Effective date: 10/21/20

Tonic Solutions, an R1 RCM company, (“Tonic”, “we”, “us”) is committed to ensuring that your privacy is protected. R1 operates the tonicforhealth.com website (the “Website”) and accompanying applications (the “Apps”) which provide patient feedback and hospital intake services. Collectively, our website and applications are referred to in this Privacy Policy as our “Service.”

This page is used to inform our customers regarding our policies with the collection, use, and disclosure of personal information that you provide when you use our Service, and other information that is collected from your use of the Service. You should check this page often to ensure that you are aware of any changes to our policy.

Under the Health Insurance Portability and Accountability Act (HIPAA), Tonic is a “business associate” of its healthcare provider customers, which means that Tonic is an individual or entity that is not a member of the “covered entity’s” (i.e., the healthcare provider’s) workforce, and performs certain functions involving the use or disclosure of protected health information (PHI) on behalf of the covered entity. As a business associate, Tonic is subject to all applicable HIPAA privacy and security requirements.

If you choose to use our Service, then you agree to the collection and use of information in relation with this policy. The personal information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which is accessible at tonicforhealth.com/legal, unless otherwise defined in this Privacy Policy.

Information Collection and Use

For a better experience while using our Service, we may require you to provide us with certain personally identifiable information, including but not limited to your name, phone number, address, and medical information, including PHI. Collectively, this is referred to as “Personal Information” in this Privacy Policy. The information that we request will be retained by us and used as described in this Privacy Policy.

Information Uses

We use the information gathered to provide you with a better product and service. Uses include:

  • Internal record keeping
  • Improve our products and services
  • Customize our service according to your interests
  • Provide information to third party partners that improve the product you use

We never sell or rent your Personal Information.

Log Data

We want to inform you that whenever you use our Service, we collect data and information (through third party products) on the Apps and Website called Log Data. This Log Data may include information such as the device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the Apps when utilizing our Service, the time and date of your use of the Service, and other statistics. When you use our Website, the Log Data also may include information such as the domain from which you access the Website, the type of browser you use and the pages or screens that you viewed. All Log Data are stored securely, and may only be accessed by Tonic employees or designees on a need-to-know basis for a specific purpose. Tonic uses Log Data to help us design our Website and the Apps, to identify popular features, to resolve user, hardware, and software problems, to make the Website and the Apps more useful to users and for security purposes.

Cookies

Cookies are files with a small amount of data that are commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your device’s internal memory or computer’s hard drive.

Our Website may use these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose including marketing, advertising, or other use-based data mining purposes other than improving health management or for the purpose of health research (only with permission.)

Before any health-related patient research studies that we perform, we first obtain consent from participants or, in the case of minors, their parent or guardian. Such consent includes the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process.

Security

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. The Website and the Apps have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control both during transmission and once the information is received. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below or by emailing PX-Security@R1RCM.com.

With respect to PHI, Tonic puts the following safeguards in place to ensure security of your data:

  • Tonic does not sell, rent, disclose or use PHI without patient authorization or unless permitted or required by law.
  • PHI is secured through password protection and can only be accessed by authorized users within the healthcare practice.
  • PHI is firewall-protected and under electronic surveillance 24 hours a day, seven days a week.
  • PHI is only temporarily stored on Tonic tablets until submitted and then it is immediately deleted. All temporarily stored data is encrypted so that if a session ends unexpectedly, or if a tablet is lost or stolen, no PHI can be accessed.
  • PHI transmitted between the Tonic platform and Tonic’s data centers is protected using industry-standard TLS (256-bit AES keys).
  • Patient data is stored in a highly-secured data center, protected by multi-layer protocols. This means:
    • The servers that house the data are stored in a secured building with multiple layers of physical security.
    • At the network level, these servers are placed in a secure subnet protected by firewalls.
    • Front-end servers and database servers are on physically different networks and have limited connectivity.
    • The security of all server networks is monitored by an intrusion detection system that is staffed 24/7 by trained security professionals.
    • Within the database server, data is stored in an encrypted form.
    • Patient data is stored using AES 256-bit encryption.

Tonic is SOC compliant and ISO 72001 and FIPS 140 compliant.

Employee Access

We are committed to protecting the privacy of the data and Personal Information you transmit through the Service. We restrict access to your personally identifiable information to only those employees who need to know that information in order to provide benefits or services to you. In addition, we train our employees on the importance of confidentiality and maintaining the privacy and security of your information.

Links to Other Sites

Our Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over, and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page. Any revised Privacy Policy will apply both to personal information we already have at the time of the change, and any personal information created or received after the change takes effect.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at support@tonicforhealth.com.