Last updated: October 7, 2019

KangarooHealth, Inc. ("KangarooHealth," "we" or "us") provides the Website and KangarooHealth secure cloud-based remote patient monitoring applications, as well as care automation applications (the "Applications") to improve care and service to its client Provider(s) ("Providers"), an individual or a third party who is authorized by a Provider to access and use the Services ("Designees"), and Providers’ Patient(s) ("Patients"). As part of providing the KangarooHealth Services, KangarooHealth may collect, use, share, and exchange your health history forms and other health-related information with Your Providers. Under a federal law called the Health Insurance Portability and Accountability Act ("HIPAA"), some of this health and health-related information may be considered “protected health information” or “PHI” if such information is received from or on behalf of Your Providers.

Safeguards for PHI
‍
HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most Providers and by health plans (called "Covered Entities") as well as companies, like KangarooHealth, that provide certain types of assistance to Covered Entities (called "Business Associates"). Under certain circumstances described in HIPAA, an individual needs to sign an Authorization form before a Covered Entity, like Your Provider(s), can disclose protected health information to a third party.

Non-Protected Health Information

As a condition of creating your KangarooHealth account, you are required to read and agree to KangarooHealth’s Privacy Policy. KangarooHealth’s Privacy Policy explains how KangarooHealth processes and shares information received from you that is not covered by HIPAA (“Non-PHI”).

Your PHI Authorization

The purpose of this KangarooHealth Authorization ("Authorization") is to confirm your permission to allow KangarooHealth to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If KangarooHealth is a Business Associate of Your Providers, KangarooHealth needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI when KangarooHealth is not working on behalf of Your Providers, but is instead working on its own behalf. Therefore, when KangarooHealth relies on this Authorization, and uses and discloses PHI as described in this Authorization, it is not working as a Business Associate and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures.
By enrolling in the remote patient monitoring program powered by KangarooHealth, you give your default permission to KangarooHealth to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed.

Specifically, you agree that KangarooHealth can use your PHI to:
● identify abnormal signs and potential symptoms of complications;
● generate warnings for such discovery if any to Your Providers, Designees and any relevant third-party Providers and Service Vendors.
● suggest updated care plans to Your Providers, Designees, and any relevant third-party Providers and Service Vendors;
● update and customize remote patient monitoring program’s content and user interactions;
● update and customize any other Services/Applications;
● enable and customize your use of the KangarooHealth Services;
● provide you alerts or other KangarooHealth Services regarding future services;
● notify you regarding Providers or Services we think you may be interested in learning more about;
● share information with you regarding services, products or resources about which we think you may be interested in learning more;
● provide you with updates and information about the KangarooHealth Services;
● market to you about KangarooHealth and third-party products and services;
● conduct analysis for KangarooHealth’s business purposes;
● support development of the KangarooHealth Services; and create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts.

You also agree that KangarooHealth can disclose your PHI to:
● third parties assisting KangarooHealth with any of the uses described above;
● Your Providers to enable them to understand your current health status, to perform an analysis on potential health issues or treatments, to refer you to, and make appointments with, other Providers on your behalf, or to contact you for discussing your care plans, provided that you choose to use the applicable KangarooHealth Service;
● a third party as part of a potential merger, sale or acquisition of KangarooHealth;
● our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when KangarooHealth is no longer working on behalf of Your Providers; a provider of medical services, in the event of an emergency; and
● organizations that collect, aggregate and organize your information so they can make it more easily accessible to Your Providers.

Redisclosure

‍If KangarooHealth discloses your PHI, KangarooHealth will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to KangarooHealth or for the permitted purpose of the disclosure (as described above). KangarooHealth cannot, however, guarantee that any such person or entity to which KangarooHealth discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.

Expiration and Revocation of Authorization

Your Authorization remains in effect until you provide written notice of revocation to KangarooHealth.
‍
YOU CAN CHANGE YOUR MIND AND REVOKE THIS AUTHORIZATION AT ANY TIME AND FOR ANY (OR NO) REASON. If you wish to revoke this Authorization, you must notify KangarooHealth by mailing a written revocation to the following address:
KangarooHealth, Inc.
Attn: HIPAA Authorization
2627 Hanover Street, Palo Alto, CA. 94304.
Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use certain of the KangarooHealth Services. A Revocation of Authorization is effective after you submit it to KangarooHealth, but it does not have any effect on KangarooHealth’s prior actions taken in reliance on the Authorization before revoked.
Once KangarooHealth receives your Revocation of Authorization in writing, KangarooHealth can only use and disclose your PHI as permitted in KangarooHealth’s agreements with Your Provider(s). Your Revocation of Authorization does not affect KangarooHealth’s use of your Non-PHI.
We will make available to Your Provider(s), current and past, your agreement to or revocation of this Authorization.