(Last revised April 26, 2022)
DxRx, Inc. (dba Ria Health) and Ria Health P.C. (hereafter, “Ria Health”) are committed to providing you with quality treatment services. An important part of that commitment is protecting your health information according to applicable law. Ria Health offers evidence based treatment for Alcohol Use Disorder along with educational and interventions services for alcohol misuse. We combine technology, research-backed methods, and top addiction medicine-trained doctors, nurses and coaches (“Providers”) to offer personalized care. In this Privacy Policy (“Policy”), “Ria Health” refers to this consolidated group of affiliated entities. Note that sometimes we receive information from and share information among the Ria Health entities.
As part of offering Ria Health services within their organizations, some employers or insurance companies (“Ria Health Benefit Sponsors”) may require or choose to add additional or different limitations or restrictions on data practices related to their Ria Health offerings (i.e., Ria Health Benefit Sponsors may add additional privacy restrictions or limitations above and beyond what is described in this Policy). Any such additional restrictions or limitations on data practices that have been agreed to between Ria Health and Ria Health Benefit Sponsors will be reflected in written agreements between them, and such terms will control.
1. SCOPE
This Policy describes how Ria Health collects, uses, and shares personal information processed by us, including via our website at riahealth.com, any affiliated “micro-sites” set up for our customers, Ria Health’s internal applications, our mobile applications, sessions and offerings from our Providers, our events, and any other online or offline offering that posts this Policy (“collectively, the Services”).
Please note that by using the Services, you agree to our Terms of Use and acknowledge that you have read this Policy. If you do not agree to this Policy, please do not use the Services. If you are under 18 years of age, please do not use or access the services.
Please see our HIPAA Notice of Privacy Practices for how Ria Health and our Providers specifically use and disclose Protected Health Information (PHI).
2. PERSONAL INFORMATION WE COLLECT
The categories of personal information we collect depend on how you interact with us or use our Services and the requirements of applicable law. We collect information that you provide to us, information we obtain automatically when you use our Services, information from other sources such as your Ria Health Benefit Sponsor, and third-party services and organizations, as described below.
Members
Registering as a Ria Health Member. If you register as a Ria Health member, we may collect information from you including your name, postal address, location, email address, phone number, username, password, demographic information (such as your gender and date of birth, as well as race, ethnicity, religious affiliations, sexual orientation and/or pronouns if you choose to share such information), information about your drinking history, mood, mental or physical health, or emotional state, as well as other information you directly give us through the Services.
Using Ria Health Services. Depending on the Ria Health Services you use, you may be asked to complete additional forms (e.g. intake forms, consents) which may ask for personal information such as your name, contact information, information about your current or historical health or mental health and treatment, and information on your lifestyle.
In some cases, you may be asked to provide medical records, for which we will obtain a signed authorization from you. We will maintain a medical record that contains the details of the care you receive. Your Ria Health Provider may capture clinical and/or coaching notes during your sessions.
Communicating with Us. If you communicate with us such as by email, phone, text, chat, or within our app, we will collect personal information from you, such as your name, contact information, and information you provide within your communication to us. If you are a Ria Health member, you have the option of using secure chat as described in Section 4 of this Policy. Note that channels outside of the Ria Health website, such as your personal email, text message, or video chat may be unsecure. Note that calls to Ria’s Care Team may be recorded.
Surveys. We may periodically send you optional surveys to collect your feedback on your experience with Ria. Understanding outcomes is central to our mission of providing effective, evidence-based care, and data can help inform Ria Health’s approach to treatment and assessment of progress.
Information We Get from Your Ria Health Benefit Sponsor. We may receive information from your Ria Health Benefit Sponsor to enable us to confirm your eligibility or the eligibility of your dependents or household member(s); to contact you in order to inform you of the availability of Ria Health benefits, to help us measure the effectiveness of the Ria Health benefit, or to better support communications with you, your Provider, or other individuals to support your care as permitted by law.
