Joining Citizen Health
Last Updated: June 24, 2024
The Citizen Health Platform enables individuals to collect, maintain, and share all of their health information as they choose via our website located at www.citizen.health and other technologies (collectively, the “Citizen Health Services”). The Citizen Health Services may also include providing individuals with insights based on combining their health information and the health information of others like them. Please see Citizen Health’s Terms of Service for more details. We’re empowering the world’s citizens to conquer disease – by making it possible for all of us to gather, use, and share health information to improve lives.
Information Citizen Health Collects
Your Health Records and Self-Reported Information
Citizen Health is a technology service that allows you to upload and/or enable us to request access to copies of your health information and medical records (“Medical Records”) through the “right of access” granted to you under HIPAA or the laws applicable to where you are located, as well as through online portal accounts that may be made available to you by some health care providers or health plans.
As part of the Citizen Health Service, you may choose to provide us with: (i) other information about your health, such as information about how you’re feeling or pain management; (ii) other information you’ve shared with third parties, including caregivers, medical professionals and researchers; and (iii) data from wearables or home diagnostic equipment (collectively, “Self-Reported Information”).
Citizen Health consolidates and standardizes Medical Records and Self-Reported Information (collectively, “Health Records”) and transforms them into digital data.
Account Information for Citizen Health Account Creation & Maintenance
When you sign up for and use the Citizen Health Service, we collect personal information from you for account creation and maintenance (“Account Information”). Such Account Information includes, as applicable or permitted under law, items such as your name, address, e-mail address, telephone number, your contact preferences, device identifiers, IP address, prior names, addresses, phone numbers, birth date, gender, race or ethnicity, medical or health plan record numbers, and information about your doctors, medical providers and health plans. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary to use certain Citizen Health Services.
Before we can collect your Medical Records on your behalf, we ask that you provide us with additional information to confirm your identity: a copy of your driver’s license or other official government photo ID, and/or identifiers associated with your cell phone (e.g., country, device ID and Operating System) (collectively, the (“Identification Information”). Citizen Health contracts with vendors to perform these identity proofing actions. All such vendors are contractually obligated to use your or your Personal Representative’s Identification Information solely for the purpose of identifying you or your Personal Representative. If a someone other than you, such as a family member opens an account for you or on your behalf (your “Personal Representative”), we may need to collect additional documentation to verify the identity of that person and verify that person’s authority to act on your behalf, such as your birth certificate, death certificate (in the event of a deceased individual), a health care proxy or power of attorney to demonstrate familial relationship and legal authorization to obtain Medical Records. Citizen Health will review such additional documentation when necessary and use such information solely for the purpose of collecting records the Personal Representative is authorized to access. .
If you decide you want to enable friends or family members or others to have access to your Citizen Health account, we will collect personal information about those individuals to fulfill your request: name, email, telephone and other information to be used to confirm their identity.
From time to time, Citizen Health will send you emails that communicate information about your account or about products, Citizen Health Services, or offers that may be of interest to you. When you open one of these emails or click on links within the email, we may collect and retain information about your interaction with the email to provide you with future communications that may be more interesting to you. You will have the option of opting out of email communications, except emails that Citizen Health reasonably deems are required by law or necessary to prevent or mitigate a security or fraud risk, or to continue to provide you with the Services.
Records Collection and Sources. We collect personal information about you, including Health Records, using one or more of the following processes:
When you sign up for an opportunity offered jointly by Citizen Health and one of our partners, additional personal information may be collected and received by both Citizen Health and our partner that is offering the opportunity. We will let you know at the time of collection when it is optional for you to provide certain information, and when it is necessary to take advantage of the offering. For these jointly offered opportunities, you should also review the partner’s privacy policy, which may include practices that are different from the practices described in this Privacy Policy.
Any information we receive from outside sources will be treated in accordance with this Privacy Policy. We are not responsible or liable for the accuracy of the information provided to us by third parties and are not responsible for any third party’s policies or practices.
Other Types of Information Citizen Health Collects
User Generated Content. Our Service may allow you to engage in blog discussions, message boards, chat rooms, and other forms of social networking and to post reviews and post content, such as messages relating to healthcare experiences, and interact with other users (“User Generated Content” or “UGC”).
Product Interaction and Feedback. We may collect: responses to surveys that we invite you to complete, Information about your use of the Citizen Health Services, and transactions you make regarding the Citizen Health Services. We collect product interaction and feedback that you provide to us through our Service to provide you with the Citizen Health Services, improve and enhance the Citizen Health Services, and conduct research and analytics.
Other Information. We collect any other information you choose to include in communications with us, for example, when sending a message or submitting information through a webform.
How Citizen Health Uses Your Information
Citizen Health will use your information to create and manage your Citizen Health account, and also for the following purposes:
We analyze Health Records via machine learning and artificial intelligence to identify patterns; this allows us to provide insights to individuals using Citizen Health Services based on aggregated data from their records and to create dynamic patient groups who may be interested in select opportunities to share data (for example, with caregivers, with your medical professionals, to find treatment, or to power research).
When you ask us to delete your account, your Account Information, and Health Records will be deleted, and further access to your account and the Citizen Health Services will not be possible, in accordance with applicable law.
Citizen Health does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.
Text Messages.
You may opt-in to receive occasional text messages from Citizen Health to receive updates on our Services. Message frequency will vary. You agree that by providing your mobile phone number and opting in to receive text messages, you expressly consent to receive automated text messages from us to the mobile phone number you provide. Consent to receiving text messages is not required in order to be a Citizen Health user. Message and data rates may apply, and you should check the rates of your mobile carrier. Your mobile carrier is not liable for delayed or undelivered messages. You can opt out of receiving text messages by texting STOP in response to any text message. You can also text HELP and we will respond with instructions on how to opt-out of or sign up for text messages from Citizen Health. As we are located in the United States, international rates may apply depending on your location. We share your mobile phone number with service providers with whom we contract in order to send you automated text messages, but we will not share your mobile phone number with third parties for their own marketing purposes without your express consent. Contact us at support@citizen.health if you have any questions about our text message program.
When Citizen Health Shares Your Information
From time to time, Citizen Health may share aggregate, summary data about users of Citizen Health Services, including summary data from Health Records in ways that do not identify individual users. (An example of this is sharing data about how many patients with a particular disorder are using the Citizen Health platform). In addition, Citizen Health may share data related to your usage of the Citizen Health Platform – including Account Information as follows:
When you make a decision to share your data outside of Citizen Health–including Health Records–the data practices under this Privacy Policy will no longer apply to the information held by that outside entity. We recommend that you review and determine you are comfortable with that entity’s privacy policy prior to sharing your data (including Account Information and Health Records) outside of Citizen Health.
In any circumstance where your consent is sought prior to Citizen Health sharing personal information about you, you will be able to withdraw that consent at any time, provided we can individually identify you in such data. Such withdrawal of consent will apply only to new uses or disclosures of personal information about you within a reasonable amount of time after Citizen Health has received the withdrawal or at such other time as required by applicable law.
Retention of Citizen Health Health Records: Because Citizen Health accounts are voluntarily created by individuals, Citizen Health will retain Health Records for so long as an individual maintains an account with Citizen Health.
Jurisdiction-Specific Provisions
US
The California Consumer Privacy Act. Terms used in this section and not otherwise defined have the meaning given to them under the California Consumer Privacy Act of 2018 (“CCPA”). We do not sell personal information collected about you. This Section only applies to users of our Services that reside in the State of California. For purposes of this Section, the term “personal information” does not include publicly available information that is made available from federal, state, or local government records or patient information collected and maintained by us in compliance with the California Confidentiality of Medical Information Act.
In the preceding 12 months, we collected and disclosed for a business purpose the following categories of personal information about California consumers:
Categories of Personal Information | Data Types | Collected? | Categories of Recipients |
---|---|---|---|
Identifiers | Name, e-mail address, IP address, telephone number | Yes | Service providers who process data on our behalf. Research partners (only with your consent) |
Personal information categories listed in the California Customer Records statute | Name, social security number, physical characteristics or description, telephone number, driver’s license or state identification card number, etc. | Yes | Service providers who process data on our behalf. Research partners (only with your consent) |
Protected classification characteristics under California or federal law | Race, gender | Yes | Service providers who process data on our behalf. Research partners (only with your consent) |
Commercial information | Records of products or Services purchased, obtained, or considered, including prescriptions | Yes | Service providers who process data on our behalf. Research partners (only with your consent) |
Internet or other similar network activity | Information on a user’s interaction with the website | Yes | Service providers who process data on our behalf |
Geolocation data | IP address data | Yes | Service providers who process data on our behalf |
Professional or employment-related information | Title of profession, employer, etc. | Yes | Service providers who process data on our behalf |
Inferences drawn from other personal information | Profile reflecting a person’s preferences | Yes | Service providers who process data on our behalf |
In addition, to the extent they are contained within your Health Records, which are not subject to the CCPA since they are collected and maintained by us in compliance with the California Confidentiality of Medical Information Act, we may collect:
Categories of Personal Information Data Types Collected? Categories of Recipients Biometric information Imagery of retinas, fingerprints, hands, face, and behavioral characteristics Yes Service providers who process data on our behalf.
