Privacy Policy
Welcome
Last reviewed: December, 2021
Hello, and welcome to Galileo!
Galileo is a technology company that offers exceptional and comprehensive clinical care directly from your phone.
This Privacy Policy describes the personal information we and the Medical Group each collect, how we use and protect it, and your rights and choices. The Privacy Policy is split into two policies: the first describes Galileo’s policies and the second the Medical Group’s policies. As a courtesy to you, we call your attention to several parts. You should know though that these highlights are not part of the official, binding legal terms. The official legal terms follow under the “Privacy Policy” heading below.
- Galileo collects different types of information about you, including web-behavior information via cookies, beacons, and other similar tracking technologies when you use our app and website, and information you provide to us about yourself, like when you create an account, purchase a subscription, complete surveys, or contact Member Services.
- We offer you choices about how you can opt out of our use of tracking technology, disclosure of your personal information for our advertising to you, and other targeted advertising. You also can ask to delete your account at any time, but please know that we may be required by law to keep your personal data for a period of time. In that case, we’ll remove it from our active databases.
- Be aware that information transmitted over the internet is not completely secure, but we use best practices to protect your personal data.
- You can read Galileo’s Website and Application Privacy Policy below.
- The Medical Group uses and discloses your health information for normal business activities that fall within the categories of treatment, payment, and healthcare operations, as well as other narrow purposes provided by law.
- The Medical Group will never sell your health information, and won’t use or disclose your health information for any purpose other than as described in its Privacy Policy without your written authorization.
- Please also know that you have various rights with respect to your health information, including to inspect, copy, and amend it and to request an accounting of disclosures.
- You can read the Medical Group’s Notice of Privacy Policies below.
Privacy Policy
I. PRIVACY POLICY FOR THE GALILEO WEBSITE AND APPLICATION
Last modified: November, 2022
This section of our Privacy Policy ("Site Privacy Policy") explains how Galileo, Inc. collects, uses, and discloses information about you obtained when you visit the website www.galileohealth.com (our “Website”) and the Galileo application (our “Application”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- on our Website and Application;
- in email, text, and other electronic messages between you and our Website and Application;
- when you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information collected by:
- the physicians or other healthcare providers that we contract with, including Galilea Medical Group, P.A;
- any third party, including through any application or content that may link to or be accessible from or on the Website or Application.
Please read this policy carefully. By accessing or using our Website and/or Application, you agree to this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Website or Application.
1. Children Under the Age of 18
We are committed to protecting the privacy of children in connection with the use of our Services. This section explains our online information collection, disclosure, and parental consent practices with respect to information collection from children under the age of 13 (“child” or “children”) in accordance with the U.S. Children’s Online Privacy Protection Act (“COPPA”). For more information about COPPA and general tips about protecting children’s online privacy, please click here.
Our Services include online services that may be used to facilitate health care for a child. A parent or guardian can create a Galileo account on behalf of a dependent child and attest that they have legal authority to do so. During the user registration process, a parent or guardian can create a children’s account by providing certain information about the child, including name, birth date, email and password. Children under the age of 18 are not eligible to register directly for an account. If your child directly uses their Galileo account, either with or without your permission, we may collect information directly from the child. If you prefer for your child to not directly interact with Galileo online, please do not provide account credentials to your child. Please note certain state patient privacy laws may permit a child to directly obtain certain types of health care services independent of their parent or guardian. If your child obtains mental/behavioral health, substance use, contraception, STI/STD/HIV, or pregnancy-related services, information related to such services will only be made available to you in response to a valid records request, and only to the extent permitted to be disclosed to you under applicable laws.
During account registration for a child, parents/guardians are asked to review and consent to our Informed Consent form, which includes a COPPA consent, on behalf of their child. If a parent or guardian chooses not to consent to the collection and use of their child’s information, they may not create an online account for the child. At any time, a parent and guardian may revoke their consent for us to further collect personal information from their child online by contacting privacy@galileohealth.com. Once consent is revoked, a child may not use any Services online.
Section 2 of this Policy contains details about the information we collect, which extend to information we collect about children. The information we collect will be used for the purposes described in Section 3 of this Policy.
We may disclose the information in accordance with Section 4. No personal information about a child will be made available to the public or sold. We may share information with our service providers if necessary for them to perform business, professional, or technology services for us, always in accordance with all applicable laws.
In addition to your right to revoke your consent for the collection of your under 13 child’s personal information, you may request to review the personal information we have collected from your child as well as request for us to delete personal information we have collected from your child, subject to our data retention requirements. Please submit your request or any questions to privacy@galileohealth.com.
