Privacy Policy

Omada for Joint and Muscle Health is made available by Omada Health, Inc. References in these terms to Physera, Inc. refer to Omada’s wholly owned subsidiary and will be replaced with references to Omada in connection with the next substantive update to these terms. References to Physera Physical Therapy Group, P.C. or PPTG will be updated to reflect any updated name for that entity.

This Privacy Policy is comprised of two parts: (1) Physera Platform and Services Privacy Policy, which applies to Patients, Users, Visitors, and Providers (all terms defined below), and (2) the Notice of Privacy Practices, directed towards Patients. If you are an individual that receives physical therapy treatments or other related services from Physera Physical Therapy Group, PC (“PPTG,” and such individuals, “Patients”), please read carefully the Notice of Privacy Practices, which contains important information about your rights and our obligations under the Health Insurance Portability and Accountability Act (“HIPAA”).

To the extent the terms of the Notice of Privacy Practices conflicts with those in the Platform and Services Privacy Policy, the terms of this Notice of Privacy Practices shall control with respect to the use and disclosure of protected health information and rights of Patients.

1. PHYSERA PLATFORM AND SERVICES PRIVACY POLICY

We at Physera, Inc. and PPTG (“Physera,” “we” “us” or “our”) have created this Platform and Services Privacy Policy because we know that you care about how information you provide to us is used and shared. This Platform and Services Privacy Policy relates to the information collection and use practices of Physera in connection with our Services, which are made available to you through a variety of platforms, including, but not limited to, https://physera.com/ (the “Website”) and our mobile app, which is accessible through tablets, smart phones, connected televisions, and other devices (the “Physera App”). The Website and the Physera App are collectively referred to as the “Platform.”

Description of Users and Acceptance of Terms

This Platform and Services Privacy Policy applies to visitors to the Website, who view only publicly-available content (“Visitors”), individuals who have signed up to use our Services (“Users”), and providers of services, including but not limited to, physical therapy and chiropractic services and health coaching services, who have signed up to use our Services (“Providers”). Patients who use the Services are considered “Users” under this Platform and Services Privacy Policy, and receive the rights and protections provided under this Platform and Services Privacy Policy in addition to those outlined in the Notice of Privacy Practices below.

By visiting our Website, Visitors are agreeing to the terms of this Platform and Services Privacy Policy and the accompanying Terms of Use.

By signing up, accessing, and/or using the Platform, each User and Provider is agreeing to the terms of this Platform and Services Privacy Policy and the accompanying Terms of Use.

Capitalized terms not defined in this Platform and Services Privacy Policy shall have the meaning set forth in our Terms of Use.

The Information We Collect

In the course of operating the Website and Platform and/or providing the Services, Physera will collect, store, use, transmit, and/or receive the following types of information. You authorize us to collect and/or receive such information.

Contact Information and Information Collected Through Registration

We collect contact information from Visitors of the Website; this information typically includes your name, email address, and any information you provide in messages or job applications to us.

When you sign up as a Provider through the Website, you will be required to provide us with personal information about yourself, such as, your name, e-mail address, phone number and gender.

If you are a User who would like to schedule a video chat consultation with a Provider, you will be required to provide us with personal information about yourself, such as your name and e-mail address. Providers and Users acknowledge and agree that we may record video-chat consultations for use by us and our business partners for training purposes.

If you are a User who would like to use the Physera App, you will need to download the Physera App by clicking on the personalized download link provided to you by Physera.

Health Information

When you sign up to use the Platform as a User, you will also be asked to provide us with background health information that relates to your past, present, or future physical or mental health or condition, including but not limited to, the specific body part that is your primary concern, duration for which the issue is ongoing, and the treatments you have tried. You will also be asked to complete surveys and intake questionnaires, which require you to provide information relating to your pain, injury and behavior. All of this information is collectively referred to herein as “Health Information.”

If you are a Patient, you have particular rights and obligations with respect to your Health Information under HIPAA, outlined in further detail in the Notice of Privacy Practices below.

Geolocational Information

In order to provide certain features and functionality of the Platform, we may, with your consent, automatically collect geolocational information from your mobile device, your wireless carrier, or certain third-party service providers (“Geolocational Information”). Collection of such Geolocational Information occurs only when the Physera App is running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case Physera will not be able to provide certain features of the Physera App to you.

Payment Information

We will collect your payment information if you choose to make a purchase or enroll in Services that require a fee. This payment information may include, without limitation, bank account numbers, credit card or debit card numbers, account details, and similar data (collectively, “Payment Information”). Such Payment Information will be collected and processed by our Third-Party Payment Vendor pursuant to the terms and conditions of its privacy policies and terms of use.