All Service Users
Information We Get from Interactive Features. We, may collect personal information that you submit or make available through our interactive features (e.g., messaging and chat features, commenting functionalities, forums, blogs, and social media pages). Any personal information you elect to make publicly available on our Services, such as posting comments on our blog page, will be available to others. Any information you provide on the public sections of these features will be considered “public”, unless otherwise required by applicable law, and is not subject to the privacy protections referenced herein.
Information We Get from Others. We may get information about you from other sources. We may combine the information that we collect with data obtained from third parties or through our products and Services. For example, you may also be able to access your Ria Health account by signing on through various third-party services, such as Google; signing on through such third-party services is voluntary. If you choose to sign on through a third-party service, Ria Health may collect certain information from your account including your public profile, user name, email address, birthday, stated location city, contact lists, and other interactions on that platform (such as interests and likes). The information we may have access to will vary by platform and is controlled by your privacy settings and account settings on that platform. Your use of services on third-party platforms are governed by the privacy statement and other terms of use for that third-party platform, until such information is shared with us, and then such information is also subject to this Policy. Please note that you should obtain necessary consents before providing us with personal information regarding another individual.
Voice and Video Information. If you consent, we may collect your voice and video image for ongoing quality improvement and quality assurance of our Services. The consent form you are provided before agreeing to provide video to us will provide additional information on how video data is collected, used, and retained.
Information Automatically Collected. We automatically log information about you and your computer, phone, tablet, or other devices you use to access the Services. For example, when visiting the Services, we log your computer or device identification, operating system type, browser type, browser language, the website you visited before browsing to our website, pages you viewed, how long you spent on a page, access times, and information about your use of and actions on the Services. How much of this information we collect depends on the type and settings of the device you use to access the Services.
Technologies. We, as well as third parties that provide content, advertising, or other functionality on the Services, may log information using cookies, pixel tags, web server logs, web beacons, and other technologies (“Technologies”) to automatically collect information through your use of our Services. This information is collected to make the Services more useful to you and to tailor the experience with us to meet your special interests and needs. Note that advertising technologies are not used on sites where members login to access our services, they are only used on Ria Health’s corporate website: riahealth.com.
Our uses of these Technologies fall into the following general categories:
Analytics. We may use Technologies and other third-party tools to process analytics information on the Services. Some of our analytics partners include:
Social Media Platforms. The Services may contain buttons to social media platforms such as Twitter, Facebook and LinkedIn (that might include widgets such as the “share this” button or other interactive mini programs). These features may collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Your interactions with these platforms are governed by the privacy policy of the company providing the widget.
RiaAware
If you register, or are registered by your employer, to use RiaAware, we will collect your name and email address to facilitate your registration.
If you choose to enroll or participate in RiaAware sessions, we will collect information to register you for the sessions, including your name and email address. These sessions are conducted via videoconference, and you may choose whether to display your name in the videoconferencing tool, and whether to have your camera on or image displayed.
3. USE OF PERSONAL INFORMATION
How we use the information we collect depends in part on which Services you use, how you use them, and any preferences you have communicated to us. Below are the specific purposes for which we use the information we collect about you. For more information on how we use clinical information, see our HIPAA Notice of Privacy Practices.
We use your personal information as follows:
With your consent: We may use information about you in other ways or for other purposes, where you have given us consent to do so for a specific purpose not listed above. Providers may ask you to sign additional consents before receiving services. These agreements are between
you and your Provider; we encourage you to read any such consent carefully and discuss any
questions you have with your provider.
Automated Decision Making. We may engage in automated decision making, including profiling. Ria’s processing of your personal information will not result in a decision based solely on automated processing that significantly affects you unless such a decision is necessary as part of a contract we have with you, we have your consent, or we are permitted by law to engage in such automated decision making. If you have questions about our automated decision making, you may contact us as set forth below.
De-identified and Aggregated Information. We may use personal information and other information about you to create de-identified and/or aggregated information, such as de-identified demographic information, location information, information about the device from which you access the Services, or other data sets we may create. In some cases, we use aggregated, de-identified clinical data to provide our customers with insight into how their employees are coping with stressors and changing over time.
