Whoa Co., LLC manages and owns the Optical Sidekick App. Whoa Co., LLC and Optical Sidekick and its subsidiaries and affiliated companies, including Momentum3, collect information when you: (1) download the Optical Sidekick application, (2) enter customized information within the administrative settings of the Optical Sidekick application, (3) enter cloud service provider account information within the administrative settings of the Optical Sidekick application, (4) choose to email a copy of the generated invoice/receipt via the Optical Sidekick application to the customer/patient and/or (5) contact us by email or submit data to us via the opticalsidekick.com website platform.
Protected Health Information: Protected Health Information (PHI) is personally identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). With respect to PHI, the Optical Sidekick application will allow for PHI data entry and the application will also allow this data to be printed. The Optical Sidekick application does not store PHI on the hardware device (iPads, iPhones, etc.) and the application does not initially transfer PHI to any outside storage servers. However, it should be noted, after the Optical Sidekick application has been downloaded, the user of the application may choose to set-up the application so that generated invoices that contain PHI can be automatically transferred and stored on a previously established and separate cloud server provider (CSP) account of the user’s choosing.
Whoa Co., LLC and the Optical Sidekick application take the transfer of PHI data to a CSP very seriously, but we cannot guarantee 100% security of the transfer of data to the CSP. We work diligently with CSPs to provide a secure, encrypted way of transferring this data to the client’s CSP account.
Whoa Co., LLC and the Optical Sidekick application owners are not responsible for and do not assume any liability with respect to transferring, storing, securing, or privacy protecting any content generated from within this application that is then transferred, stored, or transmitted to a third party. Whoa Co., LLC is not responsible for and does not assume any liability to ensure that third parties meet the HIPAA regulations or requirements associated with the transfer or storage of protected health information. If a user elects to transfer or store data generated from within the Optical Sidekick application, (such as generated receipts/invoices) to a third party CSP platform, the user should disclose to the third party that said user’s content will contain potential protected health information that is subject to HIPAA privacy and security regulations. The user should independently obtain a business associates agreement with the said third party provider and should thoroughly discuss and confirm with the third party that the selected third-party platform is designed to meet the legal HIPAA requirements for transporting and storing protected healthcare information.
Within the Optical Sidekick application, the user also has the option to enter a customer’s/patient’s email address. If the customer’s email address is entered, the Optical Sidekick application will automatically email the customer a copy of the invoice that contains their PHI. In an effort to allow the customer to easily receive and open the invoice, the email is sent as a standard email and is not encrypted. If the customer/patient or the user of the application desires to not email the invoice containing PHI information, the email field should be left blank.
If you are a customer/patient who has questions regarding how your PHI is stored or transferred, you should check with your health care provider/optical provider that is using the Optical Sidekick application.
What Data Do We Collect: We collect information from you such as first and last name, business name and address, e-mail and addresses, telephone number, employer, medical specialty and passwords and usernames. If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail. We also collect the iPad’s UDID number for account identification. We also collect your iPads version description to identify the size of screen so we can scale images appropriately. We allow for data entry of patient PHI when the application is being used, but we do not store this data on our servers or the hardware device (iPad, iPhone etc.). Again, the client has the option to store this PHI on their own separate CSP if this is so desired provided the client has configured CSP storage from within the administrative settings of the Optical Sidekick application.
What We Use Collected Data For: Whoa Co., LLC uses your personal and business information in the following ways: to create and maintain your account; to identify you as a user in our system; to operate, maintain, and improve our Site, Apps, and Optical Sidekick application Platform; to personalize and improve your experience; to send you administrative e-mails; to respond to your comments or inquiries; and to send you promotional communications about our products and services. Additionally, Whoa Co., LLC, as the administrator of Optical Sidekick application, will use your information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
Why and When We Will Communicate With You: We may contact you to (1) share information and promotional materials that we think might be of interest to you, (2) to alert you to changes or enhancements to the application, (3) to inform you of ways we can improve your application usage experience, (4) remind you of proper HIPAA and business associate guidelines, and (5) to inform you of potential changes in our platform that we believe will affect you. You may unsubscribe from receiving marketing emails from us by emailing us at email@example.com or by using the unsubscribe link included in the marketing email.
Disclosure of Your Personal Information: We will share your personal information with third parties only in the ways that are described as follows:
(2) Third party service providers you allow to access your information: Third party providers may come into contact with your privacy information by you allowing them access in the following ways: (a) You, as the user of the application, choose to transfer data to a third party cloud service provider platform; (b) You, as the user of the application, enter the patient’s/customer’s email address with the application, thus automatically triggering the Optical Sidekick application to email the customer/patient a generated invoice that contains your business name and contact information as well as the generated invoice containing the patient’s/customer’s PHI.
We may share Aggregate Information about our users in all legally permissible ways.
We may also share information about you in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company. In these circumstances, we will only share information with a company that has agreed to data privacy standards no less stringent than our own.
We may also transfer or share de-identified, so called “anonymized” information which has been encrypted or otherwise had those elements of personally identifiable information removed, and/or aggregated data, with other third parties for their own uses.
We store non-PHI data that you enter into the Optical Sidekick application on a secure server. For example, we store your business name and the lists and data you customize within the application’s administrative settings. This data is stored and retrieved as necessary and presented within the application because this data is required for the application to work correctly. Only Whoa Co., LLC and our contracted affiliates and contracted third party associates will have access to this data in the means outlined above.
Choices Regarding Your Personal Information: We offer you choices regarding the collection, use, and sharing of your personal information. When you receive emails, newsletters, phone calls or other communications from us, you may “opt-out” by following the unsubscribe instructions provided in the communications or by contacting us directly at the contact information below.
Changes to Personal Information: You may change some of your personal information in your account by editing your profile within the Optical Sidekick application. You may also request changes or deletions by e-mailing us at the e-mail address set forth below. We will try to retain your information for as long as your account is active or as needed to provide you Optical Sidekick application platform. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may be unable to delete information that resides in our archives.
Security of Your Personal Information: Whoa Co., LLC and Optical Sidekick application take reasonable steps to help protect your personal information in an effort to prevent unauthorized access, use, or disclosure. Despite these measures, you should know that we cannot fully eliminate security risks associated with personal information. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. Any content you input while using the Optical Sidekick application or website platform is at your own risk. If you have any questions about security on our site or application, you can contact us at the contact information set forth below.
A Note About Children’s Information: Whoa Co., LLC and the Optical Sidekick application respect the privacy of all users, especially children. Our Services are not intended for use by or directed to children under 18 years of age. If you are under 18 years old or otherwise have not attained the age of majority in your state of residence, you must have your parent or other legal representative’s permission to use the application/services. We, do not knowingly collect information, including personal information as defined by the Children’s Online Privacy Protection Act, from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personal information to us, you may contact us at firstname.lastname@example.org and request that we delete and stop use of that information. If we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s information.
Last Updated on August 30, 2017.