about
Data Privacy
Data privacy in health is of utmost importance as it deals with sensitive personal and medical information that, if mishandled, could have severe consequences for individuals. Laws such as HIPAA in the US, GDPR in the EU, and PIPL in China are put in place to protect the privacy and security of individuals' health information and ensure that it is handled responsibly. Digital health companies must comply with these laws and regulations and implement measures to protect personal data. This includes implementing technical, administrative, and physical safeguards, providing training to employees and contractors on data privacy policies, and obtaining consent before collecting personal information. Additionally, data privacy in health also involves ensuring that the data is kept confidential, accessible only by authorized personnel, and used only for the intended purposes.
At eHealth Group, we are committed to protecting the privacy and security of our customers' personal and health information. We understand the importance of complying with all relevant laws and regulations related to data privacy and security. This page describes the types of data we collect, how we use that data, and the steps we take to protect it.
Types of Data We Collect
We collect data from our customers in various ways, including through our website and mobile applications.
The types of data we collect include:
• Personal information, such as name, email address, and telephone number
• Health information, such as medical history and current health conditions
• Payment information, such as credit card information
• Demographic information, such as age, gender, and location
• Technical information, such as device type and IP address
• Usage information, such as how our customers use our products and services
The types of data we collect include:
• Personal information, such as name, email address, and telephone number
• Health information, such as medical history and current health conditions
• Payment information, such as credit card information
• Demographic information, such as age, gender, and location
• Technical information, such as device type and IP address
• Usage information, such as how our customers use our products and services
How We Use the Data We Collect
We use the data we collect from our customers to provide them with our products and services and to improve their experience.
Specifically, we use the data for the following purposes:
• To personalize our products and services for our customers
• To communicate with our customers about their account and our products and services
• To process payments and prevent fraud
• To improve our website and mobile applications
• To conduct research and analysis to improve our products and services
• To comply with legal and regulatory requirements
We will not disclose or share your personal information to any third party without your consent, except as required by law or as necessary to protect our rights and the rights of others.
Specifically, we use the data for the following purposes:
• To personalize our products and services for our customers
• To communicate with our customers about their account and our products and services
• To process payments and prevent fraud
• To improve our website and mobile applications
• To conduct research and analysis to improve our products and services
• To comply with legal and regulatory requirements
We will not disclose or share your personal information to any third party without your consent, except as required by law or as necessary to protect our rights and the rights of others.
Protection of Personal Data
At eHealth Group, we take the protection of our customers' personal data very seriously. We have implemented technical, administrative, and physical safeguards to protect the personal data we collect from unauthorized access, use, or disclosure.
We also require our employees and contractors to comply with our data policies and procedures, and we provide them with the necessary training to do so.
This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.
We also require our employees and contractors to comply with our data policies and procedures, and we provide them with the necessary training to do so.
This site may contain certain historical information. Historical information, necessarily, is not current and is provided for your reference only. We reserve the right to modify the contents of this site at any time, but we have no obligation to update any information on our site. You agree that it is your responsibility to monitor changes to our site.
Access to Personal Data
We will provide our customers with access to their personal data upon request, subject to certain legal restrictions. We will also allow our customers to update or correct their personal data.
Compliance with HIPAA, GDPR, and PIPL
As a digital health company, we are subject to various laws and regulations related to data privacy and security. Specifically, we comply with the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the General Data Protection Regulation (GDPR) in the European Union (EU), and the Personal Information Protection Law (PIPL) in China.
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. legislation that aims to protect the privacy and security of individuals' health information. It applies to covered entities, such as healthcare providers, health plans, and healthcare clearinghouses. HIPAA sets national standards for protecting the privacy and security of personal health information, known as protected health information (PHI). It requires these entities to implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. These safeguards include, but not limited to: implementing access controls, data encryption, and regular risk assessments. Furthermore, HIPAA also imposes strict rules on when and how PHI can be disclosed, and it gives individuals certain rights with respect to their PHI, such as the right to access and receive a copy of their PHI.
HIPAA also includes the Privacy Rule and the Security Rule, which establishes national standards for protecting individuals' PHI. The Privacy Rule addresses the use and disclosure of PHI, while the Security Rule establishes standards for protecting the confidentiality, integrity, and availability of electronic PHI. These rules require covered entities to implement policies and procedures to ensure the protection of PHI and provide individuals with certain rights, such as the right to access and receive a copy of their PHI. HIPAA also requires covered entities to notify individuals and the Department of Health and Human Services in the event of a breach of unsecured PHI.
