Last updated 04 MAY 2025 MiPHR, LLC (“We” or “Us”), operates and hosts the MiPHR CHRONIC CARE mobile application and services (the “Service”) on behalf of health care providers who provide services to patients who register and utilize the Service (your “Provider” or “Providers”). This privacy policy (the “Privacy Policy”) identifies the information that is collected during Your use of the Service, as well as the ways in which We may Use or Disclose such information. This Privacy Policy is incorporated into and made a part of the Terms of Service applicable to the Service.
1 . Agreement to Privacy Policy
By accepting the terms and conditions in the mobile application and/or utilizing the Service, you agree to accept the practices described in this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, or the Terms of Service, please do not use the MiPHR CHRONIC CARE mobile application or the Service. IF YOU ARE A USER OF THE SERVICE OTHER THAN A PROVIDER OR HEALTHCARE PROFESSIONAL WORKING FOR A PROVIDER AND YOU CHOOSE TO REGISTER TO ACCESS THE SERVICE, YOU WILL BE CONFIRMING THAT YOU ARE REGISTERING FOR THE SERVICE, AND YOU WILL BE REQUIRED TO VIEW AND AGREE TO CERTAIN REGISTRATION INFORMATION (INCLUDING THE TERMS OF SERVICE) IN ORDER TO FINALIZE YOUR REGISTRATION. IF YOU DO NOT AGREE WITH THE BELOW POLICY, PLEASE DO NOT USE OR ACCESS THE SERVICE FOR ANY PURPOSE. PLEASE PRINT A COPY OF THIS PRIVACY POLICY FOR YOUR RECORDS.
2 . Modifications to Privacy Policy
We may revise this Privacy Policy at any time. Should any new Privacy Policy take effect, we will notify you that a change has occurred by email. By continuing to visit the MiPHR CHRONIC CARE mobile application or utilizing the Service after any such changes are posted, you agree and consent to any such changes.
3 . Applicability of this Privacy Policy.
This Privacy Policy applies solely to the MiPHR CHRONIC CARE mobile application and Service and provides you with information on the specific information that We may collect from you via the MiPHR CHRONIC CARE mobile application and Service and how We may use it, whether you are using the Service as a patient or a Provider. If you are a patient or legal representative, your Provider’s use and disclosure of Your identifiable health information is subject to your Provider’s Notice of Privacy Practices. We cannot control any Provider’s use of a patient's identifiable health information. If you are a patient or legal representative of a patient, please contact your Provider for a copy of his, her or its Notice of Privacy Practices. We provide the Service on behalf of your Provider and therefore protect identifiable health information as required by the applicable agreement between Us and your Provider and in accordance with applicable law. This Privacy Policy does not in any way govern Our collection, use or disclosure of Your identifiable health information in connection with any relationship that we may have with your Provider other than as the operator and host of the Service; any such collection, use or disclosure is governed by the Business Associate Agreement that We have with your Provider, and all applicable laws. If you have any issues with the identifiable health information managed by your Providers, please contact them directly, as we have no ability to change the information you have provided them.
4 . Disclosure of Information Practices
Whether you are a patient or a Provider, if we collect information from or about you via the Service, we will tell you what information we are collecting. The amount and type of information that we receive depends on how you use this Service and the information you choose to submit to us via the Service. Whether you are a Provider or patient user, we may track use of your username and may also capture the paths taken as you move from page to page (i.e., your “click stream” activity). When you log in, your username and encrypted password will be logged by our system in an audit log but will not be used by us.
A . Identifiable Health Information
If you are a patient or the legal representative of a patient, you must provide certain identifiable health information in order to complete your registration for the Service and to access the health records maintained by your Provider. If you are a patient (or the legal representative of a patient), we will collect identifiable health information from you with your knowledge during the registration process and in the event you request information or services. We may collect any identifiable health information that you provide to us, such as your name, address, email address, gender, birth date and phone number. When you register for the Service via the MiPHR CHRONIC CARE mobile application, the mobile application sign up process requires you to choose a username and password for your account, which you should keep and maintain as confidential. If you choose to share your username and password, you understand that those individuals with whom you share that information will have access to your identifiable health information and will be able to add to your identifiable health information as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your username or password, as more fully described in the Terms of Service. If you are a registered patient user of the Service, your identifiable health information (or that of the patient for whom you are the legal representative) currently stored electronically in your Provider’s records will become accessible to Us in order to provide you access to such information through the Service.
B . MiPHR collects personal health data through various methods, including:
1. User Input: Users can manually enter their health information, calories burned, exercise minutes, steps taken, and calories consumed.
2. Device Integration: The MiPHR CHRONIC CARE mobile application connects with wearable devices and health apps to gather data including activity time, steps, and calories burned.
3. Health Records: Users that opt in to send data to participating healthcare providers (pHCPs) can export data via secure facsimile or electronic health records (EHRs) transfer.
4. Surveys and Questionnaires: Periodic surveys can capture health-related information directly from users.
All data collection complies with privacy regulations and aims to provide users with a comprehensive view of their health.
If you are a California resident, click here (CCPA) for additional information.
C . Non-Identifiable Health Information
We and/or any third-party website analytics vendor (e.g., Google Analytics) on Our behalf, may also collect nonidentifiable information, which is automatically collected as you use or otherwise access this mobile application and Service.
