Privacy Policy
Last updated: 19 February 2014

This is RedBrick Health Corporation’s Privacy Policy. It applies to anyone who uses our Services either online (via www.redbrickhealth.com), in person, over the phone or via hard copy documents. Please read this Privacy Policy, which among other things, describes how RedBrick Health Corporation (“we,” “our” or “us”) collects, uses, protects and under what circumstances discloses your information.

RedBrick Health Corporation has received TRUSTe’s Privacy Seal signifying that this privacy policy and our practices have been reviewed for compliance with the TRUSTe program viewable on the validation page available by clicking the TRUSTe seal. The TRUSTe program covers only information that is collected through this Web site, home.redbrickhealth.com and mobile site.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe at https://feedback-form.truste.com/watchdog/request

RedBrick Health Corporation complies with the U.S.-E.U. Safe Harbor framework and the U.S.-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. RedBrick Health Corporation has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view RedBrick Health Corporation’s certification, please visit http://www.export.gov/safeharbor/.

1. Will This Privacy Policy Change?

Yes. Every participant should read and understand the following key points about any changes we make. We may modify, alter or update our Privacy Policy at any time, so we encourage you to review our Privacy Policy frequently.

  • Anytime we make a change to this Privacy Policy we will update the date at the top of this document.
  • We will not provide you an individual notice of changes made to our Privacy Policy for items that we determine, in our sole discretion, are not significant or material changes. Examples of these types of changes would be to update regulatory references, correct administrative types of errors or to comply with new legal requirements.
  • For anything we determine, in our sole discretion, to be significant or material, we will provide you with some type of additional reasonable notice that details the change. We will send such notice to you using the most recent email address you provided. An example of this would be any type of change that would require your prior approval or consent before we could make the change.
  • The type of notice we will provide and the method used to provide it to you will be dependent upon the kind of change we want to make.
  • We will never make any change or take any action that would violate any regulatory, privacy or security requirements, contractual obligations or other requirement in which your prior consent would be required first.

Each time we make a material or significant change, we will update the date at the top of this document.

2. Why Do We Collect Information About You?

We collect information about you in order to determine your eligibility for our Services, to provide you with our Services and for us to tailor our Services for you. Information may include personal information like your name, address, gender, health habit information like how much exercise you get, biometric screening values like your cholesterol measurement, your health goals, and information about how you changed your health habits as a result of the Service you experienced.

We use the information collected from you to tailor our products to your specific needs. One such example would be the program recommendations we make from the answers you provide when taking a health assessment. Other examples would be collecting and then using your preferred communication method(s) and your preferred name.

3. What Wellness Services Do We Provide?

We provide eligible users with information and tools designed to help participants make informed choices about their individual life style. Our Services are delivered via computers, mobile devices, telephone, print materials and in-person.

The Services cover many different aspects and areas including general health information, nutrition, exercise, personal care and other similar content. We will provide you with tools and information to help you make healthy life style choices and so this by communicating with you using your preferred method(s). You will have the opportunity to use tools, techniques and information in the forms you like most while completing a wide range of activities at a reasonable pace that you can you help set. We also provide you with information tailored to your unique circumstances.

The specific list of products is ever changing and not all products are available to all eligible users.

Contact us if you want the latest list of available online, phone and onsite based products. Some specific examples of online products offered today that you may be eligible for are:

  • Physical activity tracker
  • Various types of challenges
  • Multimedia Journeys
  • Health assessment with personalized recommendations
  • Information related to understanding your own biometric screening results
  • General health-related information
  • Social media connections for sharing information about you if you choose to do so
  • Ability to connect to partner sites and gather your data from their devices or their websites and load it into our site if you
    choose to do so

 

We also have phone and onsite based programs that are available for some eligible participants including:

  • Coaching programs tailored to an individual’s specific wellness needs and goals
  • Consultations to discuss biometric screening results, what they mean and what can you do about them
  • Onsite coaches who can help encourage you to make good lifestyle choices that reflect your pace and preferences

Please check with your Sponsor to determine your eligibility for specific programs.

4. Where Do We Get Information About You?

We collect information about you from several sources.

You:

  • Provide us or our partners with any information.
  • Use any of our online Services.
  • Choose to complete surveys or questionnaires.
  • Participate in any of the phone or onsite Services.

Your Sponsor

  • Depending on the services your Sponsor has selected, we may collect medical- or pharmacy-related claims information from your insurer(s) at the direction of your Sponsor.
  • Your Sponsor may provide personal information that may include your name, date of birth, gender, postal address, telephone number, email address, social security or other unique identifier, marital status, language spoken.

