PRIVACY POLICY

This Privacy Policy applies to all visitors to, and users of, Realizing DPP, Inc.’s (“Realizing DPP,” “our,” “us,” or “we”), collectively (the “Website” or “Realizing DPP’s Products and Services”).

By using the Website, you agree to this Privacy Policy and Terms of Use linked to the Website.

Why did we create this policy?

We collect information from and about users of Realizing DPP Products and Services. This Privacy Policy defines the types of information we may collect from you or that you may provide, and our practices for collecting, using, keeping, protecting, and sharing that information.

The information we collect about you includes information about your training and experience for joining the Realizing DPP Community and registering in the Realizing DPP Workforce.

Realizing DPP respects the privacy of all visitors and users of Realizing DPP Products and Services and is committed to protecting privacy by following this Privacy Policy. We are dedicated to keeping this information accessible, confidential, and consistent. Users that have reviewed and accepted this Privacy Policy will, by using a username and password, have access to and can use Realizing DPP Products and Services.

It’s up to you to read and understand this policy. If you have questions, contact us and we will answer them.

Please read this Privacy Policy carefully to understand our policies and practices about your information and how we will treat it. If you do not agree with our Privacy Policy, you can choose not to use Realizing DPP Products and Services. By using the Website, you agree to our Privacy Policy and our Terms of Use

If you have questions, email us at support@realizingdpp.com.

What kinds of data and information do we collect, and how do we collect it?

When you use Realizing DPP Products and Services, we may collect and use or share your personal information to the extent minimally necessary. You accept that we may collect personal information from you directly, or from third parties that share your personal information with Realizing DPP. It is fully your choice whether to release your personal information for Realizing DPP Products and Services. If you choose not to give the personal information needed, you may not be able to use some of the Realizing DPP Products and Services.

Technical information

We may collect and use technical data (data from your device hardware or software) and related information (“Technical Information”), including but not limited to:

  • Technical information about devices you may receive such as manufacturer, service provider, IP address, operating system, browser type, and mobile number
  • System and application software and peripherals
  • Your interactions with Realizing DPP Products and Services, including automatically recording the dates and times of visits to Realizing DPP Products and Services, traffic data, and your search queries

We sometimes gather Technical Information to:

  • Help software updates and product support
  • Improve products and services to you that are related to Realizing DPP
  • Measure the number of our users and how they use Realizing DPP Products and Services
  • Store information about your preferences, allowing us to customize products and services to your interests
  • Speed up your searches and recognize when you return to our website and use Realizing DPP Products and Services

We may also automatically receive and record information on our server logs from your browser or mobile device, which could include your IP address, cookie information, browser information, and the pages you visit/request. Realizing DPP may use Technical Information in any way it believes is proper and lawful.

The Privacy Policy applies to the following ways we collect data and information:

  • On the Website
  • Through email, text, video, and voice communications between you and us
  • Through offline community activities and communications
  • From physicians, hospitals, clinics, schools, and any other organizations or groups that you give permission to share information with Realizing DPP
  • Through any or all Realizing DPP’s Products and Services

Why does Realizing DPP need to collect my data and information?

Realizing DPP Products and Services exist to simplify and expand your Lifestyle Coach experience and help lifestyle care partners (healthcare payers, clinical care, and population related providers) find qualifying participants for your cohorts. Realizing DPP connects statewide the lifestyle care ecosystem for the functional delivery of chronic disease prevention programs (including the Centers for Disease Controls’ National Diabetes Prevention Program and Center for Medicare and Medicaid Services’ Medicare DPP) with technology that manages service referrals, reimbursements and payments, collects data, and simplifies enrollment while supporting greater participant engagement.

To support this, we need to ensure that each user who gives personal information, clearly allows it to be used or shared. For this reason, we need a license from you to use or share your Information, whether we get it directly from you or, if applicable, from third parties you name.

How do we use your data and information?

