Privacy Policy

This Privacy Policy describes how CarePassport Corp ("CarePassport") protects your personal information when you use this service on the App, the CarePassport universal patient engagement platform and all related products and services (collectively, the "Service"). CarePassport Corp is located at 300 Washington St., Newton 02458, MA. All references to CarePassport Corp include its subsidiaries or affiliates involved in providing the Service. All references to you include your Authorized Individuals, if any. 

Your use of the Service is subject to this Privacy Policy as well as our Terms of Use. After reading this Privacy Policy, you will know:

  1. Summary of Data Practices
  2. Definitions
  3. What information CarePassport Collects
  4. How CarePassport Uses Your Information
  5. How the Information is Shared with Third Parties
  6. Choices You Have About How CarePassport Uses Your Information
  7. What About Data from Children Under 18
  8. How CarePassport Protects Your Information
  9. How We Provide Required Notices of Security Breaches
  10. How We May Change this Privacy Policy
  11. How to Obtain More Information About this Privacy Policy

Please review this Privacy Policy and the Terms of Use carefully. If you do not agree with our practices, do not access or use any part of the Service.

A. Summary of Data Practices


PHR Data


Personal Information

Aggregate Data

Do we release your PHR Data for the following purposes?

Marketing and Advertising



Medical and pharmaceutical research



Reporting about our company and our customer activity



To your insurer and employer



For developing software applications



Do we require Limiting Agreements that restrict what third party Service Providers can do with your Personal Information?



Do we stop releasing your Personal Information if you close or transfer your PHR?



Do we have Security Measures that are reasonable and appropriate to protect PHR Data, in any form, from unauthorized access, disclosure, or use?



Do we store PHR Data in the U.S. only?



Do we keep Personal Information Activity Logs for your review?




B. Definitions

Activity Logs 

Activity logs are CarePassport ís and its Service Providers' records of when PHR Data is created, accessed, modified, deleted, released, or exported from and/or within the PHR.

Aggregate Data 

Aggregate Data is PHR Data that is: (1) grouped so it does not connect to you as an individual and (2) has names and other identifiers removed or altered. In other words, Aggregate Data is de-identified data and cannot be used to identify you as an individual.

Authorized Individuals  

An Authorized Individual is someone you authorize to access your CarePassport© Universal Patient Engagement on your behalf.


A Dependent is a minor child or other individual over whom an Authorized Individual has legal authority.  


-  PHR 

"PHR" means Personal Health Record. A PHR is an electronic health data application that can help you collect, manage, and share your health information. The CarePassport© Universal Patient Engagement is a PHR.

PHR Data 

When you sign up for the CarePassport© Universal Patient Engagement, you provide and/or you authorize all or some of your Providers to provide to the CarePassport© Universal Patient Engagement information about you. This information makes up PHR Data.  Any information in the CarePassport© Universal Patient Engagement is considered PHR Data.  PHR Data might include, but is not limited to the following:

         Your name and contact information, such as your address, phone number, or email address

         Your medical history, conditions, treatments, and medications

         Your healthcare claims, health plan account numbers, bills, and insurance information

         Demographic information, such as your age, gender, ethnicity, and occupation

         Computer information, such as your IP address and "cookie" preferences

As described further below, CarePassport may use your PHR Data to achieve the following:

         Operate and manage the CarePassport© Universal Patient Engagement platform, software, and website

         Maintain and protect its computer systems

         Comply with the law, such as responding to subpoenas and search warrants

PHR Data includes Personal Information and Aggregate Data.

- Personal Information 

Personal Information means information about you that reasonably can be linked to you such as your name, health information, and other identifiers.  Personal Information may also include but is not limited to your financial information or social security number.

- Provider  

A healthcare provider, healthcare practice, or hospital that you authorize to provide information to your CarePassport© personal health record. When you sign up for the CarePassport© Universal Patient Engagement, you may provide authorization for a healthcare practice or hospital, and associated authorized users to send Personal Information to your PHR.  