From Your Activity

Information that we automatically collect when you use the Platform, including, without limitation:

• IP addresses, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, etc.;
• Information about a mobile device, including universally unique ID (“UUID”), Physera App type and version (e.g., iOS or Android), carrier and country location, hardware and processor information (storage, chip speed, camera resolution, NFC enabled, and network type (e.g. WiFi, 2G, 3G, 4G, LTE, 5G); and
• Activity and usage information occurring via the Platform, including tagging data, favorites, preferences, session lengths; and similar data.

From Cookies

Information that we collect using "cookie" technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will "remember" information about your visit. We use both first- and third-party session cookies and persistent cookies. Below is a general primer on session and persistent cookies; information collected by cookies depends on its particular purpose. For more information, please see the information regarding analytics providers discussed further below.

• Session Cookies: We use session cookies to make it easier for you to navigate our Platform. A session ID cookie expires when you close your browser.
• Persistent Cookies: A persistent cookie remains on your hard drive for an extended period of time or until you delete them. You can remove persistent cookies by following directions provided in your web browser’s “help” file. To the extent we provide a log-in portal or related feature on our Services, persistent cookies can be used to store your passwords so that you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our Visitors, Users and Providers to personalize the experience on our Platform.

In some cases, we may associate information that you have provided to us (e.g., email address) with the cookies that we use. In addition to facilitating the purposes described above, this is useful in understanding your engagement with other content related to our Services (e.g., email open rates, URL click-throughs).

If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Platform may not function properly.

Third-Party Analytics

We use third-party analytics services (such as Google Analytics, Amplitude, Facebook, and LinkedIn) to evaluate your use of the Platform, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information relating to the Platform and mobile and Internet usage. These third parties use cookies and other technologies to help analyze and provide us the data and may have access to certain information related to your device, location, login credentials, unique application identifier, or other information collected or stored on your device in order to provide these services to Physera. By accessing and using the Platform, you consent to the processing of data about you by these analytics providers in the manner and for the purposes set out in this Platform and Services Privacy Policy.

For more information on these third parties, including how to opt out from certain data collection, please visit the sites below. Please be advised that if you opt out of any service, you may not be able to use the full functionality of the Platform.

For Google Analytics, please visit https://www.google.com/analytics

Treatment and Use of Health Information and Personal Information

The Platform provides Patients the ability to communicate with their Providers. Patients’ communications with such individuals through the Platform may include Health Information and personal information, which may be stored on the Platform as a result of your relationship with a Provider. Patients (and not Physera) are solely responsible for reviewing and approving any Providers before deciding whether to share their Health Information and personal information with such Providers.

If you choose to share any of your Health Information through the Platform with any Provider, you acknowledge and agree that such information is made available to such Provider and use by such Provider is not subject to the terms of this Platform and Services Privacy Policy. Further, if the Providers that Patients authorize to receive their Health Information from Physera are not subject to federal or state health information privacy laws, subsequent disclosure by such persons and entities may not be prohibited and/or protected by those laws.

Use and disclosure of Health Information that is Protected Health Information as defined by HIPAA is governed by the Notice of Privacy Practices below.

In using the Clinical Dashboard, Providers may provide us with data relating to their Patients. We use this data in accordance with the terms and conditions of the Clinical Dashboard Agreement, and the Notice of Privacy Practices provided below.

How We Use and Share Your Information

You authorize us to use the information collected pursuant to this Platform and Services Privacy Policy to: provide the Platform and the Services to you, solicit your feedback, inform you about our products and services and those of our third-party marketing partners, respond to your inquiries, review submitted job applications, monitor and troubleshoot errors and incidents, analyze web traffic, optimize the user experience, and to improve the Platform and the Services. Without limiting the foregoing, we may use the e-mail address and phone number that you provide to us at registration to contact you regarding the Services and to send you promotional emails. For example, we may e-mail or call you to remind you of an upcoming Provider appointment, to remind you to complete a Provider-recommended activity, or to provide technical support in connection with video-chat consultations. Also, we may use and share the Information as described below.

