Privacy Policy – App

MOBILE APPLICATION AND CLINIC PRIVACY POLICY

Last Updated: April 29, 2025

INTRODUCTION

New Wave Medical Network (“we,” “us,” or “our”) is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the “App”).

This App is designed to provide healthcare services and is subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). We are committed to maintaining compliance with these regulations to ensure the confidentiality, integrity, and availability of your Protected Health Information (PHI).

PLEASE READ THIS PRIVACY POLICY CAREFULLY. By downloading, registering with, or using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not download, register with, or use this App.

DEFINITIONS

  • Protected Health Information (PHI): Individually identifiable health information transmitted or maintained in electronic media or any other form or medium.
  • Covered Entity: A health plan, healthcare clearinghouse, or healthcare provider who transmits health information in electronic form.
  • Business Associate: A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
  • HIPAA: The Health Insurance Portability and Accountability Act of 1996, which provides privacy and security provisions for safeguarding medical information.
  • HITECH Act: The Health Information Technology for Economic and Clinical Health Act, which strengthens the privacy and security protections established under HIPAA.

INFORMATION WE COLLECT

A. Personal Information

We may collect the following types of personal information:

  1. Identifiable Information: Full name, date of birth, home address, email address, telephone number, and government-issued identification numbers.
  2. Authentication Information: Username, password, and security questions/answers.
  3. Demographic Information: Age, gender, ethnicity, and other demographic details relevant to healthcare.
  4. Device Information: IP address, device type, operating system, browser type, device identifiers, and mobile network information.
  5. Usage Data: Information about how you use the App, including timestamps, features accessed, and user engagement metrics.

B. Protected Health Information (PHI)

With your consent, we may collect the following types of health information:

  1. Medical History: Past and current medical conditions, diagnoses, treatments, and procedures.
  2. Medication Information: Current and past medications, dosages, and compliance data.
  3. Vital Signs: Blood pressure, heart rate, weight, temperature, and other biometric data.
  4. Laboratory Results: Test results and diagnostic information.
  5. Healthcare Provider Information: Names and contact information of your healthcare providers.
  6. Health Insurance Information: Policy details, group numbers, and coverage information.

OWNERSHIP OF YOUR DATA

You own your data. While we collect and process your personal and health information to provide our services, you retain ownership of your data. This means You have the right to

  1. Access your information at any time.
  2. Request corrections to inaccurate information.
  3. Request restrictions on certain uses and disclosures.
  4. Request an accounting of disclosures of your PHI.
  5. Request a copy of your data in an electronic format.
  6. Be notified in the event of a breach of your unsecured PHI.

HOW WE COLLECT INFORMATION

We collect information from you in the following ways:

  1. Direct Collection: Information you provide directly when you register, complete forms, upload documents, or interact with the App.
  2. Automated Collection: Information collected automatically through the App, including usage patterns, device information, and location data (if permitted).
  3. Third-Party Sources: With your authorization, we may collect information from healthcare providers, health plans, and other healthcare entities covered by HIPAA.
  4. Connected Devices: If you connect wearable devices or health monitoring tools to the App, we may collect data from these sources.

HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

  1. Provide Services: To provide the healthcare services you request through the App.
  2. Treatment: To facilitate communication between you and your healthcare providers.
  3. Healthcare Operations: For internal operations, including troubleshooting, data analysis, testing, and research.
  4. Improve Services: To enhance and personalize your experience with the App.
  5. Communication: To communicate with you about your health, appointments, and updates to our services.
  6. Legal Obligations: To comply with applicable laws, regulations, and legal processes.
  7. Payment: For example, we may disclose information regarding your medical procedures and treatment to your insurance company to arrange payment for the services provided to you.
  8. Health Care Operations: For example, we may disclose your PHI for billing or interpreter support. We may use your PHI to conduct an evaluation of the treatment and services provided or to review staff performance. We may disclose your PHI for education and training purposes to doctors, nurses, technicians, medical students, residents, fellows and others.
  9. To Persons Involved in Your Care: As long as you do not object, we may, based

on our professional judgment, disclose your PHI to a family member or other person

if they are involved in your care or paying for electronic sharing of patient information, including but not limited to Health Information Exchanges (HIEs). HIEs involve coordinated information sharing among HIE members for purposes of treatment, payment, and health care operations. Similarly, we may also disclose limited PHI to an entity authorized to assist in disaster relief efforts for the purpose of coordinating notification to someone responsible for your care of your general condition or location.

