Privacy

Who we are

Our Company’s most important value is ‘Patients First’, which means that we are committed to protecting your privacy and we take great care with patient information. This policy will help you understand how we use and protect your data. Thank you so much for choosing the PHZIO platform.

Effective Date: Oct 1, 2023

1. Introduction

Bistromatics Inc. (“us,” “we,” or “Phzio”) is committed to respecting the privacy rights of our customers, visitors, and other users of eWellnesshealth.com, bistromatics.com and PHZIO.COM (the “Site”) and related websites, applications, services and or mobile applications provided by Phzio and on/in which this Privacy Policy is posted or referenced (collectively, the “Services”). We created this Privacy Policy (“Privacy Policy”) to give you confidence as you use the Services and to demonstrate our commitment to the protection of privacy. This Privacy Policy is only applicable to the Services. This Privacy Policy does not apply to any other website or digital service that you may be able to access through the Services or any website or digital services of Phzio’s business partners, each of which may have data collection, storage and use practices and policies that may materially differ from this Privacy Policy. Your use of the Services is governed by this Privacy Policy and the Agreement (as the term “Agreement” is defined in our Terms of Use (See Below). Any capitalized term used but not defined in this Privacy Policy shall have the meaning in the Agreement.

By using the services, you agree to the practices and policies outlined in this privacy policy and you hereby consent to the collection, use, and sharing of your information as described in this privacy policy. if you do not agree with this privacy policy, you cannot use the services. if you use the services on behalf of someone else (such as your child) or an entity (such as your employer), you represent that you are authorized by such individual or entity to accept this privacy policy on such individual’s or entity’s behalf.

2. Information We Collect

2.1 Personal Information

2.1.1 Personal Information Generally

Some of the Services require us to know more about you so that we can best meet your needs. When you access these Services, we may ask you to voluntarily provide us certain information that personally identifies (or could be used to personally identify) you (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) contact data (such as your e-mail address and phone number); (2) demographic data (such as your gender, your date of birth and your zip code); (3) insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the physical therapists, dentists or other health care providers (“Healthcare Providers”) you have visited, your reasons for visit, your dates of visit, your medical history, and other medical and health information you choose to share with us), and (5) other information that you voluntarily choose to provide to us, including without limitation SSN, unique identifiers such as passwords, and Personal Information in emails or letters that you send to us. You may still access and use some of the Services if you choose not to provide us with any Personal Information, but the features of the Services that require your Personal Information will not be accessible to you.

2.1.2 Billing, Collection and Payment Information

If you make a payment through our Services to a Healthcare Provider (as further described in and subject to other provisions of the Agreement), your payment card information is processed by our payment processing partner, Braintree (https://braintreepayments.com). Braintree collects your voluntarily provided payment card information necessary to process your payment. Braintree’s use and storage of information it collects is governed by Braintree’s applicable terms of service and privacy policy. The information we store includes your payment card type and the last four digits of the payment card. We may provide to you the option to remove your stored payment card information through your account settings page.

2.2 Traffic Data

We also may automatically collect certain data when you use the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which you accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between your browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information. We may also collect additional information, which may be Personal Information, as otherwise described to you at the point of collection or pursuant to your consent.

2.3 PIPEDA, HIPAA and PHI

Under a federal law in Canada and the United States, some of the demographic, health and/or health-related information that Phzio collects as part of providing the Services may be considered “protected health information” or “PHI”. Specifically, when Phzio receives identifiable information about you from or on behalf of your Healthcare Providers, this information is PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Phzio may only use and disclose your PHI in the ways permitted by your Healthcare Provider(s). In addition, you have been or will be asked to e-sign the Phzio User Authorization (the “Phzio Authorization”). Your decision to e-sign the Phzio Authorization is entirely voluntary. If you choose to e-sign the Phzio Authorization, you agree that Phzio may use and disclose your PHI in the same way it uses and discloses your Personal Information that is not PHI. These uses and disclosures are described in this Privacy Policy. To the extent any provision in the Phzio Authorization is inconsistent with this Privacy Policy or other provisions of the Agreement, then the provision in the Phzio Authorization only controls with respect to your PHI. If you do not e-sign the Phzio Authorization, then your Personal Information that is not PHI is governed by this Privacy Policy and your Personal Information that is PHI is used and disclosed only as permitted by your Healthcare Provider(s).

3. How We Collect Information

We collect information (including Personal Information and Traffic Data) when you use and interact with the Services, and in some cases from third party sources. Such information includes:

When you use the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms (“Medical History Forms”) prior to Healthcare Provider appointments;
When you voluntarily provide information in free-form text boxes through the Services and through responses to surveys, questionnaires and the like;
If you download and install certain applications and software we make available, we may receive and collect information transmitted from your computing device for the purpose of providing you the relevant Services, such as information that lets Phzio know when you are logged on and available to receive update or alert notices;
If you download our mobile application, we may receive information about your location and mobile device;
Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
When you use the “Contact Us” function on the Site, send us an email or otherwise contact us.

4. Tracking Tools and “Do Not Track”

4.1. Tracking Tools

We may use tools outlined below in order to better understand users.

Cookies: “Cookies” are small computer files transferred to your computing device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use Cookies to help us improve or tailor the Services by tracking your navigation habits, storing your authentication status so you do not have to re-enter your credentials each time you use the Services, customizing your experience with the Services and for analytics and fraud prevention.
We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our business partners use Cookies to display Phzio ads on other websites and services based on information about your use of the Services and on your interests (as inferred from your online activity). Other Cookies used by our business partners may collect information when you use the Services, such as the IP address, mobile device ID, operating system, browser, web page interactions, the geographic location of your internet service provider and demographic information, such as gender and age range. These Cookies help Phzio learn more about our users’ demographics and internet behaviors.
For more information on cookies, visit http://www.allaboutcookies.org.
Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
Website Analytics: We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the Site. These website analytics services generally do not collect Personal Information unless you voluntarily provide it and generally do not track your browsing habits across websites which do not use their services. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 6 (Use of Information).
Mobile Device Identifiers: Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and Traffic Data. As with other Tracking Tools, mobile device identifiers help Phzio learn more about our users’ demographics and internet behaviors.

4.2. Options for Opting out of Cookies and Mobile Device Identifiers

Some web browsers (including some mobile web browsers) allow you to reject Cookies or to alert you when a Cookie is placed on your computer, tablet or mobile device. You may be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. Although you are not required to accept Phzio’s Cookies or mobile device identifiers, if you block or reject them, you may not have access to all features available through the Services.

You may opt out of receiving certain Cookies and certain trackers by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) consumer opt-out page. When you use these opt-out features, an “opt-out” Cookie will be placed on your computer or tablet indicating that you do not want to receive interest-based advertising from NAI or DAA member companies. If you delete Cookies on your computer or tablet, you may need to opt out again. For information about how to opt out of interest-based advertising on mobile device identifiers, please visit http://www.applicationprivacy.org/expressing-your-behavioral-advertising-choices-on-a-mobile-device. Please note that even after opting out of interest-based advertising, you may still see Phzio’s advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Phzio is no longer using Tracking Tools — Phzio still may collect information about your use of the Services even after you have opted out of interest-based advertisements and may still serve advertisements to you via the Services based on information it collects via the Services.

4.3. How Phzio Responds to Browser “Do Not Track” Signals

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including Phzio, do not take action to respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.

5. Use of Information

We use your information, including Personal Information, to provide the Services to you and to help improve them, including to:

provide you with the products, services and information you request and respond to correspondence that we receive from you;
provide, maintain, administer or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
notify you about certain resources or Healthcare Providers we think you may be interested in learning more about;
send you information about Phzio or our products or Services;
contact you when necessary or requested, including to remind you of an upcoming appointment;
customize and tailor your experience of the Services, which may include sending customized messages or showing you Sponsored Results that may be of interest to you based on information collected in accordance with this Privacy Policy;
send emails and other communications that display content that we think will interest you and according to your preferences;
combine information received from third parties with the information that we have from or about you and use the combined information for any of the purposes described in this Privacy Policy;
use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
prevent, detect and investigate security breaches and potentially illegal or prohibited activities.

We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses Phzio and how we can deliver a better healthcare experience (for example, testing different kinds of emails has helped us understand when and how patients prefer to get Wellness Reminders for preventive care), or otherwise at our discretion.

6. Disclosure of Information

We may disclose certain information that we collect from you:

We may share your Personal Information with Healthcare Providers with which you choose to schedule through the Services. For example, if you complete a Medical History Form using the Services in advance of an appointment, we may share your Medical History Form with your Healthcare Providers. You also may choose to store but not share your Medical History Form.
We may share your Personal Information with your Healthcare Providers to enable them to refer you to and make appointments with other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments, provided that you choose to use the applicable Services.
We may share your Personal Information with Healthcare Providers in the event of an emergency.
We may also share your Personal Information with organizations that collect, aggregate and organize your information so they can make it more easily accessible to your Healthcare Providers.
We do not sell email addresses to third parties. We may share your email address with our business partners to enable them to help Phzio customize our advertising.
We may share your Personal Information and Traffic Data with our business partners who perform core operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, or Website analytics set forth in Section 4.1 (Tracking Tools)) and/or by making certain features available to our users.
For the purposes of determining eligibility and cost-sharing obligations, and otherwise obtaining benefit plan information, we may share with the insurance provider you identify to us (via our business partners) your insurance-related Personal Information.
We may transfer your information to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of Phzio (whether in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

We also may need to disclose your Personal Information or any other information we collect about you if we determine in good faith that such disclosure is needed to: (1) comply with applicable law, regulation, court order or other legal process; (2) protect the rights, property or safety of Phzio or another party; (3) enforce the Agreement or other agreements with you; or (4) respond to claims that any posting or other content violates third-party rights.

