Effective July 1, 2024

1. PURPOSE AND SCOPE OF THIS PRIVACY POLICY

This Consumer Health Data Privacy Policy (“Policy”) applies to Health Data that Snow Companies, LLC, and its affiliates MyPatientStory.com, LLC (d/b/a PatientWorthy), and WhatNext, LLC (collectively, “Snow”, “we”, “us”, or “our”) may collect from you.  Although this Policy is specifically directed to residents of Washington who are subject to the Washington My Health My Data Act and residents of Nevada who are subject to Nevada Revised Statutes Chapter 603A, this Policy describes how Snow processes the personal health data of any consumer, without regard to their state of residence.  Please take a moment to read and understand this Policy. The term “Health Data” in this Policy means personal information that identifies a person’s past, present, or future physical or mental health status.  In this Policy, Health Data does not include: i) information that is protected under HIPAA as “protected health information” or “PHI”; ii) information that has been deidentified according to HIPAA requirements; and iii) information that is publicly available.

2. CATEGORIES OF AND PURPOSE FOR HEALTH DATA WE MAY COLLECT

We may collect and use various types of Health Data from and about you, including:
  • Health conditions, diseases, or diagnoses;
  • Treatments, medication, diagnostic testing;
  • Surgeries and procedures;
  • Use of prescription medications;
  • Symptoms;
  • Measurements of physical or mental health status; and
  • Genetic markers used in diagnosis or treatment.
We use these categories of Health Data for one or more of the following purposes:
  • To fulfill the purpose described when you provided the Health Data;
  • To provide services that you request from us;
  • To comply with our legal obligations and risk management, audit, investigations and reporting, and other legal and compliance reasons;
  • To manage and facilitate a contractual relationship with one of our clients.

3. SOURCES FROM WHICH HEALTH DATA IS COLLECTED

We collect Health Data from the following sources:
  • Directly from you when you contact us about our engagement opportunities either by speaking directly with one of our representatives, submitting a webform, raising your hand on our website, or sending a reply card;
  • From your health care providers whom you have authorized to share your Health Data with us;
  • Our business partners that operate websites that promote our programs and patient engagement opportunities, but only when you have authorized the sharing of your Health Data;
  • Client representatives and advocacy organizations with whom you have interacted and consented to the sharing of your Health Data with us.

4. SHARING OF CONSUMER HEALTH DATA

We do not sell your Health Data. If you are contracted to participate in a patient engagement activity sponsored by a client, we may share any of the categories of Health Data listed above with that client and its authorized representatives as part of the contracting process, to ensure compliance with all regulatory requirements, and to facilitate your participation in the activity or engagement. If you register to attend a program or event and participate in services offered by a client, we may share your Health Data with the sponsoring client and its authorized representatives as needed to manage your participation or attendance. We may share your Health Data as authorized or required by law when you report adverse events or product complaints. Except as specifically provided above, we do not share Health Data with third parties without your express consent.

5. YOUR DATA PROTECTION RIGHTS

You have the following rights in relation to the Health Data that we collect:
  • Right to Know: The right to request confirmation that we collect, share, or sell your Health Data
  • Right to Access:  The right to access the Health Data that we have collected
  • Right to Know Third Parties:  The right to obtain a list of all third parties with whom we have shared your Health Data and their email addresses or other online method of contact
  • Right to Withdraw Consent:  The right to withdraw your consent for our collection and sharing of your Health Data
  • Right to Delete:  The right to request that we delete your Health Data

6. HOW TO EXERCISE YOUR DATA RIGHTS

You may exercise your rights relating to your Health Data by submitting a request to us at any time by one of the following means:
Email Send us an email at: [email protected]
Post Write to us at Snow Companies, LLC Attn: Privacy Officer 133 Waller Mill Road, Williamsburg, VA  23185
Telephone Toll-free Privacy Request Line: 844-819-6925
Upon receipt of a request, we must authenticate the identity of the consumer making the request.  If we are unable to authenticate the request after using commercially reasonable efforts, we are not required to comply with the request and may ask the consumer to provide additional information reasonably necessary to authenticate the consumer’s identity and request. We will respond to a consumer request without undue delay, but in all cases other than deletion requests within 45 days of receipt of the request if submitted pursuant to the methods described above.  We will respond to a deletion request within 30 days of receipt.  If we are unable to authenticate the identity of the consumer and/or validate the request within 45 days of receipt, we may extend the response period by 45 additional days. If we decline to act on your request, we will send you a letter notifying you of this decision. You may appeal any such decision by following the instructions for appeal that are included in the letter, provided that the appeal is submitted to us within thirty (30) days following your receipt of the letter.

7. CHANGES TO THIS POLICY

We may change this Policy from time to time and will notify you by a notice on our website and in this Policy of material changes. If you have any questions about this Policy or any of our privacy practices, please contact us at [email protected].