2. Information We Collect About You and How We Collect It
Generally
We collect several types of information from and about users of our Website and Application, specifically information:
- by which you may be personally identified, such as name, postal address, billing address, work address, shipping address, e-mail address, home, work, and mobile telephone numbers, driver’s license number, date of birth, credit or debit card number (for payment purposes only), the last four digits of your Social Security Number, your medical history, and health information (“Personal Data”);
- that is about you but individually does not identify you, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Website or use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website or through our Application; and/or
- about your internet connection, the equipment you use to access our Website or use our Application and usage details.
We collect this information:
- directly from you when you provide it to us;
- automatically as you navigate through the Website or use our Application. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, geo-location services, and other tracking technologies; and
- From third parties, for example, our business partners.
Information You Provide to Us
The information we collect on or through our Website or through our Application are:
- information that you provide by filling in forms on our Website or the Application. This includes information provided at the time of registering to use our Application, using our physician consultation services, or requesting further services. We may also ask you for information when you report a problem with our Website or Application;
- records and copies of your correspondence (including email addresses), if you contact us;
- your responses to surveys that we might ask you to complete;
- details of transactions you carry out through our Website or through the Application and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or Application.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, specifically:
- details of your visits to our Website or Application, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Website or use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website or in the Application; and
- Information about your computer, mobile device, and internet connection, specifically your IP address, operating system, browser type, and Application version information.
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and Application and to deliver a better and more personalized service by enabling us to:
- estimate our audience size and usage patterns;
- verify your location to ensure we can provide you with our services;
- store information about your preferences, allowing us to customize our Website and our Application according to your individual interests;
- recognize you when you return to our Website and our Application.
The technologies we use for this automatic data collection may include:
- Cookies. A cookie is a small file placed on the hard drive of your computer or mobile device. On your computer, you may refuse to accept browser cookies by activating the appropriate setting on your browser, and you may have similar capabilities on your mobile device in the preferences for your operating system or browser. However, if you select this setting you may be unable to access certain parts of our Website or use certain parts of our Application. We presently do not honor “Do Not Track” requests across all parts of our Website and Application. Unless you have adjusted your browser or operating system setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website or use our Application.
- Web Beacons. Pages of our the Website, screens of our Application, and our emails may contain small electronic files known as web beacons that permit Galileo, for example, to count users who have visited those pages, used those screens, or opened an email and for other related website and application statistics (for example, recording the popularity of certain Website or Application content and verifying system and server integrity).
- Analytics Tools. We use tools such as Google Analytics, Mixpanel, and Adjust to collect certain information relating to your use of the Website and/or Application. Google Analytics, Mixpanel, and Adjust use “cookies”, which are text files placed on your computer or phone, to help us analyze how users use the site. We may also use Google Analytics Advertising Features or other advertising networks to provide you with interest-based advertising based on your online activity. For more information regarding Google Analytics, you can visit Google Analytics’ webpage and review its privacy practices at www.google.com/analytics/learn/privacy.html. You may prevent your data from being used by Google Analytics by installing the Google Analytics Opt-out Browser Add-on from https://tools.google.com/dlpage/gaoptout/. For more information regarding Mixpanel, you can visit Mixpanel’s website and review its Privacy Policy at https://mixpanel.com/privacy/. You can opt-out of Mixpanel's automatic retention of data collected while on our Website and Application by visiting https://mixpanel.com/optout/. For more information on Adjust, you can visit Adjust’s website and review its Privacy Policy at https://www.adjust.com/terms/privacy-policy/. You can opt out of Adjust’s tracking by visiting https://www.adjust.com/forget-device/.
ELECTRONIC HEALTH INFORMATION SHARING: We may take part in or make possible the electronic sharing or pooling of healthcare information. The most common way we do this is through local or regional Health Information Exchanges (HIEs). HIEs help doctors, hospitals and other healthcare providers within a geographic area or community provide quality care to you. If you travel and need medical treatment, HIEs allow other doctors or hospitals to electronically contact us about you. All of this helps us manage your care when more than one doctor is involved. It also helps us to keep your health bills lower (avoid repeating lab tests). And finally, it helps us to improve the overall quality of care provided to you and others. We are involved in national health reform efforts and may use and share information as permitted to achieve regional or national goals, including regional or nationally approved population health management or wellness initiatives.
3. How We Use Your Information
We may use information that we collect about you or that you provide to us as follows, subject to the health information restrictions in Section I, the Privacy Policy for Medical Group Patients:
- to present our Website, Application, and their contents to you;
- to provide you with information or services that you request from us;
- to process, fulfill, and administer transactions and orders for services for you;
- to facilitate access to your medical records available through health information exchanges;
- to create De-Identified Data such as aggregate statistics relating to the use of our Application;
- to notify you about changes to our Website, our Application, or any products or services we offer or provide though them;
- to promote our Website, Application, and services to you;
- to fulfill any other purpose for which you provide us Personal Data;
- in any other way we may describe when you provide the information; and
- for any other purpose for which you give us authorization.
