Privacy Policy

Effective Date: 1/1/2020

Bay Area Accountable Care Network, Inc. d/b/a Canopy Health (“Canopy Health” “we”, “us” or “our”) respects your right to privacy.

This Privacy Policy is designed to inform you about how we collect, use, and share information about you when you access or use our website www.CanopyHealth.com (the “Site”) and the MyCanopyHealth mobile application (the “App”). When we refer to the Site and the App together, we will call them the “Services.”

By accessing or using the Services, you consent to our collection, use, and sharing of your information in accordance with this Privacy Policy.

Please note that this Privacy Policy describes how we protect your privacy as a general user of the Service. This Privacy Policy does not describe how we protect and use your information as a patient receiving medical care from the independent third-party health care provider you interacted with through the Services. If you are a patient receiving medical care from a healthcare provider affiliated with Canopy Health or as part of the Virtual Care Service, you have other rights with respect to the access, use, and disclosure of your protected health information (“PHI”). For a more complete description of your patient rights under the Health Insurance Portability and Accountability Act (“HIPAA”), please refer to the Notice of Privacy Practices available in your patient portal.

Please use the following links to jump to the sections of our Privacy Policy to learn more:

Collection and Use of Information.

Personal Information. When accessing or using our Services, we may ask you for certain personally identifiable information, such as various contact and identity information (e.g., email address, mailing address and phone number), health insurance information (e.g., policy/group number) and health information (collectively, “Personal Information”). We collect and use your Personal Information to provide, administer, and improve the Services, including to:

  • Enable you to create a Canopy Health account (“Account”), log onto the Services as a registered user, and complete a user profile.
  • Respond to your questions and comments.
  • Resolve service and other technical problems.
  • Provide you with system or administrative messages.
  • Send you newsletters and other promotional material that we think may be of interest to you, at your request. If you decide at any time that you no longer wish to receive marketing communications, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile.
  • Complete surveys that help us research, evaluate, and improve the Services.
  • Enforce our Terms of Use.
  • For any other purpose described to you at the time of collection.

You always have the option not to provide your Personal Information. For example, do you do not have to create a Canopy Health Account. If you choose not to provide your Personal Information, you may not be able to use certain features of the Services.

Location Data. We may collect “Location Data”, which is a category of Personal Information collected about the location of the mobile device or computer you are using. We gather Location Data using the GPS or WiFi technology on your device, your IP address, or other information made available by you that may indicate your current or prior location. We collect Location Data so that we can offer you certain location-based services (such as finding a doctor or medical office near you) and conduct analytics to improve the Services. You may adjust your preferences to prevent us from collecting your Location Data by declining to allow Location Data collection in the App or turning off your location services through the settings on your device.

Usage Data. We also may collect “Usage Data”, which is data we collect automatically about your use of the Services but does not identify you, such information about your device (e.g., IP address, browser type, operating system), information about your browsing activities (e.g., webpages you visited, time spent on those pages, searches), and other statistics. We collect and use Usage Data to improve the functionality of the Services, including to:

  • Monitor and analyze use of the Services.
  • Provide technical support.
  • Better understand users’ needs and interests.
  • Increase user-friendliness and personalize your experience better, such as by remembering your log-in credentials.
  • Detect and protect us against error, fraud, and other criminal activity.

Information Sharing and Disclosure.

We may share your Personal Information with third parties or non-affiliated companies when we have your permission or under the following circumstances:

  • With Your Health Care Providers. When you participate in the interactive areas of the Services, certain information that you provide may be displayed to your health care providers, such as your name, content, health information and other information you choose to provide.
  • Service Providers. We may share your Personal Information with our service providers so that they can help us provide the Services to you, including tasks such as payment processing, website hosting, database management, and website analytics.
  • Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may provide Personal Information to our business partners or other trusted entities for internal business purposes, such as sharing information across the Canopy Network with your care teams.
  • Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including, but not limited to, subpoenas), to protect the property and rights of Canopy Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
  • Business Transfers. We may sell, transfer or otherwise share some or all of our assets to a third party in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy. In such event, your Personal Information may be transferred to that third party.
  • Corporate Family. We may transfer or otherwise share your Personal Information between and among any current or future parent, subsidiary and/or affiliated company.

Sharing of Aggregate Information. We may share aggregated data with third parties in a variety of ways, such as for industry analysis, demographic profiling, and other purposes. When we disclose this aggregate data, we perform appropriate procedures aimed to eliminate certain data elements so that the data cannot reasonably be used to identify you.

Cookies and Other Data Collection Technologies.

We and third parties acting on our behalf use various technologies that help us to manage the operations of the Services and track usage behavior so that we can tailor information to make your visits more enjoyable and meaningful. For example, we use Google Analytics to collect information about how often users visit the Website, what pages they visit when they do, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to improve the Services. For more information about Google’s ability to use and share information collected by Google Analytics about your visits to the Website, please see the Google Analytics Terms of Service and the Google Privacy Policy.

