The Effective Date of this Privacy Policy is September 9, 2016

 

As part of the day-to-day business operations of Onlife Health, Inc. (ONLIFE), including operation of the web site (www.OnlifeHealth.com), we receive and maintain certain information regarding Individuals. Information received from the web site depends in part on what you do when you visit or transact on the web site. ONLIFE respects the privacy of every Individual who visits our web site. Therefore, we would like to define the types of information we receive and describe how it is maintained in this privacy policy ("Privacy Policy"). This policy refers only to the information collected and maintained from www.OnlifeHealth.com
For the purpose of this Privacy Policy, the following definitions describe the types of users who may access and use the information, products and services offered by ONLIFE:

  • A Participant is an Individual whose information is created, collected, used or stored in ONLIFE's products or services available on www.OnlifeHealth.com
  • A Registered User (User) is any Participant authorized to enter the secure sections of www.OnlifeHealth.com.
  • An Employer is the organization that the Onlife member is employed by.
  • An Insurer is the organization that the Onlife’s member’s employer contracts with to provide health benefits to the employer’s members.

 

USING THIS WEB SITE CONFIRMS YOUR CONSENT AND AGREEMENT TO OUR PRIVACY POLICY, INCLUDING COLLECTION, USE AND DISCLOSURE OF INFORMATION BY ONLIFE AS DESCRIBED HEREIN. YOUR USAGE ALSO SIGNIFIES YOUR COMPLIANCE WITH OUR APPLICABLE TERMS OF SERVICE AGREEMENT.

 

Registered Users
Participants must register to access the secure areas of ONLIFE. Privacy and security are top priorities at ONLIFE. For that reason, ONLIFE has implemented a process that helps protect Protected Health Information (PHI), as that term is defined by the Health Insurance Portability & Accountability Act of 1996 (HIPAA 45 C.F.R. § 160 &164), contained on our site from inappropriate access. Before a Participant can access web based services, the Participant must first register to obtain site access.

 

E-Mail

Participants: Do not send e-mail containing personal information to ONLIFE. ONLIFE cannot secure personal information sent by e-mail because such information can be accessed by other Internet users. If you send ONLIFE a question by e-mail, ONLIFE's use or disclosure of that information will be limited to the minimum necessary for responding to your question.

 

Information Collected During Registration

Participants can access our web site to utilize the products and services offered by ONLIFE. Before gaining access to these services ONLIFE may ask for personal information (such as date of birth, participant identification number, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. ONLIFE, its employees or affiliates will not have access to your password that you create. If you receive notification by mail and did not register to access the services available on our web site, please contact ONLIFE immediately at support@OnlifeHealth.com.

 

Statistical Data on Website Usage: ONLIFE continually strives to enhance the features and services that are offered to our web site browsers. In an effort to determine the effectiveness and functionality of our web site, we monitor aggregated data regarding the use of our web site. For instance, we may track the number of visits to a certain page; direct links from other web sites; and frequency of usage for independent services. Although we reserve the right to share this information as indicated above, this statistical data, does not contain any personal information that could disclose the user's identity. 

 

Disclosure of Nonpublic Personal Information, including PHI

We restrict access to nonpublic personal information, including PHI. Information may be shared with entities (i.e. group administrators, vendors) that assist ONLIFE in providing services to our Registered Users. Information is provided to nonaffiliated third parties as required or allowed by federal and state law. ONLIFE maintains physical, electronic, and procedural safeguards that comply with federal regulations to guard nonpublic personal information.

 

Disclosures to Participants: ONLIFE discloses nonpublic personal information, including PHI, to Participants through the ONLIFE Portal. This information is disclosed directly to the Participant or their designated representative. Information on participant’s HIPAA member rights are available on the website, www.Onlifehealth.com. To ensure that PHI is disclosed to the appropriate Member, ONLIFE has implemented the following safeguards:

  • Participant based registration process requires each Participant to create a unique user name and password.
  • ONLIFE must receive a written request before access will be granted to another individual, including spouses and dependents over 18 years of age (exception for access to minor dependent information).

 

Disclosure to Employers:  Onlife cannot disclose any member information including PHI and PII contained in the Health Assessment, or in any of the coaching interactions that are documented within the Onlife Health Coaching platform, directly to the employer. Only aggregate data, based on the entire employee population can be passed back to the employer.

An example of aggregate data would be the percentage of smokers vs non-smokers, or the percentage of employees that are eligible for an exercise incentive.