  • To help give Realizing DPP Products and Services to you and on your behalf
  • To give you information, products, or services that you request from us
  • To give you notices and communications found suitable by us
  • To fulfill any other purpose that you may give the Information
  • To carry out our duties from any contracts we have entered related to you
  • To let you know about changes to the Realizing DPP Privacy Policy and Realizing DPP Products and Services
  • To allow you to join in interactive or educational features on the Website
  • To obey any court order, law, or legal process, including responding to any government or regulatory request
  • To enforce or apply the Terms of Use 
  • If we believe sharing Information is needed to protect Realizing DPP’s rights, privacy, security, property, and access to information
  • In any other way we may define when you give Information
  • For any other purpose with your lawful consent

We collect and share only the data we need

Except as described in this Privacy Policy or in our Terms of Use, technical information, location-based information, and behavior tracking information (collectively, “Information”) that you give or that we collect from third parties, will be kept private and used or shared only to the extent minimally necessary to support Realizing DPP Products and Services.

At all times, we will only use or share your Information to the extent minimally necessary for the intended use or disclosure. The Realizing DPP minimum necessary policy follows the current industry standard that Information should not be used or shared when it is not necessary to satisfy a certain purpose or carry out a function. Read the full definition of “minimum necessary” in the Terms and Definitions section at the end of this document.

What are you agreeing to in this policy?

By using the Website, you agree to our Privacy Policy and the Terms of Use 

When we have your consent, you accept that we may collect Information from you directly or from third parties that you may allow to share with Realizing DPP. We may ask you or allowed third parties to give Information about you that will allow us to enhance how we serve your needs and your use of Realizing DPP Products and Services. It is fully your choice whether you give Information through Realizing DPP Products and Services. If you choose not to give the Information we need, you may not be able to use some parts of Realizing DPP Products and Services.

You also give Realizing DPP a lasting, non-exclusive, transferable, sub-licensable, royalty-free license to use your Information and other data we collect to develop, create, and extract statistics and other information, and to use this information and de-identified data known as “blind data”.

Aside from anything against this Privacy Policy, any blind data Realizing DPP collects or creates will be owned solely by Realizing DPP. This data may be used for any lawful business purpose without your consent if: this data is not Information and doesn’t identify the source of such data.

What control do you have over your data and information?

We have created methods to give you control over your information. You can set your browser to refuse all or some browser cookies (described below) or alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of Realizing DPP Products and Services may not work.

We may use your Information to contact you about our own and third-party products and services that may interest you. The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by changing the settings on your browser (such as Safari, Internet Explorer, Firefox, and Chrome). However, by doing this, you may be unable to access certain parts of Realizing DPP Products and Services. Unless you have changed your browser settings to refuse cookies, our system will issue cookies when you direct your browser to our website.
  • Flash Cookies. A Flash cookie is like a browser cookie, but a program uses it instead of the browser. Certain features of our website may use Flash cookies to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings that are used for browser cookies.

Keeping your data and information secure

We have applied reasonable and suitable administrative, technical, and physical safeguards designed to protect your Information from illegal access, use or sharing. All Information you provide to us is stored with an approved cloud services provider.

What you can do to help secure your information

The safety and security of your Information also depends upon you. Where we have given you (or where you have selected) a username and password to access Realizing DPP Products and Services, you are responsible for keeping this information private. It is in your best interest to not share your username or password with anyone.

Please keep in mind that whenever you willingly share Information on message boards or other public forums and features, or through email or group messaging, that Information can be collected and used by others who you may or may not have given consent. By posting Information online that is publicly accessible, you may receive unwanted messages from other parties or reveal your location. We are not responsible for the security or privacy of any Information you choose to send outside the scope of Realizing DPP Products and Services.

Where is your data and information stored?

Information collected from you may be stored and processed in the United States only.

Who is not covered by this policy?

