Notice of Privacy Practices
This notice describes how WEconnect Health Management, doing business as WEconnect will collect and store information about you, and how that information is shared.
In summary, we collect sensitive personal information in order to support the core function of the application, which is to reduce relapse by making recovery routines accessible and increasing individual accountability. We do this by verifying your location at scheduled times and allowing approved individuals to review your adherence to your routines. We ask for permission before collecting this information, and we ask for permission before we share it. We do not use this information to create individual commercial profiles. We do not share information with unauthorized third parties. We recognize that the nature of this sensitive data requires that we protect and secure this information at every step to ensure that your privacy is respected.
The information we collect is not intended to be used for punitive purposes.
WEconnect can verify compliance with a treatment routine. WEconnect does NOT verify non-compliance.
Laws in place to protect your privacy accord you certain rights. You have the right to request a copy of your personal data, the right to request deletion of your personal data, and the right to limit sharing and disclosure of your personal data or revoke your consent to share data at any time. You can do any of these things by emailing firstname.lastname@example.org or email@example.com.
WEconnect is subject to the investigatory and enforcement powers of the Federal Trade Commision (FTC), the Office of Civil Rights (OCR) and the Department of Health and Human Services. WEconnect does not share personal data with unauthorized third parties without notice and consent.
Statement of HIPAA Compliance:
As a Business Associate (BA) of HIPAA compliant Covered Entities, we are aware of our obligation to implement effective security and privacy policies that comply with these regulatory standards. For Data protected by HIPAA Our uses and disclosures of protected health information will comply with HIPAA and related Business Associate Agreements. To review the measures we have taken to ensure compliance, please see our Compliance and Security Overview.
Statement of 42 CFR Part 2 Compliance:
Some information about the Services may be protected by 42 CFR Part 2. WEconnect is prepared to work with any entity requiring compliance with 42 CFR part 2. Our operating processes and security parameters are designed to protect individual data to the highest reasonable standard.
WEconnect requires explicit authorization and consent to share data within an individual’s support network. Support persons are added to this network by the client themselves. We do not share data on behalf of any client without explicit authorization to do so. Our application icon is discrete, and does not indicate by design, branding, or other external feature an affiliation with substance abuse treatment, addiction, or recovery. Our HIPAA compliance training includes a review of 42 CFR 2, and all employees are educated on the importance and necessity of respect for persons and privacy. Our application requires an individual login to view scheduled appointments, contacts, or any other data that might be considered sensitive, or identifying the individual as a current or former individual in long term recovery.
We don't disclose information about our clients without their consent. They choose what is shared and with whom. In the event that a treatment center requests access to the data dashboard, we require a consent from our client that describes the data shared and the applications before the data dashboard can be viewed by the treatment center.
Disclosures to law enforcement are determined by the requirements set forth in our Terms and Conditions.
Text Message Terms
We have developed an automated enrollment process. By providing a mobile number that allows you to receive text message or short message reminders and information, you are opting to participate in our mobile enrollment process and you agree to be bound by the following terms and conditions related to our SMS text notification services.
As a user of this text message service you acknowledge that text messages are distributed via third-party mobile network providers and therefore we are unable to control all functions related to the delivery of text messages. You acknowledge that it may not be possible to transmit all text messages successfully. While we do not charge you for these services, message and data rates may apply from your mobile carrier.
- Opt Out
To stop receiving text messages, text STOP to a text message you receive. You consent to receive one last message from us confirming your inactivation. If you stop using your mobile phone number you must alert us immediately to unsubscribe from the service.
The WEconnect Data Protection Officer is Dan Gonzalez (firstname.lastname@example.org).
Introduction to Privacy at WEconnect
We at WEconnect know the value of trust and transparency, and we understand the need for responsible and secure protection of the information you choose to share with us. Your security is important to us, and we take your privacy seriously. Please read the following to learn more about our policies and practices for keeping your data secure.
As noted in the Terms and Conditions, WEconnect does not knowingly collect or solicit Personal Information from anyone under the age of 13. If you do not meet the age requirements, please do not attempt to register for the Services or send any Personal Information about yourself to us. If we learn that we have collected Personal Information from an individual under the legal age of consent, we will delete that information. If you believe that a child under the legal age of consent may have provided us with Personal Information, please contact us at email@example.com.
WEconnect gathers information from customers for multiple reasons. We use Personal Information (or PII) internally in connection with our Services, as a means of identifying you as a subscriber, to create an account and profile, to contact you, to provide and improve the Services, and to learn more about how you use the Services. Certified Peer Recovery Specialists will have access to the information that you enter into the products including the mobile application and messenger. We may share some de-identified Information with third parties, who might help us learn how to provide better support to you and to make product improvements. WEconnect will not access your camera, your contacts, or your files. WEconnect will never contact others or post to social networks on your behalf without your permission. The following sections explain what information we collect and how we use it.
THE INFORMATION WE COLLECT
The Information WEconnect Collects
WEconnect collects both Personal Information and Anonymous information through the standard operation of the Services. This information is used to identify you as a WEconnect subscriber, track your preferences and settings, and to improve and personalize your experience. Certain information is required for the effective operation of the Services. These types of information are defined in the subparts below and used as described in the corresponding sections.
You may request access to all your personally identifiable information that we collect online and maintain in our database, by emailing us at firstname.lastname@example.org.