4. HOW INFORMATION IS STORED AND PROCESSED
We are committed to protecting your privacy and data. We have put in place appropriate safeguards and security measures to help prevent your personal information from being lost, used or accessed in an unauthorized way, altered or disclosed. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its security. If you have any questions about the security of the Services, you can contact us as described below.
Email Security. Any text, email or other transmission you send unencrypted through the Internet cannot be completely protected against unauthorized interception. In particular, we want to make you aware that personal email may be unsecure, and Ria Health cannot be responsible for any unauthorized access to information when information is sent to or from your personal email. You are not required to authorize the use of your personal email for purposes of communicating with Ria; a decision not to consent or to opt out of receiving these emails will not restrict your ability to access care from your Provider. You can receive secure communications within the secure chats supported by the Ria Health app.
Data Retention. We will retain personal information we process pursuant to statutory requirements, for as long as needed to provide the Services, and to comply with our legal and compliance obligations (including those under HIPAA or for auditing purposes), resolve potential or actual disputes, conduct research and development for the Services (provided the agreement we have with your employer permits use of personal information for this purpose), or enforce our agreements.
5. SHARING OF PERSONAL INFORMATION
We will not rent or sell your personal information to others without your consent. We disclose your information to third parties for a variety of business purposes, as described below.
Your Providers. If you seek treatment or other services from a clinical Provider available through the Services, such as Ria Health P.C. in its capacity as a health care provider, your clinical Provider will have access to your personal information in order to provide you with their services. Please note that the use and disclosure of your PHI in connection with such services will be governed by our HIPAA Notice of Privacy Practices.
Your Ria Health Benefit Sponsor. To the extent permitted under applicable laws including HIPAA, we may provide necessary data to your Ria Health Benefit Sponsor to enable them to manage, administer and evaluate its health and wellness programs. Unless permitted under HIPAA or authorized by you, we will not disclose PHI to your Ria Health Benefit Sponsor.
Other Ria Health Users. Some of Ria’s Services may allow you to share personal information, such as your name, with other Ria Health users.
Service Providers. For example, we may share your personal information with our third-party service providers. The categories of service providers (processors) to whom we entrust personal information include: IT and related services; information and services; payment processors; customer service providers; and vendors to support the provision of the Services.
De-identified and Aggregated Information: We may share de-identified and aggregated information (such as de-identified usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with third parties who help us understand the usage patterns for certain Services and those of our partners. Ria Health may also share with your Ria Health Benefit Sponsor the outcomes and impact of the Services, which would consist solely of de-identified and aggregated data or analytics. To the extent that Ria Health uses artificial intelligence or machine learning on the data we collect, Ria Health shall only use non-personally identifiable information for these purposes. Non-personally identifiable information may be stored indefinitely.
Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may include Technologies and other tracking tools on riahealth.com to collect information regarding your activities and your device (e.g., your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising” or “personalized advertising.” Note that advertising technologies are not used on sites where members login to access our services, they are only used on Ria’s corporate website.
APIs/SDKs. We may use third-party Application Program Interfaces (“APIs”) and software development kits (“SDKs”) as part of the functionality of the Services. For more information about our use of APIs and SDKs, please contact us as described below.
Disclosures to Protect Us and Others: We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate: to comply with law enforcement or national security requests and legal process, such as a court order or subpoena; when required by health oversight agencies, such as the Secretary of Health and Human Services, for legally authorized health oversight activities; to protect your, our or others’ rights, property, or safety, including to protect the security or integrity of the Services and any facilities or equipment used to make the Services available; to enforce our policies or contracts or HIPAA Notice of Privacy Practices; to collect amounts owed to us or any Ria Health Provider; or to assist with an investigation or prosecution of suspected or actual illegal activity or in an emergency.
