Koa Health
Privacy Policy – United States

Summary of Privacy Policy - Reading time 2 mins

This summary helps you to quickly understand the main points of the Privacy Policy. It is provided for convenience only. Because it does not replace our full Privacy Policy, please read the full Privacy Policy to understand the complete picture of how we handle personal information.

For patients:

We’re Koa Health.

Your insurer has given us permission to use information about you and your health so that you can use Mindset.

We only collect the information we need to run and improve Mindset.

We collect your information to help you better manage your depression symptoms as part of your clinician-led care. We may collect additional information with your permission or to comply with the law.

We do not access your medical record held by your clinical team or insurer.

Your clinician gives us your name, contact details, and your treatment type so you can use Mindset.

We share information about you and your health with your clinical team.

This is so that your clinician can provide your treatment with support from Mindset. Your insurer may also be able to see this information.

We share information about you with third-party service providers.

This helps us provide some parts of the service (such as notifications). We ask our service providers to keep your information safe.

You need to be 18 or over to use Mindset.

By using Mindset you are telling us that you are at least 18 years old.

We work hard to keep your information safe.

We work to protect your information from being lost, stolen or misused. Because no system is perfect, you can help by keeping your password and account details safe.

Additional information for clinicians:

We collect limited information about you.

This is so that you are able to access the Mindset Clinician Dashboard. We collect your name, email, and login.

We collect information about how you use the Clinician Dashboard.

This helps us improve our services to you, deliver Mindset to your patients, and to improve the Mindset service.

We use your information to contact you.

This helps us communicate with you and respond to your questions.

Full Privacy Policy - Reading time 9 mins

If you are a patient, this Privacy Policy applies to the collection and processing of personal information connected to your use of the Mindset mobile application (the “App”). If you are a clinician, this Privacy Policy applies to the collection and processing of personal information connected to your use of the Clinical Dashboard (the “Dashboard”). Together, the App and the Dashboard are referred to as our “Online Services.”

1. Personal Information We Collect: The personal information we collect varies based on whether you are a patient or a clinician. Below we summarize the information we collect in each case.
   1. Patients – Information We Collect: If you are a patient, we receive information from your health care insurance carrier or clinician. We also collect information about you, directly or indirectly, when you use our App. Below is a summary of the information we collect. 
      • Profile information: When a clinician authorizes you to use the App, we collect your (a) name, (b) email address, (c) date of birth, (d) phone number, (e) type of treatment, and (f) treating clinician(s).
      • Course information: The App offers an 8-step online program (the “Program”) designed to support treatment by your clinician and monitor your symptoms. As part of the Program, you may participate in activities, quizzes or exercises and provide information using the App. Information we collect for the Program may include:
        • The priorities and objectives you enter in the App, like health and wellness, career improvement or personal relationships;
        • Responses to learning exercises and quizzes to understand key concepts for the Program and descriptions of your thoughts, such as unhelpful thought, thinking traps, etc.;
        • Logs of activities relating to treatment objectives, such as walking, doing laundry or cleaning the house as well as the time and mood when performing them;
        • Your schedule of activities throughout the week. For each activity, you may choose to also indicate possible barriers you may encounter or encouraging messages; and
        • Dates and times at which exercises or quizzes were performed, to help treating clinicians evaluate how the Program is being followed.
      • Device data: Our App will register information about the device you use to access the App. This includes fields such as device type, operating system and version, and IP address. 
      • App activity data: We collect data about how Program participants interact with the App. This includes data about the length of your sessions in the App, how long you view specific screens, what App features you may click on or use, and what you search for in the App. 
      • Error and troubleshooting data: We collect data about problems users encounter while using the app, and suspicious uses of the App. This data includes suspicious activity alerts, crash reports, error reports, or similar reports. 
      • Information collected through optional features. Our App may offer additional features outside of the Program and collect personal information from you.
        • If we offer optional App features outside of the Program and collect your personal information, such information is not shared with your clinician or healthcare insurance carrier; it is available only for you. We have access to your information, but we use your information only as described in this Privacy Policy. We ask for your consent before activating any of such additional features in the App.

      For Patients: A Note about Protected Health Information and HIPAA. 

      Some of the information we collect about you is “Protected Health Information” (“PHI”) under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Generally speaking, the following information will be PHI: (a) the information we receive from your healthcare insurance carrier or clinician, and, (b) information you provide when completing the Program through the App.

      We want to make sure you know that, notwithstanding anything else in this Privacy Policy, we only use and share PHI as permitted by HIPAA and our business associate agreement with your healthcare insurance carrier or clinician. This means we only use and share your PHI with your healthcare insurance carrier or clinician to support your treatment or upon your direction or consent. Your healthcare insurance carrier or treating clinician will provide you with a “Notice of Privacy Practices” that explains how they use your PHI in compliance with HIPAA.