D . IP Addresses
We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Website or Service. We may combine nonidentifiable information collected automatically (such as through IP addresses, cookies, or clickstream monitoring) with any previously submitted personal information that we may have received from you.
E . Geographic Location
We may collect your geographic location based on your IP address and other location-based data.
F . Surveys
Users of the Service may have the opportunity to participate through the Service in various surveys depending on the survey and as permitted by law. Any survey responses that you choose to submit may be aggregated, deidentified and provided or sold to third parties as set forth below.
5 . How Will Your Information Be Used and Disclosed?
We will not sell, share, or rent the information that is collected via the Service to others in ways that differ from what is disclosed in this Privacy Policy.
A . Identifiable Health Information
We may use any identifiable health information or other information that you voluntarily provide us in order to provide you with information, products, or services that you may request from Us. If you are a patient or the legal representative of a patient, any identifiable health information that you share via the Service will be made accessible to your Provider and will become a part of the records maintained by your Provider, which records are subject to your Provider’s Notice of Privacy Practices. To the extent permitted by applicable law, we may use your participation in the Service to communicate to you special offers and featured items, whether from Us, Our affiliates, our suppliers, or vendors, or other third parties. If you are receiving additional communications and special offers, you may revoke your authorization to receive such materials at any time by contacting Us using the contact information below or as outlined in the applicable communication. We will implement your revocation as soon as is commercially reasonable. We cannot control any communications and other materials that you may receive directly from third parties. We will also use your information to customize your mobile application experience and communicate with you and otherwise respond to your questions and suggestions regarding use of the Service as may be permitted by applicable law. We may share your information only with Our suppliers and vendors to the limited extent permitted by applicable law. We require those suppliers and vendors to comply with all applicable data privacy laws and regulations, including HIPAA. We do not sell, lease, or rent your identifiable health information. We may also use your geographic location to provide you with specific content and direct you to your closest service providers to the extent permitted by applicable law.
B . Non-Identifiable Health Information
The nonidentifiable, aggregated health information we collect may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze website usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.
C .Feature
The app provides a feature for all users to delete their account if they choose to. The user may also remove the app from their device.
D . Aggregate Data
We may aggregate and deidentify in accordance with HIPAA identifiable health information, either alone or with other data to create anonymous "aggregate data" regarding the users of the MiPHR CHRONIC CARE mobile application and Service. Aggregate and deidentified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you but will be used as statistical information to determine such things as user demographics and usage patterns of the MiPHR CHRONIC CARE mobile application and Service. We may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide.
E . Other Use and Ownership
We also reserve the right to share your information collected from the MiPHR CHRONIC CARE mobile application or Service with third parties to the extent permitted by applicable law including but not limited to the requirements under HIPAA, and, in the case of identifiable health information, pursuant to the Business Associate Agreement that we have with Your Provider. We maintain full rights to any information collected on the MiPHR CHRONIC CARE mobile application or Service, and may freely collect, use, and disclose such information unless prohibited by this Privacy Policy or applicable law as stated above.
F . Security
No mobile application can guarantee security or that loss, misuse, or alteration to data hosted by or on, or accessed by or through, a mobile application will not occur. To mitigate these risks, we maintain physical, administrative, electronic, technical, and procedural safeguards to help protect your personal information collected via the Service as required by applicable law. We use industry standards, such as Secure Socket Layers ("SSL") or Transport Layer Security (“TSL”) technology, to help safeguard against such occurrences. In certain areas, the information passed between your account and our system is encrypted with SSL or TSL technology (which covers any messages, Personally Identifiable Information, or communications that you direct to Us or to your Provider using the secure messaging services) to create a protected connection between you and the MiPHR CHRONIC CARE mobile application to ensure confidentiality. Our data is both physically and electronically secured. Our cloud-based storage provider servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents who we reasonably believe need to have access to your information to provide you with the information or services you request via the Service. In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.
G . Access
We will maintain your information and allow you to request updates at any time by logging into your Service account to access your information. You should first consult your Provider to make any updates to your information stored in your electronic health record; however, if you are unable to update through your Provider, you may contact Us using the contact information set forth below and We will take steps to make sure that any updates that you provide are processed in a timely and complete manner.
H . What if I am accessing this Service from outside of the United States?
If you are visiting our mobile application or Service from outside the United States, please be aware that your information may be transferred to, stored, or processed in the United States, where our servers are located, and our central database is operated. By using the mobile application or Service, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this privacy policy.
I . Transfer of Data
In the event of a change in control of MiPHR, LLC or sale by MiPHR, LLC of substantially all of its assets or other acquisition, merger or reorganization, any information owned by or in the control of MiPHR, LLC may be transferred to such MiPHR, LLC successor, who will comply with the terms of this Privacy Policy.
J . Important Note Regarding Children
This mobile application and Service is not directed toward children under 18 years of age, and We do not knowingly collect or use information from children under 18 through this mobile application or Service. Any information submitted via the Service regarding a minor under the age of 18 must be submitted by the minor’s legal representative. To the extent permitted by applicable state law, minors may access their identifiable health information through their physician.
6 . What if I have questions or concerns regarding this Privacy Policy?
If you have any questions about this Privacy Policy or the use of your information by Us, please contact the Privacy Officer at MiPHR, LLC via info@miphr.com
