1. Once all this personal, private, vital, (medical?) data is collected, who has access to it and how is it used?
Only authorized CarePredict employees and subcontractors are permitted to access information of users and they only may do so for permitted business functions. All employees and any subscontractors are bound by privacy, confidentiality and HIPAA busienss associate agreements. The data is used for permitted business functions to support the system, training and for operation of the system. At the resident or family request and sole discretion of the facility, the facility operator may allow the data to be visible to the Resident family via the CarePredict TouchPoint app.
2. Who is responsible for ensuring the privacy of customer data once it moves to the cloud and ensure the applicable privacy and medical data laws are followed (HIPAA, etc)?
CarePredict and its Privacy Officer are responsible to comply to all applicable privacy and medical data laws (HIPPA, etc...)
We use encryption when transmitting your personally identifiable information between your system and ours, and together with our partners, employ firewalls and intrusion detection systems to help prevent unauthorized persons from gaining access to personally identifiable information. You should bear in mind that submission of information over the Internet is never entirely secure as the nature of the internet causes data to flow over multiple third party systems.
3. What data is stored and accessible? Information about your gender and general age, and name, use or not of assistive devices, handedness, well-being information and optionally an image of you; Specific locations visited within the facility, arm angles, step counts, heart rate, pulse oximeter, fall events, button presses.
4. Who else is it shared with? This data is not shared with anyone outside of the facility and CarePredict except when the resident has given explicit permission to the facility operator to share this information via the TouchPoint app to family members of the resident. We reserve the right to share aggregated data and high-level information in a way that does not identify individuals though we do not share it currently.
We do share your Information for processing and storage with third parties such as data centers that house the physical servers and storage systems that hold the data and that we have agreements in place to protect the confidentiality and security of information that we transfer and store with them.
5. Is the data anonymized or is it directly linkable back to a person (the device wearer)?When shared with the facility, resident and their families the data is linkable to an identified individual. While we reserve the right to share aggregated and de-identified data, we do not do so currently.