Privacy Policy

Filament Labs, Inc., a Delaware corporation (“Filament Labs,” “our,” “us,” or “we”) offers a patient engagement platform-as-a-service product (“Patient IO” or the “Patient IO Platform”), which includes a mobile application (“Mobile App”), and associated email and web-based versions of the patient dashboard in Patient IO (collectively the “Patient Dashboard”). You may use Patient IO as a patient user (“Patient”) or as a Patient’s designated friend or family member caregiver (“Caregiver”). Patient IO, among other things, is designed to enable you to manage a Patient’s health information across different healthcare providers or sponsors and their personnel (each, a “Sponsor”).

Filament Labs respects your privacy. In that regard, we have created this Privacy Policy to let you know what information we collect when you use Patient IO. This Privacy Policy describes the information we collect, how we use that information and any potential disclosures of such information.

Your Consent to this Privacy Policy

The term “you,” as used in this Privacy Policy, refers to a Patient and/or Caregiver end user of Patient IO. By using Patient IO, you agree to this Privacy Policy. This is our entire and exclusive Privacy Policy and it supersedes any earlier version.

We may change this Privacy Policy by posting a new version through Patient IO, and it is your responsibility to review this Privacy Policy periodically. When we do change the policy, we will also revise the “last updated” date at the beginning of this Privacy Policy and may notify you or post a message via the Mobile App and/or the Patient Dashboard. Your continued use of Patient IO constitutes your agreement to this Privacy Policy and any updates.

What information does Filament Labs collect?

Personal Information

As used in this Privacy Policy, “Personal Information” means any information that may be used to identify an individual. When you use Patient IO, whether as a Patient or a Caregiver, we may collect certain Personal Information, such as your first and last name, age information, employment information, address, email address and password, phone number, or other contact information, whether at work or at home. If you are a Patient, you acknowledge that we may collect this Personal Information from you directly or through your Caregiver. We may ask you or your Caregiver to provide Personal Information about you that will enable us to enhance your use of Patient IO. It is your choice whether or not to provide that Personal Information through Patient IO; provided that if, as a Patient, you designate a Caregiver, the Caregiver may elect to provide your Personal Information on your behalf. In such case, the Caregiver is solely responsible for obtaining your consent to provide such Personal Information. If you choose not to provide requested Personal Information, you may not be able to use certain features of Patient IO.

Health Information

You also acknowledge and agree that, if you are a Patient, we may collect your Health Information. “Health Information” means any information related to your physical or mental health, including your medical history, family history, heath background and current health status information, age information, sexual behavior and sexual orientation, demographic information (including ethnicity, marital status, salary and education information) and information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, payments for treatment and health insurance information.

Technical Information

We may collect and use technical data and related information, including but not limited to technical information about your device, system and application software, peripherals and your interactions with Patient IO (“Technical Information”). Technical Information is gathered periodically to facilitate the provision of software updates, product support, product enhancements and other services to you (if any) related to Patient IO and the Mobile App. We may also automatically receive and record information on our server logs from your browser or mobile device, which could include your IP address, cookie information, browser information and the page you request. This information is not deemed by Filament Labs to constitute Personal Information and while Filament Labs will not use it in a way that associates such information with you, such information it may be aggregated and used. Filament Labs owns this information and may use it in any manner it deems appropriate.

Location Based Information

You also acknowledge and agree that we may collect location-based data from you (“Location-Based Information”). When you use the Mobile App, we may collect Location-Based Information from your device. To the extent we track your location through, it is only to administer the functionality of the Mobile App and to send you location-based communications (which could include advertisements for goods and services).

Behavior Tracking

We may use Patient IO to collect information from your web browser about your activities over time and across third-party websites, applications or other online services (“Behavior Tracking Information”). Your web browser may allow you to opt-out of our collection of Behavior Tracking Information by selecting a “do not track” (or similar) setting. However, we do not currently have processes to address those settings or other “do not track” requests, and consequently, cannot guarantee that we will honor such requests. If you do not want us to collect this information, do not use Patient IO and do not download the Mobile App (or delete it from your device).

How does Filament Labs use this Information?

Except as described in this Privacy Policy or in our Terms of Service, Personal Information, Health Information, Technical Information, Location-Based Information and Behavior Tracking Information (collectively, “Information”) that Patients or Caregivers provide or that we collect from Patients or Caregivers, will be kept confidential and used to support use of Patient IO by Patients, Caregivers and Enabled Sponsors (defined below) and applications that interact with it. Except as required by law, as between Filament Labs, the Patient and Caregiver, the Patient owns all right, title, and interest in and to any Information (excluding Technical Information and Blind Data (defined below)) that we collect from the Patient or Caregiver via their use of and interaction with Patient IO.

Patient IO exists in order to allow Patients and Sponsors to manage and track their relationship with one another. In order to provide for this type of exchange, we need to ensure that each user that contributes Information expressly permits the uses that we envision. For this reason, we need a license from you to use Patient and Caregiver Information, whether collected directly from you or, if applicable, your Caregiver. You hereby grant to Filament Labs a non-exclusive, transferable, sublicensable, royalty free license to use Information in order to provide Patient IO to Patient Caregiver, and Enabled Sponsors and as necessary to monitor and improve Patient IO. The license is non-exclusive (meaning you are free to license the Information to anyone else in addition to us), fully-paid and royalty-free (meaning that we are not required to pay you for our use of the Information), sublicensable (so that we are able to use affiliates and subcontractors to provide Patient IO), transferable (meaning that we may transfer it to a third party should we restructure our business), irrevocable (meaning that you may not revoke or rescind such license for any reason once the Information is uploaded) and worldwide (because the Internet is and the Service may be global in reach).

