WELLFRAME/BLUE CROSS AND BLUE SHIELD OF TENNESSEE PRIVACY POLICY
Last updated on August 30, 2024. You can find previous versions in the archive.
OVERVIEW
This Privacy Policy applies to the CareTN mobile application (the “Services”) provided by Blue Cross and Blue Shield of Tennessee or its affiliates and developed by Wellframe (“Blue Cross and Blue Shield of Tennessee,” “Wellframe”, “we,” “us,” or “our”).
Please review our Privacy Policy carefully. If viewing in our mobile application, tap “Accept” to acknowledge that you understand how we may process your personal information. You may be asked additional questions as you use the app to ensure we have your consent to collect and use your personal information for specific purposes. We summarized some highlights below for your convenience, but you should still review the entire Privacy Policy in detail.
We may process your personal information for the following purposes:
- Providing you with the service accessed through this mobile application, including through service providers, such as our cloud hosting provider, that are contractually bound to protect your personal information;
- De-identifying your personal information (so it no longer identifies you) and using the resulting information in aggregated or non-aggregated form for product improvement, marketing, research, and to provide services to our customers.
Please do not use our mobile application if you do not agree to your personal information being processed for these purposes, or with any other terms of our Privacy Policy.
INFORMATION COLLECTION AND USE
This Privacy Policy is designed to inform users how we collect and use your information through our applications and related services (collectively, the “Service”). “Personal Information” identifies you, including health information, as categorized below. Some information may fall under multiple categories. By tapping “Accept” at the end of this Privacy Policy, you consent to us collecting and using your information as described below. It is your choice whether or not to provide us with such information, but if you decline, you may not be able to use part or all of our Service as some information is necessary. You can change some privacy settings at any time by going into the mobile application settings.
What information Wellframe collects
- Information you provide: We may ask for and collect information such as your name, email address, phone number, address, birth date, and gender to register your account, as well as other information in the below categories when you register for the Service or contact us directly. We use this information to manage your account, verify your identity, and deliver the Service.
- Information we receive from third parties: We may receive information about you, including what is listed in other categories, from a healthcare provider, health insurance provider, employer, care manager, or as part of a clinical study (“Sponsor”) or other third parties as directed by your Sponsor. This information may include demographic information, medical history, health insurance information, or other information your Sponsor has directed us to process. We use this information to fulfill contractual obligations and deliver the Service. Your Sponsor controls the collection, processing, and sharing of this information.
- Health Information: We collect personal health information, including information about your diagnoses, symptoms, medical procedures, medications, clinical notes, physical characteristics, provider information, and other biometric information. We use this information to provide the Service, such as your medication information and medication notifications.
- Communications: We collect the content of communications made through our Service. This content can include information under other categories and any other information you decide to communicate. As discussed below, we use this content to provide you with a record of your communications and use it in de-identified form.
- Integration data: We may use automated methods to track data from your other apps, fitness wearables, biometric monitoring devices, and other integrations you have allowed to communicate with our Service. This integration data is then included in our application for both you and your Sponsor to see and use. You may be prompted to provide access to your device’s camera functionality. We use this access to scan for optical character recognition (OCR) features and to allow you to include attachments in communications. We do not otherwise collect images or recordings you have on your device. If using the Android version of our app, you may be prompted to allow access to location data for the Bluetooth connection; however, we do not collect your location data.
- Information unrelated to the application: We may also collect personal information outside of the Service, including your browsing activities on our site, your IP address, cookie information, and the pages you request. We use this information for security, content improvements, sales, and marketing. For more details about this and other uses outside our application (such as through our website) please go to this link.
- Analytics information: We may collect usage data about how you use our Service, such as how you use the application, what content you read and favorite, the content of messages within our Service, integration data, and device information. We use this analytics information to improve the Service for you, your Sponsor, and other users.
- Log files: To maintain security, fulfill compliance requirements, and generally make sure the Service is operating correctly, we collect information such as IP addresses, server requests, login events, device information, crash reports, usage activity, or other information to discover and respond to events indicating possible service interruptions, security threats, fraud, or other illegal activity. We may also use this information to enforce our EULA, for compliance, and other legal obligations. We limit the identifiable and sensitive information in these log files where feasible.
- Support information: If you contact us regarding questions, issues, or requests regarding the use of our Service, our support team may view your Personal Information, as well as any additional information you provide, in order to assist. We may also ask follow-up questions to gather more information as necessary to address your issue. This information is stored as a record of your support request.