Research partners, and other third parties only with your consentSensory data Audio, electronic, visual, thermal, olfactory information Yes Service providers who process data on our behalf.
Research partners, and other third parties only with your consentProfessional or employment-related information Title of profession, employer, etc. Yes Service providers who process data on our behalf.
Research partners, and other third parties only with your conse
De-identified Patient Information.
We do sell and disclose de-identified patient information exempt from the CCPA to third parties but only with patient/user consent. To de-identify the patient information, we comply with HIPAA de-identification standards.
Sources of Information.
In the preceding 12 months, we received personal information from the sources described above in this Privacy Policy.
Purposes for Collection, Use, and Sharing.
We use and disclose the personal information we collect for our commercial purposes, as further described in this Privacy Policy, including for our business purposes:
· Auditing related to our interactions with you;
· Legal compliance;
· Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and necessary prosecution;
· Debugging;
· Performing Services (for us or our service provider);
· Internal research for technological improvement;
· Internal operations;
· Activities to maintain and improve our Services; and
· Other one-time or short-term uses.
Your Rights.
Where applicable, if you are a California resident you may have the following rights under CCPA in relation to “personal information” we have collected about you as defined in the CCPA; these rights are, to the extent required by the CCPA and subject to verification and any applicable exceptions:
· Right to Know/Access: You have the right to request that we disclose certain information to you about our collection and use of certain personal information about you as described below:
· The specific pieces of personal information collected;
· The categories of personal information collected;
· The categories of sources from whom the personal information is collected;
· The purpose for collecting the personal information; and
· The categories of third parties with whom we have shared the personal information.
· Right to Delete: You have the right to request that we delete the personal information.
· Freedom from Discrimination: You have the right to be free from unlawful discrimination for exercising any of the rights above.
Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.
You may also make a request to know or delete on behalf of your child by contacting us using the information provided above.
You may only submit a request to know twice within a 12-month period. Your request to know or delete must:
· Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
· Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
To fulfill your request, we may ask you for additional information and documents, which may include information previously provided. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know or delete. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.Non-Discrimination.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
· Deny you goods or services.
· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
· Provide you a different level or quality of goods or services.
· Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
“Shine the Light” – California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@citizen.health or write us at: 106 Justin Drive, San Francisco, CA 94112.
B. Notice to Residents of Nevada
If you are a Nevada resident, you have the right to opt out of the sale of certain personal information, including your name and mailing address, to third parties. As of the date of this privacy policy, we do not sell any personal information to any third party. If that were to change in the future, we will update this privacy policy.
International Jurisdictions
a. Australia
If you are in Australia, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Citizen Health Services above.
We will only collect your Health Records from third parties if you give us your consent (for example, by requesting us to seek your Health Records from a third party) and the Health Records are reasonably necessary for one or more of the Citizen Health Services, functions or activities, or as otherwise permitted to do so by law.
How we hold personal information about you. We use Amazon Web Services located predominantly in the United States.
We may disclose personal information about you to recipients outside of Australia, including within the United States.
Complaints. Please get in touch if you have any questions or complaints about how we collect, use or manage personal information about you. You can contact us using the contact information located in the Contacting Us section of this Policy. If you make a complaint, we will endeavor to respond within a reasonable period after the request is made, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). Please note the OAIC requires any complaint to be made to us before you make a complaint to the OAIC. Further details about how to lodge a complaint with the OAIC can be found at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.
b. Canada
If you are in Canada, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Citizen Health Services above.
Personal information is maintained on our servers or those of our service providers and will be accessible by authorized employees, agents and representatives who require access for the purposes described in this Privacy Policy.
Your Rights. You may request access to or correction of personal information about you in our control as detailed in the Contacting Us section of the Privacy Policy. These rights are subject to certain exceptions and we may take steps to verify your identity before responding to your request.