Any Information that we receive from a Sponsor will be handled in accordance with our agreement with such Sponsor. You may have additional rights under law in and to any Information about you that we receive from a Sponsor.

You also grant Filament Labs a perpetual, non-exclusive, transferable, sublicensable, royalty free license to use such Information and other data we collect from you via Patient or Caregiver use of and interaction with Patient IO in order to collect, develop, create, extract or otherwise generate statistics and other information and to otherwise compile, synthesize and analyze such Information and data (“Blind Data”). Notwithstanding anything to the contrary in this Privacy Policy, to the extent that Filament Labs collects or generates Blind Data, such Blind Data will be owned solely by Filament Labs and may be used for any lawful business purpose without a duty of accounting to you, provided that such data is not personally identifiable and does not identify the source of such data.

Sharing of Information

Except as set forth herein and as necessary to enable third party applications that you authorize, Filament Labs does not rent, sell or share Information with or to third parties, and Information is only used to provide you with Filament Labs products and services and to comply with any requirements of law.

Agents, technology vendors and/or contractors of Filament Labs may have access to your Information on a need to know basis for the purpose of performing services on behalf of Filament Labs or providing or enabling elements of Patient IO. All such agents or contractors who have access to such information are required to keep the Information confidential and not use it for any other purpose than to carry out the services they are performing for Filament Labs or as otherwise required by law. Notwithstanding the above, Filament Labs may share or disclose your Health Information to agents, contractors or others only as allowed or required under applicable law.

If, as a Patient, you validate another end user as your designated Caregiver, we may share certain Information with that Caregiver.

Additionally, Filament Labs may Share your Information with Sponsors with whom you have a relationship for the provision of healthcare products and services and that you validate and connect with through a Sponsor access code or link distributed via the Mobile App or Patient Dashboard (each, an “Enabled Sponsor”). We share this Information (including certain Personal Information and Health Information) with Enabled Sponsors in order to provide elements of Patient IO and to allow communication between the Enabled Sponsors and you. We do not share any Information, other than Blind Data and Technical Information with Sponsors that you have not previously designated as an Enabled Sponsor.

Also, Filament Labs or its agents or contractors may disclose Information if required to do so by law or in the good faith belief that such action is necessary to: (1) conform to the edicts of the law or comply with legal process; (2) protect and defend the rights or property of Filament Labs or its agents or contractors; or (3) act in urgent circumstances to protect the personal safety of users of Patient IO or the Mobile App or the public.

Finally, if Filament Labs should ever merge with another organization, file for bankruptcy, or sell our assets or capital stock, we may transfer the Information to a third party or share the Information to the company or its agents with which we enter into such transaction as a part of such transaction.

Security of Your Information

We maintain physical, electronic, and procedural safeguards designed to protect the Information. These safeguards include, without limitation, encrypting all Personal Information and Health Information using AES 256-bit encryption and encrypting all other Information using TLS encryption.

Despite the actions and precautions we take, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of the Information and you acknowledge and agree that you transmit it to us at your own risk.

Please keep in mind that whenever you voluntarily disclose Information on our message boards or other public forums or features or through e-mail or group messaging, or voluntarily utilize features of Patient IO that inherently share Information such as features that allow a Patient to share Information with a Caregiver or that allow a Patient or Caregiver to share a Patient’s Information with an Enabled Sponsor, that Information can be collected and used by others. In short, by posting Information online that is publicly accessible (i.e. within message boards and the like), you may receive unsolicited messages from other parties in return or make others aware of your location. We are not responsible for the security or privacy of any Information you choose to submit in connection with these public features.

Third-Party Mobile Apps, Services and Technologies

We may provide links to third-party websites within Patient IO or in other communications to you. Such links may appear as a specific domain name or URL or may be activated by clicking on an advertisement or other icon or graphic. Please be aware that other websites and services, including the websites of third parties that you connect with through Patient IO, may collect personally identifiable information about you. This Privacy Policy does not cover the information practices of those third-party websites, services or applications and cannot control and are not responsible for the information collection practices of any such websites, services or applications. We encourage you to carefully review the terms of use, privacy policies, and any other legal notifications on such websites before using or providing information through such websites, services or applications. Further, Patient IO may employ third party technologies that require you to accept such third party’s terms. This Privacy Policy does not cover the information practices of those third-party technologies.

International Transfers

Information collected from you may be stored and processed in the United States or any other country in which Filament Labs or its affiliates, subsidiaries, agents or contractors maintain facilities. If you are accessing Patient IO from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your data to the United States and processing globally. By providing your Information you consent to any transfer and processing in accordance with this Privacy Policy.

HIPAA

This Privacy Policy and the privacy and security practices described in this Privacy Policy are designed to comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Sponsors, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA) have their own privacy and security obligations with respect to your Personal Information and Health Information. Additionally, we have agreements in place with Sponsors, which define certain of our security and privacy obligations. We encourage you to contact each Sponsor with whom you interact through Patient IO and the Mobile App regarding their privacy and security practices. For more information regarding your rights under HIPAA, see http://www.hhs.gov/ocr/privacy/.

Childrens Privacy Policy

Patient IO is not designed to be used by children under the age of 13, although parents may use Patient IO in a Caregiver user capacity to connect with their children’s Sponsors. We do not intentionally collect personal information from children through Patient IO.

Contacting Us

For questions or comments regarding this Privacy Policy please contact us by phone at 617-402-1000, or at the following address:

Athenahealth
c/o Chief Compliance Officer
311 Arsenal Street
Watertown, MA 02472