Terms
Welcome to CommonHealth, a mobile application service(“CommonHealth”, “CommonHealth app”, or “Service”) of The Commons Project Foundation (“TCP”, “We,” “Us” or “Our”), a non-profit foundation, focused on helping people collect, store, and share their health information through the use of technology.
Before getting into the details, let’s first cover some key points about CommonHealth:
CommonHealth empowers people to manage and share their health information with trusted third parties, including healthcare providers and other digital health applications.
CommonHealth enables you to securely store and share your health information by encrypting your health information on your device and in transit when sharing.
Your health information is stored only locally on your own device, except when you choose to share your health information with a third party via the Patient Summary Feature. In this case, your information will be stored for up to 72 hours in our AWS cloud, however you control who has access to the information, and for how long, when you share a personal passcode that you generate for the information. In all cases, we do not have any access to the encrypted health information you store using CommonHealth - on your device or if your health information is temporarily stored on our AWS cloud during use of the Patient Summary feature.
We do not sell, analyze, profile, mine, or exploit your health information. Again, you control the health information you store and share using CommonHealth.
Because the health information in CommonHealth is controlled by you and not a health care provider, your health information is not covered by the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Therefore, you are solely responsible for the privacy and security of any health information you store (and share with third parties) using CommonHealth.
Now, let’s go over how CommonHealth works:
Collecting Your Health Information
Using the CommonHealth app, you can request copies of your health information from certain healthcare providers who have been approved to participate in our network. Since third party healthcare providers are subject to HIPAA compliance, under HIPAA section 164.524(a)(1), you are entitled to receive a copy of your health information from these “covered entities”.
To request your health information from a healthcare provider (apart from SMART Health Cards), you will need to use and enter the username and password that you created for your healthcare provider’s electronic health records (“EHR") system into the CommonHealth app. This will connect the CommonHealth app to your healthcare provider’s EHR system so that the information can be retrieved. We cannot see, and We do not store, the usernames and passwords for your healthcare providers’ systems.
Because TCP does not control access to your healthcare providers’ systems, We are not responsible if you cannot use the CommonHealth app to retrieve your health information from their systems. Likewise, TCP is not responsible for whether the information from your healthcare provider is complete, accurate, or provided in a timely manner.
Storing and Deleting Your Health Information
Once you retrieve your health information, CommonHealth app encrypts your health information and stores it on your device. TCP cannot decrypt the stored data, access your health information nor send it anywhere other than to your device. Therefore, no one without direct access to your device can access your health information, unless you decide to share it with a Third Party Application or via the Patient Summary feature.
If you decide to create a Patient Summary to share with a third party via our Patient Summary feature, TCP will create an encrypted, secure, temporary, passcode-protected copy of your health record which will be stored in our secure AWS cloud for up to 72 hours. This copy of your Patient Summary will automatically be deleted after 72 hours. While stored in the secure AWS cloud, TCP cannot decrypt, access, share, or send your stored health information anywhere. You may also choose to delete the Patient Summary prior to the 72 hours by selecting “Delete” on the Patient Summary created within the CommonHealth app on your device. You will control who has access to the encrypted record by sharing your temporary protected passcode or QR/link to the record.
If you want to delete your complete health information record from the CommonHealth app, you can delete it in the CommonHealth app or by uninstalling the CommonHealth app from your mobile device. These methods of deletion permanently remove the health information stored by the CommonHealth app on your mobile device, but do not affect your healthcare providers’ records.
Sharing Your Health Information
CommonHealth enables you to send copies of your health information to healthcare providers and healthcare apps within our approved network through Third Party Applications. You can also share your health information via the Patient Summary Feature. The choice to share your health information is entirely up to you; CommonHealth is merely a tool you can use to securely send your information if you decide to share it.
CommonHealth only controls the flow of information into apps operated by your healthcare providers or other third-party apps, but TCP is not responsible for whether your health information is received, whether it is complete and accurate information, or whether it is received in a timely manner.
Finally, please carefully review the following details:
CommonHealth is available to you (the “User”) according to these Terms of Use (the “Terms”). If, at any time, you do not agree to these Terms (or any updates or revisions), you must discontinue your use of the app.
Limited License. We grant you a personal, limited, nonexclusive, revocable license to download, install, access, and use the CommonHealth app and its associated technologies (collectively, the “Technologies”) for the purposes of collecting, storing, and sharing your health information (the “Approved Uses”).
User Restrictions. Only persons eighteen (18) years of age or older who live in the United States may use the Service.
Authorizations. By using the Service, you are authoring Us to:
Help you exercise your right to access your health information under HIPAA section 164.524(a)(1); and
Help you store and share any information you retrieve from your healthcare providers through CommonHealth.
Acceptable Use. Use of the Service is limited to the Approved Uses. Use of the Service for any other purpose, including any unauthorized, fraudulent, illegal, destructive, or other harmful use (collectively, “Unauthorized Uses”) is prohibited. We reserve the right to update, revise and enforce other rules on the use of the Service.