 

Disclosure to Health Benefit Plans:  If your wellness benefits are provided through your health insurance plan, Onlife shares your nonpublic personal information, including PHI, to the health

Insurance plan as necessary for the health insurance plan to administer its health plan.  Onlife limits the information to the amount of information reasonably necessary for the health plan to perform its function for the health plan.  In addition, the health plan and Onlife have executed a Business Associate Agreement under the Health Insurance Portability and Accountability Act of 1996 that governs the sharing of PHI among the parties.

 

Disclosure to Third Parties: ONLIFE vendors and contractors sometimes have limited access to your nonpublic personal information, including PHI, while providing products or services to ONLIFE. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of our web site and the services provided through the site. Access to your nonpublic personal information, including PHI, by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for ONLIFE. We also contractually require that our operations and maintenance contractors 1) protect the privacy of your nonpublic personal information, including PHI, consistent with this Privacy Policy, and 2) not use or disclose your nonpublic personal information, including PHI, for any purpose other than providing us with products and services as required by law.

 

Disclosure to Third Parties for TPO:  Onlife may release information to third parties for treatment, payment and operations (TPO) as allowable under the Health Information Portability and Accountability Act (HIPAA).

 

Disclosure of Aggregate Information: ONLIFE may disclose aggregate information to third parties. This may contain health information; however, it is not associated to a specific individual. For example, we might inform third parties regarding the number of users of our web site and the activities they conduct while on our site. Depending on the circumstances, ONLIFE may or may not charge third parties for this aggregate information. ONLIFE requires parties with whom aggregate information is shared to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases. 

 

Retention of Information Collected

The nonpublic personal information collected and maintained from this web site will be retained for seven (7) years from the date of its creation or the date when it was last in effect, whichever is later. 

 

Use of Cookies

A "cookie" is a mechanism that permits a web server to send small pieces of information or text through your browser to be stored on your hard drive. This information or text allows the server to identify frequent visitors of individual web sites. ONLIFE may place a cookie on your computer that will allow us to identify users so that we may enhance their experience on our web site. Our cookies are not used to track your activity on any site other than www.OnlifeHealth.com nor will they be utilized to send unsolicited e-mail or provide us with the Users personally identifiable information. 

 

Direct Access to Other Sites

ONLIFE offers direct links to other separate and individual web sites that offer information, which could be beneficial to Individuals. Since these direct links are separate web sites independent of www.OnlifeHealth.com, they may not follow the same privacy guidelines set forth here. ONLIFE assumes no responsibility or control over the acts or privacy policies of the third party web sites to which ONLIFE provides direct links. We suggest that you contact the appropriate controlling authorities of these sites or review their privacy policy. 

 

Security

ONLIFE takes precautions to protect its Registered Users' nonpublic personal information. When Registered Users submit sensitive information to ONLIFE, the information is protected both online and off-line. You can tell when secure mode is activated by noting a gold lock or key on your browser's taskbar, which indicates that you are secured. Our SSL certificate is provided by Comodo (www.comodo.com).

 

While ONLIFE uses Secure Socket Layer (SSL) encryption to protect sensitive information online, ONLIFE protects User-information off-line, using data at rest encryption. Only employees who need the information to perform their jobs are granted access to personally identifiable information(PII). ONLIFE employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, all employees are kept up-to-date on ONLIFE security and privacy practices. Finally, the servers that store personally identifiable information are kept in a secure environment at the Onlife Health Corporate Offices in the United States.  All databases are encrypted at rest and the ONLIFE data center is in compliance with federal regulations including HIPAA concerning privacy.

 

Despite our efforts to protect your nonpublic personal information, including PHI, there is always some risk that an unauthorized third party may illegally gain access to systems or that transmissions of your information over the Internet may be intercepted. If you believe someone has accessed your information without authorization, please contact ONLIFE immediately at support@OnlifeHealth.com

 

Opt Out of Registration/Correcting/Updating Personal Information

If the Personally Identifiable Information (PII) of a Registered User of our services changes ONLIFE will endeavor to provide a way to correct or update that Registered User's personal data from our registration files. To correct or update personal information, contact Onlife at support@OnlifeHealth.com or call Onlife Participant Services at 877-709-0201 

 

ONLIFE Reserves the Right to Modify its Privacy Policy

ONLIFE reserves the right to change or update this Privacy Policy at any time. Please review this privacy policy on a regular basis to review any changes.