web beacons help you access and navigate the Site and Applications more efficiently, customize your experience of the Site and Applications, and store certain information that you previously provided (such as username and password).  Any such information will be maintained according to this Privacy Policy.  For more information about how Reciprocity Health utilizes cookies and other online identification tools, please review our Cookie Policy.


Disclosure Of The Information That We Collect

We will not disclose your PHI unless permitted under HIPAA and as part of our Program with the Covered Entity or with your express authorization.  Examples of such disclosures include:

1. Affiliates

We may share your information with our Affiliates who perform services or functions for Reciprocity Health, or Affiliates who may use your information for purposes similar to the purposes for which Reciprocity Health collects such information. Reciprocity Health requires all Affiliates to comply with the terms of this Privacy Policy and shall require all Affiliates that receive or maintain PHI to implement reasonable and appropriate safeguards to protect such PHI. For purposes of the foregoing an “Affiliate” means any corporation, partnership or other entity now existing or hereafter organized that directly or indirectly controls, is controlled by or under common control with Reciprocity Health.

2. Incentive Program Sponsors.

We may share your information with Program Sponsors who may provide services that integrate with the Reciprocity Health Application including, without limitation, sponsors of any incentive program that you participate in via your use of the Applications. Reciprocity will limit the information we share with Program Sponsors in accordance with HIPAA’s minimum necessary policy.  Reciprocity Health requires all Program Sponsors to comply with the terms of this Privacy Policy and shall require all Program Sponsors that receive or maintain PHI to implement reasonable and appropriate safeguards to protect such PHI.  By enrolling in a Reciprocity program or using the integration within the Applications, you consent to share your information with these Program Sponsors. Reciprocity Health does not control the Program Sponsor’s use of the information and their use and disclosure of the information would be in accordance with their own privacy policies. If you do not want your information shared with these Program Sponsors, you can choose not to use the applicable integration; however, in doing so you may not be able to participate in the applicable incentive program. 


3. Reciprocity Subcontractors.

Reciprocity Health may retain other companies and individuals to perform functions consistent with our Privacy Policy on our behalf. Examples include customer support specialists, web hosting companies, fulfillment companies (e.g., companies that fill product orders or coordinate mailings), data analysis firms, payment services firms and email service providers. Such third parties may be provided with access to Personal Data needed to perform their functions, but may not use such information for any other purpose. Reciprocity Health requires all subcontractors to comply with the terms of this Privacy Policy and shall require all subcontractors that receive or maintain PHI to implement reasonable and appropriate safeguards to protect such PHI.


4. Compliance with Law and Fraud Protection.

We may disclose any information without your authorization, including, without limitation, PHI or Personal Data, we deem reasonably necessary to:

  • Comply with any applicable law or legal process where a formal request has been made, such as to comply with a subpoena, regulation, binding orders of a data protection agency, or governmental request;

  • Respond to a lawful request by public authorities, including to meet national security or law enforcement requirements;

  • Enforce the Terms of Use, this Privacy Policy, or agreements or policies; or

  • Protect or defend Reciprocity Health’s rights or property, even without a subpoena, warrant or other court order.

5. Sale or Transfer of Information.

Subject to the requirements of HIPAA and other applicable laws, in the event of a sale, merger, liquidation, dissolution or sale or transfer of substantially all of the assets of Reciprocity Health, the Applications, or the Site, PHI, Personal Data and/or other information collected through the Site or the Applications may be sold, assigned or transferred to the party acquiring all or substantially all of the equity and/or assets of Reciprocity Health, the Site and/or Applications. In the unlikely event of an insolvency, bankruptcy or receivership, your information also may be transferred as a business asset. By using the Site and Applications and submitting your information to us, you consent to the sale and transfer of your information as described in this paragraph. In such an event, you will be notified via email and/or a prominent notice on our Site of any material change in ownership or uses of your PHI or Personal Data, as well as any choices you may have regarding your PHI or Personal Data. 

