FallCall Lite GDPR and HIPAA Compliant Policy

FallCall Solutions, LLC
Privacy Policy
HIPAA Compliant policy.
Effective Date: 08/15/2018

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This is our Privacy Policy, which is HIPAA Compliant, for FallCall Lite user-to-user communication application (“FallCall Lite”). We have updated our Privacy Policy to provide you with more transparency on what, how, and why we use your data and to comply with the European General Data Protection Regulation (“GDPR”). By using our services, you agree to our Privacy Policy. If you do not agree to our Privacy Policy, you may not use our services.

1. Definitions

1.1 The following definitions apply:
  1. "we", "our" and "us" means FallCall Solutions, LLC, a limited liability company formed in the State of Connecticut, U.S.A. Our mailing address is 929 White Plains Road, #403, Trumbull, CT 06611.
  2. "you" and "your" means a user of FallCall Lite, which includes both one (1) or multiple Caregivers for one (1) Elder, or one(1) or multiple Elders for one (1) Caregiver, as used with iPhone® or Apple Watch® and supported by the website at http://www.fallcalllite.com, and its subdomains and online interfaces (the "Website").
  3. “Caregiver” means an adult, including a family member, friend or neighbor, who is monitoring and communicating with an Elder through FallCall Lite.
  4. “Elder” means an adult, typically a parent, older relative or friend of a Caregiver, who is being monitored and can communicate with a Caregiver through FallCall Lite.
  5. “Care Group” means a group of caregivers who have been designated by the elder as their contacts to receive notifications in the event that a manual call for help has been activated by the Elder on their iPhone or Apple Watch.
  6. “Central Monitor” means the subscription service that receives the signal following a manual call for help from an Elder’s device and will respond to the call for help by means of a phone call to the Elder’s Apple Watch and/or iPhone. This service is provided by Mytrex, Inc., DBA Rescue Alert, located at 10321 Beckstead Lane, South Jordan, Utah 84095, Fax: 1-877-571-4606. Email: info@rescuealert.com.
  7. FallCall Lite is an application that allows Elders to manually call for help by contacting their Care Group OR their Care Group and the Central Monitor (following subscription sign-up). Caregiver is able to store the last 50 of these responses for later reference.
  8. “User Content” means any content, including messages and responses, submitted by you to FallCall Lite or generated through your use of FallCall Lite.
  9. “PHI” means Protected Health Information of the Elder(s) that consists of individually identifiable health information, as may be covered under the HIPAA Privacy Rule and the HIPAA Security Rule. PHI may include demographic information we collect from you as an Elder, create, or receive from a Caregiver, health care provider, a health plan, or your employer.
  10. “HIPAA” stands for The Health Insurance Portability and Accountability Act of 1996 (HIPAA; Pub.L. 104–191, 110 Stat. 1936, enacted August 21, 1996) and for purposes of this Privacy Policy consists of the HIPAA Privacy Rule, located at 45 CFR Part 160 and Subparts A and E of Part 164, that covers PHI in any medium, and the HIPAA Security Rule that covers electronic PHI, located at 45 CFR Part 160 and Subparts A and C of Part 164. Detailed information regarding HIPAA can be found at www.hhs.gov.
  11. “Personal Information” is any other information about you that is not considered PHI and may include health information about you that is not individually identifiable if it does not identify you and if we have no reasonable basis to believe that it can be used to identify you.
  12. “De-identification” is a process by which identifiers are removed from your PHI to mitigate privacy risks to you and enables us to use the data for a secondary purpose, such as comparative effectiveness studies, marketing and use analytics, policy assessment, life sciences research, and other endeavors. Though properly applied, there is a small risk that de-identified data could be manipulated to link back to your identity.
  13. “Contact Us” means our email address, telephone number, and mailing address to reach us and that is set forth at the end of this Privacy Policy.

2. Our duties and privacy practices with respect to PHI

2.1 We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI.

2.2 We are required to abide by the terms of this Privacy Policy currently in effect.

2.3 For us to apply a change in a privacy practice that is described in this Privacy Policy to PHI that we created or received prior to issuing a revision, we reserve the right to change the terms of this Privacy Policy and to make the new provisions of this Privacy Policy effective for all PHI that we maintain.

2.4 Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your consent in accordance with applicable law. We will post any Privacy Policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.

3. Your rights with respect to PHI

3.1 You have a right to request restrictions on certain uses and disclosures of PHI but we are not required to agree to a requested restriction,

3.2 You have a right to receive confidential communications of PHI.

3.3 You have a right to inspect and copy PHI.

3.4 You have a right to amend PHI.

3.5 You have a right to receive an accounting of disclosures of PHI.

3.6 You have a right to obtain a paper copy of this Privacy Policy from us even if you have received this Privacy Policy electronically.

4. Description of Permitted or Required Uses or Disclosures of your PHI

4.1 We are required by Federal law to maintain the privacy of your PHI, which could relate to your past, present or future physical or mental health or condition, or the provision of health care to you.

4.2 We collect, use, store, and transmit Personal Information through the use of FallCall Lite. This includes an Elder’s heart rate and/or location as determined via GPS. Personal Information that we collect or use is apparent from FallCall Lite interface.