We may disclose information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) at our discretion.

We store and process information on our servers in the United States and Canada. We maintain industry standard backup and archival systems. All US patient information is stored and maintained on servers in the US, while Canadian patient information is stored exclusively in Canada, following Canadian privacy legislation.

7. Public Information

Any information that you may reveal in a review posting or online discussion or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Information in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.

8. Storage and Security of Information

The security of your Personal Information is important to us. We endeavor to follow generally accepted industry standards to protect the Personal Information submitted to us, both during transmission and in storage. For example, when you enter sensitive information on our Site, we encrypt that information using secure socket layer technology.

Although we make good faith efforts to store Personal Information in a secure operating environment that is not open to the public, we do not and cannot guarantee the security of your Personal Information. If we become aware that your Personal Information has been disclosed in a manner not in accordance with this Privacy Policy, we will use reasonable efforts to notify you of the nature and extent of the disclosure (to the extent we know that information) as soon as reasonably possible and as permitted or required by law.

9. Controlling Your Personal Information

If you are a registered user of the Services, you can modify some of the Personal Information you have included in your profile or change your username by logging in and accessing your account. If you wish to close your account, please email us at privacy@Phzio.com. Phzio will delete your account and the related information at your request as soon as reasonably possible. Please note, however, that Phzio reserves the right to retain information from closed accounts, including to comply with law, prevent fraud, resolve disputes, enforce the Agreement and take other actions permitted by law. You must promptly notify us if any of your account data is lost, stolen or used without permission.

10. Information Provided by or on Behalf of Children

The Services are not intended for use by children and children are prohibited from using the Services. Phzio does not knowingly collect any information from children, nor are the Services directed to children.

By accessing, using and/or submitting information to or through the Services, you represent that you are not younger than age 13. If we learn that we have received any information directly from a child under age 13 without his/her parent’s written consent, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Services and subsequently we will delete that information.

If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Information as otherwise provided herein.

11. Links to Other Websites

The Services contain links to third party websites with which Phzio has no affiliation. A link to a non-Phzio website does not mean that we endorse that website, the quality or accuracy of information presented on the non-Phzio website or the persons or entities associated with the non-Phzio website. If you decide to visit a third party website, you are subject to the privacy policy of the third party website as applicable and we are not responsible for the policies and practices of the third party website. We encourage you to ask questions before you disclose your information to others.

12. Updates and Changes to Privacy Policy

The effective date of this Privacy Policy is set forth at the top of this webpage. We will notify you of any material change by posting notice on this webpage. Your continued use of the Services after the effective date constitutes your acceptance of the amended Privacy Policy. We encourage you to periodically review this page for the latest information on our privacy practices. The amended Privacy Policy supersedes all previous versions. IF YOU DO NOT AGREE TO FUTURE CHANGES TO THIS PRIVACY POLICY, YOU MUST STOP USING THE SERVICES AFTER THE EFFECTIVE DATE OF SUCH CHANGES.

Phzio Healthcare Corporation (“Phzio”) HIPAA Patient Authorization

Phzio provides telemedicine based physical therapy (“PT”) treatments on our PHZIO distance monitored PT treatment exercise platform, that may or may not be insurance reimbursable . The PHZIO system has the capability to manage and forwarding your health history forms and other health-related information to share with your healthcare providers (“Phzio Services”). As part of providing the Phzio Services, Phzio may collect, use, share, and exchange your health history forms and other health-related information with Your Healthcare Providers. Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of this health and health-related information may be considered “protected health information” or “PHI” if such information is received from or on behalf of Your Healthcare Providers.

Safeguards for PHI: HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers and by health plans (called “Covered Entities”) as well as companies, like Phzio, that provide certain types of assistance to Covered Entities (called “Business Associates”). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like Your Healthcare Provider(s), can disclose protected health information to a third party.

Non-Protected Health Information: As a condition of creating your Phzio account, you are required to read and agree to Phzio’s Privacy Policy (See Below). Phzio’s Privacy Policy explains how Phzio processes and shares information received from you that is not covered by HIPAA (“Non-PHI”).

Your PHI Authorization: The purpose of this Phzio Authorization (“Authorization”) is to request your written permission to allow Phzio to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If Phzio is a Business Associate of Your Healthcare Providers, Phzio needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI when Phzio is not working on behalf of Your Healthcare Providers, but is instead working on its own behalf. Therefore, when Phzio relies on this Authorization, and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures.