• Agents, Providers and Related Third Parties. We may engage other companies and individuals to perform certain business-related functions on our behalf, including service providers and affiliates of our customers. Examples of such business-related functions may include providing technical assistance, order fulfillment, customer service, and marketing assistance. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law. We may also share your Information with any of our parent companies, subsidiaries, or other companies under common control with us.
• Aggregated Information. In an ongoing effort to better understand users of the Platform, we may analyze the Information in aggregate form in order to operate, maintain, manage, and improve the Platform and the Services. This aggregate information does not identify you personally. We may use this aggregate information for marketing purposes. We may share aggregate information between Users who are performing similar exercises and/or undergoing similar therapy. We may share this aggregate information with our affiliates, agents, business and business partners, and other third parties. We may also disclose aggregated user statistics in order to describe the Platform and these products and services to current and prospective business partners and to other third parties for other lawful purposes.
• Business Transfers. As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
• Legal Requirements. To the extent permitted by law, we may also disclose the Information: (i) when required by law, court order, or other government or law enforcement authority or regulatory agency; or (ii) whenever we believe that disclosing such Information is necessary or advisable, for example, to protect the rights, property, or safety of Physera or others.

Private Messaging

Users and their Providers may be able to communicate via video-chat or direct messages sent through the Platform. If you choose to contact a Provider outside of the Platform, you acknowledge and agree that none of the information contained in that message (including, without limitation, personal information and/or Health Information) is covered by this Platform and Services Privacy Policy and we are not responsible or liable in any way for how the recipient uses that information or for any breaches of personal information during transmission of the message.

Accessing and Modifying Personal Information and Communication Preferences

If you have signed-up to use the Services, you may access, review, and make changes to your personal information by following the instructions found on the Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the "unsubscribe" link located on the bottom of any Physera marketing email. Users and Providers cannot opt out of receiving transactional e-mails related to their account. We will use commercially reasonable efforts to process such requests in a timely manner. Please note that we are not responsible for updating or removing any information contained in Providers’ networks’ lists or databases.

How We Protect the Information

We take commercially reasonable steps to protect the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the information that you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

California Residents

Under California Civil Code Section 1798.83, California residents who have an established business relationship with Physera may choose to opt out of our sharing your personal information with third parties for direct marketing purposes. If you are a California resident and (1) you wish to opt out; or (2) you wish to request certain information regarding our disclosure of your personal information to third parties for the direct marketing purposes, please send an e-mail to privacy@physera.com with "Privacy Policy" in the subject line or write to us at:

Physera, Inc.
2443 Fillmore St #380-8130
San Francisco, CA 94115

In addition, Physera does not monitor, recognize, or honor any opt-out or do not track mechanisms, including general web browser "Do Not Track" settings and/or signals.

Important Notice to Non-U.S. Residents

The Platform and the Services are operated in the United States. Please be aware that your information, including your personal information, may be transferred to, processed, maintained, and used on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to use the Platform and/or the Services, you hereby irrevocably and unconditionally consent to such transfer, processing, and use in the United States. This Platform and Services Privacy Policy is governed by the internal substantive laws of the State of Delaware, without respect to its conflict of laws provisions.

Children

We do not knowingly collect personal information from children under the age of 13 through the Platform and/or the Services. If you are under 13, please do not give us any personal information. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Platform and Services Privacy Policy by instructing their children to never provide personal information through the Platform and/or the Services without their permission. If you have reason to believe that a child under the age of 13 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

External Websites

The Website may contain links to third-party websites (“External Sites”). We do not endorse such External Sites and we are not responsible for the privacy practices of such External Sites. Please refer to the privacy policies of those External Sites for more information on how the operators of those sites collect and use your personal information.

Changes to This Privacy Policy

This Platform and Services Privacy Policy is effective as of the date stated at the top of this Platform and Services Privacy Policy. We may change this Platform and Services Privacy Policy from time to time, and will post any changes on the Website as soon as they go into effect. By accessing the Platform and/or using the Services after we make any such changes to this Platform and Services Privacy Policy, you are deemed to have accepted such changes. Please refer back to this Platform and Services Privacy Policy on a regular basis.

How to Contact Us

If you have questions about this Platform and Services Privacy Policy, please e-mail us at privacy@physera.com, "Privacy Policy" in the subject line, or mail us at the following address:

Physera, Inc.
2443 Fillmore St #380-8130
San Francisco, CA 94115

2. NOTICE OF PRIVACY PRACTICES

Omada for Joint and Muscle Health is made available by Omada Health, Inc. References in these terms to Physera, Inc. refer to Omada’s wholly owned subsidiary and will be replaced with references to Omada in connection with the next substantive update to these terms. References to Physera Physical Therapy Group, P.C. or PPTG will be updated to reflect any updated name for that entity.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices addresses the legal duties and privacy practices of Physera Physical Therapy Group, PC ("PPTG," "we," "us," or "our") regarding the protected health information (“PHI”) of individuals that receive physical therapy treatment from our healthcare providers or use the mobile application provided by Physera, Inc. to communicate with providers regarding treatment (“Patients", "you,” or “your”), and their rights under the Health Insurance Portability and Accountability Act, as amended (“HIPAA”). Terms used herein that are defined under HIPAA shall have the same meaning set forth in HIPAA.

