Privacy Policy

Etra Health, Inc. ("Etra Health," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our healthcare technology platform and services.

1. Who We Are

Etra Health provides healthcare technology software and services to healthcare providers. When we provide services to healthcare providers, we act as a "Business Associate" under the Health Insurance Portability and Accountability Act ("HIPAA"). This means we handle Protected Health Information ("PHI") on behalf of healthcare providers under Business Associate Agreements.

2. Information We Collect

We may collect the following categories of information:

Information Provided by Healthcare Providers

• Patient Health Information: Medical records, diagnoses, treatment information, prescription data, and other health-related information
• Patient Contact Information: Names, addresses, phone numbers, and email addresses
• Insurance and Billing Information: Health insurance details, billing records, and payment information
• Provider Communications: Notes, messages, and communications related to patient care

Information from Healthcare Provider Personnel

• Account Information: Names, professional credentials, contact information, and login credentials
• Usage Data: Information about how users interact with our platform

Automatically Collected Information

• Device Information: Browser type, operating system, and device identifiers
• Log Data: IP addresses, access times, and pages viewed
• Cookies and Similar Technologies: As described in Section 10 below

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and improve our healthcare technology services
• Process and manage patient care coordination on behalf of healthcare providers
• Communicate with healthcare provider personnel about our services
• Ensure the security and integrity of our platform
• Comply with legal obligations and enforce our agreements
• Analyze usage patterns to improve our services

4. How We Share Information

We do not sell personal information. We may share information in the following circumstances:

Service Providers

We share information with third-party service providers who perform services on our behalf, such as cloud hosting, data analytics, and customer support. These providers are contractually obligated to protect information and use it only for the purposes we specify.

Legal Requirements

We may disclose information when required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, the rights of others, or to prevent harm.

Business Transfers

If Etra Health is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will provide notice before information becomes subject to a different privacy policy.

With Consent

We may share information with your consent or at your direction.

5. HIPAA Compliance

As a Business Associate under HIPAA, Etra Health maintains appropriate safeguards for Protected Health Information (PHI) and complies with the HIPAA Privacy Rule and Security Rule.

Business Associate Agreements

We enter into Business Associate Agreements with healthcare providers (Covered Entities) that define our responsibilities for protecting PHI.

Patient Rights Under HIPAA

If you are a patient whose information is processed through our platform, your HIPAA rights (including the right to access, amend, and receive an accounting of disclosures of your PHI) are exercised through your healthcare provider. Please contact your healthcare provider directly to exercise these rights.

PHI Safeguards

We implement administrative, physical, and technical safeguards to protect PHI, including encryption, access controls, audit logging, and workforce training.

6. Data Security

We implement appropriate technical and organizational measures to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication requirements
• Regular security assessments and monitoring
• Employee training on data protection
• Incident response procedures

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods for PHI are governed by our Business Associate Agreements with healthcare providers and applicable law.

8. Your Privacy Rights

Depending on your location and relationship with us, you may have certain rights regarding your personal information, including:

• The right to access your personal information
• The right to correct inaccurate information
• The right to request deletion of your information
• The right to opt out of certain data uses

To exercise these rights, please contact us at support@etrahealth.com. Note that PHI rights are exercised through your healthcare provider as described in Section 5.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

Important Note Regarding PHI

Protected Health Information (PHI) that is collected and maintained in accordance with HIPAA is exempt from the CCPA. If you are a patient, your health information is protected under HIPAA, and your rights are exercised through your healthcare provider.

Your California Rights

For personal information not covered by HIPAA, California residents have the right to:

• Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the purposes for collection, and the categories of third parties with whom we share information
• Delete: Request deletion of personal information we have collected, subject to certain exceptions
• Correct: Request correction of inaccurate personal information
• Opt-Out of Sale or Sharing: We do not sell personal information or share it for cross-context behavioral advertising
• Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Submitting a Request

To submit a request, email us at support@etrahealth.com.. We will verify your identity before processing your request. You may also designate an authorized agent to make a request on your behalf by providing written authorization.

We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension and the reason.

Categories of Personal Information

In the preceding 12 months, we may have collected the following categories of personal information as defined by the CCPA:

• Identifiers (name, email, IP address)
• Professional or employment-related information (for healthcare provider personnel)
• Internet or network activity information
• Inferences drawn from the above

10. Cookies and Tracking Technologies

We use cookies and similar technologies on our platform:

Essential Cookies

These cookies are necessary for our platform to function and cannot be disabled. They include cookies for authentication, security, and basic functionality.

Analytics Cookies

We use analytics services to understand how users interact with our platform. These cookies collect information about usage patterns, which helps us improve our services. You may opt out of analytics cookies through your browser settings.

11. Children's Privacy

Our services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will take steps to delete that information. Note that healthcare providers may use our platform to manage information about minor patients in accordance with applicable law and HIPAA.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new effective date. Your continued use of our services after any changes indicates your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us at: