SILNA HEALTH PRIVACY POLICY

Silna Health, Inc. ("Silna") has created a platform ("Platform") to provide third-party payor benefit checks, eligibility verification, prior authorization services, and related services or as otherwise agreed upon by the Parties ("Services"). Silna's privacy policy for the Platform ("Privacy Policy") describes how we collect, use, process, and disclose personal information as well as the personal information of Patients (collectively, "Information").

By accessing and using Silna, you acknowledge that you have read, understood, and agree to be legally bound by and comply with this Privacy Policy and our Terms of Service. If any term in this Privacy Policy is unacceptable to you, do not use the Services and do not provide us with Information. This Privacy Policy is incorporated into our Terms of Service and by using the Service you consent to the data handling practices described here. This Privacy Policy may change from time to time as described below. Your use of the Platform after we make changes is deemed to be acceptance of those changes, so please check this Privacy Policy periodically for updates. We value your privacy. This Privacy Policy explains how we collect, store, secure, and use Information provided through the Platform. Please carefully read the full Privacy Policy below, together with our Terms of Service, to fully understand our data handling practices and your rights and obligations when using the Services.

We want to summarize a few key points up front:

  • Information you share with Silna is kept confidential and shared only with infrastructure providers who offer a confidentiality promise and critical security protections, and only to the extent necessary for its software infrastructure to operate.
  • Silna will NEVER sell your Information or exchange it with a third party for anything of value.
  • Silna will use your Information solely to provide Services to you unless you consent otherwise.
  • Silna may collect data about your interactions with the Services on an anonymized, aggregate basis for its business functions, but will do so in a way that does not allow you to be individually identified.
  • If you have any questions or concerns or if you do not agree with our policies and practices, please contact us at hello@silnahealth.com so that a member of our team can assist you.
PRIVACY POLICY
I. COLLECTION AND USE OF INFORMATION
A. WHAT INFORMATION DO WE COLLECT?

Your Information. We collect the following Information about you:

  • Full Name
  • Phone Number
  • Email Address
  • Passwords
  • Authentication Data (i.e., your signature or other credentials)
  • Notification preferences
  • Support data (i.e., if you contact us via email or otherwise for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies)

Patient Information. In connection with the Services provided by Silna, you will input personal and protected health information ("PHI") into the Platform for Silna Customer patients ("Patients") in order for Silna to provide the Services rendered. Such Information and PHI includes the following ("Patient Information"):

  • Patient Name
  • Patient Address
  • Patient Date of Birth
  • Patient Gender/Sex
  • Patient Payor Information
  • Other information, including Patients' medical records, maintained in the Silna Customer EMR that is pertinent to the performance of the Services
B. HOW DO WE USE OR SHARE YOUR INFORMATION?

We process, use and share your Information and Patient Information as follows:

  • Patient Information will be used:
    • To perform benefits checks, eligibility verification, prior authorization services, and related services on behalf of a Silna Customer's from various third-party payors and clearinghouses (collectively "Payors").
    • In connection with responses to Payor requests regarding any questions about benefits checks, eligibility verification, prior authorization services, and related services.
  • Your Information will be used to:
    • To respond to your inquiries and solve any potential issues you might have with the Services.
    • To send you details any changes to Platform, changes to Platform terms and policies, and other similar information.
    • To request feedback on Platform and to contact you about your use of the Services.
    • To find and prevent fraud, and keep our Services and Platform safe and secure.
    • To identify usage trends, effectiveness of the Services, and to improve the Services and your user experience.
    • To comply with legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
    • To send you information about changes to our terms, conditions, and policies.
    • To fulfill our obligations to you under the Terms of Use.
    • For other purposes for which we provide specific notice at the time the information is collected.
    • To allow you to communicate with other Platform users and Silna regarding specific tasks and related action items.
C. WHAT ABOUT THIRD-PARTY SERVICES?