4.3 This Privacy Policy applies only to information we collect at and through FallCall Lite. Please be aware that we are not responsible for the privacy practices of any third party sites.

5. Examples of Uses and Disclosures of your PHI

5.1 When you use FallCall Lite, the application collects Personal Information from you, including:

  1. Name
  2. Elder’s relationship status with Caregivers
  3. Caregiver’s email address
  4. Elder’s email address
  5. Caregiver’s telephone number
  6. Elder’s telephone number
  7. Elder’s home address
  8. Elder’s Apple Watch battery charge level
  9. The pairing status of each Care Group member with the Elder
  10. The Central Monitoring subscription status
  11. The heart rate per minute of the Elder(s).
  12. The location(s) of the Elder’s iPhone(s) or Apple Watch(es) at the time of Elder manual call for help.
  13. Manual help calls of the Elder including historical help calls
  14. Account passwords and passcodes
  15. Central Monitoring “Call for Help” situational updates and help request summary reports
  16. Mobile device unique identifier codes

5.2 On the Caregiver’s FallCall Lite, the application uses a passcode to unlock the encryption of FallCall Lite and/or biometrics, such as a fingerprint recognition system or facial identification system, to unlock the encryption of FallCall Lite. Such individual information when using these features might constitute PHI. FallCall Lite does not transmit this information to another device. Passcode lock is a mandatory feature for security purposes, however, the use of biometric unlock may be turned “on” or “off.” FallCall Lite does not collect biometric information.

5.3 The FallCall Lite application stores all information on a secure, HIPAA-compliant, third party server for the purposes of application function. We maintain access to the server for the purposes of maintenance, analytics, support and updates, however, the Personal identifying information on the server will not be provided to third parties for advertising. The application encrypts Personal Information and the account is password protected. Elder transmitted PHI on the Caregiver’s device is encrypted when passcode lock is engaged on the caregiver device.

5.4 FallCall Lite will collect information about the Elder’s heart rate, GPS location, watch battery charge status, manual call for help history, and account information or other identifying information, which in the aggregate could constitute PHI when accessed by a Caregiver using a passcode or biometric to unlock the encryption protection on the Caregiver’s local device. Therefore, it is the responsibility of the Caregiver to use safeguards provided by the application (i.e., the auto-lock function) to ensure that this PHI is encrypted. During transmission through the application’s server, the Elder’s manual “Calls for Help”, which include PHI as above, is controlled via a HIPAA compliant server, encrypted through the latest protocols, and transmitted through a unique identifier assigned to their paired Caregiver. The unique identifier will be assigned during the Caregiver’s setup process, which is during the Elder pairing process. On the Elder’s device, their completed Call for Help will be shown on a dismissible, “Help Requested“ screen, however, a record of an Elder’s heart rate or location data will not be stored on their personal device.

5.5 FallCall Lite will transmit Call for Help data and house the data on a HIPAA compliant server for the purposes of developing a database of events that will be used for purposes such as (but not limited to) subscription central monitoring, call analytics, and internal quality monitoring practices. This data will include Call for Help activation data, whether or not the call was cancelled, the location of the call, and the time of the call.

5.6 You must be at least 17 years old to purchase and use this application. Use of FallCall Lite by minors age 13-16 is by agreement of the minor's parent. Any user age 13-16 must have his or her parent agree to the terms of this privacy policy. By accessing FallCall Lite, you acknowledge that you are 17 years or older or, if not, that you are at least 13 years old and your parents have read and agreed to the terms of this privacy policy. If you believe we have collected personal information from a child under the age of 13, please contact us.

5.7 In some circumstances, we may use information about you and your iPhone(s) or Apple Watch(es) collected through FallCall Lite to design or implement updates or provide you with information or requested support. As described above, we also collect information from you so that we can provide the information in the following manner:

  1. We will not share any PHI.
  2. We may provide Personal Information from you to third parties who provide hosting services and URL shortening services to support FallCall Lite. They gather information through FallCall Lite for storage on servers that are hosted and controlled by a third party. However, we do not expect these third parties to access your User Content other than for system maintenance purposes.
  3. Upon completion of the subscription agreement with the Central Monitor, FallCall Lite servers will transmit the necessary information from our HIPAA compliant server to the Central Monitor provider following a manual Call for Help. Some of this information will include the Elder’s name, phone number, location of the triggered device, home address, and Care Group contact information. Heart rate and financial information will not be transmitted following a Call for Help.
  4. We may disclose any information, including Personal Information, that we deem necessary to comply with any applicable law, regulation, legal process, subpoena or enforceable governmental request, to enforce our rights, to protect the safety and security of FallCall Lite or other users of FallCall Lite, or to otherwise share information with others when we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to do.
  5. We might share Personal Information with any parent or subsidiaries, or other entities which have a controlling interest in us or are controlled by, or are under common control with, us. In this case, we will request that these parties honor this Privacy Policy with respect to any shared information. Also, should we undergo a merger, change of control or sale of all or substantially all of our assets, we may transfer Personal Information to the actual or intended successor organization in such transaction or permit its examination (under confidentiality restrictions) by our counterparty, the new owner, or its representatives.

