site Privacy Policy & notice of privacy practices

INTRODUCTION TO WEBSITE PRIVACY PRACTICES

health:latch respects your privacy and is committed to protecting your personal information. This policy explains how we collect, use, and protect your information when you visit www.healthlatch.com or use any of our related services, including mobile applications and social media integrations.

If you have questions about this policy, contact us at hello@healthlatch.com.

By using our website or services, you agree to the terms outlined in this Privacy Policy. If you do not agree, please discontinue use of our services.

TABLE OF CONTENTS

  1. Information We Collect

  2. How We Use Your Information

  3. When We Share Your Information

  4. Cookies and Tracking Technologies

  5. Google Maps

  6. Social Logins

  7. International Data Transfers

  8. Third-Party Websites

  9. Data Retention

  10. Data Security

  11. Children’s Privacy

  12. Your Privacy Rights

  13. California Privacy Rights

  14. Policy Updates

  15. Contact Information

1. INFORMATION WE COLLECT

Personal Information You Provide

You may provide personal information when you:

• Register for an account
• Request information about our services
• Participate in site activities
• Contact us directly

This information may include:

• Name and contact details such as email, phone number, and address
• Account credentials such as passwords
• Payment details processed through third-party providers
• Social media login information

You are responsible for ensuring your information is accurate and up to date.

Information Collected Automatically

When you visit our site, we may automatically collect:

• IP address
• Device and browser information
• Operating system
• Usage data and interaction patterns
• Location and language preferences

This information helps us maintain security and improve performance.

Information from Other Sources

We may receive information from:

• Public databases
• Marketing partners
• Social media platforms
• Third-party providers

This may include profile data, marketing leads, and publicly available information

2. HOW WE USE YOUR INFORMATION

We use your information to:

• Create and manage your account
• Provide and improve our services
• Send administrative updates
• Send marketing communications based on your preferences
• Respond to inquiries and feedback
• Protect against fraud and security threats
• Comply with legal obligations
• Analyze usage and improve user experience

You can opt out of marketing emails at any time.

3. WHEN WE SHARE YOUR INFORMATION

We may share your information in the following situations:

Legal Requirements
We may disclose information to comply with laws, court orders, or legal processes.

Business Operations
We may share information with service providers who help operate our business, including payment processors, hosting providers, and marketing platforms.

Business Transfers
Information may be transferred during mergers, acquisitions, or asset sales.

With Your Consent
We may share information for other purposes with your permission.

Public Interactions
If you post content publicly, it may be visible to others and shared outside the platform.

We do not sell or rent your personal information.

4. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

• Improve site performance
• Understand user behavior
• Personalize your experience

You can adjust your browser settings to refuse cookies, though some features may not function properly.

5. GOOGLE MAPS

We use Google Maps APIs to enhance our services. By using our site, you agree to Google’s Terms of Service.

Google may collect and process location data in accordance with its privacy policies. You can withdraw consent to location access at any time.

6. SOCIAL LOGINS

You may choose to log in using social media accounts such as Facebook.

If you do, we may access information such as your name, email address, profile image, and other publicly available data. We only use this information as described in this policy.

We recommend reviewing the privacy policies of those platforms.

7. INTERNATIONAL DATA TRANSFERS

Your information may be stored and processed in the United States or other countries.

If you access our services from outside the United States, your data may be transferred across borders. We take appropriate steps to protect your information in accordance with applicable laws.

8. THIRD-PARTY WEBSITES

Our site may include links to third-party websites or services.

We are not responsible for the privacy practices of those third parties. You should review their policies before providing any information.

9. DATA RETENTION

We retain your personal information only as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

When no longer needed, your information is deleted or anonymized.

10. DATA SECURITY

We use technical and organizational safeguards to protect your information.

No online system is completely secure. You use our services at your own risk and should access them in a secure environment.

11. CHILDREN’S PRIVACY

Our services are designed for children under the age of 18, primarily ages 0 to 10. However, we do not knowingly collect personal information directly from children.

All personal information collected through our website and services is provided by a parent or legal guardian. This may include information necessary to manage a child’s account, access services, or communicate with us.

