OMS C3 ^TM
Privacy Policy
Last Updated April 26, 2024

Our Commitment to Privacy

This Privacy Policy (this "Privacy Policy") sets out the key elements of how Objective Medical Systems, L.L.C., a Louisiana limited liability company (the "Company", "we" or "us") addresses the privacy and security of information entrusted to us by our customers through their access and use of the OMS C3® software platform (the "Service Software"), as well as the privacy of information entrusted to us by business partners, prospects and others who seek information and/or contact us through contactus@omshealth.com (including any subdomains, the "Website"). The Website can be used and accessed by the public as a source of general information about the Company. Our customers and business partners also can access the Service Software via the Website. This Privacy Policy applies to all users of our Website, products, and services. BY USING THE WEBSITE AND THE SERVICE SOFTWARE YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY AND THE TERMS OF USE.

We may revise this Privacy Policy from time to time. It is our policy to post any changes we make to this Privacy Policy on this page with a notice that the privacy policy has been updated on the Website home page. The date this Privacy Policy was last updated is identified at the top of the page. You are responsible for periodically visiting our Website and this Policy to check for any changes. Your continued use of the Service Software or the Website after we make changes is deemed to be acceptance of those changes.

What is considered private?

Information that is used by a government authority, financial institution or insurance carrier to distinguish a person from other individuals ( e.g., social security number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address or telephone number). Information about an individual’s health, including insurance and billing information, is also considered to be Protected Health Information ("PHI"), Individually Identifiable Health Information ("IIHI") or a similar term, and it also is private.

For the remainder of this Privacy Policy, we will refer to all of the above-described categories of personal information, under the broad category of "Personal Information", unless we specifically note otherwise. If we wish to refer only to information about a specific individual’s health but not to other forms of Personal Information, we will refer to "PHI."

This Privacy Policy also will apply to non-personal information if such information can be used in combination with other Personal Information or non-personal information to identify an individual.

Please be aware that this Privacy Policy only covers information manually submitted to, or automatically collected by, us through use of the Website and/or the Service Software. If you contact or exchange information with another the Company customer or business partner in person or through a means other than through the Website or Service Software, such activity is not covered by this Privacy Policy. Additionally, if you are not a customer or a business partner of the Company by way of written agreement, and are contacting us out of interest in the Service Software, a business partnership or a job opportunity, please be aware that the information that you share with us is not covered by this Privacy Policy, unless required by law.

Personal Information Collected by the Service Software

There are two ways Personal Information can be submitted to us. The first is through direct submission or what we call "Manual Submission" and the second is by way of "Automatic Submission" triggered by any interaction with the Website through a computer, mobile device or tablet.

Manual Submission
Personal Information can be submitted to us directly when you communicate with us offline (in person or by telephone), via email or via the Website (by entering data or uploading files) or when you authorize the Company to access, retrieve and/or import Personal Information from another user or third party on your behalf. Additionally, if you become a customer of the Company, you will be required to register by submitting Personal Information via the Service Software, email or offline. This could include name, email address, mailing address, telephone number(s) and other contact and billing information.

Automatic Submission
Whenever your computer, mobile device or tablet visits, logs in or otherwise interacts with the Website, we gather data from your device and the operating software of your device transmits a request to us. That request includes non-personal information that is necessary to identify and route the information your device is requesting. This communication is necessary for all website and Internet services.

We also use cookies (sometimes referred to as "web beacons" or "server logs"). Cookies are files that web browsers place on a computer’s hard drive that tell us whether customers or visitors have been to the Website previously, and they often include an anonymous unique identifier. Data collected using cookies can include:

• Date and time a request is transmitted through the Website
• The model of the device making the request
• The type and version of the operating software running on the device
• The web browser used on the device and making the request
• IP address
• Geographic location
• Time zone
• Search terms used
• URLs visited
• Information about some of the cookies that are installed on your computer, mobile device or tablet
• Internet service provider
• Previous activity on the Website

Purpose

The Company is a cloud-based Software-as-a-Service (SaaS) platform designed to provide chronic care management services for patients with multiple, significant chronic diseases.

