If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe at https://feedback-form.truste.com/watchdog/request
RedBrick Health Corporation complies with the U.S.-E.U. Safe Harbor framework and the U.S.-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. RedBrick Health Corporation has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view RedBrick Health Corporation’s certification, please visit http://www.export.gov/safeharbor/.
Each time we make a material or significant change, we will update the date at the top of this document.
2. Why Do We Collect Information About You?
We collect information about you in order to determine your eligibility for our Services, to provide you with our Services and for us to tailor our Services for you. Information may include personal information like your name, address, gender, health habit information like how much exercise you get, biometric screening values like your cholesterol measurement, your health goals, and information about how you changed your health habits as a result of the Service you experienced.
We use the information collected from you to tailor our products to your specific needs. One such example would be the program recommendations we make from the answers you provide when taking a health assessment. Other examples would be collecting and then using your preferred communication method(s) and your preferred name.
3. What Wellness Services Do We Provide?
We provide eligible users with information and tools designed to help participants make informed choices about their individual life style. Our Services are delivered via computers, mobile devices, telephone, print materials and in-person.
The Services cover many different aspects and areas including general health information, nutrition, exercise, personal care and other similar content. We will provide you with tools and information to help you make healthy life style choices and so this by communicating with you using your preferred method(s). You will have the opportunity to use tools, techniques and information in the forms you like most while completing a wide range of activities at a reasonable pace that you can you help set. We also provide you with information tailored to your unique circumstances.
The specific list of products is ever changing and not all products are available to all eligible users.
Contact us if you want the latest list of available online, phone and onsite based products. Some specific examples of online products offered today that you may be eligible for are:
We also have phone and onsite based programs that are available for some eligible participants including:
Please check with your Sponsor to determine your eligibility for specific programs.
4. Where Do We Get Information About You?
We collect information about you from several sources.
Your Health Care Provider
Non Identifiable Information
RedBrick Session Cookies
We use session cookies to maintain the state of the currently logged-in user and another cookie to represent and track that user within our system. Other cookies of this type are used for security related purposes to better protect you and the system itself from potential misuse.
RedBrick Persistent Cookies
Persistent cookies are used to track user preferences, such as preferred language, last page visited and similar types of helpful user items. These can be blocked, but the site may not function as expected when this is done.
3rd Party Cookies
None are used currently in the web portal you use, but third-party cookies are used on the RedBrick Health corporate web site. It is possible that in the future we could integrate third-party applications which could, in theory, set cookies within the web portal you would use.
We collect all of this information to provide our Services to our eligible users, enhance our user’s experience, to help provide security and/or improve system performance.
Our Sync Partners
You can see an up-to-date list of all of our Sync Partners on our web portal. Upon your prior approval, our Sync Partners will share your information with us. This information could be any information related to the physical device you use with their service and any of the needed information for uniquely identifying you.
Our Sync Partners are not provided any data held by RedBrick. Redbrick also has no control over the agreement you sign when you sign up for their services. Each of these Sync Partners has their own Privacy Policies and their own Terms of Service. You need to review their documents for how they handle your information.
5. Where will we keep your data?
Your data will be kept in the United States in one of our data centers.
6. Do We Share Information We Have About You?
Your Access To Your Personal Information
Your personal information and information about your participation in our Services is available to you through a secure, password-protected website.
Disclosure To Our Business Partners
We enter into agreements with our trusted business partners to assist us in providing you with our health and wellness services. These business partners are authorized to use your personal information only as necessary to provide these services to us. We require these business partners to protect your Personal Information (including your Personal Health Information) and to comply with the HIPAA Privacy & Security Rules along with other applicable laws or regulations. To ensure this occurs, we check our partners on an annual basis to verify their programs meet our requirements, which meet or exceed regulatory and/or contractual requirements.
Disclosure To Sponsors
In the United States (U.S.) we may share Personal Health Information relating to group health plans with the plan sponsors for plan administration purposes and/or coordination of your care. Unless the plan sponsors are permitted to obtain such Personal Health Information under U.S. law, we will de-identify such Personal Health Information before providing it. De-identified information is data that has been separated from information that would tie it to a particular individual. When provide them with access to your information, we ensure we provide them with only the minimum information necessary to satisfy the original need for the data.
