Privacy Policy
Renalogic Notice of Privacy Practices
Effective Date: 11/1/2022
This Notice of Privacy Practices (“Notice”) is intended to give notice of how Renalogic, Inc. (“Renalogic,” “We” or “Us”) uses and discloses Personally Identifiable Information, including Protected Health Information. It is also intended to describe how individuals may exercise their rights with respect to their Personally Identifiable Information.
Why Do We Publish this Notice?
This Notice is principally but not solely intended for purposes of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and their implementing regulations (collectively “HIPAA”). This Notice is intended to be interpreted consistently with HIPAA.
Renalogic is not a Covered Entity under HIPAA. We provide Our services to Health Plans (“Plan Services”) by contract. Health Plans are Covered Entities which are primarily responsible for compliance with HIPAA for the Protected Health Information of the individuals covered by the Health Plan (“Members”). Under HIPAA We are the Business Associate of these Health Plans. Our receipt, use, disclosure and protection of their Members’ Protected Health Information is regulated by HIPAA and Business Associate Agreements.
Our Health Plan clients authorize Us to receive, use and disclose their Members’ Protected Health Information in compliance with HIPAA and Our Business Associate Agreements. We are required by law to maintain the privacy of Protected Health Information, and to abide by the terms of this Notice as currently in effect. We are not legally required to publish this Notice but have chosen to do so as part of our commitment to ethical business practices.
We do not provide consumer, individual, family or household services. Individuals cannot purchase or acquire services from Renalogic. Only individuals who are Health Plan Members may receive participate in Plan Services from Renalogic.
We operate within the United States and do not provide services outside it.
Who Does This Notice Apply To?
This Notice applies to:
- Individuals who submit information through this Website, https://renalogic.com/ (“Website Users”). Website Users may contact Renalogic through this Website to request information about Renalogic and its services for potential acquisition by or for Health Plans. Website Users may not seek or acquire services from Renalogic for any consumer, personal, family or household use.
- Individuals whose information Renalogic receives or creates in order to provide one or more of Our Plan Services by contract with a Health Plan which provides them with health benefits (“Members”).
Website User Privacy Information.
What Services Do We Provide to Website Users?
The only services we provide to Website Users (“Website Services”) are:
- Access to the information published on the Website.
- The option to submit an inquiry through the Website to receive more information about Our Services to Health Plans.
These Website Services are provided free of charge, as-is and with no warranties.
How Do We Collect, Use and Disclose Information About Website Users?
The only Personally Identifiable Information We collect about Website Users is through the “Contact Us” page on Our website (“Website User Information”). This information is not Protected Health Information and is submitted voluntarily by the Website User. We are not responsible for any content submitted by any Website User. We do not solicit or accept requests from Website Users for potential acquisition of Renalogic services for consumer, personal, family, or household purposes.
The principal information provided by a Website User is a limited set of Personally Identifiable Information for contact purposes (“Website User PII”) as requested on the “Contact U” page. We may use or disclose Website User PII to contact the individual identified as the Website User in response to the submission of an inquiry through the “Contact Us” page. We may also use Website User PII for Our own internal business purposes such as website and Company administration, auditing, quality assurance, and improving Our Website, services or promotional efforts.
We do not sell Website User PII. We may disclose Website User PII to an organization identified by the Website User in an inquiry as part of follow-up to the inquiry. We may also disclose Website User PII to third parties for purposes such as website and Company administration, auditing, quality assurance, and improving Our Website, services or promotional efforts. We may disclose Website User PII if required by law, or for purposes of regulatory inquiries or investigation or legal proceedings.
Can Website Users Request Changes to their PII?
Yes. If you have submitted an inquiry through Our “Contact Us” form on the Website and would like to change information you have provided in that inquiry, please send a written request to Us at Our contact address in this Notice below.
You must provide all the information submitted in your Website inquiry and specify the change(s) you request. You may only request a change to information which has already been received by Renalogic. You must provide satisfactory proof that you are the individual who is the subject of the Website User PII. Renalogic will either accept or reject a requested change within thirty (30) days of receipt, in Renalogic’s reasonable discretion.
Does Renalogic Track Website Users’ Activities?
We may track Website User activity on our Website using Google Analytics tags. These tags track a Website User’s path through Our web pages on the Website, and whether or not the Website User completes “Contact Us” information. We also use tags with on LinkedIn for tracking activity with respect to Our advertisement and certain posts on that service, which We may correlate with Google Analytics tags for activities on Our Website.
