Privacy

Notice of Privacy Practices
United States Privacy Policy
United Kingdom Privacy Policy

 

Notice of Privacy Practices

Effective May 1, 2016.

This notice describes how Personal and Medical Information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Why?

As participants in your health care we are required by applicable law to maintain the privacy of your Personal Information, including your Protected Health Information ("PHI") as defined by the U.S. Health Insurance Portability and Accountability Act of 1996 (“Personal Information”). We are also required by applicable law to provide you with notice of our legal duties and privacy practices. This notice describes our privacy practices, our legal duties, and your rights concerning your Personal Information. We are required to follow the privacy practices described in this notice while it is in effect. We reserve the right to revise this notice and to make the new notice provisions effective for all Personal Information we maintain. If we revise this notice, we will post the revised notice on this page. We are also required by applicable law to notify you if you are affected by a breach of unsecured Personal Information.

What?

In providing diagnostic services, the types of information we collect may include:

  • Name
  • Gender
  • Date of Birth
  • Medicare and Secondary Insurance Information
  • Address and Phone Number
  • Email address, password, login
  • Payment information
  • Prescribing Physician and Office
  • Primary Indication
  • ECG Recording
  • Symptoms and Activities You Report, by Time and Date
  • Activity Level During Monitoring
  • Patient Identification Number
  • Clinical Information and Diagnostic Results.

How?

By providing diagnostic services to our patients, we regularly collect information through:

  • Phone conversations
  • Patient submitted documents
  • Prescribing physician submitted documents
  • ZIO® Event card transmissions
  • Return of ZIO® XT Patches

 

HOW WE MAY USE YOUR INFORMATION

We have the right to use and disclose your Personal Information for your treatment, to secure payment for your health care, and to operate our business.

 

 

WITHOUT SPECIFIC AUTHORIZATION

Does iRhythm Share? Can You Limit This Sharing?
To You We must disclose your Personal Information to you, as described in the “Your Rights” section of this notice. Yes Yes
To members of our group We may share your Personal Information with any members of our group, including the parent company, affiliates, subsidiaries and branch offices, to which it is reasonably necessary or desirable for us to disclose your information in order to carry out the data processing purposes described in this notice. Yes Yes
For Payment We may use and disclose your Personal Information to obtain payment for services provided to you. We may disclose your Personal Information to payment service providers. We may also disclose your Personal Information to a health care provider or plan may obtain payment of a claim or engage in other payment activities. Yes Yes
For Treatment We may use and disclose your Personal Information to provide and manage diagnostic services for you. Our use and disclosure may include consulting with other health care providers about the diagnostic services we provide. For example, we will release the results of diagnostic services to your prescribing physician treating you, or in a medical emergency, if applicable. To assist us in providing these services, third party suppliers and service providers may have access to or process your Personal Information. Yes No
For Health Care Operations We may use or disclose your Personal Information to conduct quality assessment and improvement activities, to conduct fraud and abuse investigations, to engage in care coordination or case management, to communicate with you about health related benefits and services or treatment alternatives that may be of interest to you, and to communicate with your health care provider or health plan. If you are located in the U.S., we may disclose your PHI to a health care provider or health plan subject to federal privacy laws, as long as the provider or plan has or had a relationship with you and the PHI is disclosed only for certain health care operations of that provider or plan. We may also disclose your Personal Information to other entities with which we have contracted to perform or provide certain services on our behalf (e.g., business associates). Yes No
For Business Operations We may use both De-Identified and Limited Data Sets (a data set that, per the Health Insurance Portability and Accountability Act of 1996 regulations, has had patient-identifiable data removed except for dates of service) for development of future products, devices or services.
Once information is De-Identified through an approved method, the data is stripped of individual identifiers, at which point iRhythm may share this information without restriction externally to support research, market development, trend analysis, etc.
Information containing Limited Data Sets may be provided externally to support market and product development. However, iRhythm will obtain the required data use agreements when transferring Limited Data Sets to external parties.
Yes Yes
For Public Health And Safety We may use or disclose your Personal Information to the extent necessary to avert a serious and imminent threat to the health or safety of you or others. We may also disclose your Personal Information for public health and government health care oversight activities and to report suspected abuse, neglect or domestic violence to government authorities Yes No
For Process And Proceedings We may disclose PHI in response to a court or administrative order, subpoena, discovery request or other lawful process. Yes No
As Required By Law We may use or disclose your Personal Information when we are required to do so by law. Yes No
For Process And Proceedings We may disclose your Personal Information in response to a court or administrative order, subpoena, discovery request or other lawful process. Yes No
In case of a reorganization, merger, sale or similar proceeding We may disclose your Personal Information to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, or in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets. Yes Yes
For Law Enforcement We may disclose your Personal Information to a law enforcement official with regard to crime victims and criminal activities. Yes