Our Partners

  • Upon your prior approval, Partners who provide biometric testing services will share those results with us.
  • Upon your prior approval, Partners who provide other lab testing services will share those results with us.
  • Upon your authorization and synching, Partners who provide device and mobile app services will share those data with us.

 

Your Health Care Provider

  • Your health care provider from whom we may obtain your Personal Health Information upon your request and only with your prior approval.

 

Non Identifiable Information

We will collect non-personal information from all visitors to our web site using various methods and tools, including the use of cookies. The types of information we collect include, but are not limited, to the following:

  • Number of visitors to the site
  • The websites from which visitors came to our site
  • The pages visited while on our site
  • The length of visits to our site
  • The names of internet providers
  • Internet Protocol (IP) addresses
  • Browser information
  • Connection speed
  • Search terms used to find our site

 

Cookies

Cookies are small files that a website can store on your computer’s hard drive for record keeping or other administrative purposes. We use both session ID cookies and persistent cookies. Session cookies expire when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. A persistent cookie will keep user preferences, for example language preference. If you are concerned about the use of cookies, you can choose to enable a feature in your browser software that will erase cookies, block all cookies or warn the user before cookies are stored or exchanged. If you reject cookies, you may not be able to log into the site or use all of its features.

The use of cookies by our partners, affiliates, web analytics tracking company, and service providers is not covered by our privacy policy. We do not have access or control over these cookies. Our partners, affiliates, tracking utility company, and service providers use session ID and persistent cookies to make it easier for you to navigate our site.

RedBrick Session Cookies

We use session cookies to maintain the state of the currently logged-in user and another cookie to represent and track that user within our system. Other cookies of this type are used for security related purposes to better protect you and the system itself from potential misuse.

RedBrick Persistent Cookies

Persistent cookies are used to track user preferences, such as preferred language, last page visited and similar types of helpful user items. These can be blocked, but the site may not function as expected when this is done.

3rd Party Cookies

None are used currently in the web portal you use, but third-party cookies are used on the RedBrick Health corporate web site. It is possible that in the future we could integrate third-party applications which could, in theory, set cookies within the web portal you would use.

We collect all of this information to provide our Services to our eligible users, enhance our user’s experience, to help provide security and/or improve system performance.

Our Sync Partners

You can see an up-to-date list of all of our Sync Partners on our web portal. Upon your prior approval, our Sync Partners will share your information with us. This information could be any information related to the physical device you use with their service and any of the needed information for uniquely identifying you.

Our Sync Partners are not provided any data held by RedBrick. Redbrick also has no control over the agreement you sign when you sign up for their services. Each of these Sync Partners has their own Privacy Policies and their own Terms of Service. You need to review their documents for how they handle your information.

5. Do We Share Information We Have About You?

Yes. We will disclose information we have about you in order to provide you with our Services. We will share your personal information with third parties only in the ways that are described in this privacy policy. Disclosures will only be made to entities that are legally entitled to the data and are contractually committed to protect the data in accordance with all regulatory and contractual requirements.

Your Access To Your Personal Information

Your personal information and information about your participation in our Services is available to you through a secure, password-protected website.

Disclosure To Our Business Partners

We enter into agreements with our trusted business partners to assist us in providing you with our health and wellness services. These business partners are authorized to use your personal information only as necessary to provide these services to us. We require these business partners to protect your Personal Information (including your Personal Health Information) and to comply with the HIPAA Privacy & Security Rules along with other applicable laws or regulations. To ensure this occurs, we check our partners on an annual basis to verify their programs meet our requirements, which meet or exceed regulatory and/or contractual requirements.

Disclosure To Sponsors

In the United States (U.S.) we may share Personal Health Information relating to group health plans with the plan sponsors for plan administration purposes and/or coordination of your care. Unless the plan sponsors are permitted to obtain such Personal Health Information under U.S. law, we will de-identify such Personal Health Information before providing it. De-identified information is data that has been separated from information that would tie it to a particular individual. When provide them with access to your information, we ensure we provide them with only the minimum information necessary to satisfy the original need for the data.

Disclosure To Employer

We will not share your individually identifiable Personal Health Information with your employer for employment-related purposes. Unless an employer has a legal right to obtain your Personal Health Information, we will de-identify such Personal Health Information before providing it to your employer.

Disclosure For Marketing Purposes

We do not permit advertising. We do not sell and will not give your individually identifiable information to anyone other entity for any marketing purpose. We will use your information to communicate with you about our Services that are available to you as a benefit under your health plan.

Disclosure To Meet Legal Requirements

We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, (iv) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your Personal Information or (v) for purposes of carrying out Treatment, Payment or Health Care Operations (as defined below).

Sharing of information in any of these above cases will only be done when in full compliance with applicable laws, including the HIPAA Privacy Policy.

