Let's connect
Let's connect

We Protect Your Private data On Our Website

Introduction

Welcome to HealPath. We provide a secure patient-portal and provider-collaboration platform (the “Portal”) that enables patients, their authorized family members, and health care providers to share, manage, and communicate about health information. We are committed to protecting your privacy and securing your information. This Policy explains how we collect, use, disclose, and retain personal information, including protected health information (“PHI”), in accordance with applicable law (including HIPAA) and outlines your rights.

Scope & Who this applies to

This Policy applies to individuals who:

  • Use the Portal as a patient, family member or authorized representative of a patient (“Patient User”);
  • Use the Portal as a health care provider or a member of a provider’s team (“Provider User”);
  • Use the Portal via a health care provider or practice affiliated with HealPath.
    The terms “you” and “your” refer to either a Patient User or Provider User, as applicable.

Definitions

  • Personal Information: any information that can be used alone or in combination with other information to identify, contact, or locate an individual (e.g., name, address, email, phone number).
  • Protected Health Information (PHI): individually identifiable health information that relates to past, present or future physical or mental health condition, the provision of health care, or payment for health care, and that is held or transmitted by a covered entity or business associate, in any form (electronic, paper, oral).
  • Designated Record Set: a group of records maintained by or for a covered entity which is used, in whole or in part, to make decisions about individuals.
  • Account: the Portal login, profile and access granted to you or your authorized representative.

How the Portal is used

  • For Patient Users: The Portal allows you to create and manage your health profile (e.g., contact data, demographics, medical conditions, medications, allergies, body measurements), upload documents (insurance, labs, legal) and share or communicate with your provider. You may invite family members or authorized representatives to access your account (with you controlling their level of access).
  • For Provider Users: The Portal allows you and your team to enter, view, edit, share, and communicate patient-related data. Providers determine how patient data is used and disclosed in compliance with their professional and regulatory obligations (e.g., HIPAA, state law).
  • The Portal acts as a secure intermediary between patient and provider workflows, subject to provider’s policies and applicable laws.

Information We Collect

We collect information in the following categories:

  • Account creation & authentication: name, email address, password, contact phone.
  • Profile & health data (Patient Users): date of birth, gender, blood type, health conditions, medications, allergies, body measurements, emergency contacts, uploaded documents (labs, insurance, legal).
  • Family / authorized representative data: if you add family members or permit them access, relevant data about them. You represent you are authorized to provide such data.
  • Usage data & technical information: device identifiers, IP address, browser/device type, access times, cookies, metadata which may be non-identifiable but is used to improve the service.
  • Connected devices/services: if you choose to link external devices (wearables, health trackers, calendars), we may collect and process the data from those services (subject to your consent and those third-party policies).
  • Communications: messages, portal chats, notifications, support inquiries (you send) and the responses we provide.

How We Use Information

We use your information (including PHI, when applicable) for the following purposes:

  • To provide, operate and maintain the Portal, including account creation, authentication, profile updates, document uploads, messaging, and notifications.
  • To communicate with you about your account, service updates, support, security or privacy notifications.
  • To support provider workflows by organizing information as needed and facilitating collaboration between you and your healthcare provider.
  • To enable linking and integrating devices or services you authorize.
  • To aggregate or de-identify data (so it no longer identifies you) for analytics, product improvement, research and other lawful purposes. Note: de-identified data is not treated as PHI under HIPAA.
  • To comply with legal obligations, protect rights and safety, resolve disputes, and enforce our policies.

How We Share Information

We will share your information only as described below:

  • With your consent or at your direction: e.g., you authorize us to share your data with a provider or family member.
  • With health care providers and their teams as part of the Portal service to you. The provider determines permitted uses and disclosures of PHI under HIPAA.
  • With service providers (vendors, consultants) who perform functions on our behalf (hosting, technical support, analytics). They are contractually bound to safeguard the information.
  • Required by law or in response to legal process (court order, subpoena) or to protect rights, safety, fraud prevention.
  • In connection with corporate transactions (merger, acquisition, financing) as permitted by law; if this happens, we will take steps to require the transferee to honor this Policy.
  • For de-identified or aggregated data: we may share such data broadly since it will not identify you.