We, our service providers and other parties with whom personal information about you may be shared as described in this Privacy Policy may process and store personal information about you outside of Canada, including in the United States and in other countries. While outside of Canada, personal information about you will be subject to applicable local laws, which may not afford the same level of protection to personal information about you as the laws in Canada.
c. European Union, United Kingdom
If you are in the European Economic Area (“EEA”) or the United Kingdom (“UK”), the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy above.
For the purpose of applicable data protection laws, we are the data controller.
Your information will be processed on the basis of the following legal bases:
Purpose | Categories of Data | Legal Basis (Article 6) | Legal Basis (Article 9) |
---|---|---|---|
To keep you posted on available clinical trials, products, Services, software updates, and upcoming events. You can opt out of these communications in the manner designated in the specific communication or within your account. | Account Information Health Records Self-Reported Information | Consent | Explicit Consent |
For loss prevention and anti-fraud purposes and account and network security purposes | Account Information | Our legitimate interests in maintaining the security and integrity of our systems and networks. | N/A |
To send important notices regarding Citizen Health products and Services, including changes to our terms, conditions, and policies | Account Information – name, address, e-mail address, telephone number. | Our legitimate interests in keeping you up to date regarding the Services. | N/A |
To locate your Health Records and help the providers and health plans accurately match and send the correct information to us for your Citizen Health account. | Account Information – name, address, e-mail address, telephone number, prior names, addresses, phone numbers, birth date, gender, race or ethnicity, medical or health plan record numbers, and information about your doctors, medical providers and health plans. | Consent | Explicit Consent |
To analyze Health Records to offer you opportunities to share data (for example, with caregivers, with your medical professionals, to find treatment, or to power research ). | Health Records Self-Reported Information | Consent | Explicit Consent |
To allow you to engage in blog discussions, message boards, chat rooms, and other forms of social networking and to post reviews and post content, such as messages relating to healthcare experiences, and interact with other users. | User Generated Content | Consent | Explicit Consent |
Your rights.
If you are located in the EEA or the UK, you have certain rights, listed below, in relation to personal information about you.
When we receive an individual rights request from you, please make sure you are ready to verify your identity. Please be advised that there are limitations to your individual rights. We may limit your individual rights in the following ways: (i) where denial of access is required or authorized by law; (ii) when granting access would have a negative impact on other’s privacy; (iii) to protect our rights and properties; and (iv) where the request is frivolous or burdensome. If you have questions, if you would like to exercise your rights under the applicable law please contact us at privacy@citizen.health.
Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests or where we are required by law to retain personal information about you.
To exercise any of these rights, you can contact us at privacy@citizen.health. We will respond to requests to exercise these rights without undue delay and at least within one month (though this may be extended by a further two months in certain circumstances).
Storage and transfer of personal information about you.
The information that we collect from you will be transferred to and stored at/processed in countries outside the EEA and UK. Your information is also processed by staff operating outside the EEA and the UK who work for us or one of our third-party service providers or partners. We will take all steps reasonably necessary to ensure that personal information about you is treated securely and in accordance with this Privacy Policy.
For any transfers of data outside the EEA or the UK, the data transfer will be on the basis of your explicit consent.
We will retain personal information about you as follows:
We will also retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our terms and conditions, other applicable terms of service, and our policies.
d. India
If you are in India, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Citizen Health Services above.
Sensitive Personal Information. Under local law, Sensitive Personal Information means passwords, financial information such as bank account, credit card, debit card or other payment instrument details, biometric data, physical or mental health details, sex life or sexual orientation, and/or medical records or history, biometric, genetic and gender related information, caste or ethnicity, religious or political affiliations and similar information, excluding information available in the public domain, or accessible by exercise of statutory rights under Indian laws.
Your Rights. To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities, and correct or update personal information about you by contacting us as detailed in the Contacting Us section of the Privacy Policy. Where consent is required to process personal information, and you do not consent to the processing or if you withdraw your consent, we may not be able to deliver the expected Citizen Health Services. Your request to withdraw your consent shall not (i) apply retrospectively; or (ii) require deletion of records required for statutory purposes.
e. Singapore
If you are in Singapore, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Citizen Health Services above.
Access. You have the right to access personal information about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us as detailed in the Contacting Us section of the Privacy Policy.