We may use the following data collection technologies:

  • Cookies: Cookies are text files containing small amounts of information that are stored on your computer or mobile device’s browser directory.
    • We use persistent cookies to save your user ID and password for future logins to the Services.
    • We use session ID cookies to better understand how you interact with the Services and to monitor aggregate usage and web traffic routing. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Services and close your browser.
    • Third-party advertisers on the Service may also place or read cookies on your browser.

You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit.

If you do not accept cookies, however, you may not be able to use all portions or all functionality of the Service. To find more information about cookies, visit www.allaboutcookies.org.

  • Web Beacons: We may occasionally use web beacons (also known as clear gifs, web bugs, 1-pixel gifs, etc.) that allow us to collect Usage Data about your activities on the Services or email communications we send. Web beacons are tiny images placed on a webpage or email that can tell us if you have visited a particular area of the Services. We do not collect any Personal Information with a web beacon, and do not link web beacons with any other Personal Information you have given us. Because web beacons are used in conjunction with persistent cookies (previously described), if you set your browser to decline or deactivate cookies, web beacons cannot function.

How We Respond to “Do Not Track” Signals.

Some web browsers have “Do Not Track” or similar features that allow you to tell each website you visit that you do not want your activities on that website tracked. At present, the Services do not respond to “Do Not Track” signals and consequently, the Services will continue to collect information about you even if your browser’s “Do Not Track” feature is activated.

User and Patient Communications.

As a general user: Comments or questions you send to us through the Services (“User Communications”) will be shared with Canopy Health personnel who are most able to address your concerns. We will archive your User Communications once we have made our best effort to provide you with a complete and satisfactory response. Other than as described in the next paragraphs, your User Communications will not become part of your medical record or a designated record set unless and until, in each instance, you are seen and examined in person by one of Canopy Health’s participating providers.

As a patient: When you log into your Canopy Health Account and interact directly with Canopy Health staff or one of Canopy Health’s participating providers (“Patient Communications”), some information you provide may be documented in your medical record and available for their use to guide your treatment as a patient. If such information is PHI, it will be treated in accordance with the Notice of Privacy Practices available in your patient portal.

Managing Your Information and Controlling Your Preferences.

Users who have a Canopy Health Account may access, modify, correct, or delete the Personal Information in their registration by making the appropriate modifications in your user profile. All users may contact us at feedback@CanopyHealth.com to request access, modification, correction or deletion of his or her information. Please note that if you completely delete all information in your user profile, then your account may become deactivated. If you would like us to remove your information from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the information.

If you have given us permission to send promotional and marketing emails to you, you may revoke that permission at any time by sending an email to feedback@CanopyHealth.com. Please understand that removal from our distribution list may not be immediate, but we will endeavor to respond to or fulfill your request for removal as soon as possible.

Security.

We employ reasonable security measures designed to safeguard and protect Personal Information under our control from unauthorized access, use, and disclosure. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Service by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed at the end of this document.

Links to Third-Party Websites.

We may offer you the opportunity to access third-party content, services, or products by linking to a third-party’s website. If you click on a third-party link, you will be directed to that third-party’s website. We do not exercise control over third-party websites and are not responsible for the privacy practices of such third parties. We recommend that you check the privacy policies of third-party websites before providing your Personal Information to them. The fact that we may link to a third-party website or present a banner ad or other type of advertisement from a third party is not an endorsement, authorization, or representation of any affiliation by us with that third party, nor is it an endorsement of their privacy or information security policies or practices.

Your California Privacy Rights.

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to feedback@CanopyHealth.com or write us:

Canopy Health
Attention: Compliance
2100 Powell Street, Suite 600
Emeryville, California 94608

If you are a California resident under the age of 18, and a registered user of any Services where this Privacy Policy is posted, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an email with a detailed description of the specific content or information to feedback@CanopyHealth.com. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

Notice to International Users.

The Services are hosted in the United States and are subject to U.S. law. If you are accessing the Services from outside the United States, please be advised that U.S. law may not offer the same privacy protections as the laws of your jurisdiction. By accessing and using the Services, you consent to the transfer to and processing of your Personal Information in the United States.

Changes to this Website Privacy Policy.

We may amend this Privacy Policy from time to time. If we make changes to this Privacy Policy, we will provide notice of such changes, such as by sending an email notification, providing notice through the Services or updating the “Effective Date” date at the beginning of this Privacy Policy. We encourage you to review this Privacy Policy whenever you use or access the Site or otherwise interact with us to stay informed about our information practices and the ways you can help protect your privacy.

Contacting Us.

We encourage you to contact us if you have any questions concerning our Privacy Policy or about our data collection practices. You may reach us at:

Canopy Health
Attention: Compliance
2100 Powell Street, Suite 600
Emeryville, California 94608

feedback@CanopyHealth.com

Last Updated: 4/1/2022