We do not sell your Personal Information or PHI for direct marketing purposes.

Access, Correction & Control by Individuals

  • You have the right to access the PHI about you in a designated record set, including electronically if maintained in electronic form.
  • You have the right to request amendments/corrections of your PHI (subject to provider’s review and legal requirements).
  • You may request restrictions on certain uses or disclosures of your PHI (under certain conditions).
  • You may request accounting of disclosures of your PHI.
  • You may review and manage your account settings (e.g., sharing with family members, device integrations).

Account Closure, Data Retention & Deletion

  • You may request closure of your account by contacting Support@healpath.com Upon closure, you will no longer be able to sign in or access your data.
  • Some records may continue to be retained by providers or us to comply with legal or regulatory obligations (e.g., provider’s retention of patient records).
  • We retain your information as long as your account is active or as needed for the purposes above, or to comply with legal obligations, prevent fraud, enforce agreements or resolve disputes.
  • De‐identified or aggregated data may be retained indefinitely.
  • If you provided information to third-parties (e.g., device services), it will be subject to their policies and your arrangements with them.

Security of Your Data

We implement administrative, technical and physical safeguards to protect the confidentiality, integrity and availability of PHI and Personal Information (per HIPAA Security Rule). This includes encryption of data in transit and at rest, multi-factor authentication, access controls, audit logging, frequent risk assessments and vendor due diligence. Despite our efforts, no system can be guaranteed 100% secure; you acknowledge the inherent risks of electronic storage and transmission.

Cookies, Device Information & Analytics

We and our third-party service providers use cookies and similar technologies to support login, remember preferences, enable functionality, analyze usage, secure accounts, and improve the Portal. You may disable cookies in your browser/device settings, though some features may not work correctly. We automatically collect information such as IP address, device type, access times, and other metadata for operational, security, and improvement purposes.

Children’s Privacy

The Portal is not directed to children under the age of 13. We do not knowingly collect Personal Information or PHI of children under 13 without parental consent. If you become aware that a child under 13 has provided us data without consent, please notify us at [support email] and we will promptly delete such data and terminate the account.

International Transfers

Our services are based in the United States. By using the Portal, you consent to transfer, storage, and processing of your information in the U.S. and globally in accordance with this Policy. If you access the Portal from outside the U.S., you agree to this transfer.

Changes to this Policy

We may update this Policy from time to time. When updates occur, we will revise the “Last updated” date at the top and, if changes are material, provide you with notice (e.g., via email or in-portal notification). Your continued use of the Portal after changes indicates your acceptance of the updated Policy.

Contact Us

Questions or concerns about this Policy, or requests regarding your rights, may be submitted to:

Email: [support@healpath.com]

Additional Governance and Compliance Disclosures (for clarity)

  • HealPath acts as a business associate to provider organizations under HIPAA and enters into appropriate Business Associate Agreements (BAAs) with our provider partners.
  • Providers using the Portal remain the covered entities under HIPAA and are responsible for how PHI is used and disclosed by their staff.
  • We recommend providers conduct (and update regularly) a Security Risk Analysis of Portal workflows and implement vendor-management and device integration practices consistent with the HIPAA Security Rule.
  • Patients should know that when they invite family or third-party representatives to access their account, they are granting those individuals access and they remain responsible for controlling access (e.g., choosing permissions, keeping credentials safe).
  • The Portal may integrate with wearable devices or tracking services; those third-party services are subject to their own privacy policies, and your consent is required for linking.
  • In the event of a merger, acquisition, or sale, your data may be transferred as part of the transaction; we will require the transferee to honour this Policy and applicable law.

Have a query?
Let’s discuss

Thank you for getting in touch! Please, Fill the form, it won’t take more than 30 seconds