6. Access to your information and choices

6.1 You can delete or change the information you entered through FallCall Lite within FallCall Lite itself. If you have additional questions or concerns, or would like more specific information about our practices with respect to Personal Information, you can Contact Us. You may close your Central Monitoring subscription account with us by canceling the Elder(s)’s subscription within the settings of FallCall Lite (See Terms and Conditions for more details). If you wish to completely cancel your FallCall Lite account, please contact us via the information below.

6.2 When setting up your FallCall Lite account, you will be asked for permission to allow FallCall Lite to use iPhone and Apple Watch location services, notification services, Siri® functionality, and Apple Health heart rate access. Although we encourage that you provide permission for each of these services, you have the right to not allow access to any or all of these capabilities.  By not allowing permission to use these capabilities, FallCall Lite will remain functional, however, the following will be omitted:

  1. Disabled location services: The Elder will not transmit their location to their Care Group members or the subscription Central Monitor service during a Call for Help.
  2. Disabled notification services: Users will not receive updated notifications during Calls for Help or System Tests.
  3. Disabled Siri functionality: The Elder will not be able to Call for Help using Siri voice activation.
  4. Disabled Apple Health heart rate access:  The Elder will not send heart rate data to their Care Group during Calls for Help.

7.Security of your information

7.1 The security of your information and data while using FallCall Lite is very important to us. The FallCall Lite employs a variety of technical safeguards on a HIPAA-compliant server to protect the confidentiality, integrity, and availability of Personal Information including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption to prevent unauthorized parties from reading data entered through FallCall Lite. We also use a cloud services instance to store a unique random alphanumeric identifier that is generated when the Caregiver is entering information during the onboarding process and a cloud server/Apple Notification instance to route Push Notifications to and from the Caregiver’s and Elder’s iPhones. The latter may be encrypted at our option.

7.2 Transmissions to and from the iPhone(s) or Apple Watch(es) are encrypted. While we take reasonable logistical and technical steps to keep Personal Information secure, no transmission over the Internet or a mobile network can be totally secure, and we cannot guarantee that a breach will never occur. We do use industry standard physical, technical and administrative security measures and safeguards to protect the confidentiality and security of Personal Information. However, since the Internet is not a 100% secure environment, we cannot guarantee, ensure, or warrant the security of any Personal Information you transmit to us. There is no guarantee that Personal Information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. It is your responsibility to protect the security of your login information.

7.3 Please note that emails and other communications you send to us through our Website are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

8. Records retention

8.1 We will maintain complete and accurate records pertaining to our activities under this Privacy Policy, including records pertaining to your PHI and Personal Information, in accordance with HIPAA and applicable law. We will retain such records for a duration prescribed by HIPAA and applicable law but no longer than is necessary to achieve the purposes of processing such records as disclosed in this Privacy Policy, or longer if we are notified, ordered or otherwise required to maintain such records for a longer period in connection with a legal proceeding or government investigation.

9. Consent to data processing

9.1 You have the right to withdraw your consent to our use of your PHI or Personal Information, or raise an objection to the processing of your PHI or Personal Information at any time by contacting us in the manner set forth in the “Contact us” provision below. However, you will be required to cease using our services.

9.2 To the extent that our Site is operated and managed on servers located within the United States, you who are residents and citizens of countries and jurisdictions outside of the United States who use and access our Site agree and consent to the transfer to and processing of Personal Information on these servers. To the extent that our Site is operated and managed on servers located outside of the United States, the protection of such Personal Information may be different than required under the laws of your residence or location.

10. Your right to revoke your authorization

10.1 To the extent that we desire to use or disclose your PHI for purposes other than set forth above, it will only be done with your written authorization and you may revoke your authorization at any time provided that your revocation is in writing and sent to Contact Us. Upon receipt, your revocation will be honored by us, except to the extent that we have taken action in reliance of your authorization to use your Personal Information (and not PHI).

11. Complaints

11.1 You may complain to us and to the Secretary of Human Health and Services (www.hhs.gov) if you believe your privacy rights have been violated. If you have any questions, concerns, complaints or suggestions regarding this Privacy Policy or otherwise need to contact us, go to Contact Us below to communicate with us. We will not retaliate against you for filing a complaint.

12. Contact Us.

12.1 Contact us as follows:

Email: dpo@fallcall.com
Telephone: (203) 736-7647
US Mail:
FallCall Solutions, LLC
929 White Plains Road, #403
Trumbull, CT 06611

12.2 You may contact Carlton Chen, our data protection officer (“DPO”), by using the above email, telephone number, or mail address to reach our DPO for submitting your questions or concerns about our processing of your personal data.

Apple®, the Apple logo, iPhone® and Apple Watch®, are trademarks of Apple Inc., registered in the U.S. and other countries and regions.

2018®FallCall Solutions, LLC

Terms Of Use  |  Privacy Statement
©2018 by FallCall Solutions, LLC.
Apple, the Apple logo, and iPhone are trademarks of Apple Inc., registered in the U.S. and other countries. Apple Watch is a trademark of Apple, Inc. App Store is a service mark of Apple Inc.