Notice of Privacy Practices

Introduction

Huma Therapeutics Limited (previously Medopad Limited) (‘Huma”, “we” or “us” ) is an experienced developer and provider of digital health software solutions such as the Huma App. The Huma App which is downloaded by you and used to collect information about you when you participate in a remote patient monitoring initiative, research study, trial or similar initiative. This Notice of Privacy Practices (henceforth, “Notice”) explains how we, Huma, process your personal information when you register with the Huma app. Your healthcare provider may provide you with their own privacy notice.

This Notice as a whole describes our commitment to your privacy and protecting your information. Huma may collect certain information from you on behalf of our covered entity clients in the United States. In those cases, Huma will handle information, specifically protected health information (“PHI”) in accordance with this Notice, the Health Insurance Portability and Accountability Act (henceforth, “HIPAA” ) to the extent applicable, and at the direction of your healthcare provider.

Important Information

The Huma app is not suitable for managing medical emergencies. If you think you have a medical emergency or need medical advice, you must contact your doctor or the emergency services immediately.

What information do we collect?

When you use our app, Huma may collect personal information about you. Personal information includes any information, whatever its source or form, that allows us to identify you (directly or indirectly). It does not include information which cannot be used to identify you. The information that we collect about you may include your:

Full Name;
Email address;
Age;
Biological sex;
Physician name;
Physician number;
Emergency contact details;
Phone number;
A copy of your in-app consent (such as your preferences, and signature);
Reminders;

Text-messages;
Email messages;
Push-Notifications and preferences in relation to push-notifications;
User Feedback (including answers to surveys);
Photo, audio and video information.
User interaction data (with our App), such as duration of usage, frequency of usage, online and offline status, and how you communicate with us).

Where you are a healthcare patient, information about your health is also collected via the app. The health information that is collected will depend on the nature of your condition and the purpose for which you are using the app. This could include data that is manually input by you, including into data forms, surveys or questionnaires to be filled by you, or which is collected via a connected device such as a wearable monitoring device.

This information may be considered to be ‘Protected Health Information,’ also known as PHI, as defined under HIPAA. health information may include information about your:

Medical condition;
Diagnosis related information;
Medical history;
Health Identifiers (a number or alphanumeric that allows healthcare staff and/or healthcare provider to identify you);
Current health status;
Information related to our ‘Personal Documents’ module (such as files you choose to upload to our app and metadata such as date of upload);
Medications Information;
Date of Birth;
Infections;
Mood;
Pain;

Resources;
Information related to our ‘Steps’ module
Heart rate;
Oxygen saturation;
Weight and height;
BMI;
Disabilities;
Functional ability / scores;
Symptoms;
Physical activity, including steps;
Respiratory rate;
Sleep patterns;
Responses to health questionnaires;
Communications with your healthcare provider;
Unique Identifiers such as your user ID.

How we use and share your personal and health information

We use your personal information for a variety of reasons, including:

To provide the services including our app (such as to register you as a new user, in connection with the use of our app, to communicate with you, where you partake in voluntary surveys, etc.)
To conduct our business.
To assist your provider with your treatment and health care operations.
To run our organization.
Where requested, we may provide support for insurance and billing purposes.
To h elp with public health and safety issues. This may involve sharing information to assist with preventing disease, product recalls, reporting adverse reactions, reporting suspected abuse, or preventing or reducing a serious threat to anyone’s health or safety.
For the purpose of research.
To comply with federal, state or local law, as applicable.
To assist or facilitate organ and tissue donation requests. To the extent Huma processes this information, we will assist at you or your provider’s direction.
To work with a medical examiner.
To address worker’s compensation, law enforcement, and other government requests.
To respond to lawsuits and legal actions.

Where Huma relies on your consent to process your PHI, you may withdraw or revoke your permission, which will be effective only after the date of your written withdrawal.

