Privacy Policy and HIPAA Compliance

We’re committed to protecting user privacy and providing a safe and secure environment for our users. 

This policy comprehensively discloses how ART Compass accesses, collects, uses, and shares user data, and is not limited by the data disclosed in the privacy label.

ART Compass provides a privacy point of contact and a mechanism to submit privacy inquiries via email to [email protected]

During the routine use of ART Compass, you may submit personal and sensitive user data that ART Compass accesses, collects, uses. These data may include your profile picture, phone number, email address, or work location (address). Sensitive and Private data are only accessed, stored and used for activities within ART Compass. We NEVER share or sell your personal and private data with any third parties.

ART Compass may collect, transmit, sync, or store your profile image, phone number, email address, or work location (IVF Lab Address) to enable your personnel profile and for our double verification and identification for HIPAA compliance and patient data related safety precautions.

ART Compass collects specific location data to enable proof of your identification and employment at a specific IVF laboratory, and is required to add or change IVF lab locations. We require this feature to enable the double identification verification of your employment even and the location features may or may not run in the background when the app is closed or not in use. Location data are never used to support advertising.

Your personal and private data are handled securely by our encrypted data handling procedures, and through double verification requiring your confirmation via email and the location that you work at.

We only retain your data for the length of the duration you use ART Compass. You may delete your account and your personal and sensitive data at any time.

Legal Agreements

Downloading and installing the ART Compass app constitutes an agreement that limits the liability of ART Compass by requiring the user to indemnify and hold harmless all principal investigators, advisors, investors, trustees, officers, directors, employees and agents from and against any loss, expense, liability, damage, claim (including reasonable attorneys’ fees), for shutdown time, system crashes, or failing to fully meet a user’s expectations

Further, to the fullest extent permitted by applicable law, in no event shall ART Compass parties be liable to you and prohibits any direct, indirect, incidental, special, punitive or consequential damages whatsoever resulting from your access or

(I) use of the site or applications ,

(II) errors, mistakes, or inaccuracies of content,

(III) personal injury or property damage, of any nature whatsoever, resulting from your access to and use of the site or applications,

(IV) any unauthorized access to or use of our servers and/or any and all personal information and / or financial information stored therein,

(V)any interruption or cessation of transmission to or from our servers,

(VI) any bugs, viruses, Trojan horses or the like, which may be transmitted to or through the site by any third party,

(VII) any loss of your data or content from the site or applications

(VIII) any errors or omissions in any data or content or any loss or damage of any kind incurred as a result or use of any content posted, transmitted, or otherwise made available via the site or applications whether based on warranty, contract, tort or any other legal theory and whether or not the ART Compass parties are advised of the possibility of such damages and/or disclosure of information pursuant to these.

BUSINESS ASSOCIATE AGREEMENT

This Business Associate Agreement (the “Agreement”) is made and entered into as of the download date the “Effective Date”, by and between HIPAA Covered Entity (“Covered Entity”) and A.R.T Applications, LLC, (“Business Associate”). The Covered Entity and Business Associate may be referred to herein singly as a “Party” and collectively as the “Parties.”

RECITALS

WHEREAS, Covered Entity is subject to the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 (“HIPAA”), as amended and supplemented by Title XII, Subtitle D of the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH”), and regulations promulgated pursuant thereto, as may be amended from time to time (“HIPAA Regulations”).

WHEREAS, Covered Entity is required to enter into this Business Associate Agreement to obtain satisfactory assurances that Business Associate will appropriately safeguard all Protected Health Information created, received, maintained or transmitted by Business Associate from or on behalf of Covered Entity as required by the HIPAA Regulations.

NOW, THEREFORE, in consideration of the foregoing recitations and other good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the Parties agree as follows:

AGREEMENT

I. DEFINITIONS

1. “Protected Health Information” or “PHI” shall have the same meaning as the term “protected health information” in 45 C.F.R. §. 160.103

2. “Secretary” shall mean the Secretary of the Department of Health and Human Services.

3. “Security Incident” shall have the same meaning as the term “security incident” as defined at 45 C.F.R. § 164.304, but shall not include trivial incidents that occur on a daily basis such as scans, “pings,” or routine attempts to penetrate computer networks or servers maintained or utilized by Business Associate; provided that none of the foregoing compromise the privacy, integrity, and security of Protected Health Information.

4. Terms not otherwise defined in this Agreement shall have the same meaning as defined in the HIPAA Regulations.

II. OBLIGATIONS OF BUSINESS ASSOCIATE

1. Compliance with HIPAA. Business Associate represents and warrants that it will comply with the HIPAA Rules which are applicable to Business Associates as such term is defined in the HIPAA Regulations.

2. Use and Disclosure of Protected Health Information. Business Associate agrees not to use or disclose PHI other than as permitted or required by this Agreement or as Required By Law. Subject to the restrictions set forth in the previous paragraph and throughout this Agreement, Business Associate may use the PHI received from Covered Entity if necessary for (1) the proper management and administration of Business Associate; or (2) to carry out the legal responsibilities of Business Associate.

3. Safeguards. Business Associate agrees to implement and use appropriate safeguards to prevent the use or disclosure of Protected Health Information other than as provided for by this Agreement. Safeguards shall include the establishment and maintenance of appropriate administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of Protected Health Information (whether electronic or otherwise).