Website User activity information is not Website User PII unless it has been identified with a Website User who has provided identification information through Our “Contact Us” web page. We do not identify Website Users who do not complete the “Contact Us” information. We identify Website Users who submit “Contact Us” information through information provided through that web page.
Can Website Users Opt-Out of Website Usage Tracking?
No. Because We do not identify Website Users who do not provide identification information and Our tracking of Website activity is very limited, We do not maintain processes to respond to “do not track” signals or otherwise permit Website Users to opt-out of Website usage tracking.
Application of California Consumer Protection Act (“CCPA”).
The California Consumer Protection Act (“CCPA”) does not apply to Website User PII or Website tracking. The CCPA does not apply to personal information reflecting communications or transactions between a business and an individual acting on their own behalf or as an employee, owner, director, officer, or contractor of another party which occur solely within the context of due diligence regarding, or providing or receiving a service to or from the other party. See California Civil Code § 1798.146(n)(1). Because the Website may only be used for purposes of business due diligence and services the CCPA does not apply.
Member Privacy Information.
What Plan Services Involve Protected Health Information?
Renalogic’s Services to Health Plans and their Members involving Protected Health Information include:
- ImpactIQ. ImpactIQ is a data analysis service which assists Health Plans in identifying risks and incidence of chronic kidney disease (“CKD”) and related health conditions and claims across the Health Plan population, to improve Member health and reduce health care costs. This activity is part of Health Care Operations under HIPAA.
- ImpactCare is a Member care management service which helps prevent Members with CKD from progression including preventive counseling, education, supportive intervention, care coordination and information about treatment alternatives. These activities are part of Health Care and Health Care Operations under HIPAA.
- ImpactProtect is a health claims advisory, review and analysis service which provides Health Plans manage dialysis costs through the claims administration and related processes. These activities are part of Payment and Health Care Operations under HIPAA.
- ImpactAdvocate is a Member support and advocacy service which helps Members with CKD who are progressing to or on dialysis understand their clinical and coverage options, including counseling and education. These activities are part of Health Care Operations under HIPAA.
- KHL Labs is a blood testing program for Members with CKD which provides Treatment services.
How Do We Collect Protected Health Information About Members?
The information We collect about Members (“Member Information”) depends upon the Plan Services We provide their Health Plan. All such Member information is Protected Health Information which is subject to HIPAA and the applicable Business Associate Agreement.
Member information typically includes contact and demographic information. It may also include information about the Member’s health condition, health care provided to the Member, and payment for the Member’s health care.
We may collect Protected Health Information from a Member’s Health Plan, the Health Plan’s administrator, or the Health Plan’s service providers or advisors. Depending on the Service We may also collect Protected Health Information from the Member, or from the Member’s health care providers. In some cases we may collect personally identifiable information about a Member from other sources, including public sources. Once it is in our possession any such information is considered Protected Health Information.
We do not collect genetic information (as defined under HIPAA) or information from substance use disorder (alcohol and drug) treatment programs.
How Do We Use and Disclose Protected Health Information?
Our use and disclosure of Protected Health Information is limited to purposes authorized under HIPAA and Our Business Associate Agreement. Depending on the Service We may use or disclose Protected Health Information for Services purposes:
- ImpactIQ. ImpactIQ is a data analysis service which assists Health Plans in identifying risks and incidence of chronic kidney disease (“CKD”) and related health conditions and claims across the Health Plan population, to improve Member health and reduce health care costs. This activity is part of Health Care Operations under HIPAA.
- ImpactCare is a Member care management service which helps prevent Members with CKD from progression including preventive counseling, education, supportive intervention, care coordination and information about treatment alternatives. These activities are part of Health Care and Health Care Operations under HIPAA.
- ImpactProtect is a health claims advisory, review and analysis service which provides Health Plans manage dialysis costs through the claims administration and related processes. These activities are part of Payment and Health Care Operations under HIPAA.
- ImpactAdvocate is a Member support and advocacy service which helps Members with CKD who are progressing to or on dialysis understand their clinical and coverage options, including counseling and education. These activities are part of Health Care Operations under HIPAA.
- KHL Labs is a blood testing program for Members with CKD which provides Treatment services.
For purposes of one or more of the Plan Services We may disclose Protected Health Information to the employer or other organization which sponsors the Health Plan for purposes permitted under the Health Plan’s plan documents and Our Business Associate Agreement. HIPAA requires a plan sponsor such as an employer to ensure that its employees who receive such information only use or disclose it as necessary to perform certain plan administration functions or as otherwise required by HIPAA, unless the Member authorizes other disclosures. In such a case a Member’s Protected Health Information cannot be used for employment purposes without the Member’s specific authorization.
