This Privacy Policy explains how HelloJoy, Inc. dba Blueprint (“Blueprint,” “we,” “us,” or “our”) processes information when Clinics, Clinicians, and other authorized users access our websites, applications, and related services (collectively, the “Services”).
Blueprint provides the Services to Clinics and Clinicians. When Clinics use Blueprint to create, store, or manage patient records, Blueprint generally acts as a “business associate” to the Clinic under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and processes Protected Health Information (“PHI”) on the Clinic’s behalf. In those cases, our handling of PHI is governed by the applicable Business Associate Agreement (“BAA”) with the Clinic. If there is any conflict between this Privacy Policy and a BAA with the Clinic, the BAA controls with respect to PHI.
Patients may access certain patient-facing features (such as a patient portal or communications) only as authorized by a Clinic or Clinician. Clinics control patient records and are responsible for their own notices and consents provided to patients.
Blueprint does not monitor patient submissions or communications for clinical risk and does not provide crisis intervention or emergency response services. Clinics and Clinicians are responsible for reviewing and responding to patient information submitted through the Services.
Please read this Policy carefully to understand our policies and practices regarding your information processed through the Services. If you do not agree with our Policy, your choice is not to use Blueprint's Services. By accessing, using, reviewing and indicating your acceptance, you agree to our Policy. We may update this Policy from time to time, and while we will do our best to notify you of any changes it is your responsibility to review this Policy periodically. Your continued use of the Services after an update indicates acceptance of the revised Policy, to the extent permitted by applicable law. When we do change this Policy, we will also update the “Effective” date at the beginning of this Policy and may notify you or post a message via our Website.
This Policy is incorporated by reference and should be read in conjunction with Blueprint’s Terms of Service.
Blueprint processes information to provide, operate, maintain, and improve the Services that Clinics choose to use. In most cases, Blueprint processes information on behalf of Clinics and at their direction.
We use information for the following primary purposes:
Blueprint processes several types of information in connection with providing the Services. This Policy describes the types of information we may collect from you or that you may provide, and our practices for collecting, using, maintaining, protecting and disclosing that information. At all times, we will only use or disclose your Personal Information and Protected Health Information (both, defined below) to the extent minimally necessary for the intended use or disclosure.
Blueprint may generate de-identified and aggregated data derived from information processed through the Services in accordance with applicable law. De-identified data does not identify and cannot reasonably be used to identify any individual, Clinic, or Clinician. De-identified data is not Personal Information or Protected Health Information. Blueprint may use de-identified data for internal analytics, internal research and evaluation, security, and the development, operation, and improvement of the Services, including improving features, functionality, and models used as part of the Services. Blueprint does not attempt to re-identify de-identified data.
Blueprint may use limited analytics and marketing tools on its websites and marketing pages to understand how Clinics and Clinicians discover and interact with the Services and to support marketing efforts directed to Clinics and Clinicians. These tools are not used on patient-facing features or in connection with Protected Health Information governed by a Business Associate Agreement, and Blueprint does not use marketing tracking tools to track patients or patient activity within the Services.
The information that you provide in each case will vary. In some cases, you may be able to provide Personal Information via email or free text boxes, such as contacting Blueprint to request further information. When providing your Personal Information, please provide only relevant information and do not provide unnecessary sensitive information, such as Social Security numbers, credit card information or other sensitive personal data, unless required for our services.
We may ask you to create a username and password that should only be known to you. When you provide this information to us, you are no longer anonymous. Additionally, we may receive information about you from other sources and add it to the information you have provided to us.
As used in this Policy, “Personal Information” is information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual, user, household, or device.
You may have the opportunity to provide Blueprint with Personal Information. In many cases, Blueprint processes Personal Information on behalf of Clinics and at their direction in connection with providing the Services. The table below summarizes the primary categories of Personal Information processed through the Services.
Information processed through the Services may be entered by Clinics, Clinicians, or patients, depending on how the Services are configured by the Clinic. Certain information, such as usage and technical data, may be processed in aggregated or de-identified form and does not identify individual patients.
Sensitive identifiers such as Social Security numbers or Tax Identification Numbers are processed only when required for billing, tax reporting, or insurance-related workflows and are not used for marketing or advertising purposes.
Blueprint processes certain information that is regulated under applicable health privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and similar state laws. Blueprint is not a Covered Entity under HIPAA, but acts as a Business Associate to Clinics when processing Protected Health Information on their behalf. Protected Health Information is processed in accordance with applicable law and any applicable Business Associate Agreement.
When the Services are used, Blueprint processes Personal Information as described in this Privacy Policy and in accordance with applicable law and any applicable Business Associate Agreement. In many cases, Personal Information is provided to the Services by Clinics, Clinicians, or patients at the direction of a Clinic. If certain Personal Information is not provided, some features of the Services may be unavailable or may not function as intended.
By providing us with Personal Information (whether of yourself, a patient, or a third party), you warrant and represent that you have obtained all requisite consent and authorization required under law to share Personal Information (including Protected Health Information) with Blueprint. Blueprint shall not be responsible for your failure to obtain lawful authorization to disclose Personal Information with Blueprint.