Some information is collected automatically when you access our Services. Some information we will ask you for, and some information you may provide voluntarily. We will not ask you for information for which there is no relevant purpose, and we will not share your information with unauthorized third parties. The following section will explain what types of information we collect, and why we collect it.
- Information you give us.
- In order to use our services, you must sign up for an account. We will ask you for some personal information when you are activating this account, such as your name, your phone number, and your email address. We use this information to help tailor our service to you in the following ways:
- To verify your identity
- To reach out to you in the event of a security incident
- To assist in creating your account
- To connect to your treatment network
- To verify your location during scheduled check-ins
- To redeem your Contingency Management Reinforcement
If you choose to engage in additional peer recovery support Services the information shared will remain confidential unless the Peer is legally and ethically obligated to report disclosure of personal involvement with child or elder abuse/neglect, threatened self-harm, or harm to others or other situations requiring a Mandatory Report be made.
- Information we get from your use of our services
- We collect information about the services that you use and how you use them. For example, when you visit our website or log in, we may collect browser data, your IP address, or device specific information, such as the model of your device, your operating system, and your IP address. This helps us to improve the way our website is designed, and how people can search for us. We do not share this information with any unauthorized third party.
- We also collect information that verifies your adherence to your treatment plan, such as your location (discussed below) and your routines. We respect your confidentiality and your right to privacy.
- Location information and GPS tracking
- The WEconnect app can use location data to allow you to check-in to your activities and support routines. The WEconnect app will ask you to opt in to this service when you sign up. When you check-in to an activity, we verify your location using the location services on your device, and the length of your stay. This helps you to stay accountable, and may be required for your support program. WEconnect will not collect or retain any location data not relevant to your routines or activities.
- This function can be turned on or off in the settings menu of the application. Please be aware that disabling the location services may impede the function of the application, and may prevent you from complying with certain terms of your treatment program. You can learn more about how verification works in our Location Services FAQ.
- Information we get from your care providers or treatment centers
- We do not solicit information about you from any third party other than your care team. In the event that someone, such as your treatment facility, provides us with information about you, this information is considered private and confidential, and will not be shared with unauthorized third parties.
The Information WEconnect Shares
- Aggregate Data: Aggregate data are data that are no longer personally identifiable. WEconnect may share these aggregate statistics with our associates to determine the ways in which our services are used, and how we can improve. We store aggregate and anonymized data indefinitely.
- Personally Identifying information: WEconnect will share your personal information ONLY with those entities you have authorized to view it. WEconnect stores this information as long as your profile is active. All personal data can be deleted upon request by contacting email@example.com.
Our Third Party Associates
WEconnect will work with other entities only under conditions when permitted. HIPAA Covered Entities and Business Associates are entities with whom sensitive data are shared and are required by law to abide by the conditions set forth in those laws. When appropriate, WEconnect forms Business Associate Agreements with partners.
Contingency Management Reinforcement Program
WEconnect partners with Tango Card (or Tango) to deliver Contingency Management Reinforcers. This information will not contain any information related to your treatment or your recovery. WEconnect will not share any health information, or any other confidential information, with Tango.
The Information WEconnect Retains:
Data that have been collected about you that have been anonymized cannot be removed from aggregate banks, but cannot be used to identify you. De-identified data such as usage history, location data, and other information stored in your account may continue to be used internally for quality improvement research to enhance efficacy, accuracy, development of features and customer experience. Data that are requisitely retained will be retained securely only for the duration of the retention requirement. WEconnect must retain some data (such as a record of consent) to meet regulatory obligations.
Messaging and WEconnect:
The WEconnect service may allow you to send messages to your WEconnect Peer. Messages you send or receive through the WEconnect services are stored within the WEconnect system and are subject to the same protections as data stored within the app.
Your Account Security
We make every effort to ensure that your data are retained confidentially and securely. We require an account to access our services. Each username is connected to a unique password which allows you to log in to your account. DO NOT SHARE YOUR PASSWORD AND USERNAME WITH ANYONE. You should never allow anyone to access our Services under your username, or share your account with another individual. You are responsible for the uses of the Service associated with your username. We reserve the right to revoke or deactivate your username and password at any time. If you have security concerns, questions, or need to reset your password, contact us at firstname.lastname@example.org.
All payments for subscriptions and accounts are processed by Stripe, Inc., which ensures safe transactions using Secure Sockets Layer (SSL). Stripe, Inc. provides WEconnectwith the details of each purchase. These details include name and email address (this information is retained by WEconnect for future contact and support), but do not include specifics such as credit card or routing numbers.
Safety, Security, and Compliance with Law.
We may disclose any information, including personal information, we deem necessary to comply with any applicable law, regulation, legal process or governmental request, to enforce our rights, or to protect the safety and security of our Applications or other subscribers. For more information, please see our Disclosure to Law Enforcement Policy.
This agreement shall be governed by the laws of the State of Washington without giving effect to its conflict of laws provisions. All actions, suits or proceedings arising out of or based upon these Standard Terms and Conditions or the subject matter of these Standard Terms and Conditions shall be brought and maintained exclusively in the federal or state courts located in King County in the State of Washington, and you consent to the sole and exclusive jurisdiction of such courts for any such action, suit or proceeding.
You may submit complaints, comments, or questions to email@example.com.
If any provision of this agreement is unlawful, void or unenforceable, the remaining provisions of the agreement will remain in place.
Notification of Changes