Personal Information and non-personal information may be used for the following reasons:

• to register customer accounts
• to provide our cloud-hosted SaaS Service Software
• to operate, maintain, manage and administer the Service Software
• to respond to questions and communications
• to perform audits, research, measurements and analyses in an effort to maintain, administer, support, enhance and protect the Service Software, including determining usage trends and patterns.
• to create new features, products or services
• to contribute to certain health and medical research (only non-personal information will be used)*

*We may track and analyze non-identifying, aggregate usage, and volume statistical information from our visitors and customers. We are committed to ensuring privacy and protecting Personal Information. We also are committed to providing valuable insights and analytics to enable better performance and quality.

We use cookies to enhance the quality of the Service Software by, for example:

• saving user preferences
• preserving session settings and activities
• providing limited auto-fill functionality for those who use the Service Software frequently
• analyzing various features and content of the Service Software

Consent and Authorization

By visiting the Website, you are consenting to the use of your Personal Information for the aforementioned purposes. On occasion, we may request additional consent in connection with the use or sharing of Personal Information for a purpose not stated in this Privacy Policy or because the law requires such consent.

If you are a customer or business partner of the Company, we will never use your Personal Information in a manner not otherwise provided for in our written contracts with you, authorization forms you provide to us, or this Privacy Policy.

Protecting Health Information

The Company's customers are health care providers and subject to laws and regulations governing the use and disclosure of PHI. The Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), the Health Information Technology for Economic and Clinical Health of 2009 ("HITECH"), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI. Health care providers are considered to be Covered Entities under HIPAA and are subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI in order to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. To enforce protection, HIPAA requires Covered Entities to execute a "Business Associate Agreement" or "BAA" with each of its Business Associates. Our customers are required to sign a BAA with us. As a Business Associate, we are required to use reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of PHI that is stored and processed on behalf of Covered Entities.

Sharing Your Personal Information Third-Party Websites, Software and Services

Our Website contains links to third-party websites, software and services. Customers and visitors who access a linked website via the Website may be disclosing Personal Information. It is the responsibility of the user to keep Personal Information private and confidential. We are not responsible for, nor can we control, the privacy practices of third parties. A third party’s use, storage and sharing of your Personal Information is subject to its own privacy policies and not this Privacy Policy.

Security, Threats and Breach Notification

Our Service Software has physical, administrative and technical security measures in place to protect against the loss, misuse, unauthorized access and alteration of data and Personal Information under our direct control. When the Service Software is accessed using current browser technology, Secure Socket Layer ("SSL") technology protects information using both server authentication and data encryption to help ensure that data is safe, secure, and available only to you. Unique user names and passwords also are required and must be entered each time a customer logs into the Service Software.

These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Personal Information; however, it is important to remember that no system can guarantee 100% security at all times. In the event that we detect a threat to security or a security vulnerability, we may attempt to contact you to recommend protective measures. Incidents involving unauthorized handling of PHI will be governed by relevant legislation and, where applicable, the provisions of a BAA or similar agreement with a customer. If the Company determines that Personal Information has been misappropriated or otherwise wrongly acquired, the Company will report such misappropriation or acquisition to you promptly.

Retention and Deletion

The Company will retain Personal Information: as necessary for the purposes outlined in this Privacy Policy; for as long as a customer account remains active; as required to manage and administer the Service Software; as required to carry out legal responsibilities (e.g., legal holds and other legal procedures); to resolve a dispute (including enforcement of a contract); or, as communicated to you at the time of collection. After all applicable retention periods have expired, we will delete or destroy your Personal Information in a manner designed to ensure that it cannot be reconstructed or read. If, at any time, it is not feasible for us to delete or destroy your Personal Information, we will continue using the same safeguards of protection and security outlined in this Privacy Policy and related subordinate policies, for as long as it cannot be destroyed.

Contact Us

If you believe your Personal Information has been used in a way that is inconsistent with this Privacy Policy or your specified preferences, or if you have further questions related to our privacy practices, please contact us electronically at contactus@omshealth.com.