Third-Party Products, Services and Technologies

We may provide links to third-party websites within Realizing DPP Products and Services. Such links may appear as a specific domain name or URL. Please be aware that other websites and services, including the websites of third parties that you connect with through Realizing DPP Products and Services, may collect Information about you. This Privacy Policy does not cover the information practices of those third-party websites, services, or applications and Realizing DPP cannot control and is not responsible for the information collection practices of any such websites, services, or applications. We encourage you to carefully review the terms of use, privacy policies, and any other legal notices on such websites before using or giving Information to them.

Physicians or other health care providers

Physicians or other health care providers, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA), likely have their own privacy and security policies with respect to your Information. For more information about your rights under HIPAA, see www.hhs.gov/ocr/privacy/.

How do we manage this policy?

All Realizing DPP websites will post this Privacy Policy. All users of Realizing DPP websites will get a prompt to review the Website Terms of Use and Privacy Policy.

This policy may change. We will do our best to let you know if it does.

We may change this Privacy Policy and the Terms of Use from time to time, and while we will do our best to let you know of any changes, it is up to you to review this Privacy Policy and the Terms of Use over time. We consider your continued use of Realizing DPP Products and Services after we make changes as acceptance of those changes. Please check our Privacy Policy over time for updates. When we change the Privacy Policy or Terms of Use, we will also update the “Effective” date on the relevant document and may let you know directly or post a message on the Website.

It is our policy to post any changes that we make to our Privacy Policy on this page and on our home page. If we make material changes to how we treat your Information, we will let you know by emailing the primary email address you have provided, and/or through a notice on the home page of the Website. The last revision date of our Privacy Policy is at the top of the page. It’s up to you to ensure we have an up-to-date active and deliverable email address for you, and to visit the Website and this Privacy Policy for changes.

Who oversees this policy?

Realizing DPP is responsible for the development, revision, and update of the Website Privacy Policy.

Terms and definitions

Disclosure – The sharing, release, transfer, provision of access to, or divulging in any other manner of information to others outside the entity holding the information.

HIPAA – (United States Health Insurance Portability and Accountability Act of 1996) - two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs; HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. For more information, visit www.hhs.gov/ocr/privacy/.

HITECH Act (Health Information Technology for Economic and Clinical Health Act) – The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States. The HITECH Act also expands the standards that aid in electronic exchange of health information nationally and provides incentives for covered entities that adopt Electronic Health Records (EHR).I

Individual – shall mean the person who is the subject of the Information cited below and the Protected Health Information (PHI) or Personally Identifiable Information (PII).

Information – All aspects of PHI, PII, and the Information technical Information, location-based information, and behavior tracking information (collectively known as “Information”)

Minimum Necessary (Need to Know) – Minimum necessary, (or informally, need to know rule), is a key protection of the HIPAA Privacy Rule. The Realizing DPP minimum necessary policy adheres to the current industry standard that PHI and PII should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices, and enhance safeguards as needed to limit unnecessary or inappropriate access to, and disclosure of, PHI and/or PII. When using or disclosing PHI and/or PII, or when requesting PHI and/or PII from another health care provider or health organization, Realizing DPP will limit the request to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Minimum Necessary does not apply in the following circumstances:

  1. Disclosures by a health care provider for treatment (students and trainees are included as health care providers for this purpose).
  2. Uses and disclosures based upon a valid consent to use and disclose PHI and/or PII or treatment, payment and health care operations or a valid authorization to use and disclose PHI and/or PII.
  3. Disclosures made to the Secretary (or designee) of the United States Department of Health and Human Services, or any other State or Federal agency requesting disclosure under prevailing law.
  4. Uses and disclosures required by law or regulatory guidance.
  5. Uses and disclosures required by other sections of the HIPAA privacy regulations.

Personally Identifiable Information (PII) and Protected Health Information (PHI) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context including health information transmitted or maintained in any form or medium, including oral, written, and electronic. PHI relates to an individual’s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered PII where there is a reasonable basis to believe the information can be used to identify an individual.