Privacy Policy

This is MRG Health, Inc.’s Privacy Policy. It applies to anyone who uses our Services. Please read this Privacy Policy, which among other things, describes how MRG Health, Inc. (“MRG Health”, “we”, “our” or “us”) collects, uses, protects and under what circumstances discloses your information.

Why Do We Collect Information About You?

We collect information about you in order to determine your eligibility for our Services, to provide you with our Services and for us to tailor our Services for you. Information may include personal information like your name and gender, and information related to your ongoing health habits (nutrition, physical activity, sleep, etc.) and specific values that may be related to your health (height/weight, blood pressure, heart rate, etc.). We use the information collected from you to tailor our products to your specific needs, preferences and objectives.

What Services Do We Provide?

We provide eligible users with information and tools designed to help you achieve and maintain your best health. Our Services are delivered via internet-connected computers, smartphones and tablet computing devices. Your Health Partner determines the specific list of features available to you, and not all features are available to all eligible users. Some specific examples of features that may be included in your program: (a) ability to import, self-report and track health related habits, behaviors and measurements (b) ability to connect activity tracking wearables and applications, smartphones, remote medical and other measurement devices (c) ability to connect with, engage and share information with others if you choose to do so, this may include health professionals, family, or others (d) ability to get metrics, notifications, suggestions, and feedback based on the information you’ve provided and your connections with others (if any) (e) ability to set goals, reminders and create challenges.

Where Do We Get Information About You?

We collect information about you from several sources. (a) You: Information you enter into the Services directly, or via a connection with a third party device, application or source that you authorize. (b) Your Health Partner: If your eligibility for the Services is via Your Health Partner, they may provide personal information that may include your name, email address, other unique identifiers, and whether you are related to other program participants (i.e. spouse). Depending on the services Your Health Partner has selected, we may collect medical- or pharmacy-related claims information from your insurer(s) at the direction of Your Health Partner. If Your Health Partner is also your health care provider we may obtain other Personal Health Information with your prior approval. (c) Cookies: When you use the Services, a cookie may be stored on your access device. Generally, cookies work by assigning to your access device a unique number that has no meaning outside of MRG Health.

MRG Health’s cookies do not contain any personally identifying information; MRG Health uses them to provide features such as personalization. Additionally, after you’ve entered your user ID and password during a session, MRG Health saves that information so you don’t have to re-enter it repeatedly during that session. Most web browsers automatically accept cookies, but you can usually change your browser to prevent that. Not accepting cookies may make certain features of the Service unavailable to you. MRG Health may use your IP address to identify you, to administer the Services and to assist in diagnosing problems with MRG Health servers and infrastructure.

Do We Share Information We Have About You?

Yes. We will disclose information we have about you in order to provide you with our Services. We will share your personal information with third parties only in the ways that are described in this privacy policy. Disclosures will only be made to entities that are legally entitled to the data and are contractually committed to protect the data in accordance with all regulatory and contractual requirements. (a) Your Access To Your Personal Information: Your personal information and information about your participation in our Services is available to you through a secure, password-protected website. (b) Disclosure To Our Business Partners: We enter into agreements with our trusted business partners to assist us in providing you with the Services. These business partners are authorized to use your personal information only as necessary to provide these services to us. We require these business partners to protect your Personal Information (including your Personal Health Information) and to comply with the HIPAA Privacy & Security Rules along with other applicable laws or regulations. (c) Disclosure To Your Health Partner: We may share Personal Health Information related to Your Health Partner. Unless Your Health Partner is permitted to obtain Personal Health Information under United States law, we will de-identify such Personal Health Information before providing it. De-identified information is data that has been separated from information that would tie it to a particular individual. If we provide Your Health Partner access to your information, we provide only the minimum information necessary to satisfy the original need for the data. (d) Disclosure To Employer: We will not share your individually identifiable Personal Health Information with your employer for employment-related purposes even if they are Your Health Partner. Unless an employer has a legal right to obtain your Personal Health Information, we will de-identify such Personal Health Information before providing it to your employer. (e) Disclosure For Marketing Purposes: We do not permit advertising. We do not sell and will not give your individually identifiable information to any other entity for any marketing purpose. (f) Disclosure To Meet Legal Requirements: We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, (iv) in the event that we or substantially all of our assets are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your Personal Information or (v) for purposes of carrying out Treatment, Payment or Health Care Operations (as defined below). Sharing of information in any of these above cases will only be done when in full compliance with applicable laws, including the HIPAA Privacy Policy. Treatment means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or the referral of an individual to another provider for health care. Payment means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility of coverage, billing, collection activities, medical necessity determinations and utilization review. Health Care Operations include functions such as quality assessment and improvement activities, conducting or arranging for medical review, legal services and auditing functions, general business and administrative activities.

Can I Correct Errors With My Personal Data or Deactivate my Account?

Yes. You always have the ability to access and correct any errors with your personal data via the Services. You may also deactivate your account at any time from the “Contact” section of the Services.

Do We Comply With Regulatory Requirements?

Yes. We are in compliance with the HIPAA Privacy, Security and Breach Notification Rules. Whenever we collect or receive Personal Health Information, we do so under agreements with our clients that require us to comply with the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). You can learn more about the HIPAA Privacy, Security and Breach Notification Rules at http://www.hhs.gov/ocr/privacy/. We take our obligations under the HIPAA Privacy and Security Rules seriously and we do everything required by the Rules to safeguard your privacy and security.

Data Security

Data security is implemented through physical, administrative and technical safeguards we have put in place and the operational procedures we adhere to in order to protect your information. The framework, implementation recommendations from leading and recognized sources all go into a wide range of security or privacy specific items. The following is a partial list of some key components of our programs: (a) Employee screenings (b) Security & Privacy awareness training for all staff (c) Wide-range of physical security controls (d) Required encryption (e) Logging and monitoring of systems (f) Role Based Access Controls (RBAC) (g) Business Continuity and Disaster Recovery (h) Security incident response. We protect your transactions involving Personal Information over the Internet using Secure Socket Layer (SSL) technology. We restrict access to your Personal Information in our database to our authorized employees, and certain of our authorized partners.

Can this Privacy Policy change?

Yes. If MRG Health makes changes to any terms or conditions of this Privacy Policy, such changes will be reflected on the Service and notification of such changes will be posted on the Service and other places MRG Health deems appropriate, so that you stay aware of any material changes in what information MRG Health collects, how MRG Health uses it, and under what circumstances, if any, MRG Health discloses it.MRG Health reserves the right to modify this Privacy Policy at any time, so please review it frequently. The date of the most recent update will be posted at the beginning and end of this Privacy Policy.