CORA HEALTH SERVICES, INC.
I. Who is CORA?
Our mission is to provide clinically excellent outpatient physical rehabilitation services for the entire community. Period. How do we achieve this every day? We rely on consistently transparent communication to deliver a positive, productive experience for our patients, referral sources, payors and employees. We operate honestly, ethically and compassionately. And we never waver from our commitment to make the right choice, and do the right thing, every time. By recruiting top-notch talent, supporting employee career growth and development and promoting from within whenever possible, we foster a happy work environment. A happy work environment makes for happy employees who truly enjoy taking exceptional care of our customers. The result is smoother management of challenges and, even better, the foresight to avoid them in the first place. Our systems are seamless. Our financial performance is sound. And our outcomes are proof positive that we do achieve our mission. Every day.
|“Personal Information”||Any information relating to an identified or identifiable individual and any information listed here.|
|our “Platform”||Our Websites.|
|“Products”||Any products available for purchase on our Platform.|
|our “Services”||Any services provided through our Platform.|
|our “Terms of Service”||Our terms of service located here.|
|our “Website(s)”||Our websites, including: https://*.coraphysicaltherapy.com/ https://*.bodygears.com/ https://*.triflexcare.com https://*.corashare.comhttps://*.corahealth.com https://*.ptprosnetwork.com|
|“CORA,” “we,” “us,” or “our”||CORA Health Services, Inc. and its subsidiaries and affiliates|
· You visit or use our Platform, including our Website;
· We communicate in e-mail, text message, and other electronic messages between you and us; and
· We communicate in person, such as on the phone or through a telehealth visit.
What is Personal Information?
Personal information is information from and about you that may be able to personally identify you. We treat any information that may identify you as personal information. For example, your name and e-mail address are personal information.
|Categories of Personal Information||Specific Types of Personal Information Collected|
|Personal Identifiers||A real name, birth date, e-mail address, home, billing and shipping address, driver’s license, state ID number, insurance policy number or Patient ID.|
|Information that identifies, relates to, describes, or is capable of being associated with a particular individual||name, username or online identifier, physical characteristics or description, shipping address, telephone number, credit card number, debit card number, or any other financial information, health or medical information, weight, body mass index (BMI), whether you are a smoker or non-smoker, medical conditions, family medical history, medications currently taking or prescribed, heart rate, step count, distance traveled, active and resting energy levels, sleep analysis, blood pressure readings, workout history, your activity levels, and accelerometer data.|
|Characteristics of protected classifications under California or federal law.||Sex and/or sex life, medical conditions, Color, Age, marital status, or Disability|
|Biometric information||Photos, healthy data, gait patterns, exercise data, physical therapy related test results, and voice|
|Internet or other electronic network activity information||IP address, device mode, device ID, OS version, device language, operating system, browser type, browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.|
|Geolocation data||Physical location or movements, local time, and local time zone.|
|User Generated Content||Information you provide to be published or displayed (hereinafter, “Posted”) on public areas of our Website or transmitted to other users of the Website or other third parties.|
Some Personal Information we collect may constitute PHI under HIPAA. Your health care provider (“Provider”) will provide you with a Notice of Privacy Practices describing their collection and use of your health information. We will only collect and use PHI for the purposes of providing the Services and we only collect the minimum amount necessary to fully perform and provide the Services on our Platform. We may combine your PHI with Personal Information that we have either obtained from you or through a third-party, such as your Provider, health insurer, employee benefits program, or other health care providers. PHI will not be used for any other purpose, including marketing, without your consent. If the Personal Information we collect or maintain is considered PHI, it will be subject to our Notice of Privacy Practices. CORA has formed an affiliated covered entity. An affiliated covered entity is a group of health care providers under common ownership or control that designates itself as a single entity for purposes compliance with HIPAA. The members of CORA Physical Therapy’s affiliated covered entity will share PHI with each other for purposes of treatment, health care operations, and payment.
How do we collect your Personal Information?
We collect most of this Personal Information directly from you. For example, when we speak to you by phone, text message, and e-mail. Additionally, we will collect information from you when you visit our Website and fill out forms or purchase our Products or Services.
We may also collect Personal Information in the following ways:
· When you make payments through the Platform. We do not collect or store financial account information, though we may receive transaction identifiers and summary information that does not include credit card or bank account numbers.
· When You Contact Us. When you contact CORA directly, such as when you contact our Customer Support team, we will receive the contents of your message or any attachments you may send to us, as well as any additional information you choose to provide.
We will also collect information automatically as you navigate through our Platform. We use the following technologies to automatically collect data:
- Facebook Pixel and Instagram. We use Facebook Pixel and Instagram, a web analytics and advertising service provided by Facebook Inc. (“Facebook”) on our Platform. With its help, we and our customers can keep track of what users do after they see or click on a Facebook or Instagram advertisement, keep track of users who access our Platform or advertisements from different devices, and better provide advertisements to our target audiences. The data from Facebook Pixel and Instagram is also saved and processed by Facebook. Facebook can connect this data with your Facebook or Instagram account and use it for its own and others advertising purposes, in accordance with Facebook’s Data Policy which can be found at https://www.facebook.com/about/privacy/. Please click here if you would like to withdraw your consent for use of your data with Facebook Pixel https://www.facebook.com/settings/?tab=ads#_=_.
- Other third party tools. We use other third party tools which allow us to track the performance of our Platform. These tools provide us with information about errors, app and website performance, and other technical details we may use to improve our Platform and/or the Services. For more information related to these third-party analytics providers please review How do we collect your Personal Information?.
We may use your Personal Information for the following purposes:
· Operate, maintain, supervise, administer, and enhance our Platform or the Services, including monitoring and analyzing the effectiveness of content on the Platform, aggregate site usage data, and other usage of the Platform and/or the Services such as assisting you in completing the registration process.
· Provide our Products and Services to you, in a custom and user-friendly way.
· Provide you with information, Products, or Services that you request from us or that may be of interest to you.
· Promote and market our Platform and/or the Services to you. For example, we may use your Personal Information, such as your e-mail address, to send you news and newsletters, special offers, and promotions, or to otherwise contact you about Products or information we think may interest you. We also may use the information that we learn about you to assist us in advertising our services on third party websites. You can opt-out of receiving these e-mails at any time as described below.
· To provide you notices or about your account.
· Contact you in response to a request.
· To notify you about changes to our Platform and/or the Services or any Products we offer or provide through them.
· Fulfill any other purpose for which you provide it.
· To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
· Anonymize and aggregate information for analytics and reporting.
· To respond to law enforcement requests, court orders, and subpoenas and to carry out our legal and contractual obligations.
· Authenticate use, detect fraudulent use, and otherwise maintain the security of our Platform and the safety of others.
· To administer surveys and questionnaires.
· To provide you information about goods and services that may be of interest to you, including through newsletters.
· Any other purpose with your consent.
We may share Personal Information with third parties in certain circumstances or for certain purposes, including:
· Our business purposes. We may share your Personal Information with our affiliates, vendors, service providers, and business partners, including our data hosting and data storage partners, analytics and advertising providers, technology services and support, and data security advisors. We may also share your Personal Information with professional advisors, such as auditors, law firms, and accounting firms.
· Your healthcare providers or family. With your consent, we may share your information, including information collected from your use of our Platform, with your health care providers and/or family members (e.g., immediate family or friends) that you designate to receive your information.
· With your consent. We may share your Personal Information if you request or direct us to do so.
· Compliance with law. We may share your Personal Information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries.
· Business Transfer. We may share your Personal Information to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of a bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our users are among the assets transferred.
· De-identified information. We may also disclose de-identified information, so that it cannot be reasonably used to identify any individual, with third parties for marketing, advertising, research, or similar purposes.
· To improve our Platform. We may use your Personal Information for internal testing, research, analysis, and product development, including to develop and improve our website/application, and to develop, improve, or demonstrate our products and services.
· To market our products and services. We may share your Personal Information with affiliates and third parties to market our products and services.
· Third Party Analytics. We use Google Analytics and Mixpanel to understand and evaluate how visitors interact with our Platform and/or the Services. These tools help us improve our Platform and/or the Services, performance, and your experience.
Your choices about how we share your Personal Information.
Each type of web browser provides ways to restrict and delete cookies. Browser manufacturers provide resources to help you with managing cookies. Please consult the documentation that your browser manufacturer provides.
If you do not wish to have your e-mail address used by CORA to promote our own Products and Services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any e-mail or other marketing communications you receive from us or logging onto your Account Preferences page. This opt out does not apply to information provided to CORA as a result of a product purchase, or your use of our Platform and/or the Services. You may have other options with respect to marketing and communication preferences through our Platform.
How do I access and correct my Personal Information?
You can review and change your Personal Information by logging into our Services and visiting either the “About You” or “Health Details” sections of our Platform. You may also Contact Us to inform us of any changes or errors in any Personal Information we have about you to ensure that it is complete, accurate, and as current as possible or to delete your account. We cannot delete your personal information except by also deleting your account with us. We may also not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
IV. Who may use the Services?
CORA operates subject to state and federal regulations, and the Platform and/or the Services may not be available in your state. You represent that you are not a person barred from enrolling for or receiving the Services under the laws of the United States or other applicable jurisdictions in which you may be located. Access to and use of the Platform and/or the Services is limited exclusively to users located in states within the United States where the Platform and/or the Services is available. The Platform and/or the Services are not available to users located outside the United States. Accessing the Platform and/or obtaining the Services from jurisdictions where content is illegal, or where we do not offer the Platform and/or the Services, is prohibited.