We rely on parents and guardians to provide consent for the collection and use of any information related to their child. Parents and guardians are responsible for ensuring that the information they provide is accurate and appropriate.

We use this information only for purposes described in this Privacy Policy, including providing services, improving user experience, and communicating with families.

If you are a parent or guardian and believe that we have collected personal information directly from a child without your consent, please contact us at hello@healthlatch.com. We will take prompt steps to delete such information.

Parents and guardians may request to review, update, or delete their child’s information at any time by contacting us.

12. YOUR PRIVACY RIGHTS

Depending on your location, you may have the right to:

• Access your personal information
• Correct or delete your information
• Restrict or object to processing
• Request data portability

You may also withdraw consent at any time. To make a request, contact us at hello@healthlatch.com.

Account Management

You can:

• Update your account information through your settings
• Request account deletion

We may retain some data as required for legal or operational purposes.

Email Preferences

You can unsubscribe from marketing emails using the link in our messages or by contacting us directly.

13. CALIFORNIA PRIVACY RIGHTS

California residents may request:

• Information about data shared for marketing purposes
• Access to personal data collected
• Deletion of publicly posted data for users under 18

Submit requests to hello@healthlatch.com.

14. POLICY UPDATES

We may update this policy from time to time.

Changes will be posted on this page with an updated effective date. Continued use of our services means you accept those changes.

15. CONTACT INFORMATION

If you have questions about this Privacy Policy, contact us:

Email: hello@healthlatch.com

Mailing Address:
health:latch
1200 112th Ave NE, Suite C250
Bellevue, WA 98004
United States

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This HIPAA Notice of Privacy Practices (the “Notice”) contains important information regarding your medical information. You have the right to receive a paper copy of this Notice and may ask James M. Thomas P.S. d/b/a health:latch, inc. (“we”, “us” or “health:latch, inc.”) to give you a copy of this Notice at any time. If you received this Notice electronically, you are entitled to a paper copy of this Notice. If you have any questions about this Notice please contact our office listed in Section 9, below.

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) imposes numerous requirements on keepers of medical records regarding how certain individually identifiable health information – known as protected health information or PHI – may be used and disclosed. This Notice describes how health:latch, inc., our employees, contractors, and third party that assists us, may use and disclose your protected health information for treatment, payment, or health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights to access and control your protected health information. “Protected health information” is information that is maintained or transmitted by health:latch, inc., which may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services.

We understand that medical information about you and your health is personal. We are committed to protecting medical information about you and will use it to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request of it. This Notice applies to all of the medical records we maintain. 

If you have another healthcare provider, such other healthcare provider may have different policies or notices regarding their use and disclosure of your medical information.

We are required by law to abide by the terms of this Notice to (i) make sure that medical information that identifies you is kept private, (ii) five you this Notice of our legal duties and privacy practices with respect to medical information about you, (iii) follow the terms of the Notice that is currently in effect.

1. How We May Use And Disclose Medical Information About You. HIPAA generally permits use and disclosure of your health information without your permission for purposes of health care treatment, payment activities, and health care operations. These uses and disclosures are more fully described below. Please note that this Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.

1.1 - Treatment: When and as appropriate, we may use or disclose medical information about you to facilitate medical treatment or services by providers. We may disclose medical information about you to health care providers, including doctors, dentists, nurses, technicians, or other medical personnel who are involved in taking care of you. For example, we might disclose information about you with physicians who are treating you.

1.2 - Payment: When and as appropriate, we may use and disclose medical information about you to insurance companies, health maintenance organization (HMO) or health plans to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility and coverage under your insurance, HMO or health plans, or to coordinate your coverage. For example, we may disclose information about your medical history to a physician (including your physician) to determine whether a particular treatment is experimental, investigational, or medically necessary or to decide if your insurance or health plan will cover the treatment. Additionally, we may share medical information with another entity to assist with the adjudication or subrogation of health claims, or with another health plan to coordinate benefit payments.

1.3 - Health Care Operations: When and as appropriate, we may use and disclose medical information about you for our operations, as needed. For example, we may use medical information in connection with: conducting quality assessment and administration improvement, medical review, legal services, audit services, and fraud and abuse detection programs; business planning and development such as cost management; and business management and general administrative activities. 

