Privacy Policy

Last Updated: January 31, 2022

Sonara Health, Inc. ("Sonara", "we", "us" or "our") provides proprietary remote patient monitoring tools to assist independent opioid treatment programs ("Clinics") with a telehealth platform for medication monitoring available at sonara.app (the "Services"). This Privacy Notice describes how we collect, use and disclose the information we collect about you when you interact with www.sonarahealth.com (our "Site") or use our Services. This Privacy Notice also explains your choices and rights have regarding your personal data.

Please note, Sonara is an administrative and technology service provider. Sonara has entered into legal agreements with each Clinic who uses the Services as a patient medication monitoring tool. Sonara does not provide any healthcare services, nor does it refer or recommend any Clinic. Sonara cannot control and is not responsible for the privacy and security of personal information once it has left Sonara's servers. We cannot control or restrict the use of personal information by other organizations, such as your Clinic. How such organization treats your personal information is determined by its privacy practices and you should contact your Clinic if you have questions.

Please carefully review this Privacy Notice and our Terms of Service. If you are uncomfortable with or do not agree with any part of this Privacy Notice or our Terms of Service, you should immediately discontinue use of our Site and Services.

  1. Information We May Collect About You

    Through the Site

    The primary purpose of our Site is to promote our Services. When you contact us through the Site, we will collect your name, email address, and the contents of your message to respond to you. Our Site also automatically collects non-personally identifiable information about you and the device you use when you access our Site to help us understand and analyze trends in connection with usage of the Site. This includes using "cookies," which is a small piece of data that your internet browser places on your device so that it can be recognized when it returns in the future. We only use functional and analytical cookies that allow visitors to navigate and use key features on our Site or help us analyze and test how our Site is used. The length of time that a cookie remains on your device depends on whether it is a "persistent" or "session" cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies our Site uses are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

    Through our Services

    Our Services enable Clinics to provide telehealth support to patients through a secure online portal.

    • If you are a medical provider, we will collect your name, email address, and password in order to administer the online account you use to access our Services.

    • If you are a patient, your Clinic provides us with your name, birthdate, phone number, email address, and additional information used to authenticate your identity or contact you. You will also need to provide us with a password. This information is needed so we may administer the online account you use to access our Services.

    • If you are a patient, we will also collect your medication monitoring recordings ("Recordings") in order to administer our Services.

  2. Using Your Information

    In addition to the primary purposes for which we use your personal information as described in Section 1, we may also use your personal information where applicable law allows us to as described below:

    • If you are a Clinic, we may use your contact information to communicate with you about Sonara and its service offerings. Please see Section 7 regarding your choices and right to opt-out of Sonara's marketing messages.

    • If you are a patient, any information we process about you that constitutes protected health information ("PHI") under the Health Insurance Portability and Accountability Act ("HIPAA") is governed by a business associate agreement between Sonara and your Clinic. This means that your medical-related information processed through our Services, such as your Recordings, will only be used and disclosed as instructed by your Clinic or as required by law, to safeguard PHI. If you have questions about how your PHI is handled, please contact your Clinic.

    • To provide assistance or technical support in connection with your use of the Site or Services.

    • To audit, monitor, and further develop the Site and Services.

    • To investigate violations of applicable terms and agreements with you and protect Sonara.

    • To meet our other legal, compliance, and regulatory duties, for example, to make certain records available to the Secretary of Health and Human Services in connection with an investigation under HIPAA or comply with a court order.

    Where permitted by applicable law, we may also use anonymous, de-identified, or aggregated information that does not reasonably identify you for any purpose, including for research purposes.

  3. Sharing Your Information

    In general, we only share your information as follows:

    • With Your Clinic. If you are a patient using our Services, any PHI, including Recordings, collected through the use of our Services may be transmitted to your Clinic.

    • To Our Service Providers. We may share your information with third parties who provide services to us or to whom we outsource certain services, such as website analytics companies, hosting, and cloud computing service providers. Our service providers only access, process or store your information in the course of performing their duties to us.

    • Business Transactions. We may share your information in connection with a corporate merger, consolidation, restructuring, sale of certain of our ownership interests, assets, or both, or other corporate change, including without limitation, during the course of any due diligence process.

    • As Required By Law. We may share your information when we are required to do so by law, such as to comply with a subpoena, bankruptcy proceedings, or similar legal process, or in response to lawful requests by public authorities.

    • To Enforce Legal Rights. We may also share information to investigate, prevent, or take other action regarding illegal activity, suspected fraud, violation of our terms or legal rights, or other wrongdoing.

    If we would like to use your personal data for any purposes other than those described, or as otherwise permitted under applicable law, we will obtain your prior consent.