In addition, you warrant and represent that all Personal Information shared with Blueprint is accurate and complete. Blueprint shall not be responsible for Blueprint’s Services based on inaccurate or unreliable information.
Requests to access or correct Personal Information or Protected Health Information should generally be directed to the Clinic or Clinician responsible for the record. In certain cases, Blueprint may assist Clinics in responding to such requests as required by applicable law or a Business Associate Agreement.
We may not be able to accommodate a request to change Personal or Protected Health Information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Blueprint retains Personal Information, including Protected Health Information, for as long as necessary to provide the Services and to comply with applicable legal, regulatory, and contractual obligations. Retention of Protected Health Information is governed by applicable law and any applicable Business Associate Agreement.
Blueprint does not sell or lease Personal Information to third parties.
Blueprint may share Personal Information with the following categories of recipients solely to support the operation of the Services:
Service providers are permitted to process Personal Information only as necessary to perform services for Blueprint and are subject to contractual confidentiality, security, and data protection obligations. Where required by law, Blueprint enters into Business Associate Agreements with service providers that process Protected Health Information.
Blueprint may disclose information where required or permitted by law, including:
Blueprint may send messages, including emails or text messages, through the Services on behalf of Clinics and Clinicians to patients, such as appointment-related messages, clinical communications, forms, reminders, or other practice-related information as directed by the Clinic or Clinician.
Blueprint may also send service-related and promotional communications to Clinics and Clinicians, such as product updates, feature announcements, and information about the Services.
Recipients may opt out of non-essential communications using the unsubscribe or opt-out mechanisms provided in those messages, subject to applicable law and the configuration of the Clinic’s account.
Blueprint uses cookies and similar technologies on its websites to support functionality, understand how Clinics and Clinicians interact with our marketing pages, and improve the Services. You can control cookies through your browser settings, though disabling cookies may affect certain features.
Blueprint does not use cookies or similar technologies to track patient activity within patient-facing features of the Services.
Our websites do not currently respond to “Do Not Track” signals.
We use technical, physical, and administrative safeguards that are designed to improve the confidentiality, integrity and availability of your Personal Information and Protected Health Information. We incorporate secure storage and transmission technologies including strong encryption, firewalls, fine grained access control and secure audit. We cannot, however, ensure or warrant the security of any information you transmit to us via Blueprint's Services, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our technical, physical, or administrative safeguards.
This website and Blueprint's Services are hosted in the United States. Your use of Blueprint's Services and provision of your information is subject to the laws and regulations of the United States and the State of Illinois. If you choose to use Blueprint's Services from other regions of the world with laws governing data collection, use and disclosures that may differ from United States law, then you acknowledge and agree that (a) you are transferring your personal information outside of those regions to the United States, and (b) the laws and regulations of the United States regarding data privacy and security governing the use and disclosure of Personal Information and Protected Health Information may differ from those of your country of residence.
There are circumstances where Blueprint may decide to buy, sell, or reorganize its business. Under these circumstances, it may be necessary to disclose or receive Personal Information with prospective or actual purchasers, acquisition targets, partners or affiliates. If ownership of Blueprint (HelloJoy, Inc) or any of the Services changes, whether in whole or in part, information collected about you may be transferred to the new owner so the associated Services can continue. In that case, your user information would remain subject to the terms and conditions of the then current Privacy Policy.
Where applicable, Clinics, Clinicians, and other users may manage certain communication preferences, including opting out of non-essential marketing communications, using the mechanisms provided in those messages.
Service-related and administrative communications necessary to operate the Services may continue even if you opt out of non-essential communications.
Blueprint's Services are not designed nor intended to be used or accessed by children under the age of 13. No one under age 13 may provide any information to or through Blueprint's Services. We do not intentionally collect Personal Information or Protected Health Information from children through Blueprint's Services.
Blueprint processes information about minors solely on behalf of Clinics and Clinicians in connection with providing care and does not independently offer services to children.
If we learn we have collected or received Personal Information or Protected Health Information from a child under age 13 without verification or parental consent, we will delete that information. If you believe that we may have collected any information, including Personal Information or Protected Health Information, from or about a child under age 13, please contact us immediately at team@blueprint-health.com.
We will occasionally update this Privacy Policy to reflect company and customer feedback. We encourage you to periodically review this Privacy Policy to be informed of how we are protecting your information. If we make material changes to how we treat our users’ Personal Information or Protected Health Information, we will notify you by e-mail to the primary e-mail address you have provided and/or through a notice on the home page of our website. The date our Privacy Policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you, and for periodically visiting our website and this Policy for changes. For any questions or comments regarding this Privacy Policy, please contact us at team@blueprint-health.com.
Please contact us with any questions or comments about this Policy, your Personal Information or Protected Health Information, our use and disclosure practices, or your consent choices by email at team@blueprint-health.com or by mail to 222 W Merchandise Mart Plaza, Suite 1230, Chicago, IL 60654.
