Terms
Welcome to CommonHealth, a service of The Commons Project Foundation (“We,” “Us” or “Our”), a non-profit foundation, focused on helping people to better collect, store, and share their health information through the use of technology.
Before getting into the details, let’s first cover some key points about CommonHealth:
CommonHealth empowers people to manage and share their health information with trusted third parties, including healthcare providers and other health applications.
We have no access to health information you store using CommonHealth – all health information is stored locally on your own device.
We do not sell, analyze, profile, mine, or exploit your health information. You control the health information you store and share using CommonHealth.
CommonHealth enables you to securely store and share your health information by encrypting your health information on your device and in transit when sharing.
Because you alone control your health information in CommonHealth and not a health care provider, your health information as collected in CommonHealth is not covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). So, you are solely responsible for the privacy and security of any health information you share with third parties using CommonHealth.
Next, let’s go over how CommonHealth works:
COLLECTING YOUR HEALTH INFORMATION
Using the CommonHealth mobile app, you can request copies of your health information from certain healthcare providers who have been approved to participate in our network. Since third party health care providers are covered by HIPAA, under HIPAA section 164.524(a)(1), you are entitled to receive a copy of your health information from these “covered entities”.
To request your health information from a healthcare provider (apart from SMART Health Cards), you will need to enter your username and password for that healthcare provider’s electronic health records (EHR) system into the CommonHealth mobile app. This will connect CommonHealth to your healthcare provider’s EHR system so that the information can be retrieved. We cannot see, and we do not store, your usernames and passwords for your healthcare providers’ systems.
Because CommonHealth does not control access to your healthcare providers’ systems, we cannot be responsible if you cannot use our Service to retrieve your health information from their systems. Likewise, CommonHealth cannot be responsible for whether information from your healthcare provider is complete, accurate, or provided in a timely manner.
STORING AND DELETING YOUR HEALTH INFORMATION
Once you retrieve your health information, CommonHealth encrypts your health information and stores it on your device without accessing it ourselves or sending it anywhere other than to your device. We cannot decrypt the stored data. Therefore, no one without direct access to your device can access your health information, including us.
If you want to delete your health information from the CommonHealth mobile app, you can delete it in the CommonHealth app or by removing (uninstalling) the CommonHealth app from your mobile device. These methods of deletion permanently remove the health information stored by CommonHealth on your mobile device, but do not affect your healthcare providers’ records.
SHARING YOUR HEALTH INFORMATION
CommonHealth enables you to send copies of your health information to healthcare providers and health applications of your choosing within our approved network. The choice to share your health information is entirely up to you; CommonHealth is merely a tool you can use to securely send your information, should you choose to share it.
CommonHealth does not control the flow of information into apps operated by your healthcare providers or other third party applications, so we cannot be responsible for whether they receive it, whether they receive complete and accurate information, or whether they receive it in a timely manner.
Finally, please carefully review the following details:
CommonHealth (the “Service”) is available to you (the “User”) according to these Terms of Use (the “Terms”). If, at any time, you do not agree to these Terms (or any revisions), you must discontinue your use of the Service.
Limited License. By agreeing to these Terms, We grant you a personal, limited, nonexclusive, revocable license to download, install, access, and use the CommonHealth Android mobile application and its associated technologies (collectively, the “Technologies”) for the purposes of collecting, storing, and sharing your health information (the “Approved Uses”).
User Restrictions. Only persons eighteen (18) years of age or older who live in the United States may use the Service.
Authorizations. By using the Service, you are authorizing Us to:
Help you exercise your right to access your health information under HIPAA section 164.524(a)(1); and
Help you store and share any information you retrieve from your healthcare providers through CommonHealth.
Acceptable Use. Use of the Service is limited to the Approved Uses. Use of the Service for any other purpose, including any unauthorized, fraudulent, illegal, deleterious, or other harmful use (collectively, “Unauthorized Uses”) is prohibited. We reserve the right to set and enforce other rules on the use of the Service.
Right to Restrict Access. We may suspend, modify, or terminate your access to the Service in Our discretion without cause or notice to you. However, if We plan to temporarily or permanently discontinue the Service for reasons other than your violation of these Terms, we will make reasonable efforts to notify you beforehand, such as by posting a notice on our website.