No

Special Government Functions We may disclose the Personal Information of military personnel or inmates or other persons in lawful custody under certain circumstances. We may disclose Personal Information to authorized officials for lawful national security activities, as permitted under applicable law. Yes

No

For Research, Death, And Organ Donation We may use or disclose your Personal Information in certain circumstances related to research, death or organ donation. Yes

No

For Workers’ Compensation We may disclose your Personal Information as permitted by workers' compensation and similar laws. Yes

No

  Without Specific Authorization    
  We are required to obtain your written authorization before we (1) use and disclose Personal Information for marketing purposes, (2) sell Personal Information to others, and (3) make most uses of psychotherapy notes (which we do not collect).  Uses and disclosures of Personal Information not described in this notice will also only be made with your written authorization.  If you give us such authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Yes Yes
  While the law permits us in certain circumstances to disclose your Personal Information to family, friends and others, we will do so only with your authorization. In the event you are unable to authorize such disclosure, but emergency or similar circumstances indicate that disclosure would be in your best interest, we may disclose your Personal Information to family, friends or others to the extent necessary to help with your health care coverage arrangements. Yes Yes

 

International Data Transfers

We may transfer your Personal Information to recipients in countries other than the country in which the Personal Information was originally collected. These countries include the United Sates, where we are headquartered and where some of our service providers process and host your Personal Information. The laws in those countries may not offer the same level of data protection as the country in which the information was initially provided. When we transfer your Personal Information to recipients in other countries, we will protect the information as described in this notice. If you are located in the European Economic Area (“EEA”), please note that we have implemented safeguards to ensure your Personal Information is protected when transferred, in accordance with applicable data transfer restrictions.  

 

YOUR RIGHTS

Access Subject to applicable law, you have the right to receive information about, and review in person, or obtain copies of, the Personal Information we maintain about you. We may charge you a reasonable fee as allowed by law to obtain this information.
Amendment or Deletion Subject to applicable law, you have the right to request that we amend or delete your Personal Information.
Disclosure Accounting Subject to applicable law, you have the right to request and receive a list of certain disclosures made of your Personal Information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee as allowed by law to respond to any additional request.
Use/ Disclosure Restriction or Objection You have the right to request that we restrict our use or disclosure of your Personal Information for certain purposes. Subject to applicable law, you also have the right to object to the processing of your Personal Information.  We may not be required to agree to a requested restriction or objection. We will agree to restrict use or disclosure of your Personal Information provided that the law allows and we determine the restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still disclose your Personal Information in a medical emergency and use or disclose your Personal Information for public health and safety and other similar public benefit purposes permitted or required by law.
Withdraw Consent YIf you are located in the EEA, you may at any time withdraw your consent to our processing of your Personal Information. 
Confidential Communication If you are located in the U.S., you have the right to request that we communicate with you in confidence about your PHI at an alternative address.
Privacy Notice You have the right to request and receive a copy of this notice at any time. For more information or if you have questions about this notice, please contact us using the information listed at the end of this notice.

 

Note that if you exercise your right to object or your rights of restriction or deletion, if you decline to share certain Personal Information with us, or if you withdraw your consent to our processing of your Personal Information, we may not be able to provide to you some of the features and functionalities of our products and services.

If you wish to exercise your rights to your Personal Information, you may contact us using the contact information listed at the end of this notice.