Right to Restrict Access. TCP reserves the right to suspend, modify, or terminate your access to the Service in Our discretion without cause or notice to you. However, if We plan to temporarily or permanently discontinue the Service for reasons other than your violation of these Terms, We will make reasonable efforts to notify you beforehand, such as by posting a notice on our website.
Intellectual Property. Except for the intellectual property owned by third parties, We are the sole and exclusive owner of all rights, title, and interest in the Technology and Services, including, but not limited to, any names and logos, trademarks, designs, patents, and all aspects of the software, its source code, and related documentation (collectively, “TCP Intellectual Property”). You may not (i) copy, modify, or create derivative works of TCP Intellectual Property or any software component of the Technologies or Services, in whole or in part; (ii) rent, lease, lend, sell, license, sublicense, assign, distribute, publish, transfer, or otherwise make available the TCP Intellectual Property; (iii) reverse engineer, disassemble, decompile, decode, adapt, or otherwise attempt to derive or gain access to any software component of the Technologies or Services, in whole or in part; (iv) remove any proprietary notices from the Technology or Services; or (v) use the TCP Intellectual Property in any manner or for any purpose that infringes, misappropriates, or otherwise violates any intellectual property right of Us or other right of any third party, or that violates any applicable law, regulation, or rule.
Third Party Systems. We are not responsible for the information and systems of third parties. This includes the information and systems of healthcare providers and healthcare apps within Our approved network.
Privacy. These Terms incorporate by reference our Privacy Policy located at https://www.commonhealth.org/Privacy.
Protecting Your Information. You are responsible for protecting the health information stored in the app and on your mobile device. Good security practices include: using a strong password, a biometric login, or other device security method; not sharing your login credentials; and not sharing your device with others. Similarly, you are responsible for protecting the login credentials to your healthcare providers’ systems. If you suspect anyone has unauthorized access to your healthcare providers’ systems, you must notify your health care provider immediately.
Changes to the Terms. We may update these Terms from time-to-time. The “Last Revised” date above is the date the most recent change was published. Your use of the Service shall be governed by the Terms in effect at the time of your use. By continuing to access or use the Service on or after the Effective date of the revised Terms, you agree to be bound by such Terms.
DISCLAIMERS. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS AND WE DISCLAIM TO THE MAXIMUM EXTENT PERMITTED BY LAW ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT WITHOUT LIMITATION, IMPLIED WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. WE DISCLAIM ALL LIABILITY RELATED TO SECURITY, RELIABILITY, OR AVAILABILITY OF THE SERVICE AND DO NOT GUARANTEE THAT THE SERVICE IS COMPLETE, ACCURATE, OR ERROR FREE. WE DO NOT REPRESENT OR WARRANT THAT THE SERVICE WILL IMPROVE YOUR OVERALL HEALTH OR THE OUTCOME OF ANY HEALTH ISSUE. BY ACCESSING AND USING THE SERVICE, YOU ASSUME THE RISKS RELATED TO ACCESSING AND USING THE SERVICE, INCLUDING, BUT NOT LIMITED TO, RISKS TO YOUR DEVICE, COMPUTER SYSTEM, AND DATA.
LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, EXEMPLARY, CONSEQUENTIAL, OR OTHER DAMAGES WHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO YOUR ACCESS TO OR USE OF THE SERVICES REGARDLESS OF LEGAL THEORY OR CLAIM. IF YOUR JURISDICTION DOES NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THEN SUCH LIMITATIONS MAY NOT APPLY TO YOU.
Jurisdiction; Governing Law. If you seek to file a legal claim against us, you agree to file and resolve it exclusively in a state or federal court located in New York County, New York. You also agree that the laws of the State of New York and, to the extent applicable, the laws of the United States of America will govern these Terms, as well as any legal claim that might arise between You and Us (without reference to conflict of laws principles). You agree to submit to the personal jurisdiction of, and agree that the proper venue n, in any legal action or proceeding relating to US or these Terms, is in the courts located in New York County, New York . You agree that regardless of any statute or law to the contrary, any claim or cause of action you might have arising out of or related to use of our Service or Technology or these Terms must be filed within the applicable statute of limitations or, if earlier, one year after the pertinent facts underlying such claim or cause of action could have been discovered with reasonable diligence (or be forever barred).
CLASS ACTION WAIVER. YOU AGREE THAT ANY CLAIMS WILL BE ADJUDICATED ON AN INDIVIDUAL BASIS AND WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS OR COLLECTIVE ACTION WITH RESPECT TO THE CLAIMS.
Waiver; Severability. We do not waive any provision of these Terms by failing to enforce it. If any part of these Terms is found unlawful, void, or unenforceable, that part will be severed from these Terms and will be enforced to the maximum extent permissible, and all other parts of these Terms will remain in effect.
Date of last update: August 2, 2024