CarePassport and our Service Providers might report about business activities and customers (you) to others, such as investors, auditors, potential business partners, or public communities. Reports will not include Personal Information without your specific permission or as permitted or required by law.

Service Providers 

A Service Provider is an entity that is hired to perform certain functions for CarePassport to support the development, maintenance, and implementation of CarePassport©.  Service Providers may include software or website designers and data storage providers.

Security Measures 

Security measures can include computer safeguards, secured files, and employee security training. In addition, CarePassport may be required by law to notify you about particular data breaches.

C. What Information CarePassport Collects

1. Before you register for the Service, CarePassport may collect your information in two ways: (1) if you contact CarePassport through the Internet and provide CarePassport with your contact information (e.g., name, mailing address, email address and other information); (2) CarePassport may obtain your contact information from a healthcare Provider with which CarePassport partners. In either case, CarePassport will use such information for the sole purpose of informing you about the Service and inviting you to register for the Service.

2. To use the Service, you must complete the registration process, which includes accepting the Terms of Use and in the case of connecting to a Provider practice, signing an Authorization for Release of Information. As part of the registration process, you may be asked to provide certain information, such as your name, date of birth, cell phone, mailing address, and email address. You also may be asked to confirm the information that you or a partnering Provider has provided to CarePassport prior to registration, if any. Further, to register, you must agree to the CarePassport© Terms of Use which incorporates this Privacy Policy. As part of the registration process, you will also have the opportunity to provide additional information to CarePassport such as information regarding your health plan, home telephone number, etc. We recommend that you provide such information, as it will enhance your use of the Service.

3. In general, CarePassport collects all information that you supply directly to the Service. CarePassport also may collect information from participating Providers whom you expressly authorize to use the Service with respect to you and your information (each, a "Provider" and collectively, the "Providers"). By authorizing a Provider, you also authorize CarePassport to collect information regarding you from your Provider's support staff and from other practitioners affiliated with your Provider or in your Provider's practice. Further, CarePassport may collect information from other third party information providers that you expressly authorize to send information to your CarePassport© account (e.g., the Apple HealthKit).

4. CarePassport passively collects information from you as you navigate through our Service. CarePassport may track IP addresses, use industry standard tracking devices (e.g., session and persistent cookies, flash cookies, web beacons), and electronically gather information about the technology you use to access the Service and the areas of the Service you utilize. CarePassport passively collects this information for operational purposes such as evaluating, updating and improving the Service. 

Cookies help us in many ways to make your visit to our websites more enjoyable and meaningful to you. Cookies are text information files that your web browser places on your computer when you visit a website. CarePassport may use such "cookie" technology to obtain non-personal information from you as an online visitor. As an example, this might entail recognizing several web page requests coming from the same computer and therefore the same visitor. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. If you do not wish CarePassport to collect cookies, you may set your browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Service may then be inaccessible and you may not receive the full benefits of the Service.

D. How CarePassport Uses Your Information

1.CarePassport uses your information to provide the Service as described on the web site and Terms of Use, as well as to enhance the performance of the Service and/or create new services. CarePassport will not use Personal Information for product development or product enhancement without your express, written permission. 

2. If you choose to authorize a Provider to participate in the Service with you, then CarePassport may use your information to facilitate the exchange of information and communication between you and your Provider (e.g., the Service would enable you to schedule an appointment with your Provider and receive an appointment reminder in return). 

3.Communications between you and your Provider may be initiated by you or your Provider. You are under no obligation to initiate or respond to such communications. By participating in such communications, you agree that some or all of your PHR Data contained in the CarePassport© Universal Patient Engagement may be sent to your Provider through the Service or through interfaces with the Provider's information systems, and you agree that such PHR Data may be incorporated into your health record maintained by your Provider. CarePassport will not alter the content of the communications. However, CarePassport may remove or block any content that CarePassport deems offensive, indecent, or otherwise objectionable or in violation of section 15 of the Terms of Use. CarePassport may keep a record of all communications between you and your Providers. CarePassport will not share the content of such communications except as permitted under this Privacy Policy, the CarePassport© Terms of Use, or as required by law, unless you expressly consent to or authorize disclosure.