I. Uses and Disclosures of PHI.

PHI is information about a Patient, including demographic information, that may identify the Patient and is related to the Patient’s past, present or future physical or mental health or condition and related health care services. There are circumstances where we are not required to receive Patient’s written authorization to use or disclose Patient PHI, outlined in Section (A) below, and Section (B) provides circumstances when Patient written authorization is required to use or disclose the Patient’s PHI.

A. Patients’ Prior Written Authorization Not Required.

1. Business Associates. There are some services provided by us through contracts with HIPAA business associates. When these services are contracted for, we may disclose our Patients’ PHI to our business associates so that they can perform the job we have asked them to do and bill the applicable Patient or your third-party payor for services rendered. To protect our Patients’ PHI, we require the business associate to appropriately safeguard the PHI and sign a business associate agreement with us.
2. Treatment. We are permitted to use and disclose our Patients’ PHI in connection with their medical treatment, such as sharing the PHI with other professionals who are treating our Patients, including doctors, nurses, technicians, medical students, or hospital personnel involved in your care. For example, we might disclose information about your overall health condition with physicians who are treating you for a specific injury or condition. In doing so, we are to use our professional judgment and experience with common practice in determining what is in the Patient’s best interest.
3. Payment. If a Patient is covered by a health benefit plan, we are entitled to send PHI to the plan or to another business entity involved in our billing system describing the medication or health care equipment we have dispensed so that we can receive payment.
4. Health Care Operations. In addition, we can provide PHI for health care operations such as evaluations of the quality of our Patients’ health care in order to improve the success of treatment programs. Other examples include reviews of health care professionals, insurance premium rating, legal and auditing functions, and business planning and management.

Additional Disclosures of Our Patient’s PHI Without Written Authorization are Permitted under the Following Circumstances:

1. When requires by law to do so, such as reporting Patients’ health information to state, federal, or local law enforcement officials, court officials, or government agencies, such as the FDA.
2. When ordered by authorized public health officials for the purpose of carrying out public health activities, such as to report product problems, or exposure to a communicable disease.
3. When the use/disclosure relates to victims of abuse, neglect or domestic violence.
4. When the use/disclosure is for health oversight activities, such as by written request of a state/federal government agency performing management audits, financial audits, and program monitoring.
5. When the use/disclosure is for judicial and administrative proceedings, such as in response to an order of a court.
6. When the use/disclosure is to provide notification and reporting of an unsecured breach as required by law.
7. When the use/disclosure is for law enforcement purposes, such as reporting certain types of wounds or injuries, or if there is a good faith belief the disclosure is necessary to prevent or lessen a serious, imminent threat to the safety of a person or the public.
8. When the use/disclosure is related to death, such as disclosing a Patient’s health information to coroners, medical examiner and funeral directors so they can carry out their duties related to such Patient’s death.
9. When the use/disclosure is related to cadaveric organ, eye, or tissue donation purposes.
10. We may disclose information about our Patients for military activities, national security and intelligence activities, and for protective services to the President of the United States.
11. We may disclose information about our Patients to a correctional institution having lawful custody of such Patients.
12. We may disclose your health information as authorized by and to the extent necessary to comply with the laws related to workers’ compensation or other similar programs established by law.
13. When the use/disclosure relates to certain research purposes. For example, in limited circumstances, we may disclose your information to researchers preparing a research protocol or if an institutional review board determines authorization is not necessary.

B. Patients’ Prior Written Authorization Required.

For purposes other than those mentioned above, we are required to ask for our Patients’ written authorizations before using or disclosing any of their PHI. If we request an authorization, any of our Patients may decline to agree, and if a Patient gives us an authorization, the Patient has the right to revoke the authorization at any time and by doing so, stop any future uses and disclosures of the Patient’s health information that the authorization covered. An example of a situation where the Patient’s prior authorization would be required would be if we wish to conduct a marketing program that would involve the use of PHI, or disclosures that constitute sale of PHI, explained in further detail below.

Marketing. We must obtain our Patients’ written authorization prior to using Patients’ PHI for purposes that are marketing under the HIPAA privacy rules. For example, we will not accept any payments from other organizations or individuals in exchange for making communications to our Patients about treatments, therapies, health care providers, settings of care, case management, care coordination, products, or services unless the Patient has given us his or her authorization to do so or the communication is permitted by law. We may communicate with Patients about a product that is currently prescribed so long as any payment we receive in relation to making the communication is reasonably related to the cost of making the communication. In addition, we may market to Patients in a face-to-face encounter and give Patients promotional gifts of nominal value without obtaining Patients’ written authorization.