Our Services may include third party services. Silna has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to your use of or access to any third-party services. If you use any third-party tools and features, such as third-party speech-to-text dictation or third-party video, your use of those features is subject to the terms and policies of those third parties.

D. WHERE IS THE INFORMATION STORED?

The Information collected through the Platform will be stored on secure servers in the United States. Information may be transmitted to Payors and integrated with Silna Customer EHR systems. Note that Payors may store or maintain the data on their secure servers. Neither Silna nor any Payors will transfer or store your Information or any Patient Information outside of the United States.

E. HOW LONG DO WE KEEP YOUR INFORMATION?

Silna retains your Information and Patient Information only if necessary and as required for our business operations, the provision of Services, archival purposes, and/or to satisfy legal requirements. The exact period of retention (the "Retention Period") will depend on: (i) the amount, nature, and sensitivity of the Information; (ii) the personal risk of harm for unauthorized use or disclosure; (iii) the purposes for which we process your Information, including whether those purposes can be achieved through other means; and (iv) business operations and legal requirements. Please note, all PHI and other data that may be considered part of a Patient's medical record will be maintained in accordance with all applicable state and federal medical retention laws, rules, and regulations, and that Silna is not the "source of truth" for any Patient Information or related patient medical records.

At the end of the applicable Retention Period, we will remove Patient Information and your Information from our databases. If there is any data that we are unable to delete entirely from our systems for technical reasons, we will put in place appropriate measures to prevent any further processing of such data. Please note that once we disclose Patient Information to Payors, we may not be able to access that Information and we cannot force the deletion or modification of such information by such entities.

Silna reserves the right to continue using de-identified data indefinitely, even after Information has been removed from our system. We may continue to disclose de-identified data to third parties in a manner that does not reveal personal information, as described in this Privacy Policy. Our continued use of de-identified data will comport with applicable law.

II. USER RIGHTS
A. WHAT RIGHTS DO USERS HAVE CONCERNING THEIR INFORMATION?

As a user of Silna's Services, you have certain rights relating to your Information. These rights are subject to local data protection and privacy laws, and may include the right to:

  • Access Information held by Silna;
  • Erase/delete your Information, to the extent permitted by applicable data protection and privacy laws and to the extent technologically feasible (note, however, that Patient Information will remain subject to Retention Period requirements as well as all applicable state and federal laws, including HIPAA);
  • Receive communications related to the processing of your Information;
  • Object to the further processing of your Information, including the right to object to marketing;
  • Rectify inaccurate personal information and, considering the purpose of processing the Information, ensure it is complete.

Where the processing of your Information by Silna is based on consent, you have the right to withdraw that consent at any time. If you would like to withdraw your consent or exercise any of the above rights, please contact us at hello@silnahealth.com.

For the avoidance of doubt, users will not have the ability to delete Patient Information from the Platform.

B. HOW CAN USERS UPDATE, CORRECT, OR DELETE INFORMATION OR THEIR USER ACCOUNT?

You have the right to request restrictions on uses and disclosures of your Information. While we are not required to agree to all restriction requests, we will attempt to accommodate reasonable requests when appropriate.

You may change your email address and other contact information by accessing your Silna user account ("User Account"). If you need to make changes or corrections to other information, you may contact us at hello@silnahealth.com.

You also have the right to request deletion of any Information from your Platform Use. To request deletion of your Information, please email us at hello@silnahealth.com and include a description of the Information you would like removed. We will respond to all requests for data deletion as soon as reasonably possible.

Should you decide to delete your User Account entirely, you may do so by emailing hello@silnahealth.com. By terminating your User Account, you agree that you will not be able to access any information previously contained in your User Account. You further understand that it may not be technologically possible to remove all of your Information from our systems. While we will use reasonable efforts to remove your Information, the need to back up our systems to protect information from inadvertent loss means a copy of your Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

To comply with certain requests to limit use of your Information, delete certain of your Information, or delete your User Account entirely, you understand that we may need to terminate your ability to access and/or use some or all of the Services, which may result in your inability to utilize Silna Services.