Choices Regarding Your Personal Information

In certain cases Reciprocity Health may use your Personal Data to contact you. At any time, you may opt-out from receiving emails, newsletters, or other information from Reciprocity Health. Reciprocity Health may, however, continue to use your Personal Data to contact you to service your account in conjunction with your use of the Reciprocity Health Application. Please note that if you use more than one name or e-mail address when communicating with Reciprocity Health or using the Site, you may continue to receive communications from Reciprocity Health to any name and/or email address not specified in your opt-out request. We will provide an individual the choice to opt-out or opt-in before we share your data with third parties or before we use it for a purpose not specified in this Privacy Policy. Users that wish to limit the use and disclosure of your Personal Data, may also submit a written request to the Privacy Officer. We will retain your information for as long as your account is active or as needed to provide you Applications. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Customer Testimonials 

We may post customer testimonials on our Site; provided however, no identifiable information will be disclosed on the Site, unless we have received an authorization from you. 

Blog / Forum Our

Site offers publicly accessible blogs and community forums. Our blog is managed by a third party application that may require you to register with a third party application in order to use the blog. Reciprocity will not disclose your PHI to these third parties and we do not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want the Personal Data that was posted to the comments section removed. These third-party blogs have separate and independent privacy policies and we recommend that you review and understand their privacy practices before sharing your information with those services.

Site and Application Security 

Reciprocity Health has implemented a variety of technical, administrative and physical security measures to protect your PHI and Personal Data from unauthorized access and use, as described herein, in accordance with applicable federal and state laws, including but not limited to HIPAA. While Reciprocity Health strives to protect your PHI and Personal Data, no data transmission over the Internet is 100% secure and, consequently, we cannot ensure the security of any information.  

Our Site and Applications Are Not For Use By Minors 

Reciprocity Health’s Site and Applications are not intended for and not targeted to individuals under 13 (“minors”), and we do not knowingly or intentionally collect information from minors. Further, by using the Site and Applications, you represent that you are at least the age of legal majority in your place of residence. We do not use an application or other mechanism to determine the age of users of the Site and Applications. If we learn that a minor has submitted information about himself/herself to the Site or Applications, we will delete the information as soon as possible and in accordance with applicable law.

Third Party Links

We may provide links to third-party web sites that we do not own or control. Reciprocity will not disclose your PHI to these third parties and we are not responsible for the information collection practices of any website that we do not own or control. We encourage you to review and understand the privacy practices of third-party websites before providing any information to or through them.

Modifications to the Privacy Policy 

We reserve the right to update this Privacy Policy at any time to reflect changes in our practices. Any changes to our Privacy Policy will be posted on a designated page on the Site and Applications so that you are always aware of our policies. If any changes to the Privacy Policy would materially affect your use of the Site or Application, we will provide notice of the updated Privacy Policy to you via email or other preferred method of communication.  The modified Privacy Policy will be effective immediately upon posting on the Site or Application. Your continued use of the Site or Applications after the posting of the modified Privacy Policy constitutes your agreement to abide and be bound by it. Unless we provide other notification, we encourage you to periodically review this page for the latest information on our privacy practices. If you object to any modification, your sole recourse is to stop using the Site and Applications.
 
California Residents 

California Civil Code Section 1798.83 permits individuals who provide Reciprocity Health with Personal Data and who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. Reciprocity Health does not, at this time, disclose Personal Data to third parties for their direct marketing purposes. If Reciprocity Health changes this policy, we will update this provision and provide instructions on how you may make a request for details concerning such information.

 
Comments and Questions

If you have any questions or concerns regarding our Site, Application, or this Privacy Policy, please contact Reciprocity’s Privacy Officer at privacy@reciprocityhealth.com, or via regular mail: 

Attention: Privacy Officer
Reciprocity Health, Inc.
P.O. Box 3508
Wilmington, DE 19807