- Optional information: We may also collect additional information, with your consent, that is not necessary for the use of our Service, such as product feedback, surveys, usage analytics, and testimonials. We use this information to improve and market our Service. Your Sponsor may also request this information to improve their products and services. You have the right to object to processing your personal data for direct marketing purposes by contacting [email protected] or by using the “unsubscribe” link in an email you receive.
Sharing
We are committed to maintaining your trust and want you to understand when and with whom we may share the information we collect.
Authorized third-party vendors and service providers. We may share your information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries and to protect and defend the rights, interests, health, safety, and security of Wellframe, Blue Cross and Blue Shield of Tennessee, our affiliates, patients, users, or the public.
Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer your information as part of a transfer of the organization’s assets, merger, or consolidation or in the unlikely event of bankruptcy if such transfer is permissible under HIPAA and the HIPAA Notice.
With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or according to your consent or direction.
Machine Learning
Parts of the Service may involve the use and development of machine learning. Machine learning includes using computer algorithms to detect patterns in data automatically. To develop, support, and use these algorithms, we may use the information categorized above and the de-identified information defined below. We use machine learning to provide functionality, improve your experience, optimize our operations, and perform other business purposes.
Compliance with Google Workspace API Usage
We affirm that the Google Workspace APIs accessed through our services are not used for developing, improving, or training generalized artificial intelligence (AI) or machine learning (ML) models.
De-identified Information
In addition to the categories and uses above, we may remove the identifiable parts of your Personal Information to create de-identified information (“De-identified Information”). De-identified Information may be combined with other information into aggregated datasets. We use De-identified Information in the following ways:
- Disclosure for Business Purposes: We may license, use, disclose, or otherwise share De-identified Information with institutional clients, partners, investors, and contractors for any purposes related to our business practices.
- Product Improvement: We may use De-identified Information for product improvement including the Service including the development of machine learning algorithms.
- Research: We may use De-identified Information for research, whether scientific, marketing, or business in nature. This research may be made public through publications such as a scientific journal.
STORAGE AND RETENTION
We retain your Personal Information for as long as reasonably necessary to provide you the Service, or to comply with legal obligations. We may retain De-identified Information indefinitely.
For Android Users – Required Google Play Disclosures
The mobile apps that are part of the Services access, collect, use, and share your information (including images, and files) as stated above in the section titled “What information Wellframe collects” and, as applicable, the HIPAA Notice. We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use such mobile apps.
INTERNATIONAL USERS
We maintain information in the United States of America and in accordance with the laws of the United States, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than the United States, that you consent to the transfer of such data to the United States for processing by us in accordance with this Privacy Policy.
SECURITY
We follow generally accepted standards, practices, and procedures to protect the personal information submitted to us, both during transmission and once it is received. We maintain appropriate technical, administrative and physical safeguards to help protect the privacy, security, integrity, and availability of your personal information. Such measures include encryption and secure communication between servers and storage of data on your mobile device in app-private storage that cannot be accessed. You should understand that no data storage system or data transmission over the Internet or any other public network can be guaranteed 100 percent secure. Please keep your login credentials secret, avoid public WiFi networks, and log out of any shared devices. If you ever suspect a security issue with your account, contact [email protected] immediately.
CHILDREN
Our Service is not directed to children. We do not knowingly collect Personal Information from children under the age of 13 except with permission of a child’s parent or legal guardian through our caregiver account feature. If we find that we collected Personal Information from a child under the age of 13 without proper consent, we will immediately delete that Personal Information.
RIGHTS TO PERSONAL INFORMATION
You may also request that we delete your personal information by sending us an email at [email protected]. We will delete such information unless we are required to maintain information in accordance with applicable law.
GENERAL
The Service may contain links or deep links to other websites, open search results, public feeds, or curated channels, all independent of us. We do not have control and are not responsible for the content, privacy practices, or advertisements on third-party websites or for any loss or damage incurred in connection with your use of such links or dealings with the operators of these websites. We encourage you to review the privacy statements of each third-party website. We are not responsible for any disclosures you make to third parties regarding your Personal Information, including family members or friends.
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy occasionally by posting a new version online and within our application. You should check this page occasionally to review any changes as well as within the settings section of our app. If we make any material changes, we will notify current users by providing notice through the app or via email. We may request your consent to the new terms; otherwise, your continued use of the Service or continued provision of Personal Information to us will be subject to the terms of the then-current Privacy Policy.
CONTACT
If you have questions or suggestions about this Privacy Policy, please email Wellframe at [email protected] or write to us at:
Wellframe, LLC
ATTN: Privacy Officer
470 Atlantic Ave., Floor 8
Boston, MA 02210, USA