What Happens in the Event of a Change of Control: We may buy or sell/divest/transfer the Company (including any shares in the Company), or any combination of its products, services, assets and/or businesses. Your information such as names and email addresses, and other information related to the Services may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign, or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of Ria.
6. INTERNATIONAL DATA TRANSFER
By using the Services, you acknowledge and understand that your information will be stored within the United States, where privacy rules differ and may be less stringent than those of the country in which you reside.
7. THIRD-PARTY WEBSITES/APPLICATIONS
The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services/applications are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.
8. YOUR PRIVACY CHOICES AND RIGHTS
Your Privacy Choices. You have a number of choices you can make regarding your personal information, including as follows:
The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada. Please note you must separately opt out in each browser and on each device.
Note that advertising technologies are not used on sites where members login to access our services and/or search for care (e.g., [benefitsponsor].riahealth.com), they are only used on Ria’s corporate website: riahealth.com.
Your Privacy Rights. In accordance with applicable law, you may have the right to:
You may submit requests about personal information by contacting us as described below or by completing this form.
9. SUPPLEMENTAL NOTICE FOR CALIFORNIA RESIDENTS
This Supplemental California Privacy Notice only applies to our processing of personal information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of personal information Ria Health has collected about them and whether Ria Health disclosed that personal information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:
Category of Personal Information Collected by Ria | Category of Third Parties Information is Disclosed to for a Business Purpose |
---|---|
Identifiers. A real name, alias, postal address, online identifier, Internet Protocol address, email address, or other similar identifiers. |
|
Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, address, telephone number, employment, employment history, medical information. |
|
Protected classification characteristics under California or federal law Age, race, ancestry, marital status (in relation to how family members are related), medical condition, physical or mental disability, sex (including gender, gender identity, gender expression). |
|
Internet or other electronic network activity Browsing history, search history, information on a consumer’s interaction with an internet website, application, or advertisement. |
|
Geolocation data Physical location or movements. |
|
Audio, electronic, visual, thermal, olfactory, or similar information Photos and video |
|
Professional or employment-related information Current or past job history |
|
Inferences. Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. |
|
Categories of sources from which we collect personal information and our business and commercial purposes for usingThe categories of sources from which we collect personal information and our business and commercial purposes for using personal information are set forth above in Section “Personal Information We Collect”.
“Sales” of Personal Information under the CCPA
For purposes of the CCPA, Ria Health does not “sell” personal information, nor do we have actual knowledge of any “sale” of personal information of minors under 18 years of age.
Additional Privacy Rights for California Residents
Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.
Authorized Agent. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may designate an authorized agent to make requests on your behalf. You must provide an authorized agent written permission to submit a request on your behalf, and we may require that you verify your identity directly with us. Alternatively, an authorized agent that has been provided power of attorney under Probate Code sections 4000-4465 may submit a request on your behalf. To designate an authorized agent, please contact us as described below.
Verification. To protect your privacy, we will take steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. You may submit a verifiable consumer request to us for disclosure or deletion of personal information by clicking here.
In order to protect your privacy and the security of your information, we verify consumer requests by matching personal information that you provide with information in our possession, in order to confirm your identity. Any additional information you provide will be used only to verify your identity and not for any other purpose.
If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as described below. We will process such requests in accordance with applicable laws.
Accessibility. This Privacy Policy uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.
10. CHILDREN
The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect or maintain the personal information of children under 18.
If you believe that Ria Health has received information about a child under the age of 18, please contact us as described below. If we become aware that a child has provided us with personal information in violation of applicable law, we will delete any personal information we have collected, unless we have a legal obligation to keep it, and terminate the child’s account if applicable.
11. CHANGES TO THIS PRIVACY POLICY
We may change this Policy, so please check this page occasionally. If we make any changes, we will change the Last Updated date above.
12. CONTACT INFORMATION
We welcome your comments or questions about this Policy.
Ria Health
1390 Market St
Suite 200
San Francisco, CA 94102
privacy@riahealth.com
Will insurance cover treatment? Verify Coverage
Have Questions? Call (800) 504-5360