Treatment means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or the referral of an individual to another provider for health care. Payment means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility of coverage, billing, collection activities, medical necessity determinations and utilization review. Health Care Operations include functions such as quality assessment and improvement activities, conducting or arranging for medical review, legal services and auditing functions, general business and administrative activities.

6. Do I Have Choices Related To My Personal Data?

You have the ability to “Opt Out” of communications from us or our partners if you wish, by changing your communication preferences under your “Profile,” but this will limit our ability to support you when or if you have questions. It will also limit our ability to provide you with important updates from us, and potentially your Sponsor, about changes or deadlines in your programs.

You may also tell us you do not want your data shared with us or our partners, and we will honor any such request, but if you choose this option we will not be able to provide you with any of our Services.

7. Can I Correct Errors With My Personal Data?

You always have the ability to access and have us correct or delete any errors with your personal data. We strongly encourage you to contact us if you find any errors so that we can correct them for you. Please contact us using the support method set up between us and your Sponsor. If you are having difficulties or are not sure what method to use, you can always contact us via email at legal@redbrickhealth.com and we will get someone to help you. We will respond to your request to access within 30 days or less.

We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Under most circumstances, your data will be retained for seven years after your Sponsor has terminated their contract with us.

We want to keep your personal data accurate. For participants located in the U.S. you may contact us at (866) 322-1255 regarding requesting a change to the Personal Information you have provided.

Anyone worldwide can contact us at legal@redbrickhealth.com

8. Do We Comply With Regulatory Requirements?

Yes. We are in compliance with each of the following.

HIPAA Privacy, Security and Breach Notification Rules

Whenever we collect or receive Personal Health Information, we do so under agreements with our clients that require us to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In accordance, we retain personally identifiable information for a minimum of six years. You can learn more about the HIPAA Privacy, Security and Breach Notification Rules at http://www.hhs.gov/ocr/privacy/. We take our obligations under the HIPAA Privacy and Security Rules seriously and we do everything required by the Rules to safeguard your privacy and security.

U.S. Department of Commerce Safe Harbor Program

We adhere to all seven of the U.S.-EU Safe Harbor Privacy Principles. These principles include Notice; Choice; Onward Transfer; Access; Security; Data Integrity and Enforcement. We have also self-certified with the U.S. Department of Commerce and we are listed in the U.S. EU Safe Harbor List.

9. Links To Other Websites

We may include links to other websites on our site. We do not endorse and are not responsible for the information practices or privacy policies of these websites operated by others that may be linked to or from our site. If you decide to access a third party’s website that may be linked to or from our site, you should consult that website’s Privacy Policy and Terms of Use documents.

10. Blogs

Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog, contact us at legal@redbrickhealth.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

11. Data Security

Data security is implemented through physical, administrative and technical safeguards we have put in place and the operational procedures we adhere to in order to protect your information. We have a security program based on the ISO27002 security framework and incorporate ITIL and NIST provided recommendations for specific implementation items. Our entire program is audited at least annual by independent auditors as part of a SSAE16 SOC2 Type 2 audit.

The framework, implementation recommendations from and leading and recognized sources all go into a wide range of security or privacy specific items. The following is a partial list of some key components off our programs:

  • Human Resources staff screenings required prior to hire or access to data
  • Employee screenings
  • Security & Privacy awareness training for all staff
  • Wide-range of physical security controls
  • Required encryption
  • Logging and monitoring of systems
  • Role Based Access Controls (RBAC)
  • Business Continuity and Disaster Recovery
  • Security incident response

 

Recognized from leading independent audits, we protect your transactions involving Personal Information over the Internet using Secure Socket Layer (SSL) technology. We restrict access to your Personal Information in our database to our authorized employees, our agents and certain of our authorized partners.

12. Children’s Privacy

The site is not intended for use by children under the age of 13. We will not knowingly collect any personal information from persons under the age of 13. If you think that we have collected personal information from a person under the age of 13, please contact us.

13. Contact Us

If you have any questions, comments or complaints about our Privacy Policy or our Services please contact us so we can help. You can reach by using the methods identified below.

  • For those located in the U.S. you may contact us at (866) 322-1255 or via email at legal@redbrickhealth.com
  • For those located outside the U.S. please contact us via email at legal@redbrickhealth.com

 

For any questions or comments related to this or the other documents referenced within this document you may also write to us at:

RedBrick Health Corporation
510 Marquette Avenue South
Minneapolis, MN 55402
ATTN: Compliance
legal@redbrickhealth.com

–OR–

Thomas C. Funk
Privacy Officer
920 Second Avenue South
Minneapolis, MN 55402
legal@redbrickhealth.com

Stay up to date on the latest from RedBrick Health, visit our blog and follow us on:

Contact Us

     

©2014 RedBrick Health