Your rights

Under HIPAA, you may have rights with respect to your PHI. Please note that Huma provides most of its services at the direction of your care provider and many of these rights should be exercised directly through your care provider. Your rights include:

The right to get an electronic or paper copy of your medical record. All of your information is accessible in the app, but Huma will endeavor to provide a paper copy to you at your request. For copies of your medical records, please contact your healthcare provider.
The right to correct your medical record. You can ask us to correct your information that is incorrect or incomplete. We will direct these requests with your care provider. You may edit the information you upload to Huma.
The right to request confidential communications. Generally, Huma will only contact you through our app. However, for other communications, you may elect how we communicate with you.
The right to ask us to limit what we use or share. You can ask us not to use or share certain information for treatment, payment or our operations. However, we are not required to agree to your request. Please keep in mind, these requests should generally be directed to your care provider.
The right to request a paper or electronic copy of this notice.
The right to choose someone to act for you. If you have given someone medical power of attorney or someone is your legal guardian, they can exercise these rights for you. We will verify these requests.
The right to file a complaint if you feel your rights are violated. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/ .

Disclosures of your personal information

We may share your personal information with carefully selected third parties for the purposes as outlined below. We require all third parties to respect the security of your personal information and to treat it in accordance with applicable laws and regulations. Your personal information may be shared:

Where applicable, your healthcare provider and your clinical team;
With other external third parties where you have provided your consent for us to do so, and thereafter subject to the covered entity instructing Huma. Such instructions may include: :

(a) how to de-identify your PHI,
(b) to conduct and complete the de-identification of your PHI,
(c) to share the resulting de-identified data processed for scientific research and product development purposes to selected “Project Partners” who commissioned the App and allowed us to provide the App to your healthcare provider for use.

Such disclosures will only be made for scientific research and the development and enhancement of pharmaceuticals, medical interventions, devices, treatment options that are relevant to the purposes for which the patient (or your patients, if you are a healthcare provider) use the App. Please refer to the covered’ entities’ privacy notice, which governs how your healthcare provider will process your personal information and PHI.

W e share your personal information outside our organization with our suppliers and subcontractors. Your information may be shared for the purposes described in this notice. Our suppliers and contractors include:

IT and communications service providers;
payment processors;
call centers;
repair service providers;
marketing agencies and partners; and
our courier and delivery suppliers.

We do not allow our third-party services suppliers and subcontractors to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

In addition, we may disclose information about you to other third parties in the rare instance where we have a legal obligation to do so.

Third-party links

The App may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party solutions or websites and are not responsible for their privacy notices or practices.

How is your information protected?

Huma applies appropriate administrative, technical, and physical safeguards to protect the privacy of your personal information (including your health information and PHI), in any form as may be instructed by your healthcare provider and in accordance with the laws that apply to Huma. Huma has implemented robust operational and technical controls and internal policies to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by unauthorized personnel.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your information under our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected incidents or breaches in relation to personal information, and will notify you and any applicable regulator of a breach where we are legally required to do so.

Huma may engage with suppliers, partners, or subcontractors to process personal information on our behalf. Where this is the case, there will always be a contract in place and a due diligence assessment undertaken to ensure that they have appropriate protection measures and controls in place.

How long do we keep your information?

Huma acts under the instructions of your healthcare provider in relation to the retention and disposal of your personal information, including your PHI. The length of time for which Huma retains your personal information may vary, and will be:

For the duration of your use of the Huma app;
As required to meet a contractual obligation that applies to Huma;;
As required to meet a legal obligation that applies to Huma.

Your choices under HIPAA

You can direct who you share certain information with. For example, you can provide a caregiver or provider with access to your app for the purpose of assisting you in its use. You may also elect to make certain information accessible by other parties, for example, with a patient assistance group.

Marketing

Huma does not sell PHI or share PHI for marketing purposes unless you have provided us with your consent to do so.

Getting in touch

Huma handles your personal information, specifically protected health information (“PHI”) in accordance with HIPAA (to the extent applicable) and at the direction of your healthcare provider. Your healthcare provider may provide you with their own privacy notice and may be better placed to answer queries in relation to the use of your personal information and PHI.

If you have any queries about this notice, please contact the Privacy Team at Huma at privacy@huma.com .