We also may use how you browse and shop in order to show you ads for Galileo. We may use cookies and other information to provide relevant interest-based advertising to you. Interest-based ads are ads presented to you based on your browsing behavior in order to provide you with ads more tailored to your interests.
4. Disclosure of Your Information
We may disclose Personal Data that we collect or you provide as follows, subject to the health information restrictions in Section I, Notice of Privacy Practices:
- to our subsidiaries and affiliates;
- to contractors and third-party service providers that we use to support our business and who are contractually bound to keep your Personal Data confidential;
- to health information exchanges that share your medical records with us;
- to a company we merge, acquire, or that buys us, or in the event of change in structure of our company of any form;
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Galileo, our customers, or others;
- for any other purpose disclosed by us when you provide the information;
- with your consent.
5. Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the Personal Data you provide to us. We have created mechanisms to provide you with control over your Personal Data:
- Tracking Technologies and Advertising. You can set your browser or operating system to refuse all or some cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of our Website or Application may then be inaccessible or not function properly.
- Promotional Offers from Galileo. If you do not wish to have your email address used by Galileo to promote our own services, you can opt-out at any time by clicking the unsubscribe link at the bottom of any email or other marketing communications you receive from us or logging onto your Account profile page. This opt out does not apply to information provided to Galileo as a result of your use of our services.
- Targeted Advertising. We use or partner with ad networks that may use your browsing activity across participating websites to show you interest-based advertisements on those websites. To learn more about interest-based advertisements and your opt-out rights and options, visit the Digital Advertising Alliance and the Network Advertising Initiative websites (www.aboutads.info and www.networkadvertising.org). Please note that if you choose to opt out, you will continue to see ads, but they will not be based on your online activity. We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can also opt out of receiving targeted ads from members of the NAI on its website.
6. Information You Share with Third Parties
This Site Privacy Policy applies only to information we collect through the Website and Application and by email, text and other electronic communications between you and our Website or Application. We do not control the collection and use of your information collected by any third parties, and are not responsible for the privacy practices of other sites. We encourage you to read their privacy policies.
7. De-Identified Data
We may create and use de-identified information, in which information is removed from your Personal Data so that you cannot be identified (“De-identified Data”), without restriction.
8. Your Rights Regarding Deletion of Your Information
You may request deletion of your Personal Data by logging into our Application and visiting either the Setting or Account profile sections, or by making such request of us. However, please be aware that we may be required (by law or otherwise) to keep such data and not delete it (or to retain it for a certain period of time, in which case it will be deleted after the required retention period). By deleting your Personal Data, we will remove it from active databases, however, it may remain in archives and we also may continue to use De-Identified Data about your use of Services. If we have disclosed Personal Data to third parties as permitted under this Galileo Site Privacy Policy, we may no longer be able to access this data and be able to compel its deletion or modification by such party. After we delete Personal Data, we may retain De-Identified Data and will continue to use De-Identified Data as permitted under this Galileo Site Privacy Policy.
9. Data Security
We implement reasonable measures designed to secure your Personal Data from unauthorized access, use, alteration, and disclosure and from accidental loss, including by employing encryption technology for information sent and received by us.
Nonetheless, no transmission of information over the internet can be completely secure. As a result, while we do our best to try to protect your Personal Data, we cannot guarantee the security of any information you transmit to us.
10. Location-Enabled Features
Certain location-enabled features made available in the Application to connect you to a Provider licensed or authorized to provide services in your state is provided by Google, Apple, and other third party providers. When accessing these functionalities, you are agreeing to additional Terms of Service and Privacy Policies, such as Google Maps’ Terms of Service and Privacy Policy or Apple Maps’ Terms of Service and Privacy Policy.
11. Changes to Our Privacy Policy
We may change this Privacy Policy at any time. We will post the revised Privacy Policy on this page with the last revised date identified at the top. We also will present any significant updates to you before you next use the Application. Continued use of our Website, Application, or services following notice of such changes will indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.
12. Contact Information
If you have any questions, concerns, complaints or suggestions regarding our Privacy Policy or otherwise need to contact us, you may contact us at privacy@galileohealth.com.
II. NOTICE OF PRIVACY POLICIES FOR MEDICAL GROUP PATIENTS
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice describes how Galilea Medical Group, PA and members of its Affiliated Covered Entity (collectively, the “Medical Group,” “we,” or “us”) (and Galileo, Inc., when acting on behalf of the Medical Group) may use and disclose health information about you (“Protected Health Information”) and how you can access this information. An Affiliated Covered Entity is a group of health care providers under common ownership or control that designates itself a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The members of the Medical Group may share Protected Health Information with each other for treatment, payment, and health care operations related to the Affiliated Covered Entity. For a complete list of members of the Affiliated Covered Entity, please contact the Medical Group’s Privacy Officer at privacy@galileohealth.com.
