Blue Button Privacy Policy

This Notice of Privacy Practices applies to Personal Information collected when you authorize our application Canopy” to access your Personal Information” via your Blue Button Data. 

Personal Information” for purposes of this Policy means information that can reasonably be used to identify you, such as your name, address, phone number, email address or medical record.

This Privacy Policy explains our policies with respect to Oak Street Health’s information practices, including:

  • What Personal Information we may collect through the Canopy Services and how we collect it.
  • How we use the Personal Information we collect.
  • How we may share collected Personal Information.
  • What choices you have as to how we collect and use Personal Information.

HIPPA

Some of the health data information we collect and process includes protected health information or PHI. The privacy and security of your PHI is protected by the Health Insurance Portability and Accountability Act of 1996, as amended, (“HIPAA”) and its implementing regulations, including its final privacy regulation, at 45 C.F.R. Parts 160 and 164 (known as the Privacy Rule”), as administered by the federal Department of Health and Human Services. . 

Please read our HIPAA Notice of Privacy Practices for more information.

Use: How we use your data internally

Primary Service: Our application Canopy iis used primarily to improve how our staff are able to provide high quality primary care to our patients. 

We collect and use your identifiable data to: 

  • Support company operations (e.g., we may use your information to review treatment and services and to evaluate the performance of our staff to make sure all our patients receive quality care and for operation and management purposes) 
  • Develop and improve new and current products and services (e.g., analytics) 

Share: How we share your data externally with other companies or entities

We collect and use your identifiable data to: 

  • Conduct scientific research, with your written authorization or as permitted by state law
  • Support company operations (e.g., quality control or fraud detection)
  • Develop and improve new and current products and services (e.g., analytics) 
  • Other: To business associates to perform functions or services for or on behalf of Oak Street Health, if the business associate has signed an agreement to protect the confidentiality of the information and if the information is necessary for such functions or services.

We share your data AFTER removing identifiers (note that remaining data may not be anonymous to):

  • Provide the primary service of the app or technology
  • Develop marketing materials for our products
  • Conduct scientific research
  • Support company operations (e.g., quality control or fraud detection)
  • Develop and improve new and current products and services (e.g., analytics)
  • Other: To business associates to perform functions or services for or on behalf of Oak Street Health, if the business associate has signed an agreement to protect the confidentiality of the information and if the information is necessary for such functions or services.

Sell: Who we sell your data to

We do NOT sell your data.

Store: How we store your data

  • We do NOT store your data on the device
  • We do store your data outside the device at our company or through a third party

Encryption: How we encrypt your data

  • We do NOT encrypt your data in the device or app
  • We do NOT encrypt your data when stored on our company servers or with an outside cloud computing services provider
  • We do NOT encrypt your data while it is transmitted

Privacy: How this technology accesses other data

  • This technology or app does NOT request access to other device data or applications, such as your phone’s camera, photos, or contacts.
  • This technology or app does NOT allow you to share the collected data with your social media accounts, such as Facebook.

User Options: What you can do with the data that we collect

This technology or app does NOT allow your to access, edit, share, or delete the data we have about you data.

Deactivation: What happens to your data when your account is deactivated

When your account is deactivated/​terminated by you or Oak Street Health, your data is permanently retained and used. 

Policy Changes: How we will notify you if our privacy policy changes

Oak Street Health reserves the right to change its privacy practices and this Notice, and to apply the changes to any health information received or maintained by Oak Street Health prior to the date of the changes as well as any information received in the future. 

If the terms of this Notice are changed, a revised version will be available upon request and will be posted in a clear and prominent location at our centers. You may access the notice by visiting our website at: www.oakstreethealth.com

Breach: How we will notify you and protect your data in case of an improper disclosure

We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information by contacting you via your preferred method on file (e.g mailing a letter to most current address)

Change in Ownership: How you will be notified in the event that ownership of Oak Street Health changes

In the event of a sale, and as a condition of closing, users will receive notice not more than 30 days after a change of ownership or control. Any changes to this Privacy Policy and how your information is used will be outlined in that notice. 

Contact Us

You may direct your questions about this Notice or Oak Street Health’s privacy practices, requests regarding your information, or other privacy or confidentiality concerns to:

Oak Street Health

30 W. Monroe Street, Suite 1200
Chicago, Illinois 60603
Phone: (312) 733‑9730