Privacy Policy

Your Information. Your Rights. Our Responsibilities.

Empower Health Services, LLC (“EHS”) is committed to protecting the privacy and security of your health information. This Privacy Policy describes how we collect, use, and safeguard your Protected Health Information (PHI) in compliance with applicable United States laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA), where applicable.

How Is Your Health Information Collected?

We collect PHI and other personal information when you interact with us through various means, including:

• Empower.Health Portal: When you complete a health questionnaire, register for services, or participate in challenges, rewards, and incentive programs.
• Health Screenings & Immunization Services: When you visit a sponsored Empower Health screening event or Laboratory Patient Service Center.
• Health Provider Forms: When you or your Primary Care Physician submit a completed Health Provider Form.
• Activity Tracking Devices: By downloading and using our application (e.g., `Empower.Health – Sync`) and connecting it to your activity tracker, you consent to our collection of data, we may collect data through connected activity tracking applications.
• Biometric Authentication: To improve login security, biometric data (e.g., facial recognition or fingerprint) may be used during authentication. This data is processed directly by the biometric tools on your device (e.g., iOS or Android fingerprint or screen lock features) and is not stored or retained by EHS.

You may revoke access to your activity tracker or biometric authentication features at any time by adjusting your app or device settings or contacting us.

How We Use Your Health Information

We may use your PHI for the following purposes:

• Treatment: To provide you with health screening results and related health services.
• Payment: To process payment or verify insurance eligibility.
• Health Care Operations: To evaluate and improve service quality, perform internal audits, and manage administrative functions.

Unless otherwise stated, these uses do not require special permission under HIPAA. For any other purpose, we will request your signed authorization, which you may revoke at any time.

We do not:

• Use or disclose your PHI for marketing purposes.
• Sell your PHI.

Use of Technology, Data Analysis, and AI

To improve the quality and efficiency of our services, Empower Health Services may utilize artificial intelligence and data analytics tools for general system optimization, aggregate reporting, trend analysis, and education. All vendors or service providers who process PHI on our behalf operate under HIPAA-compliant Business Associate Agreements (BAAs) or Data Sharing Agreements which legally bind them to protect your information.

Data Retention and Deletion

• Retention: Data older than five years is moved to a secure backup system and subsequently deleted in accordance with our data retention policy.
• Deletion: You may request deletion of your data collected via our services at any time by contacting us.

You may also delete data collected via your activity tracker directly within the mobile application.

How We Secure Your Information

We maintain technical, physical, and administrative safeguards to protect your PHI, including:

• Encryption of data, both while in transit and at rest.
• Role-based access restrictions to ensure only authorized personnel can access your information.
• Regular security audits and monitoring to identify and address vulnerabilities.

If a data breach occurs involving your unsecured PHI, we will notify you in writing within 60 days as required by HIPAA.

Third-Party Sharing

EHS shares your PHI with trusted third-party service providers only as necessary to deliver services such as laboratory testing, secure data storage (cloud hosting), analytics, health coaching, and health education. All such partners are legally bound by HIPAA-compliant Business Associate Agreements (BAAs) that require them to safeguard your PHI and use it only for authorized purposes.

We do not share activity tracker data (e.g., step count, sleep, or exercise data) with third parties without your express consent. However, we may disclose such data when legally required (e.g., in response to a subpoena or court order), or when necessary to protect your safety or the safety of others.

If you choose to participate in walking programs or organized challenges, your step counts may be visible to fellow participants and the sponsoring organization. This disclosure is limited in scope and purpose, and you may opt out of participation in such programs at any time.

Your Rights

You have the following rights regarding your PHI:

• Request Restrictions: You may request limitations on how we use or disclose your PHI.
• Request Amendments: You may ask us to amend your PHI if it is inaccurate or incomplete.
• Access Your PHI: You may request an electronic or paper copy of your PHI.
• Accounting of Disclosures: You may request a record of certain disclosures we have made over the past six years.
• Request Confidential Communications: You may request we contact you at an alternate address or phone number.
• Notification of Breach: You will receive notice if there is a breach of your PHI that affects you.
• Right to a Paper Copy: You may request a paper copy of this notice at any time.

California Residents – CCPA Rights