 

COMPLAINTS / VIOLATIONS

If you are concerned that we may have violated your privacy rights, you may inquire with us using the contact information listed at the end of this notice. If you are located in the U.S., you may also submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address for the U.S. Department of Health and Human Services upon request.

We support your right to protect the privacy of your Personal Information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

To Limit Our Sharing Or Submit Complaints: Call 1-888-693-2401 - our Customer Service staff will assist you.

Questions? Call 1-888-693-2401 (US) or 0-808-189-3411 (UK/EEA)

 

 

WHO WE ARE

Who Is Providing This Notice?

This privacy notice is being provided by iRhythm Technologies, Inc., and applies to the diagnostic services offered in connection with prescribed health care.

If you are located in the EEA, the entity responsible for the collection and processing of your Personal Information is iRhythm Technologies Ltd.  (address below). 

 

WHAT WE DO

How Does iRhythm Protect My Personal Information?

To protect your Personal Information from unauthorized access and use, iRhythm has implemented security safeguards that comply with applicable law to secure physical and electronic information.

 

COMPANY CONTACT DETAILS

iRhythm Technologies, Inc.
650 Townsend Street

Suite 500

San Francisco, CA 94103
United States
Attn: Privacy Official
Phone: 415.632.5700
Fax: 415.632.5701
Contact Us

iRhythm Technologies Ltd.
1 Farnham Road
Guildford
Surrey
GU2 4RG
United Kingdom
Phone: 0-808-189-3411
Fax: 0-808-189-3303
Contact Us

 

 


 

United States Privacy Policy

Effective January 18, 2017

iRhythm Technologies, Inc. ("iRhythm"), values the security of your personal information. This Website Privacy Policy ("WPP") is intended to inform you of what data is gathered through iRhythm's iRhythmtech.com website (the "Website"), how this information is used, and what measures are taken to maintain the privacy of your information. 

To Whom Does This Website Privacy Policy Apply?

This WPP applies to all users of the Website. This document does not explicitly refer to the privacy policies surrounding patient information, which are governed by Health Insurance Portability and Accountability Act ("HIPAA") regulations and the Health Information Technology for Economic and Clinical Health Act ("HITECH Act"). If you are a patient, please see our Notice of Privacy Practices ("NPP") at www.irhythmtech.com. The NPP addresses our privacy practices, our legal duties, and your rights concerning your protected health information.

A Word About External Websites

External websites that may be referenced within this Website are not covered by this WPP; they have their own policies, and we encourage you to review those policies prior to using such external sites.

What Information Do We Gather About You And What Do We Do With It?

When using the Website, iRhythm collects personal, activity, and session information from you. What we gather and how we use it is explained below .

Information You Provide

We collect any information that you provide when you use the Website. For example, the Website may include web pages that give you the opportunity to provide us with personal information about yourself. You do not have to provide us with this information if you do not want to; however, that may limit your ability to use certain functions or to request certain services or information.

Information Automatically Collected From You

We may automatically collect certain technical information from your computer or mobile device when you visit the Website, such as your Internet Protocol address, your browser type, your operating system, the pages you view, and the search terms you enter.  

We and our service providers may collect information using cookies or similar technologies. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device.  Cookies may enable us to personalize your experience on the Website, maintain a persistent session, and carry out marketing and other activities.  The Website may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).  Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies; however, this may limit your ability to take advantage of all the features on the Website. More information on how to disable cookies can also be obtained by using our Contact Us form

 

How Do We Use the Information Collected?

Operation of the Website

We use and store information we collect about and from you to respond to requests that you make, improve and manage the Website, better tailor content, offers and features, and for purposes disclosed at the time you provide your information or otherwise with your consent.

Marketing and Communications

We may use your information to send you electronic newsletters or promotional emails, unless you have requested not to receive such promotional communications from us or doing so would be prohibited by applicable law.   

In particular, if you fill out a form on the Website to receive a piece of content, we may collect information regarding your interactions with that content (e.g., clicking on content). We may also collect information about you that is publicly available on the Web (such as […]) and that is tied to the information you provided in the form (e.g., email address, name). In addition, we may collect statistical information regarding website visitors’ navigation on the Website at an aggregated level (e.g., IP address, location, browser type, referral source, length of visit and pages viewed).