Disclosure To Employer
We will not share your individually identifiable Personal Health Information with your employer for employment-related purposes. Unless an employer has a legal right to obtain your Personal Health Information, we will de-identify such Personal Health Information before providing it to your employer.
Disclosure For Marketing Purposes
We do not permit advertising. We do not sell and will not give your individually identifiable information to anyone other entity for any marketing purpose. We will use your information to communicate with you about our Services that are available to you as a benefit under your health plan.
Disclosure To Meet Legal Requirements
We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, (iv) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your Personal Information or (v) for purposes of carrying out Treatment, Payment or Health Care Operations (as defined below).
Treatment means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or the referral of an individual to another provider for health care. Payment means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility of coverage, billing, collection activities, medical necessity determinations and utilization review. Health Care Operations include functions such as quality assessment and improvement activities, conducting or arranging for medical review, legal services and auditing functions, general business and administrative activities.
7. Do I Have Choices Related To My Personal Data?
You have the ability to “Opt Out” of communications from us or our partners if you wish, by changing your communication preferences under your “Profile,” but this will limit our ability to support you when or if you have questions. It will also limit our ability to provide you with important updates from us, and potentially your Sponsor, about changes or deadlines in your programs.
You may also tell us you do not want your data shared with us or our partners, and we will honor any such request, but if you choose this option we will not be able to provide you with any of our Services.
8. Can I Correct Errors With My Personal Data?
You always have the ability to access and have us correct or delete any errors with your personal data. We strongly encourage you to contact us if you find any errors so that we can correct them for you. Please contact us using the support method set up between us and your Sponsor. If you are having difficulties or are not sure what method to use, you can always contact us via email at email@example.com and we will get someone to help you. We will respond to your request to access within 30 days or less.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Under most circumstances, your data will be retained for seven years after your Sponsor has terminated their contract with us. Disposal of physical and electronic personal health information is performed in compliance with HIPAA Privacy and Security Rules.
We want to keep your personal data accurate. For participants located in the U.S. you may contact us at (866) 322-1255 regarding requesting a change to the Personal Information you have provided.
Anyone worldwide can contact us at firstname.lastname@example.org
9. Do We Comply With Regulatory Requirements?
Yes. We are in compliance with each of the following.
HIPAA Privacy, Security and Breach Notification Rules
Whenever we collect or receive Personal Health Information, we do so under agreements with our clients that require us to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In accordance, we retain personally identifiable information for a minimum of six years. You can learn more about the HIPAA Privacy, Security and Breach Notification Rules at http://www.hhs.gov/ocr/privacy/. We take our obligations under the HIPAA Privacy and Security Rules seriously and we do everything required by the Rules to safeguard your privacy and security.
U.S. Department of Commerce Safe Harbor Program
We adhere to all seven of the U.S.-EU Safe Harbor Privacy Principles. These principles include Notice; Choice; Onward Transfer; Access; Security; Data Integrity and Enforcement. We have also self-certified with the U.S. Department of Commerce and we are listed in the U.S. EU Safe Harbor List.
10. Links To Other Websites
Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog, contact us at email@example.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
12. Data Security
Data security is implemented through physical, administrative and technical safeguards we have put in place and the operational procedures we adhere to in order to protect your information. We have a security program based on the ISO27002 security framework and incorporate ITIL and NIST provided recommendations for specific implementation items. Our entire program is audited at least annual by independent auditors as part of a SSAE16 SOC2 Type 2 audit.
The framework, implementation recommendations from and leading and recognized sources all go into a wide range of security or privacy specific items. The following is a partial list of some key components off our programs:
Recognized from leading independent audits, we protect your transactions involving Personal Information over the Internet using Secure Socket Layer (SSL) technology. We restrict access to your Personal Information in our database to our authorized employees, our agents and certain of our authorized partners.
13. Children’s Privacy
The site is not intended for use by children under the age of 13. We will not knowingly collect any personal information from persons under the age of 13. If you think that we have collected personal information from a person under the age of 13, please contact us.
14. Contact Us
For any questions or comments related to this or the other documents referenced within this document you may also write to us at:
RedBrick Health Corporation
510 Marquette Avenue South
Minneapolis, MN 55402
Thomas C. Funk
510 Marquette Avenue South
Minneapolis, MN 55402