      Note that PHI can be deidentified in which case it is no longer considered PHI. This can be done by removing 18 specific types of identifier from the information pursuant to HIPAA regulations. We may de-identify PHI, in accordance with HIPAA, and use it as non-PHI for the purposes listed in Section 2. 

   2. Clinicians – Information We Collect: We primarily collect information through your use of the Dashboard. Information we collect includes:
      • User profile data: This includes your name, email address, and login credentials for your account.
      • Usage data: We collect data about how you use and interact with our Online Services. This includes your computing device type, operating system and version, browser types, cookies and IP address. 
      • Error and troubleshooting data: We collect data about problems encountered in using our services, as well as reports relating to suspicious uses.

      You may refuse all or some browser cookies or delete browser cookies through your browser settings. If you refuse or delete cookies, or if you are running third-party software that intercepts or deletes cookies, please note that some parts of our Dashboard may not work properly.

2. How We Use Personal Information: We use personal information for the following purposes:
   • Providing our Online Services to you: We use personal information to authenticate you as the authorized user of our Online Services and to provide the Online Services and their features to you. We may also use personal information to provide you with notices about your account or changes to our terms or this Privacy Policy.
   • Support service and communications: We use personal information to process any requests or inquiries from you or to otherwise communicate with you.
   • Analytics and service improvement: We analyze how people use our App or other Online Services. We evaluate and improve our Online Services, and develop new features or services. 
   • Personalization: We may use personal information to personalize your experience in the App or other Online Services, or to optimize notifications to you.
   • Research: We may use personal information to conduct internal and scientific research. If our research results in a published study, it will contain only aggregated data that cannot be traced back to any specific individual.
   • Maintaining integrity of the Online Services and our systems: Personal information may be used to prevent fraudulent or suspicious activity, or otherwise protect the Online Services, users, or our IT systems.
   • Compliance and legal claims: We use personal information in connection with complying with applicable laws, regulations, policies, legal process, and agency requests. We also use personal information to carry out our obligations and enforce our rights arising from any contracts entered into between you and us. We may also use personal information in connection with establishing, exercising, or defending legal claims. 
   • Protection of rights and health: Personal information may be used to protect the health, safety, welfare, rights, or interests of you, us, any third party, or the general public.
   • Other purposes: We may use personal information for other purposes but only with your direction or consent.

   For clinicians: In addition, as permitted by law, we may use clinician users’ personal information to provide marketing or promotional materials to you regarding services, features, or other matters we think may interest you as a clinician.

3. How We Share Personal Information: We will not disclose your personal information to third parties for monetization. We only share personal information as described in this Privacy Policy. We may share personal information with third parties for any of the purposes listed above, to the extent we are allowed by law to do so. The categories of parties that may receive personal information from us are as follows:
   • Koa Health affiliates: We may share personal information with other companies in the Koa Health group.
   • Treating clinicians and healthcare insurance carriers: If you are a patient, information you provide as part of the Program via the App will be shared with the clinician providing treatment to you. The optional features provided in the App but outside of the Program will not be shared with your clinician or healthcare insurance carrier. 
   • Our service providers and business partners: We may share personal information with companies that provide services to us, or otherwise help us operate our business or the Online Services.
   • Government authorities and law enforcements: We may share information with government authorities, law enforcements or other third parties in connection with: (a) compliance with applicable laws, regulations, policies, legal process, and agency requests; (b) establishing, exercising, or defending legal claims; or (c) protecting the health, safety, welfare, rights, or interests of you, us, any third party, or the general public.
   • Third parties in connection with a sale of business: We may share or transfer information with another business in connection with a merger or sale of our business or assets to that business.
   • Other third parties: We may share information for other purposes but only with your consent.
4. Security: We maintain safeguards designed to protect personal information collected through our Online Services and require our service providers to implement reasonable security measures to protection personal information. However, no security system is impenetrable, nor can we guarantee the security of the information you transmit to us over the Internet, including your use of e-mail. We ask you to take responsibility to safeguard your access credentials and the devices you use to access our Online Services (such as laptops, tablets and mobile devices) and to use appropriate security settings on those devices.
5. Retention: We retain information we collect in connection with our Online Services for the period of time necessary for us to perform the purposes listed in this Privacy Policy, and for any further periods permitted or required by law. This may involve us retaining your information after you have stopped using our Online Services.
6. Minors: Our Online Services are not designed for or intended to be used by persons under the age of 18. If you think that we have collected personal information from a child under the age of 13 through our Online Services, please contact us immediately at privacy@koahealth.com.
7. Do Not Track: As there is currently no generally-recognized Do Not Track signal, our Online Services are not designed to respond to Do Not Track signals or requests.
8. Changes to this Privacy Policy: We may modify this Privacy Policy from time to time, and will post any revisions on our Online Services. We will indicate at the top of the Privacy Policy the Effective Date of the most recent update. If we believe an update requires additional notice to you or your consent, we will contact you to provide that notice or seek that consent.
9. Contact Us: If you have any questions about this Privacy Policy or our Online Services, contact us at any time at privacy@koahealth.com.