We engage with third-party service provider Hubspot to collect such information on our behalf.  The collection of such information involves the use of cookies and similar technologies, as described above.  

The information gathered will be used solely for marketing in connection with iRhythm’s business and will not be shared with any other third parties.  You can opt-out of receiving further promotional messages from us by following the unsubscribe instructions provided in the promotional email you receive or by contacting us directly.

Patients and physicians who provided testimonials for use by iRhythm signed consent and release forms.

Can Third Parties View Your Information?

We will only share your information with third parties outside the iRhythm group as outlined below or described elsewhere in this policy and as otherwise permitted by law.

Merger Or Sale

In the event that iRhythm is acquired by or merged with a third-party entity, we may transfer or assign the information that we have collected as part of such a merger, acquisition, sale, or other change of control.

As Required By Law and Similar Disclosures

We may disclose information about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.

Service Providers

We may also share information we have collected with other third party companies that we work with to perform services on our behalf. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf. 

What Measures Are Taken To Protect Your Information?

We maintain reasonable administrative, technical and physical safeguards designed to protect the information that you provide on this website. However, no security system is impenetrable and we cannot guarantee the security of our website, nor can we guarantee that the information you supply will not be intercepted while being transmitted to us over the Internet, and we are not liable for the illegal acts of third parties.

How Can You Access And Edit Your Information?

You may request to verify and edit any of your personal information by contacting us directly.

How Can You Contact Us About This Website Privacy Policy?

If you have any questions or concerns about the WPP, we encourage you to contact us at:

iRhythm Clinical Center Customer Service Department
1-888-693-2401 (24 hours, 7 days a week)
Contact Us

Updates To The Website Privacy Policy

Any changes to the WPP will be posted on this Website immediately so that you can always be aware of our information practices. Your continued use of the Website constitutes your agreement to this WPP. If we make any revisions that materially change the ways in which we use or share the information previously collected from you through the Website, we will give you the opportunity to consent to such changes before applying them to that information.

 


 

United Kingdom Privacy Policy

Effective January 18, 2017

iRhythm Technologies, Inc. and its affiliates and subsidiaries (altogether "iRhythm"), values the security and privacy of your Personal Information. This Website Privacy Policy ("WPP") is intended to inform you of what data is gathered through iRhythm's iRhythmtech.com website (the "Website"), how this information is used, and what measures are taken to maintain the privacy of your information.

"Personal Information" means any information relating to an identified or identifiable individual.

To Whom Does This Website Privacy Policy Apply?

This WPP applies to all users of the Website. This WPP does not address our data protection practices related to use of patient Personal Information. If you are a patient, please contact your health care provider for information regarding their privacy practices.

A Word About External Websites

External websites that may be referenced within this Website are not covered by this WPP; they have their own policies, and we encourage you to review those policies prior to using such external sites.

 

What Information Do We Gather About You?

iRhythm collects various types of Personal Information that you provide us as well as information collected from automatic means when you use the Website. What we gather and how we use it is explained below.

Information You Provide

We collect any information that you provide when you use the Website. For example, the Website may include web pages that give you the opportunity to provide us with Personal Information about yourself, such as your name, email address, job function, etc. You do not have to provide us with this information if you do not want to; however, that may limit your ability to use certain functions or to request certain services or information.

Information Automatically Collected From You

We may automatically collect certain technical information from your computer or mobile device when you visit the Website, such as your Internet Protocol address, your browser type, your operating system, the pages you view, and the search terms you enter.  

We and our service providers may collect information using cookies or similar technologies. Cookies are pieces of information that are stored by your browser on the hard drive or memory of your computer or other Internet access device.  Cookies may enable us to personalize your experience on the Website, maintain a persistent session, and carry out marketing and other activities.  The Website may use different kinds of cookies and other types of local storage (such as browser-based or plugin-based local storage).  Most browsers will tell you how to stop accepting new cookies, how to be notified when you receive a new cookie, and how to disable existing cookies; however, this may limit your ability to take advantage of all the features on the Website. More information on how to disable cookies can also be obtained by using our Contact Us form.

 

How Do We Use the Information Collected?

