Privacy Policy - Monitor Health LLC

Effective Date: June 11, 2025

Disclosure of the use of patient's medical information. Please review it carefully.

Security and protection of private health information

Monitor Health LLC prioritizes the importance of privacy of all patient's private information. Monitor Health is compliant with applicable laws to maintain the privacy of health information that identifies you or can be used to identify you. We are also required to provide you with this notice of our privacy practices, our legal duties and patient's rights concerning health information. We are required to abide by the terms of this notice currently in effect. We may modify or change our privacy practices described in this notice from time to time, particularly as new laws and regulations become effective. Any changes will be effective for all the health information that we maintain, even information in existence before the change. Revised copies with any changes are available on company's website at www.monitorhealth.net and may be obtained by contacting support@monitorhealth.net.

HealthKit and CareKit Integration

Health Data Collection Through iOS Frameworks

Our app integrates with Apple's HealthKit and CareKit frameworks to provide you with comprehensive health monitoring capabilities. This integration allows us to:

  • Access health data from your iPhone's Health app with your explicit permission
  • Store health information securely using Apple's HealthKit database
  • Provide care management tools through CareKit framework integration

Specific Health Data Types We May Access

With your permission, our app may request access to the following health data categories through HealthKit:

  • Vital Signs: Heart rate, blood pressure, respiratory rate, body temperature
  • Body Measurements: Height, weight, body mass index, body fat percentage
  • Clinical Records: Lab results, medications, allergies, medical conditions

Your Control Over HealthKit Data

  • Permission Management: You can grant or deny access to specific health data categories in iPhone Settings > Privacy & Security > Health > Monitor Health
  • Selective Sharing: You can choose which specific data types to share with our app
  • Revoke Access: You can withdraw permission for any or all health data categories at any time through iOS Settings
  • Health App Integration: All data we access is visible in your iPhone's Health app if syncing is enabled
  • Data Deletion: You can delete health data from your Health app, which will remove it from our app's access

How We Handle HealthKit Data

  • Local Storage: HealthKit data remains primarily stored on your device in Apple's secure HealthKit database
  • No Unauthorized Access: We only access health data you explicitly authorize
  • Real-time Permissions: We respect real-time changes to your HealthKit permissions
  • Secure Transmission: Any health data transmitted to our servers uses end-to-end encryption

Technical Security Measures

Data Protection

  • Encryption: All health data is encrypted both in transit (using TLS 1.3) and at rest (using AES-256 encryption)
  • Secure Authentication: Multi-factor authentication options available for account access
  • Regular Security Audits: Our systems undergo regular security assessments and penetration testing
  • HIPAA Compliance: Our technical safeguards meet or exceed HIPAA requirements
  • Device Security: We rely on iOS built-in security features including device passcode and biometric authentication

Data Storage and Retention

  • Local Storage: Primary health data storage occurs on your device through HealthKit
  • Cloud Backup: Optional encrypted cloud backup with user consent
  • Retention Period: Health data is retained as long as you maintain an active account, or as required by applicable law
  • Data Deletion: Upon account deletion, all associated health data is permanently removed from our systems within 30 days
  • App Deletion: If you delete our app, your health data remains in your iPhone's Health app but our app's access is automatically revoked

Standard Health Information Disclosures

Disclosure of Private Health Information

Monitor Health may use and disclose private health information, without authorization, in the following ways:

  • Treatment: Monitor Health may use and disclose patients health information to provide, coordinate or manage patient's treatment. For example: we may disclose health information to a provider who requests this information to treat you.
  • Health Care Operations: We may use and disclose patient's health information in order to support our business activities.
  • Research; Death; Organ Donation: We may use or disclose patient's health information for research purposes in limited circumstances.
  • Public Health and Safety: We may use and disclose patient's health information to the extent necessary to avert a serious and imminent threat.
  • Required by Law: We will use or disclose patient's health information when we are required to do so by law.
  • Process and Proceedings: We may disclose patient's health information in response to legal requests.
  • Law Enforcement: We may disclose to law enforcement officials under legal conditions.
  • Inmates: We may disclose health information if patient is an inmate.
  • Military and National Security: Disclosure may be made to authorized officials under law.
  • Workers' Compensation: Disclosure is authorized for programs providing benefits for work-related injuries.
  • Business Associates: We may disclose information to partners under data protection agreements.
  • To patient: We will disclose information as described in the Individual Rights section.

Uses and Disclosures That May Be Made Either With Patient's Agreement or the Opportunity to Object

Unless patient objects, we may disclose to involved persons or contacts. If patient is unable to object, we may disclose in patient’s best interest.

Written Authorization Disclosure

  • Marketing: Requires written authorization.
  • Sale of Health Information: Requires written authorization.
  • Other Uses: Requires written authorization unless otherwise allowed by law.

If authorization is granted, it can be revoked at any time except to the extent action was taken in reliance.

Third-Party Services

Analytics and Crash Reporting

  • Health data is never shared with analytics services
  • Only aggregated, de-identified usage data is collected
  • Crash reports contain technical information only
  • Opt-out available through app settings

Integration Partners

  • Healthcare Providers: With your consent
  • Insurance Partners: Only with explicit authorization
  • Emergency Contacts: In emergencies only

Individual Rights

  • Access: Request a copy via support@monitorhealth.net
  • Disclosure Accounting: Request an accounting of disclosures via email
  • Restriction Requests: Request limits on disclosures
  • Confidential Communication: Request communication by alternate means
  • Amendment: Request corrections to your data
  • Paper Notice: Request a physical copy of this policy
  • Breach: Right to be notified in the event of a breach

Questions and Complaints

For questions or complaints, please contact us at support@monitorhealth.net.

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

Contact Information

Monitor Health LLC
5600 Chestnut Street
Philadelphia, PA 19139
Telephone: 215.748.5830
Email: support@monitorhealth.net
Website: www.monitorhealth.net