Uses and Disclosures of Your Health Information:
Your protected health information may be used and disclosed by our health care providers, our staff, and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other use authorized or required by law. A minor’s protected health information regarding services which the minor confidentially consented to under state law may only be disclosed to a parent/guardian pursuant to a valid authorization by the minor.
TREATMENT: We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. We may use your information to direct or recommend alternative treatments, therapies, health care providers, or settings of care to you or to describe a health-related product or service. We may also disclose protected health information to a health care provider to whom you have been referred to ensure they have the necessary information to diagnose or treat you.
PAYMENT: Your protected health information may be used to bill or obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for your services, such as making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity.
HEALTH CARE OPERATIONS: We may use or disclose your protected health information to support our health care operations, which include internal administration, business planning, and activities that improve the quality and cost effectiveness of the care provided to you. For example, we may use your health information to review our treatment and services and to evaluate the performance of our physicians and health care professionals. We also may create and use de-identified data, in which information is removed from your protected health information so that you cannot be identified (“De-identified Data”), as authorized by law.
ELECTRONIC HEALTH INFORMATION SHARING: We may take part in or make possible the electronic sharing or pooling of healthcare information. The most common way we do this is through local or regional Health Information Exchanges (HIEs). HIEs help doctors, hospitals and other healthcare providers within a geographic area or community provide quality care to you. If you travel and need medical treatment, HIEs allow other doctors or hospitals to electronically contact us about you. All of this helps us manage your care when more than one doctor is involved. It also helps us to keep your health bills lower (avoid repeating lab tests). And finally, it helps us to improve the overall quality of care provided to you and others. We are involved in national health reform efforts and may use and share information as permitted to achieve regional or national goals, including regional or nationally approved population health management or wellness initiatives.AS REQUIRED BY LAW: We may use and disclose your protected health information to the extent required by any applicable federal, state or local law.
UNIQUE CIRCUMSTANCES: We may use or disclose your protected health information in the following unique circumstances without your authorization: to assist in public health activities, such as disease tracking and reporting information about products under the under the U.S. Food and Drug Administration’s jurisdiction; to inform authorities to protect victims of abuse or neglect; for health care oversight purposes, such as investigations of fraud; in response to a legal order or other lawful process during a judicial or administrative proceeding; to law enforcement officials as required by law or in compliance with a court order; to coroners, funeral directors and organ donation agencies as authorized by law; for research purposes pursuant to a valid authorization from you or following institutional review board protocols; to avert a serious threat to health or safety; to assist in specialized government functions, such certain military activity and national security purposes; for workers’ compensation reporting; and other required uses and disclosures.
USES AND DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION:
For any purpose other than described above, we only use or disclose your protected health information with your written authorization. We are prohibited from using or disclosing your protected health information for purposes that are marketing under the HIPAA privacy rule, including accepting payment from third parties in exchange for making communications about treatments, providers, products, or services, without your written authorization. We also will never sell your protected health information without your written authorization.
If you provide us with an authorization for certain uses and disclosures of your information, you may revoke such authorization at any time, except to the extent that we have taken an action in reliance on it, by writing to us at privacy@galileohealth.com.
YOUR RIGHTS WITH RESPECT TO YOUR PROTECTED HEALTH INFORMATION:
You have the following rights regarding the PHI maintained by the Medical Group:
- You have the right to inspect and copy your protected health information.
- You may request access to or an amendment of your protected health information.
- You have the right to request a restriction on the use or disclosure of your protected health/personal information. Your request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. If we agree to comply with your request, we will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
- You have the right to request to receive confidential communications from us by alternative means or at an alternate location, and we will accommodate reasonable requests. You must submit your request in writing to privacy@galileohealth.com.
- You have the right to request an amendment of your protected health information. If we deny your request for amendment, you have the right to file a statement of disagreement with us.
- You have the right to receive an accounting of certain disclosures of your protected health information that we have made for the prior six (6) years, except to the extent made for purposes of treatment, payment, healthcare operations, or certain other purposes (such as your authorization).
- You have the right to obtain a paper copy of this Notice, upon request, even if you have previously requested its receipt electronically by email.
BREACH OF HEALTH INFORMATION:
You have the right to be notified in the event that we (or one of our business associates) discovers a breach of unsecured PHI.
REVISIONS TO THIS NOTICE:
We reserve the right to revise this Notice and to make the revised Notice effective for protected health information we already have about you as well as any information we receive in the future. You are entitled to a copy of the Notice currently in effect. Any significant changes to this Notice will be posted on our website. You then have the right to object or withdraw as provided in this Notice.
COMPLAINTS:
Complaints about this Notice or how we handle your protected health information should be directed to our HIPAA Privacy Officer at privacy@galileohealth.com. If you are not satisfied with the manner in which a complaint is handled you may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.