  1. Communicating with You: We will use your PHI to communicate with you about a number of important topics, including information about appointments, your care, treatment options and other health-related services, payment for your care, and opportunities to participate in research, provided this research outreach is approved by New Wave Medical Network. See Research section below. We may also contact you at the email, phone number or address that you provide, including via text messages, for these communications. If your contact information changes, it is important that you let us know. Texting and email are not 100% secure. Regarding text messages, please note that message and data rates may apply and you will have an opportunity to opt out.
  2. Research: We may use and disclose your PHI as permitted by applicable law for certain other limited exceptions. An accounting will include disclosures made in the six years prior to the date of a request.
  3. Restrictions on Use and Disclosure of Your PHI: You can request restrictions on certain areas of our uses and disclosures of your PHI for treatment, payment, or health care research. This is subject to your authorization and/or oversight by New Wave Medical Network and may continue to use your PHI for research purposes as described above and your care providers may discuss research with you.
  4. Business Associates: At times, we need to disclose your PHI to persons or organizations  outside New Wave Medical Network who assist us with our payment/billing activities and health care operations. We require these business associates and their subcontractors to appropriately safeguard your PHI.
  5. Other Uses and Disclosures: We may be permitted or required by law to make

certain other uses and disclosures of your PHI without your authorization. Subject to

conditions specified by law, we may release your PHI:

• for any purpose required by law

• for public health activities, including required reporting of disease, injury, birth

and death, for required public health investigations, and to report adverse events

or enable product recalls

• to government agencies if we suspect child/elder adult abuse or neglect. We

may also release your PHI to government agencies if we believe you are a

victim of abuse, neglect or domestic violence

• to your employer when we have provided screenings and health care at their

request for occupational health and safety

• to a government oversight agency conducting audits, investigations, inspections

and related oversight functions

• in emergencies, such as to prevent a serious and imminent threat to a person or the public

• if required by a court or administrative order, subpoena or discovery request

• for law enforcement purposes, including to law enforcement officials to identify

or locate suspects, fugitives or witnesses, or victims of crime

• to coroners, medical examiners and funeral directors

• if necessary to arrange organ or tissue donation or transplant

• for national security, intelligence, or protective services activities

• for purposes related to your workers’ compensation benefits

WHO CAN ACCESS YOUR INFORMATION

Access to your information is strictly controlled and limited to:

  1. Authorized Personnel: New Wave Medical Network employees who need access to perform their job functions.
  2. Your Healthcare Providers: Healthcare professionals involved in your care whom you have authorized to access your information.
  3. Business Associates: Third-party service providers who perform services on our behalf, subject to Business Associate Agreements that require them to protect your PHI.
  4. Legal Requirements: Government agencies or other entities as required by law, such as public health authorities for disease reporting.

We will not sell, rent, or lease your personal information or PHI to any third party. We will not use or disclose your PHI for marketing purposes without your explicit authorization.

HOW WE CONTROL ACCESS TO YOUR INFORMATION

We implement strict access controls to protect your information:

  1. Role-Based Access Control: Access to PHI is granted based on job role and need-to-know principles.
  2. Authentication: Multi-factor authentication is required for all personnel accessing the system.
  3. Authorization Verification: We verify the identity and authority of individuals requesting access to PHI.
  4. Minimum Necessary Standard: We limit access to the minimum information necessary to accomplish the intended purpose.
  5. Access Revocation: When an employee leaves or changes roles, access privileges are promptly adjusted or revoked.