Operation of the Website

We may use and store Personal Information we collect about and from you to respond to requests that you make, improve and manage the Website, better tailor content, offers and features, and for purposes disclosed at the time you provide your information or otherwise with your consent.

Marketing and Communications

We may collect certain Personal Information about you to send you electronic newsletters or promotional emails that we believe may be of interest to you, consistent with your choices. 

In particular, if you fill out a form on the Website to receive a piece of content, we may collect information regarding your interactions with that content (e.g., clicking on content). We may also collect Personal Information about you that is publicly available on the Web (such as […]) and that is tied to the information you provided in the form (e.g., email address, name). In addition, we may collect statistical information regarding website visitors’ navigation on the Website at an aggregated level (e.g., IP address, location, browser type, referral source, length of visit and pages viewed).

We engage with third-party service provider Hubspot to collect such information on our behalf.  The collection of such information involves the use of cookies and similar technologies, as described above.  

The information gathered will be used solely for marketing in connection with iRhythm’s business and will not be shared with any other third parties. You may opt out of receiving marketing communications from us by following the unsubscribe instructions in each such message, or by contacting us as indicated below. 

Patients and physicians who provided testimonials for use by iRhythm signed consent and release forms.

 

Can Third Parties View Your Information?

No Personal Information will be divulged to third parties outside the iRhythm group, except as described below.

Merger Or Sale

In the event that iRhythm is acquired by or merged with a third-party entity, we may transfer or assign the Personal Information that we have collected as part of such a merger, acquisition, sale, or other change of control.

Other Disclosures Required Or Authorized By Law

We may disclose Personal Information about you: (i) if we are required to do so by law, regulation, or legal process, such as a court order or subpoena; (ii) in response to requests by government agencies, such as law enforcement authorities; (iii) when we believe disclosure is necessary or appropriate to protect against or respond to physical, financial or other harm, injury, or loss to property; or (iv) in connection with an investigation of suspected or actual unlawful activity.

Service Providers

We also may share Personal Information with our service providers who perform certain services, such as website hosting and marketing automation, on our behalf. We authorize service providers to access, use or disclose the information only as necessary to perform their services or comply with legal requirements. iRhythm requires all service providers with access to Personal Information to agree to safeguard the privacy and security of Personal Information they process on our behalf.

 

Other Website Privacy Policy Information

What Measures Are Taken To Protect Your Personal Information?

iRhythm maintains appropriate administrative, technical and physical safeguards to protect the Personal Information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. Data transmitted to or from the Website is secured under industry encryption standards such as SSL.

International Data Transfers 

We may transfer your Personal Information to recipients in countries other than the country in which the Personal Information was originally collected. These countries include the United Sates, where we are headquartered and where some of our service providers process and host your Personal Information. The laws in those countries may not offer the same level of data protection as the country in which the information was initially provided. When we transfer your Personal Information to recipients in other countries, we will protect the information as described in this policy. We have implemented safeguards to ensure your Personal Information is protected when transferred, in accordance with data transfer restrictions that apply in the European Economic Area ("EEA").  

How Can You Access And Edit Your Personal Information?

Subject to applicable law, you may have the right to request access to and receive information about the Personal Information we maintain about you and to update and correct inaccuracies in your Personal Information. Except when we are required to keep the data for compliance with a legal obligation, you have the right to have inaccurate or outdated information blocked or deleted. You may at any time object to or withdraw your consent to our processing of your Personal Information.  You may opt out of receiving our marketing communications by following the unsubscribe instructions in each such message, or by contacting us as indicated below. These rights may be limited in some circumstances by local law requirements. You can exercise your rights by contacting iRhythm's Customer Service Department.

How Can You Contact Us About This Website Privacy Policy?

If you have any questions or concerns about the WPP or would like to exercise your rights, we encourage you to contact us at:
iRhythm Technologies Ltd.
1 Farnham Road
Guildford
Surrey
GU2 4RG
United Kingdom
Phone: 0-808-189-3411
Fax: 0-808-189-3303
Contact Us

Updates To The Website Privacy Policy

Any changes to the WPP will be posted on this Website promptly. Your continued use of the Website constitutes your agreement to this WPP.