If you e-sign this Authorization, you give your permission to Phzio to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed. Specifically, you agree that Phzio can use your PHI to:

enable and customize your use of the Phzio Services;
provide you alerts or other Phzio Services regarding future appointments;
notify you regarding providers we think you may be interested in learning more about;
share information with you regarding services, products or resources about which we think you may be interested in learning more;
provide you with updates and information about the Phzio Services;
market to you about Phzio and third party products and services;
conduct analysis for Phzio’s business purposes;
support development of the Phzio Services; and
create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.

You also agree that Phzio can disclose your PHI to:

third parties assisting Phzio with any of the uses described above;
Your Healthcare Providers to enable them to refer you to, and make appointments with, other providers on your behalf, or to perform an analysis on potential health issues or treatments, provided that you choose to use the applicable Phzio Service;
a third party as part of a potential merger, sale or acquisition of Phzio;
our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when Phzio is no longer working on behalf of Your Healthcare Providers;
a provider of medical services, in the event of an emergency; and
organizations that collect, aggregate and organize your information so they can make it more easily accessible to your providers.

Redisclosure: If Phzio discloses your PHI, Phzio will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to Phzio or for the permitted purpose of the disclosure (as described above). Phzio cannot, however, guarantee that any such person or entity to which Phzio discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.

Expiration and Revocation of Authorization: Your Authorization remains in effect until you provide written notice of revocation to Phzio. YOU CAN CHANGE YOUR MIND AND REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY (OR NO) REASON.

If you wish to revoke this Authorization, you must notify Phzio by submitting a revocation through your account settings page. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain of the Phzio Services. A Revocation of Authorization is effective after you submit it to Phzio, but it does not have any effect on Phzio’s prior actions taken in reliance on the Authorization before revoked. Once Phzio receives your Revocation of Authorization, Phzio can only use and disclose your PHI as permitted in Phzio’s agreements with Your Healthcare Provider(s). Your Revocation of Authorization does not affect Phzio’s use of your Non-PHI.

We will make available to Your Healthcare Provider(s), current and past, your agreement to or revocation of this Authorization.

Data & Privacy

How do we safeguard data?

At Phzio, Patients First is our most important core value. It means we’re always working hard to keep your data safe and continually earn your trust. Keeping your information secure is a top priority for us. Here are some of the ways we protect it:

Privacy and security training: Selected executives and content and data programmers receive privacy and security training to ensure that we stay focused on privacy. This includes HIPAA training and regular security training administered by a third party. (HIPAA, or the Health Insurance Portability and Accountability Act, establishes national standards for protecting the identifiable health information of health plan beneficiaries and patients.)
Strong encryption: We employ top-notch technology to safeguard data. Our site uses 128-bit GCM encryption – the same standard most banks use to protect your financial information. All Phzio data is transferred via HTTPS over TLS, which is a security standard used by the US government for secured traffic (FIPS compliant).
Secure storage: All data is stored in a physically and electronically secure facility, behind firewalls. Data backups are protected by high-grade encryption (FIPS 140-2 certified), meaning your data stays secure and unreadable. An intrusion detection system monitors our data 24/7 and alerts us to any unusual activity.
Expert auditing: when needed Phzio works with outside experts to keep our security practices and standards high. We hire a third party to periodically test our service and processes, and we plan to run the SSAE-16 Type II audit annually.
Smart features: We build features that protect data on your end, too. For instance, we automatically sign you out of the site if you’re inactive, we set requirements on your password strength, and we lock your account if the wrong password is entered too many times.

What data do we collect?

When signing up and using our PHZIO platform, you only need to share basic information, such as your name, email, sex, and date of birth insurance carrier information.

To make sure we’re always improving, we also analyze use of the service – such as the time of day you schedule an appointment, the specialties that you book most often, and the type of device you use. This data, like the rest of your information, is stored with security as a top priority. And Phzio never stores credit card information, bank account information, radiological images or reports, laboratory analysis, or diagnostic reports.

How do we use data?

When you book an appointment, we securely share your name, insurance details (if you provide them), date of birth, sex, and chosen appointment time with your physical therapist. If you choose to use Phzio Check-In (instead of a clipboard and pen in the physical therpist’s office), we relay to your physical therapist, on your behalf, any information you voluntarily provide.

We also analyze aggregated data, which cannot be connected back to any individual patient, to better understand different uses of Phzio and how we can deliver a better healthcare experience. For example, testing different kinds of emails has helped us understand when and how patients prefer to receive Wellness Reminders for preventive care. We may also use this non-identifiable data for projects that can benefit the world, like studying disease patterns or contributing to public health initiatives. And in the future, we might work with partners to help us accomplish these things.

Like other online businesses, we may show ads for our services on other websites or platforms. We never show you ads for third party products.

We will not share your personal information unless we have your consent or are required by law to do so. We never sell your personal information to any third parties. In all of these cases, our top concern and highest priority is the security of your data.