This policy describes how we collect and use your information when you use our mobile app.
Mobile App for Patients and Providers
Our mobile Othena app for patients connects to servers and systems operated and maintained by Composite Apps, Inc., and hosted by Amazon Web Services, and provides patients with secure, mobile access to health services (vaccinations, testing, ride requests, telehealth, and other healthcare related services) and information in those servers and systems.
What is the purpose of the app?
Othena (powered by CuraPatient) provides end-to-end infectious disease testing and vaccination management solutions helping individuals like you secure vaccines, testing, and/or treatment options for COVID-19, seasonal influenza (flu), Monkeypox, and other infectious diseases. It connects health systems and providers in managing the complex testing and vaccination journey. Othena provides users like you with a Virtual Caretaker powered by Artificial Intelligence to understand your care plan, connect your devices, and/or receive support from providers via remote distance monitoring.
Upon downloading the Othena app and inputting information, you are provided status info, estimated vaccination dates, vaccination schedules, follow-up, complication tracking, emergency contacts, and/or support tools – giving you a support system for infectious disease prevention.
How do we use your information?
- We do not sell or license your information.
- If you choose to add a profile photo to our mobile app, you may upload a photo from your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare provider – we do not interact with that photo in any way.
- If you choose to view documents from your healthcare provider (such as visit notes or images) using our mobile app, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
- If you choose to include a photo or video in a message you send to your healthcare provider using our mobile app, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains available in your camera app until you choose to delete it.
- If your healthcare provider offers telehealth visits using our mobile app, when you join a visit with your provider, we will ask for permission to access your device’s video and audio functionality to make the telehealth visit possible. We do not record or store video or audio data from these visits.
- If your healthcare provider offers automatic appointment arrival and you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
- If your healthcare provider offers location-based check in for in-person appointments, you may choose to allow our mobile app to interact with your location data for those purposes. We do not store your location data.
- If your healthcare organization allows you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
- While you use our app, if you choose to call a phone number displayed within the app, we will ask for permission to access your device’s phone to place a call to the phone number. We do not store your call history or data about the call.
- While you use our app, we collect non-identifying information so we can provide customer service to you or your healthcare provider and understand how people use our mobile app so we can improve our products. This information includes the time you began using the app, the healthcare organization you interacted with, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
- You may contact us through the methods listed on Our Website. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.
What personal information do we collect from the people that use our app or web-based patient portal?
When you register on our app or web-based patient portal, the following information is collected from you: Name, Email ID, Mailing Address (Location), Phone Number, Date of Birth, Camera, Photos, Images, Files, Audio, Video, and/or other details.
When do we collect information?
We collect information from you when you register on our site, fill out a form, use Live Chat, open a Support Ticket, and/or enter information on our website and/or app.
Do we automatically collect information?
We and our service providers may also automatically collect and use information in the following ways:
- Through your browser: Certain information is collected by most browsers, such as your Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and Internet browser type and version. We may collect similar information, such as your device type and identifier, if you access the Service through a mobile device. We use this information to ensure that the Service functions properly.
- IP address: Your IP address is a number that is automatically assigned to your computer by your Internet Service Provider. An IP address is identified and logged automatically in our server log files whenever a user visits the Service, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. We use IP addresses for purposes such as calculating Service usage levels, diagnosing server problems, and administering the Service. We may also derive your approximate location from your IP address.
- Device Information: We may collect information about your mobile device, such as a unique device identifier, to understand how you use the Service.
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, use our app, and/or make use of certain other site and/or app features in the following ways:
- The personal information collected from you at the time of registration on a website and/or app is used to help you with your vaccination, testing, and/or treatment experience and/or to provide information required by appropriate Public Health Services Agency whenever asked by them.
- To personalize the patient experience and to allow us to deliver the type of content and product offerings in which patients are most interested.
- To allow us to better service you in responding to customer service requests.
- To quickly process scheduling, location services, and other transactions.
- To send periodic emails regarding the patient experience and/or other products and services.
What permissions does a user need to give while accessing the mobile app?
While using the Othena app, you need to give permission to access the following information to the app in order to improve the care experience:
- Allowing Othena access to your location will enable you to book nearby clinics for testing, vaccinations, or ride requests.
Camera and Storage:
- Allowing Othena access to your camera and storage will enable you to upload images into your Othena profile, such as photo IDs and insurance cards.
- Your camera and microphone are also necessary for telehealth appointments.
- Storage is necessary for the downloading of digital vaccination records and testing results.
For Android Users – Required Google Play Disclosures for Certain Health Apps
Google has determined our mobile app is subject to their COVID-19 apps requirements, and we are required to provide the following information so we can make our mobile apps available to you in the Play store.
- Our mobile apps access your microphone only if you choose to use your microphone to navigate our mobile app. Our mobile app uses your saved images only if you choose to add a profile image to a profile in our mobile app. This information is not used in connection with COVID-19.
- Our mobile app accesses, collects, uses, and shares your information (including video, audio, images, files, phone) as stated in the above section titled, “How do we use your information?” We also prominently highlight these uses, describe the type of data being accessed, and obtain your consent for these purposes as you use our mobile app.
- Our mobile app was not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow public health agencies to connect patients, providers, and services, and to allow patients access to health information on file with healthcare providers. Your healthcare provider may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile app. You may choose if or how you want to access, display, or use the information – similarly to how you can make those choices about health information relating to other conditions, services, tests, or vaccinations.
- Your healthcare provider may allow you to use our mobile app to conduct telehealth appointments. Our mobile app only provides the technical support for those appointments to happen. We do not interact with any health information about you exchanged during any telehealth appointments.
How do we protect patient information?
- We only provide articles and information. We never ask for credit card numbers.
- We use regular Malware Scanning.
- Personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive information patients supply is encrypted via Secure Socket Layer (SSL) technology.
- We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of their personal information.
- All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use 'cookies'?
- Understand and save user preferences for future visits.
- Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn them each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through their browser settings. Since each browser is a little different, you should look at their browser’s Help Menu to learn the correct way to modify cookies.
If you turn cookies off, some of the features that make the site experience more efficient may not function properly.
We do not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
We have not enabled Google AdSense on our site but we may do so in the future.
California Online Privacy Protection Act
In accordance with CalOPPA, we agree to the following:
Users can visit our site anonymously.
Users can change their personal information:
- By logging in to their account
How does our site handle Do Not Track signals?
We honor Do Not Track signals, and we Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we do not allow third-party behavioral tracking
Children Online Privacy Protection Act (COPPA)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, which is the United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States, and the concepts they include have played a significant role in the development of data protection laws around the globe.
Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices, we will take the following responsive action, should a data breach occur:
We will notify users via email:
- Within 7 business days
We will notify the users via in-site notification:
- Within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect user email addresses in order to:
- Send information, respond to inquiries, and/or other requests or questions
To be in accordance with CAN-SPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
If at any time a user would like to unsubscribe from receiving future emails:
- They can email us at: [email protected]
By following the instructions at the bottom of each email, we will promptly remove a user from ALL correspondence.
How to contact us
300 Spectrum Center Dr. #250
Irvine, California 92618
OTHENA C/O Composite Apps
Last updated on 2022-11-29