Correction. You have the right to correct any personal information about you that is inaccurate. You can access the personal information we hold about you by logging into your account. If you believe we hold any other personal information about you and that information is inaccurate, please contact us.
Our designated privacy officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted at privacy@citizen.health.
f. New Zealand
If you are in New Zealand, the disclosures set out below apply to you in addition to the disclosures set out in the general sections of this Privacy Policy and the Product Specific Policies for Citizen Health Services above.
The New Zealand Privacy Act 2020 and Health Information Privacy Code 2020. Terms used in this section and not otherwise defined have the meaning given to them in the Privacy Act 2020 (“NZPA”), and the Health Information Privacy Code 2020 (“NZHIPC”).
If you are located in New Zealand, we will collect, store, use, retain, and disclose personal information about you (including your Health Records) in accordance with the requirements of the NZPA and NZHIPC, as applicable.
Storage of personal information. We store personal information that we collect using Amazon Web Services predominantly located in the United States. You acknowledge and agree that:
Notifiable privacy breaches. We will comply with our obligations in the NZPA relating to notifiable privacy breaches, including our obligation to notify affected individuals as soon as practicable after we become aware that a notifiable privacy breach has occurred.
Your Rights. Where applicable, if you are located in New Zealand you have the following rights under the NZPA in relation to personal information we have collected about you; these rights are, to the extent required by the NZPA and subject to verification and any applicable exceptions:
To make a request in relation to the above rights, please contact us as detailed in the Contacting Us section of this Policy. To fulfill your request, we will need to verify your identity and may ask for additional information and documents, which may include information previously provided. Only you, or someone legally authorized to act on your behalf, may make a request related to personal information collected about you. To designate an authorized agent, the authorized agent must provide sufficient information that allows us to reasonably verify that they have been authorized by you to act on their behalf.
g. Other locations around the world
If you live in another part of the world not specifically mentioned here, please contact us as detailed in the Contacting Us section of this Policy.
Blogs, Social Networking, and Education or Promotional Content
Citizen Health regularly publishes blog posts and invites any individual to sign up to receive these posts via email. Email addresses are collected from these individuals and used by Citizen Health or a contracted service provider solely to send these blog posts and other Citizen Health marketing or promotional material. Note that individuals who create an account for the Citizen Health Services will receive emails that contain newsletters, links to blog posts and other marketing or promotional content. Any individual – whether or not a Citizen Health account holder – may opt out of receiving any communications from us by following the unsubscribe link in the communications.
As noted above, the Citizen Health Service may from time to time allow you to store, display, reproduce, publish, or otherwise use UGC, and may or may not attribute it to you. These forums are accessible to others and UGC you post can be read, collected, shared, or otherwise used by anyone who accesses the forum. If you post UGC to information sharing forums, including any information about your health, you are doing so by choice and you are providing consent to the disclosure of this information; your UGC will be considered “public” and will be accessible by anyone, including Citizen Health. Please note that we do not control who will have access to the information that you choose to make available to others, and cannot ensure that parties who have access to such information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the features permitting creation of UGC or what others do with information you share with them on such platforms. We are not responsible for the accuracy, use or misuse of any UGC that you disclose or receive from third parties through the forums or email lists.
Integrity of Information
You can keep your Account Information and Self-Reported Information accurate, complete and up to date. Information in your Citizen Health account, sourced directly from a third-party such as a medical provider, health plan, or other health data source (i.e., Health Records) cannot be changed by you or Citizen Health; however, you may upload or have us request on your behalf, updated information, including Health Records.
Changes to this policy
We reserve the right to make changes to this Privacy Policy, in which case we will update the “Last Updated” date at the top of this Privacy Policy. We will give you advance notice of any material changes so you can decide if you want to maintain your account with Citizen Health (except those that may need to be made immediately in order to comply with law or to deal with an urgent situation that threatens the security of information held by Citizen Health or severely impacts Citizen Health’s functionality). The updated Privacy Policy will be effective as of the time of posting, or such later date as may be specified in the updated Privacy Policy.
Contact us
If you have questions, concerns or suggestions related to our Privacy Policy or our privacy or security practices, or if you would like to exercise any of your rights outlined in this Privacy Policy, email our Privacy Officer at privacy@citizen.health or write a letter to:
Privacy Officer
Citizen Health Inc.
106 Justin Drive
San Francisco, CA 94112