We will always try to ensure that the medical information used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA and ARRA for these purposes. We may also contact you to provide information about treatment options or alternatives or other health-related benefits and services that may be of interest to you.

1.4 - Disclosure to Others Involved in Your Care: We may disclose medical information about you to a relative, a friend, or to any other person you identify, provided the information is directly relevant to that person's involvement with your health care or payment for that care. For example, if a family member or caregiver calls Health:Latch with prior knowledge of a claim and asks us to help verify the status of a claim, we may agree to help them confirm whether or not the claim has been received and paid. 

1.5 - Workers' Compensation: We may release medical information about you for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

1.6 - To Comply with Federal and State Requirements: We will disclose medical information about you when required to do so by federal, state, or local law. For example, we may disclose medical information when required by the U.S. Department of Labor or other government agencies that regulate health:latch, inc.; to federal, state, and local law enforcement officials; in response to a judicial order, subpoena, or other lawful process; and to address matters of public interest as required or permitted by law (for example, reporting child abuse and neglect, threats to public health and safety, and for national security reasons). We are required to disclose medical information about you to the Secretary of the U.S. Department of Health and Human Services if the Secretary is investigating or determining compliance with HIPAA or to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law. We may disclose your medical information to a health oversight agency for activities authorized by law (such as audits, investigations, inspections, and licensure).

1.7 - To Avert a Serious Threat to Health or Safety: We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat. For example, we may disclose medical information about you in a proceeding regarding the licensure of a physician.

1.8 - Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order.  We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested. 

1.9 - Abuse, Neglect and Domestic Violence: We may disclose your PHI to an appropriate governmental authority if we reasonably believe that you may be a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law. 

1.10 - Coroners, Health Examiners and Funeral Directors: We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties. 

1.11 - Military and Veterans: If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.

1.12 - Worker’s Compensation: We may release your PHI as authorized by, and in compliance with, laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault. 

1.13 - Business Associates: We may disclose your medical information to our business associates. We have contracted (or will contract) with entities (defined as “business associates” under HIPAA) to help Health:Latch with the administrative aspects of our practice. We will enter into contracts with these entities requiring them to only use and disclose your health information as we are permitted to do so under HIPAA.

1.14 - Other Uses: If you are an organ donor, we may release your medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. We may release your medical information to a coroner or medical examiner. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your information to the correctional institution or law enforcement official.

1.15 - Business Transactions: In the event we sell or transfer all or substantially all of our practice, we will disclose to the succeeding physician, dentist or other record holder your PHI and such succeeding physician, dentist or record holder will hold, disclose and use your PHI in accordance with HIPAA requirements and as required by law. 

Uses and disclosures other than those described in this Notice will require your written authorization. Your written authorization is required for: most uses and disclosures of PHI for marketing purposes; and disclosures that are a sale of PHI. You may revoke your authorization at any time, but you cannot revoke your authorization if we have already acted on it. 

The privacy laws of a particular state or other federal laws might impose a stricter privacy standard. If these stricter laws apply and are not superseded by federal preemption rules under the Employee Retirement Income Security Act of 1974, we will comply with the stricter law.

2. Your Rights Regarding Medical Information About You. You have the following rights regarding medical information we maintain about you:

2.1 - Right to Inspect and Copy: You have the right to inspect and obtain a copy of your medical information.

  • If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request. 

  • We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. If we do not maintain the health information, but know where it is maintained, you will be informed of where to direct your request.

2.2 - Your Right to Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask health:latch, inc. to amend the information. You have the right to request an amendment for as long as the information is kept by or for health:latch, inc.. You also must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask health:latch, inc. to amend any of the following information:

  • Information that is not part of the medical information kept by or for health:latch, inc..

      • Information that was not created by health:latch, inc., unless the person or entity that created the information is no longer available to make the amendment.

      • Information that is not part of the information which you would be permitted to inspect and copy.

      • Information that is accurate and complete.

    2.3 - Your Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” (that is, a list of certain disclosures we have made of your health information). Generally, you may receive an accounting of disclosures if the disclosure is required by law, made in connection with public health activities, or in similar situations as those listed above as “Other Permitted Uses and Disclosures”. You do not have a right to an accounting of disclosures where such disclosure was made:

    • For treatment, payment, or health care operations.