HOW WE TRACK ACCESS TO YOUR INFORMATION

In compliance with HIPAA and HITECH requirements, we maintain comprehensive audit logs that record:

  1. Access Events: Who accessed your information, when they accessed it, and what information was accessed.
  2. System Activities: Changes to your information, including updates, deletions, and transfers.
  3. Authentication Attempts: Successful and unsuccessful login attempts.
  4. System Configuration Changes: Modifications to security settings or access controls.

These audit logs are:

  • Regularly reviewed for suspicious activities
  • Protected from unauthorized access or modification
  • Retained for a minimum of six years
  • Available for your review upon request, as permitted by law

DATA SECURITY

We implement and maintain reasonable administrative, physical, and technical safeguards to protect your information:

  1. Encryption: All PHI is encrypted both in transit and at rest using industry-standard encryption technologies.
  2. Secure Development: The App is developed following secure coding practices and undergoes regular security assessments.
  3. Physical Safeguards: Our servers are located in secure facilities with controlled access.
  4. Risk Assessments: We conduct regular risk assessments and security evaluations.
  5. Incident Response: We maintain an incident response plan to address potential security breaches.
  6. Employee Training: All staff receive regular training on privacy and security procedures.

DATA RETENTION

We will retain your personal information and PHI for as long as:

  1. Your account with us remains active
  2. The information is necessary to provide you with services
  3. Required by applicable laws and regulations

When your information is no longer needed, we will securely delete or de-identify it in accordance with our data retention policies and applicable regulations.

BREACH NOTIFICATION

In the event of a breach of unsecured PHI, we will:

  1. Notify affected individuals without unreasonable delay and in no case later than 60 calendar days after discovery of the breach.
  2. Provide information about the breach, including:
    • A description of what happened
    • The types of information involved
    • Steps individuals should take to protect themselves
    • What we are doing to investigate, mitigate, and prevent future breaches
    • Contact procedures for more information
  3. Notify the Secretary of Health and Human Services and prominent media outlets for breaches affecting more than 500 individuals.

YOUR RIGHTS REGARDING YOUR INFORMATION

Under HIPAA and the HITECH Act, you have the following rights:

  1. Right to Access: You have the right to inspect and obtain a copy of your PHI maintained in our records.
  2. Right to Amend: You have the right to request amendment of incomplete or inaccurate information.
  3. Right to an Accounting of Disclosures: You have the right to receive a list of instances where we have disclosed your PHI.
  4. Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of your information.
  5. Right to Request Confidential Communications: You have the right to request that we communicate with you in a specific way or at a specific location.
  6. Right to Notification of a Breach: You have the right to be notified if your unsecured PHI has been breached.
  7. Right to Opt Out: You have the right to opt out of receiving communications for fundraising purposes.
  8. Right to File a Complaint: You have the right to file a complaint if you believe your privacy rights have been violated.

CHILDREN’S PRIVACY

The App is not intended for children under 18 years of age without parental consent and appropriate legal authorization. If we discover that a child under 18 has provided us with personal information or PHI without parental consent, we will delete such information from our servers.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date, and the updated version will be effective as soon as it is accessible. We will notify you of any changes by posting the new Privacy Policy on this page and sending you a notification within the App.

CONTACT US

If you have questions or concerns about this Privacy Policy, please contact our Privacy Officer at:

New Wave Medical Network
Privacy Officer
Email: privacy@newwavemedicalnetwork.com
Phone: (877) 463-9928
Address: 711 Valarie Street, Ridgecrest CA 93555

Meet PertexaIQ™ App Platform: The Only Clinician Workflow, Revenue & Health Data Optimizer. Half the Hours for Twice the Return! No Disruption in Patient Care! Practice Medicine, Not Data Entry.

Navigation

Contact

info@pertexa.com

844-327-2199 (Toll Free)

Connect With Us

USA

P.O. Box 1860
Ridgecrest, CA 93555