The General Data Protection Regulation (GDPR) is a European Union (EU) legislation that aims to protect the privacy and personal data of individuals in the EU. It applies to organizations that process the personal data of EU citizens, regardless of where the organization is located. The GDPR replaces the 1995 EU Data Protection Directive and strengthens the rights of individuals with respect to their personal data.The GDPR sets out specific rules on the collection, use, and storage of personal data, and it requires organizations to obtain consent from individuals before collecting their personal data. It also gives individuals certain rights with respect to their personal data, such as the right to access, rectify, and delete their personal data. Additionally, GDPR also requires organizations to implement technical and organizational measures to protect personal data and to report data breaches to the relevant authorities within 72 hours. Organizations that fail to comply with the GDPR can be subject to fines of up to 4% of their annual global turnover or €20 million (whichever is greater).
The Personal Information Protection Law (PIPL) is a Chinese legislation that applies to the collection, use, and disclosure of personal information in China. It applies to organizations that collect, use, or disclose personal information in China, and it requires organizations to obtain consent from individuals before collecting their personal information. PIPL also requires organizations to implement measures to protect personal information, such as implementing access controls, data encryption, and regular risk assessments. Organizations must also establish a personal information security management system and appoint a personal information security officer.
PIPL also includes provisions on the rights of individuals regarding their personal information, such as the right to access, rectify, and delete their personal information. Organizations must also report data breaches to the relevant authorities within 72 hours. Additionally, PIPL also requires organizations to appoint a personal information security officer and to establish a personal information security management system. Organizations that fail to comply with PIPL can be subject to fines and penalties, including fines of up to RMB 1 million (around $145,000) and suspension of business operations.
The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. legislation that aims to protect the privacy and security of individuals' health information. It applies to covered entities, such as healthcare providers, health plans, and healthcare clearinghouses. HIPAA sets national standards for protecting the privacy and security of personal health information, known as protected health information (PHI). It requires these entities to implement administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI. These safeguards include, but not limited to: implementing access controls, data encryption, and regular risk assessments. Furthermore, HIPAA also imposes strict rules on when and how PHI can be disclosed, and it gives individuals certain rights with respect to their PHI, such as the right to access and receive a copy of their PHI.
HIPAA also includes the Privacy Rule and the Security Rule, which establishes national standards for protecting individuals' PHI. The Privacy Rule addresses the use and disclosure of PHI, while the Security Rule establishes standards for protecting the confidentiality, integrity, and availability of electronic PHI. These rules require covered entities to implement policies and procedures to ensure the protection of PHI and provide individuals with certain rights, such as the right to access and receive a copy of their PHI. HIPAA also requires covered entities to notify individuals and the Department of Health and Human Services in the event of a breach of unsecured PHI.
The General Data Protection Regulation (GDPR) is a European Union (EU) legislation that aims to protect the privacy and personal data of individuals in the EU. It applies to organizations that process the personal data of EU citizens, regardless of where the organization is located. The GDPR replaces the 1995 EU Data Protection Directive and strengthens the rights of individuals with respect to their personal data.The GDPR sets out specific rules on the collection, use, and storage of personal data, and it requires organizations to obtain consent from individuals before collecting their personal data. It also gives individuals certain rights with respect to their personal data, such as the right to access, rectify, and delete their personal data. Additionally, GDPR also requires organizations to implement technical and organizational measures to protect personal data and to report data breaches to the relevant authorities within 72 hours. Organizations that fail to comply with the GDPR can be subject to fines of up to 4% of their annual global turnover or €20 million (whichever is greater).
The Personal Information Protection Law (PIPL) is a Chinese legislation that applies to the collection, use, and disclosure of personal information in China. It applies to organizations that collect, use, or disclose personal information in China, and it requires organizations to obtain consent from individuals before collecting their personal information. PIPL also requires organizations to implement measures to protect personal information, such as implementing access controls, data encryption, and regular risk assessments. Organizations must also establish a personal information security management system and appoint a personal information security officer.
PIPL also includes provisions on the rights of individuals regarding their personal information, such as the right to access, rectify, and delete their personal information. Organizations must also report data breaches to the relevant authorities within 72 hours. Additionally, PIPL also requires organizations to appoint a personal information security officer and to establish a personal information security management system. Organizations that fail to comply with PIPL can be subject to fines and penalties, including fines of up to RMB 1 million (around $145,000) and suspension of business operations.