    No Sale of Personal Information

    We do not disclose your contact information to third parties for their own marketing purposes. Moreover, Sonara does not sell your personal data under California or Nevada law, which defines certain disclosures of personal data for monetary or valuable consideration as "sales."

  4. Confidentiality of Treatment Information

    Your PHI is protected under HIPAA, the Health Information Technology for Economic and Clinical Health of 2009 ("HITECH"), and applicable state laws. When Sonara stores, processes, or transmits PHI, it does so as your Clinics' "business associate" (as defined by HIPAA). Sonara is prohibited from, among other things, using PHI in a manner that the Clinic itself may not.

    Additionally, any information that Sonara processes that directly or indirectly identifies a patient as having or having had a substance use disorder is protected by the Confidentiality of Substance Use Disorder Patient Records confidentiality regulation under 42 CFR Part 2. When Sonara stores, processes, or transmits PHI, it does so as your Clinics' "qualified service organizations" (as defined under 42 CFR Part 2). In order to maintain the confidentiality of this information, Sonara is required, among other things, to resist in judicial proceedings any efforts to obtain access to patient-identifying information related to substance use disorder diagnosis, treatment, or referral for treatment except as permitted by the regulations.

  5. Storing and Securing Your Information

    Storage of Your Information

    Our company operates from, and our servers are located in, the United States. If you are located outside of the United States and choose to access our Site or our Services, please note that we will transfer your personal information to other regions, including to the United States. These countries may not guarantee the same level of protection for personal information and judicial redress as the country in which you reside. By submitting your personal information to us through our Site or Services, you consent to the transfer of your personal information to any country in accordance with this privacy policy.

    Security

    Sonara is committed to protecting the privacy and security of patient information. We use reasonable, standard administrative, technical, and physical safeguards to protect your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction of your information and enable Sonara to maintain overall compliance with the HIPAA Security Rule. However, no method of Internet transmission is completely secure and we cannot guarantee its absolute security.

    Data Retention

    In general, we will only retain your information for the time necessary to provide our Site and Services and to fulfill out regulatory and legal obligations. Because these needs can vary for different data types, the context of our interactions with you, or your use of products, actual retention periods can vary. We may retain your information in order to prevent, investigate, or identify possible wrongdoing in connection with our Site or Services or to comply with regulatory and legal obligations. We may also maintain residual copies of your personal data in our backup systems.

  6. Children's Information

    Our Site and Services are not intended for children under the age of 18 and we do not knowingly collect personal information from visitors in this age group. If we learn that we have collected personal information about a child under 18, we will delete that information as quickly as possible. If you believe we may have collected information about a child under 18, please contact us.

  7. Your Choices and Rights

    You have several choices regarding your information:

    • Accessing and Correcting Your Information. If you would like to review or correct your personal information, please contact us. If you would like to review, correct, or delete any PHI, you should contact the Clinic who authorized your use of the Services.

    • Marketing Messages. If you are a Clinic, we may send you marketing communications about our services that may interest you. You can opt out of our marketing communications at any time by selecting the "unsubscribe" link in the e-mail or contacting us. Please note that some non-marketing communications are not subject to general opt-out, such as communications relating to services we are providing you, software updates, and other support-related information, patches, and fixes.

    • Cookies. If you wish to disable cookies, you can set your browser not to accept cookies. Most browsers automatically accept cookies, but you can usually refuse cookies, or selectively accept certain cookies, by adjusting the preferences in your browser. If you turn off or refuse cookies, there may be some features of our Site that will not be available to you, and some portions of the Site may not display properly or be less personalized.

    • Do-Not Track: Your browser may allow you to set a "Do Not Track" preference. We currently do not respond to "Do Not Track" or similar signals

  8. Third-Party Privacy Policies

    Our Site may contain hyperlinks to websites operated by others whose information practices may be different than ours. In addition, our Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices, including data privacy and security process and standards of any third parties, including Clinics using our Services. You should consult the privacy notices of these parties to learn more about their respective practices as we have no control over information that is submitted to, or collected by, these third parties.

  9. Privacy Notice Changes and Updates

    We may update this Privacy Notice from time to time and reserve the right to make the revised or changed Privacy Notice effective for personal information, including PHI, we already have about you as well as any information we receive in the future. We will make such updates available on our Site. Please review our Privacy Notice periodically for changes. If we make material changes, we will endeavor to provide advance notice of such by email or through a notice on our Site.

  10. Contacting Sonara

    If you have any questions or comments about this Privacy Notice, or wish to exercise any of your rights, please contact us at:

    Sonara Health, Inc.

    support@sonarahealth.com