Intellectual Property. Except as may be the intellectual property of others, We are the sole and exclusive owner of all rights, title, and interest in the Technology and Services, including, but not limited to, any names and logos, trademarks, designs, patents, and all aspects of the software, its source code, and related documentation (collectively, “TCP Intellectual Property”). You may not (i) copy, modify, or create derivative works of TCP Intellectual Property or any software component of the Technologies or Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the TCP Intellectual Property; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Technologies or Services, in whole or in part; (iv) remove any proprietary notices from the Technology or Services; or (v) use the TCP Intellectual Property in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right of Us or other right of any person, or that violates any applicable law, regulation, or rule.
Third Party Systems. We are not responsible for the information and systems of third parties. This includes the information and systems of healthcare providers and health applications within Our approved network.
Privacy. These Terms incorporate by reference our Privacy Policy located at https://www.commonhealth.org/privacy.
Protecting Your Information. You are required to securely access the Service on your mobile device by using your passcode, on-device biometric, or other device security method. You are responsible for following good security practices (e.g., using strong passwords, not sharing your login credentials, and not sharing your device with others) to keep your device and information secure. Similarly, you are responsible for protecting the login credentials to your healthcare providers’ systems. If you suspect anyone has unauthorized access to your health care providers’ systems, you must notify your health care provider immediately.
Changes to the Terms. We may update these Terms from time-to-time. The “Last Revised” date above is the date the most recent change was published. Unless otherwise stated, all changes will take effect thirty (30) days from the Last Revised date. Your use of the Service shall be governed by the Terms then in effect at the time of your use. By continuing to access or use the Service on or after the Effective date of the revised Terms, you agree to be bound by such Terms.
DISCLAIMER
THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND WE DISCLAIM TO THE MAXIMUM EXTENT PERMITTED BY LAW ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DISCLAIM ALL LIABILITY RELATED TO SECURITY, RELIABILITY, OR AVAILABILITY OF THE SERVICE AND DO NOT GUARANTEE THAT THE SERVICE IS COMPLETE, ACCURATE, OR ERROR FREE. WE DO NOT REPRESENT OR WARRANT THAT THE SERVICE WILL IMPROVE YOUR OVERALL HEALTH OR THE OUTCOME OF ANY HEALTH ISSUE. BY ACCESSING AND USING THE SERVICE, YOU ASSUME THE RISKS RELATED TO ACCESSING AND USING THE SERVICE, INCLUDING, BUT NOT LIMITED TO, RISKS TO YOUR DEVICE, COMPUTER SYSTEM, AND DATA.
LIMITATION OF LIABILITY
TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR OTHER DAMAGES WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO YOUR ACCESS TO OR USE OF THE SERVICES REGARDLESS OF LEGAL THEORY OR CLAIM. IF YOUR JURISDICTION DOES NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THEN SUCH LIMITATIONS MAY NOT APPLY TO YOU.
JURISDICTION
If you seek to file a legal claim against us, you agree to file and resolve it exclusively in a state or federal court located in New York County, New York. You also agree that the laws of the State of New York and, to the extent applicable, the laws of the United States of America will govern these Terms, as well as any legal claim that might arise between You and Us (without reference to conflict of laws principles). You agree to submit to the personal jurisdiction of, and agree that venue is proper in, the courts located in New York County, New York, in any legal action or proceeding relating to us or these Terms. You agree that regardless of any statute or law to the contrary, any claim or cause of action you might have arising out of or related to use of our Service or Technology or these Terms must be filed within the applicable statute of limitations or, if earlier, one year after the pertinent facts underlying such claim or cause of action could have been discovered with reasonable diligence (or be forever barred).
CLASS ACTION WAIVER. YOU AGREE THAT ANY CLAIMS WILL BE ADJUDICATED ON AN INDIVIDUAL BASIS AND WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS OR COLLECTIVE ACTION WITH RESPECT TO THE CLAIMS.
WAIVER AND SEVERABILITY
We do not waive any provision of these Terms by failing to enforce it. If any part of these Terms is found unlawful, void, or unenforceable, that part will be severed from these Terms and will be enforced to the maximum extent permissible, and all other parts of these Terms will remain in effect.
Date of last update: 7/1/2022