Data Privacy Enforcement Strategy
At eHealth Group, we employ the following three strategies to enforce data privacy and ensure compliance with relevant laws and regulations.
The first key strategy for enforcing data privacy is implementing robust technical and organizational measures to protect personal data. This includes implementing access controls, data encryption, and regular risk assessments to ensure that the personal data is kept confidential, accessible only by authorized personnel, and used only for the intended purposes. Additionally, we have a process in place for responding to data breaches and reporting them to the relevant authorities in a timely manner.
The second strategy for enforcing data privacy is appointing a data protection officer (DPO) to ensure that the Group is in compliance with all relevant laws and regulations. The DPO is responsible for monitoring internal compliance, providing advice regarding Data Protection Impact Assessments (DPIA), and acting as a contact point for data subjects and the supervisory authority. The DPO is also responsible for training employees and contractors on data privacy policies and procedures, and for conducting regular audits to ensure compliance with data privacy regulations.
The third strategy for enforcing data privacy is putting a Data Privacy Policy in place that outlines the eHealth Group’s commitment to data privacy, the types of data that we collect, how that data is used, and the steps that we take to protect it. This policy is regularly communicated to employees, contractors, and customers, and isreviewed and updated regularly to ensure that it remains in compliance with relevant laws and regulations.
The first key strategy for enforcing data privacy is implementing robust technical and organizational measures to protect personal data. This includes implementing access controls, data encryption, and regular risk assessments to ensure that the personal data is kept confidential, accessible only by authorized personnel, and used only for the intended purposes. Additionally, we have a process in place for responding to data breaches and reporting them to the relevant authorities in a timely manner.
The second strategy for enforcing data privacy is appointing a data protection officer (DPO) to ensure that the Group is in compliance with all relevant laws and regulations. The DPO is responsible for monitoring internal compliance, providing advice regarding Data Protection Impact Assessments (DPIA), and acting as a contact point for data subjects and the supervisory authority. The DPO is also responsible for training employees and contractors on data privacy policies and procedures, and for conducting regular audits to ensure compliance with data privacy regulations.
The third strategy for enforcing data privacy is putting a Data Privacy Policy in place that outlines the eHealth Group’s commitment to data privacy, the types of data that we collect, how that data is used, and the steps that we take to protect it. This policy is regularly communicated to employees, contractors, and customers, and isreviewed and updated regularly to ensure that it remains in compliance with relevant laws and regulations.
Changes to Our Data Privacy Policy
Changes to our data privacy policy may be necessary to reflect changes in our business practices or to comply with new or amended laws and regulations. It is important to keep our data privacy policy up-to-date to ensure that we continue to protect the personal and health information of our customers and comply with relevant laws and regulations.
When making changes to our data privacy policy, we will conduct a thorough review of the policy to ensure that it remains in compliance with relevant laws and regulations. We will also consider feedback from employees, contractors, and customers. The changes will be communicated clearly and in a timely manner to all stakeholders, including employees, contractors and customers, through appropriate means such as email or by posting the new policy on our website. We will also provide an effective date for the changes to take effect and encourage our stakeholders to review the updated policy.
When making changes to our data privacy policy, we will conduct a thorough review of the policy to ensure that it remains in compliance with relevant laws and regulations. We will also consider feedback from employees, contractors, and customers. The changes will be communicated clearly and in a timely manner to all stakeholders, including employees, contractors and customers, through appropriate means such as email or by posting the new policy on our website. We will also provide an effective date for the changes to take effect and encourage our stakeholders to review the updated policy.
Certain content, products and services available via our Service may include materials from third-parties.
Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.
We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party’s policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.
Third-party links on this site may direct you to third-party websites that are not affiliated with us. We are not responsible for examining or evaluating the content or accuracy and we do not warrant and will not have any liability or responsibility for any third-party materials or websites, or for any other materials, products, or services of third-parties.
We are not liable for any harm or damages related to the purchase or use of goods, services, resources, content, or any other transactions made in connection with any third-party websites. Please review carefully the third-party’s policies and practices and make sure you understand them before you engage in any transaction. Complaints, claims, concerns, or questions regarding third-party products should be directed to the third-party.