    • To you about your own health information.

    • Incidental to other permitted disclosures.

    • Where authorization was provided.

    • To family or friends involved in your care (where disclosure is permitted without authorization).

    • For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances.

    • As part of a limited data set where the information disclosed excludes identifying information.

To request this list or accounting of disclosures, you must submit your request, which shall state a time period, which may not be longer than six (6) years. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a twelve (12) month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Notwithstanding the foregoing, you may request an accounting of disclosures of any “electronic health record” (that is, an electronic record of health-related information about you that is created, gathered, managed, and consulted by authorized health care clinicians and staff), provided that you must submit your request and state a time period which may be no longer than three (3) years prior to the date on which the accounting is requested. 

2.4 - Your Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.

We are not required to agree to your request. If we agree to a request, a restriction may later be terminated by your written request, by agreement between you and health:latch, inc. (including orally), or unilaterally by health:latch, inc. for health information created or received after we have notified you that they have removed the restrictions and for emergency treatment.

To request restrictions, you must make your request in writing and must tell health:latch, inc. the following information:

  • What information you want to limit.

  • Whether you want to limit our use, disclosure, or both.

  • To whom you want the limits to apply (for example, disclosures to your spouse).

We will comply with any restriction request if: (1) except as otherwise required by law, the disclosure is to Health:Latch for purposes of carrying out payment or other administrative purposes (and is not for purposes of carrying out treatment); and (2) the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. 

3. Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.

We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

You must make any of the requests described above, to the person listed in Section 9, below.

4. Breach Notification. Pursuant to changes to HIPAA required by the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (collectively, “the HITECH Act”) under the American Recovery and Reinvestment Act of 2009 (“ARRA”), this Notice also reflects federal breach notification requirements imposed on health:latch, inc. in the event that your “unsecured” protected health information (as defined under the HITECH Act) is acquired by an unauthorized party.

We understand that medical information about you and your health is personal and we are committed to protecting your medical information. Furthermore, we will notify you following the discovery of any “breach” of your unsecured protected health information as defined in the HITECH Act (the “Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by e-mail if you have previously agreed to receive such notices electronically. If the breach involves:

  • Ten (10) or more individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute individual Notice of Breach by either posting the notice on the benefits website or by providing the notice in major print or broadcast media where the affected individuals likely reside.

  • Less than 10 individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute Notice of Breach by an alternative form. 

Your Notice of Breach shall be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and shall include, to the extent possible:

  • A description of the breach.

  • A description of the types of information that were involved in the breach.

  • The steps you should take to protect yourself from potential harm.

  • A brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches.

  • Our relevant contact information.

Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a toll-free number for you to contact health:latch, inc. to determine if your protected health information was involved in the breach.

5. Changes to This Notice. We can change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the medical information we already have about you as well as any information we receive in the future. We will send you a copy of the revised notice. 

6. Complaints. If you believe your privacy rights have been violated, you may file a complaint with health:latch, inc. or with the Secretary of the Department of Health and Human Services. To file a complaint with health:latch, inc., contact the person listed in Section 9, below.

  • All complaints must be submitted in writing.

  • You will not be penalized for filing a complaint.

7. Other Uses of Medical Information. Other uses and disclosures of medical information not covered by this Notice or the laws that apply to health:latch, inc. will be made only with your written permission. If you grant health:latch, inc. permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we may be required to retain our records related to your benefit determinations and enrollment.

8. Effective Date. The effective date of this Notice is June 28, 2017.

9. Contact Information. All correspondence relating to the contents of this Notice should be directed as follows:

If you have questions about this Notice of Privacy Policy, contact us:

Email: hello@healthlatch.com

Mailing Address:
health:latch
1200 112th Ave NE, Suite C250
Bellevue, WA 98004
United States

10. Acknowledgment of Receipt of This Notice. We will request that you sign a separate form acknowledging you have received a copy of this notice.  If you choose, or are not able to sign, a staff member will sign their name and date the document.  This acknowledgment will be filed with your records.