Sale of Protected Health Information. We will not make any disclosure of PHI that is a sale of Protected Health Information without our Patients’ written authorization.

II. Patients’ Rights.

HIPAA (and associated regulations) provide our Patients with rights concerning their PHI. With limited exceptions (which are subject to review) each Patient has the right to the following:

1. Patient’s Record. Each Patient has the right to access and copy the Patient’s PHI contained in a designated record set upon written request. The designated record set usually will include prescription and billing records. We may charge Patients a fee as authorized by law to fulfill such requests. Upon receiving a Patient’s request to access his or her PHI, we are required to respond to the Patient no later than thirty (30) days after the receipt of the request. We may deny the request to inspect and copy in certain limited circumstances. If a Patient is denied access to his or her PHI, the Patient may request that the denial be reviewed. Patients may request access to their health information in a certain electronic form and format, if readily producible, or, if not readily producible, in a mutually agreeable electronic form and format. Further, Patients may request in writing that we transmit such a copy to any person or entity they designate. The written, signed Patient request must clearly identify such designated person or entity and where we should send the copy. To inspect or copy PHI, Patients should email us at privacy@physera.com.
2. Accounting for Disclosures. Each Patient can, upon written request, obtain a list of the disclosures of the Patient’s PHI by us that have occurred within the 6 years preceding the request, except for disclosures made for the purposes of treatment, payment or health care operations and certain others. We will provide Patients with an accounting no later than sixty (60) days after receipt of such request, with an option to extend for an additional thirty (30) days if we are unable to provide the accounting within the time required. There will be no charge for the first request in any twelve (12) month period, but we are entitled to charge a reasonable cost based fee for additional requests made in the same period of time. Patients should submit requests for an accounting of disclosures to privacy@physera.com.
3. Amendments. Each Patient may ask to change the record of his or her own PHI upon written request explaining why the change should be made. We will review the request, but may decline to make the change if in our professional judgment we conclude that the record should not be changed. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision and we give a rebuttal to your statement. We will respond to Patient requests no later than sixty (60) days after receipt of such request, with an option to extend for an additional thirty (30) days if we are unable to provide the accounting within the time required. Patients should submit requests for an amendment to privacy@physera.com.
4. Confidential Communications. Upon written request, each Patient can ask us to communicate with him or her about their own PHI in a confidential manner such as by sending mail to an address other than the home address or using a particular telephone number. Patient requests must state how or where the Patient would like to be contacted. We will attempt to accommodate all reasonable requests, and will not request an explanation for the basis for the request. Patients should submit requests for confidential communication to privacy@physera.com.
5. Special Restrictions. Upon written request, each Patient can ask us to adopt special restrictions that further limit our use and disclosure of the Patient’s PHI (except where use and disclosure are required of us by law or in emergency circumstances). You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for your notification purposes. We will consider the request, but in accordance with HIPAA we are not required to agree to with the request. Patients also have to right to request restriction with regards to disclosure of health information to a Patient’s health insurance company if: (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (2) the health information pertains solely to a health care item or service for which we have been paid in full (other than by your health insurance company). We will accommodate such a request, except where we are required by law to make a disclosure. If we agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment. Patients should submit requests for restriction to privacy@physera.com.
6. Revoking Authorization. If a Patient has signed an authorization to disclose information, the Patient can later revoke that authorization, in writing, to stop future uses and disclosures. Revocation will not apply to disclosures or uses already made or taken in reliance on the authorization. Patients should submit revocations to privacy@physera.com.
7. Complaints. If a Patient believes that we have violated the Patient’s rights as to the Patient’s PHI under HIPAA or if a Patient disagrees with a decision we made about access to the Patient’s PHI, the Patient has the right to file a written complaint with our Contact Person listed below. Our Contact Person is required to investigate, and if possible, to resolve each such complaint, and to advise the Patient accordingly. The Patient also has the right to send a written complaint to the U.S. Department of Health and Human Services at the address listed below. Under no circumstances will we permit any retaliation against any Patient for filing a complaint.

U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
+1.877.696.6775
www.hhs.gov/ocr/privacy/hipaa/complaints/

We are required by law to protect the privacy of our Patients’ PHI, to provide this notice about our privacy practices, and follow the privacy practices that are described in this notice. We reserve the right to make changes in our privacy practices that will apply to all PHI that we maintain. If or when we change our notice, we will post the new notice on our website.

Contact Information:

Physera, Inc.
2443 Fillmore St #380-8130
San Francisco, CA 94115
privacy@physera.com

Copyright 2019 Physera, Inc. and Physera Physical Therapy Group, PC. All rights reserved.