Notwithstanding the foregoing, as noted above, all PHI and certain other data that may be considered part of a Patient's medical record will be maintained in accordance with all applicable Record Retention laws, rules and regulations.

III. PROTECTION OF INFORMATION
A. HOW IS INFORMATION SECURED?

Silna understands the importance of data confidentiality and security. We use a combination of reasonable physical, technical, and administrative security controls to: (i) maintain the security and integrity of your Information; (ii) protect against any threats or hazards to the security or integrity of your Information; and (iii) protect against unauthorized access to or use of such information in our possession or control that could result in substantial harm to you.

While Silna uses reasonable security controls, WE CANNOT GUARANTEE OR WARRANT THAT SUCH TECHNIQUES WILL PREVENT UNAUTHORIZED ACCESS TO YOUR PERSONAL DATA. SILNA IS UNABLE TO GUARANTEE THE SECURITY OR INTEGRITY OF PERSONAL DATA TRANSMITTED OVER THE INTERNET, AND THERE IS NO GUARANTEE THAT YOUR PERSONAL DATA WILL NOT BE ACCESSED, DISCLOSED, ALTERED, OR DESTROYED BY BREACH OF ANY OF OUR PHYSICAL, TECHNICAL, OR ADMINISTRATIVE SAFEGUARDS. ACCORDINGLY, WE DO NOT AND CANNOT ENSURE OR WARRANT THE SECURITY OR INTEGRITY OF ANY PERSONAL DATA YOU TRANSMIT TO US. YOU ASSUME THE RISK THAT UNAUTHORIZED ENTRY OR USE, HARDWARE OR SOFTWARE FAILURE, AND OTHER FACTORS MAY COMPROMISE THE SECURITY OF YOUR PERSONAL DATA AT ANY TIME.

B. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ("DNT") feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow inthe future, we will inform you about that practice in a revised version of this Privacy Policy.

C. WHAT SAFEGUARDS ARE IN PLACE TO PROTECT INFORMATION?

Silna stores Information on secured servers and uses a combination of technical, administrative, and physical safeguards to protect your personal information. Such safeguards include, but are not limited to, authentication, encryption, backups, secure socket layer technology (SSL) encryption, and access controls.

D. HOW CAN USERS PROTECT THEIR INFORMATION?

You are solely responsible for preventing unauthorized access to your devices and your User Account by protecting your account credentials and limiting access to your devices. Silna has no access to or control over your device's security settings, and it is your responsibility to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability). We recommend that you take all appropriate steps to secure any device that you use to access Silna and the Services.

Please note that Silna will never send you an email requesting confidential information, such as account numbers, usernames, passwords, or Social Security Numbers. If you receive a suspicious email from Silna, please notify us at hello@silnahealth.com.

Further, if you know of or suspect any unauthorized use or disclosure of your User Account information or any other security concern, please notify Silna immediately.

E. WHAT IF SILNA EXPERIENCES A DATA OR SECURITY BREACH?

Silna takes the security of your Information seriously. In the event of a data or security breach, Silna will take the following actions: (i) promptly investigate the security incident, validate the root cause, and, where applicable, remediate any vulnerabilities within Silna's control which may have given rise to the security incident; (ii) comply with laws and regulations directly applicable to Silna in connection with such security incident; (iii) as applicable, cooperate with any affected Silna user or client in accordance with the terms of Silna's contract with such user or client; and (iv) document and record actions taken by Silna in connection with the security incident and conduct a post-incident review of the circumstances related to the incident and actions/recommendations taken to prevent similar security incidents in the future. Silna will notify you of any data or security breaches as required by and in accordance with applicable law.

If you have questions regarding this Privacy Policy, you may contact us at hello@silnahealth.com.