V. Children’s Privacy
CORA understands the importance of protecting children’s privacy in the interactive online world. Our Platform is not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 13. No one under the age of 13 should submit any Personal Information the Platform, and if we learn that we have collected or received Personal Information from a child under 13, we will delete that information. If you are the parent or guardian of a child under 13 years of age whom you believe might have provided us with their Personal Information, you may Contact Us to request the Personal Information be deleted.
VI. Does CORA respond to Do Not Track signals?
Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers. Our Platform is not currently set up to respond to those signals.
VII. Data Security
We have taken steps and implemented administrative, technical, and physical safeguards designed to protect against the risk of accidental, intentional, unlawful, or unauthorized access, alteration, destruction, disclosure, or use. The Internet is not 100% secure and we cannot guarantee the security of information transmitted through the Internet.
The sharing and disclosing of information via the internet is not completely secure. We strive to use best practices and industry standard security measures and tools to protect your data. However, we cannot guarantee the security of Personal Information transmitted to, on, or through our Services. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on our Platform, in your operating system, or mobile device.
VIII. California Privacy Rights – Notice to California Residents
If you are a California resident, certain Personal Information that we collect about you is subject to the California Consumer Privacy Act (CCPA).
Please note that the CCPA does not apply to, among other things:
- Information that is lawfully made available from federal, state, or local government records;
- Consumer information that is de-identified or aggregated;
- Medical information governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 46) of Division 1) (CMIA) or PHI that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services (HHS), Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act (Public Law 111-5); or
- A provider of health care governed by the CMIA or a covered entity governed by the privacy, security, and breach notification rules issued by HHS, established pursuant to HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or PHI under CMIA/HIPAA/HITECH Act.
Collection of Personal Information.
Currently and in the last 12 months,we have collected and/or disclosed Personal Information about you when you visit our Platform and/or obtain the Services, including information about you that you provide to us, and information we automatically collect from you or your computer or devices as you use our Platform and/or the Services. Please refer to the section titled Personal Information for additional information and details.
Categories of Sources from which we have collected Personal Information.
We collect Personal Information directly from you, for example when you provide it to us, when you contact us through our Platform, when you create a CORA account; and indirectly from you automatically through your computer or device as you use our Platform and/or the Services. We may also collect Personal Information about you from our advertising partners and service providers.
Use of Personal Information collected from California Residents.
Sharing the Personal Information of California Residents.
CORA may disclose your Personal Information to a third party for one or more business purposes. When we disclose Personal Information for a business purpose, such as to service providers, we enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
Disclosures of Personal Information for Business Purposes.
We may disclose your Personal Information for our business purposes, such as your contact information, other information you have provided to us, and unique identifiers that identify you to us or to our service providers, such as companies that assist us with marketing and advertising. Please refer to “What types of Personal Information do we collect?” and “How do we collect your Personal Information?” for additional information and details.
We disclose your Personal Information to certain third parties such as our health care provider partners, service providers, including companies that assist us with marketing and advertising. For additional information please refer to “How do we use your Personal Information?” and “How do we share your Personal Information?”.
Access Request Rights.
California residence have the right to request that CORA disclose certain information to you about our collection and use of your Personal Information over the past 12 months for the above business and commercial purposes. To submit an access request, see Contact Us. Once we receive and confirm your verifiable consumer request, we will disclose to you:
· The categories of Personal Information we collected about you.
· The categories of sources for the Personal Information we collected about you.
· Our business or commercial purpose for collecting that Personal Information.
· The categories of third parties with whom we share that Personal Information.
· The specific pieces of Personal Information we collected about you.
· If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
o sales, identifying the Personal Information categories that each category of recipient purchased; and
o disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained.
Deletion Request Rights.
California residents have the right to request that CORA delete your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your Personal Information from our records, unless certain exceptions apply.
Exercising Access and Deletion Rights.
To exercise the access and deletion rights described above, please submit a verifiable consumer request to us by either calling us at 1-(419) 221-3004 or sending us an e-mail at [email protected].
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. The verifiable consumer request must:
· Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative.
· Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We will not discriminate against you for exercising any of your CCPA rights. We will not:
· Deny you goods or services.
· Charge you different prices or rates for goods or services, including through granting discounts and other benefits, or imposing penalties.
· Provide you a different level or quality of goods or services.
· Suggest that you may receive a different price or rate for goods or services or different level or quality of goods or services.
IX. California’s Shine the Light Law.
California Civil Code Section 1798.83 (California’s “Shine the Light” law) permits users of our Platform and/or the Services that are California residents and who provide Personal Information in obtaining products and services for personal, family, or household use to request certain information regarding our disclosure of Personal Information to third parties for their own direct marketing purposes. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared your Personal Information with for the immediately prior calendar year (e.g. requests made in 2022 will receive information regarding such activities in 2021). You may request this information once per calendar year. To make such a request, please Contact Us using the information below.
How to Contact Us:
P.O. Box 150
Lima, OH 45802
Telephone: (419) 221-3004
E-mail: [email protected]