4. Mitigation. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to or reasonably should be known to Business Associate of a use or disclosure of Protected Health Information by Business Associate or any of its employees, agents or subcontractors in violation of the requirements of this Agreement or the HIPAA Regulations.

5. Access; Accounting. The Parties acknowledge and agree that Business Associate shall not maintain PHI in a Designated Record Set on behalf of Covered Entity and shall not be required to provide access to PHI or amend PHI as such.

6. Audit. Business Associate agrees to make internal practices, books, and records, including Protected Health Information and policies and procedures relating to the use and disclosure of Protected Health Information, available to the Secretary, the Secretary determining Business Associate‘s compliance with the HIPAA Regulations.

7. Accounting. Except for disclosures excluded from the accounting obligation by the HIPAA Regulations, Business Associate will record for each disclosure that Business Associate makes of PHI the information necessary for Covered Entity to make an accounting of disclosures pursuant to the HIPAA Regulations. Business Associate will make this information available to Covered Entity promptly upon Covered Entity‘s request for the period requested.

8. Restriction. Business Associate agrees to restrict the use or disclosure of Protected Health Information in accordance with any restriction agreed upon by Covered Entity pursuant to 45 C.F.R. § 164.522.

9. No Marketing or Sale of Protected Health Information. Except as otherwise allowed under the HITECH Act, Business Associate shall not directly or indirectly receive remuneration in exchange for Protected Health Information or use Protected Health Information for marketing or fundraising purposes unless and until (a) the Individual(s) that are the subject of the Protected Health Information have provided their written authorization for doing so, and (b) Business Associate obtains the Covered Entity‘s prior written approval.

10. Subcontractors. Business Associate agrees to ensure that any agent, including a subcontractor, who will have access to, create, receive, maintain, or transmit Protected Health Information on behalf of Covered Entity and/or Business Associate agrees in writing to the same restrictions and conditions that apply through this Agreement and the HIPAA Regulations to Business Associate with respect to such information.

11. Breaches or Security Incidents. Business Associate agrees to promptly report to Covered Entity any Security Incident or Breach of Covered Entity‘s PHI, caused by Business Associate (collectively, a “Notifying Event”). Business Associate shall cooperate and coordinate with Covered Entity to determine additional actions that may be required of Business Associate for mitigation of a Notifying Event.

III. Legal Agreements

1. Term. This Agreement shall be effective as of Effective Date and shall terminate when Business Associate destroy or return all of the Protected Health Information to Covered Entity, or, if it is infeasible to return or destroy Protected Health Information, protections are extended to such information, in accordance with the termination provisions in this section.

2. Termination for Cause. Upon Covered Entity‘s knowledge of a material breach by Business Associate, Covered Entity has the right to:

• (a) Provide an opportunity for Business Associate to cure the breach or end the violation, and terminate this Agreement and the any agreement(s) between the Parties if Business Associate does not cure the breach or end the violation within the time specified by Covered Entity;
• (b) Immediately terminate this Agreement and any agreement(s) between the Parties if Business Associate has breached a material term of this Agreement and cure is not possible; or
• (c) If neither termination nor cure are feasible, report the violation to the Secretary.

3. Effect of Termination.

• (a) Except as provided in paragraph (b) of this section, upon termination of this Agreement for any reason, Business Associate and its employees, agents, and subcontractors shall return or destroy all PHI and shall retain no copies of the PHI.
• (b) In the event that Business Associate determines that returning or destroying the Protected Health Information is infeasible, Business Associate shall provide to Covered Entity written notification of the conditions that make return or destruction infeasible. Upon determining that return or destruction of PHI is infeasible, Business Associate and its employees, agents, and subcontractors shall extend the protections of this Agreement and the Privacy and Security Rules to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate or its employees, agents, or subcontractors maintain such PHI.

IV. MISCELLANEOUS

1.Interpretation. Any ambiguity in this Agreement shall be resolved to permit Covered Entity to comply with the HIPAA Regulations.

2.No Third Party Beneficiaries. This Agreement shall not confer any benefit or rights upon any person other than the parties hereto, and no third party shall be entitled to enforce any obligation, responsibility, or claim of either party to this Agreement, unless expressly provided otherwise in this Agreement or by law.

3.Notices. Any notices required or permitted under this Agreement shall be deemed effective (a) on the day when personally delivered to a Party, or (b) if sent by registered or certified mail, return receipt requested, on the third (3rd) business day after the day on which mailed, postage prepaid, to such party at the address listed at the beginning of this Agreement. Either Party may only change its address for notices under this section by a written notice to the other Party given in accordance with this section.

4.Waiver. No waiver or discharge of obligations arising under this Agreement shall be valid unless in writing and executed by the Party against whom such waiver or discharge is sought to be enforced. The waiver by either Party to this Agreement of a breach of any provisions of this Agreement shall not operate or be construed as a waiver of any subsequent breach of the same or any other provision of this Agreement.

5.Change in Law; Amendments. A reference in this Agreement to a provision of the HIPAA Regulations means such provision as in effect or as amended and all formal guidance issued thereunder. No amendment or modification of this Agreement will be effective except by a written amendment executed by the Party against whom such amendment or modification is sought to be enforced.

6.Counterparts. This Agreement may be executed in one or more counterparts, all of which shall be considered one and the same agreement.

7.Entire Agreement. This Agreement contains the entire understanding by and between the Parties with respect to the exchange, use, disclosure, and protection of Protected Information.