We may also use or disclose Protected Health Information for purposes of Our own proper management and administration, to fulfill our legal responsibilities, or if We are required to do so by law. These may include such purposes as management and administration of our Services, business processes and information systems; financial, employee and contractor management, and fulfilling our legal obligations including those under HIPAA and our Business Associate Agreement.
Other types of uses or disclosures will be made only if and to the extent permitted by HIPAA and the applicable Business Associate Agreement, and in some cases based on Member authorization. We do not sell Protected Health Information or use it for fund-raising or marketing purposes.
What Rights Do Members Have with Respect to Their Protected Health Information?
HIPAA provides a number of rights for individuals with respect to their Protected Health Information. A Member’s Health Plan is principally responsible for these. Under Our Business Associate Agreements We are required to refer such requests to the Health Plan (or its administrator, if applicable) for fulfillment. These rights include:
- The right to request restrictions on the use and disclosure of their Protected Health Information in addition to those provided by HIPAA.
- The right to receive communications of Protected Health Information by an alternative means or at an alternative location.
- The right to inspect and copy Protected Health Information.
- The right to amend Protected Health Information.
- The right to receive an accounting of disclosures of Protected Health Information.
Members participating in the KDAP Program may request amendment of their contact and demographic information directly with their assigned Health Coaches.
For all other purposes, a Member may submit a request to exercise one of these rights to Our Chief Privacy Officer at the contact information provided below. Any such request will be forwarded to the Member’s Health Plan for decision. The Health Plan or its administrator, or Renalogic if directed by or on behalf of the Health Plan, will respond to the request.
How Do We Protect Protected Health Information?
We use reasonable and appropriate safeguards to ensure the confidentiality, integrity and availability of the Protected Health Information We create, receive, maintain and transmit; to protect against reasonably anticipated threats or hazards to such information, and against any reasonably anticipated uses or disclosures of such information not permitted under HIPAA; and to ensure Our compliance with HIPAA.
In case of a security breach affecting Protected Health Information We will notify the affected Health Plan(s) as required by HIPAA and our Business Associate Agreements. The Health Plan will be responsible for determining whether to notify affected Members. We will fully cooperate in any investigation and response to any security breach.
Application of California Consumer Protection Act (“CCPA”).
The California Consumer Protection Act (“CCPA”) does not apply to Protected Health Information that is collected by Business Associate which is subject to HIPAA. See California Civil Code § 1798.146(a)(3). The CCPA therefore does not apply to Protected Health Information of Members.
General Information.
Can We Amend this Notice?
We reserve the right to revise and update this Notice of Privacy Practices, and to make any new notice applicable to all Personally Identifiable Information We maintain, including Protected Health Information, to the extent permitted by law. We will provide notification of any new notice by prominent publication on our Website no later than sixty (60) days before the effective date of the new notice.
How Do I File a Complaint?
Any Website User or Member may file a complaint with Us if they believe We have violated their privacy rights, under HIPAA or any other laws.
- To file a complaint with Us, please use the Contact Information provided in this Notice below.
The U.S. Federal Trade Commission (“FTC”) and the Attorney General of the state in which You reside have jurisdiction over Your consumer privacy issues. While this website and Our Services are not provided for consumer use, Website Users and Members who believe that We may have violated their consumer privacy rights may be able to make an inquiry or file a complaint with the FTC or the Attorney General of the state where they reside.
- To make an inquiry or file a complaint with the FTC, please see the information at the FTC’s website, https://www.ftc.gov/news-events/media-resources/identity-theft-and-data-security/filing-complaint.
California residents may make an inquiry or file a complaint with the California Attorney General.
- To make an inquiry or file a complaint with the California Attorney General please see their complaints web page, https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.
Members may also file a complaint with their Health Plan or the U.S. Department of Health and Human Services Office of Civil Rights (“Office of Civil Rights”). In some states the Attorney General may also accept HIPAA complaints.
- To file a complaint with the Health Plan, please see the Notice of Privacy Practices provided by the Health Plan. Information may also be provided in the Health Plan’s Summary Plan Description (“SPD”).
- To file a complaint with the Office of Civil Rights, please see the information at the HHS.gov website, https://www.hhs.gov/hipaa/filing-a-complaint/index.html.
Who Do I Contact at Renalogic About this Notice or to Exercise Privacy Rights?
For questions about this Notice or make a request to exercise Your privacy or HIPAA rights please contact:
Chief Privacy Officer
Renalogic
223 W. Jackson, Suite 604
Chicago, IL 60606
privacy@renalogic.com