4. CarePassport will not sell or rent, your Personal Information without your written consent. CarePassport will not use or disclose your Personal Information, except as described in this Privacy Policy, the Terms of Use, or as permitted or required by law.

5. If you elect to utilize any billing services features of the Service, CarePassport also may use your information to process payments, send invoices and conduct other billing-related activities as requested by you.

6. CarePassport will need your cell phone number to confirm activation of your account by sending access code via a text message but will never sell this cell phone number to any other 3rd party for marketing reason.†

E. Sharing Your Information with Third Parties

1. CarePassport may make your Personal Information available to third parties participating in the Service that are authorized by you or as necessary to complete transactions you authorize.

2. CarePassport may disclose your Personal Information to CarePassport' Service Providers that provide technical support or other services to CarePassport related to the Service. All such Service Providers are subject to confidentiality obligations and may only access and utilize your data for purposes of fulfilling their obligations to CarePassport.

3. CarePassport may provide or sell Aggregate Data that is de-identified to a third parties. However, Aggregate Data will not include any of your Personal Information or be individually identifiable. 

4. If a third party acquires the assets of CarePassport related to the Service and its products and services (whether by sale, merger, change of control, bankruptcy or otherwise), your Personal Information may be transferred to the new owner(s). In such case, your Personal Information would remain subject to the provisions of the CarePassport privacy policy that was in effect immediately prior to the transfer unless CarePassport provides you notice otherwise.

F. Choices You Have About How CarePassport Uses Your Information

1. Managing Your Account. You have the following choices regarding the Personal Information you provide to CarePassport for use: 

a. Generally, you may change how your information is used and disclosed through the account setting and account management features. As explained more fully in the Terms of Use, modifications to your CarePassport© record are not automatically communicated to your Providers or any third-party sources. If you want your Provider or a third party to know of changes within your CarePassport© record, you must inform the Provider or third-party of such changes

You may access your CarePassport© account at any time to review your PHR Data. To request a change to any of your Personal Information, please contact your healthcare provider or the organization that provided the Personal Information for your CarePassport© account. For technical questions related to the CarePassport© product, please access the email support link on the CarePassport© Support page.

b. You may opt out of receiving communications from your Provider with regard to the Service by changing your account settings or, if the account settings feature is unavailable, by notifying CarePassport at 

2. Authorized Individuals.  You may grant access to your CarePassport© account to one or more Authorized Individuals or Authorized Individual-Representatives.  You may grant an Authorized Individual access to your CarePassport© account by specifically authorizing CarePassport© to permit access by such Authorized Individual to your CarePassport© account.  When you grant access to an Authorized Individual, you may permit the Authorized Individual to:  (a)  have the same level of access to your CarePassport© account as you have, i.e., the Authorized Individual will be authorized to access your CarePassport© health record and to communicate with your Providers and/or engage in other transactions with your Providers to the same extent that you are able using CarePassport©; or (b) have "read-only" access to your CarePassport© account, i.e., the Authorized Individual will be authorized to access and read your CarePassport© health record ONLY, and will NOT be able to communicate with or otherwise engage in transactions with your Providers.  Whether or not to grant an Authorized Individual full-access or read-only access to your CarePassport© account is your decision.   You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized Individual you select; and (b) CarePassport has no responsibility or liability in connection with any access to, or use of, your account and information by any Authorized Individual or Authorized Individual-Representative.

3. Deactivating a Provider, Other Third-Party or Authorized Individual. You may revoke any Provider's,  third-party's, or Authorized Individual's authorization to communicate with you, or request information from you or your CarePassport© Universal Patient Engagement through the Service by utilizing the account management tool of the Service. Once revoked, the Provider, third-party, or Authorized Individual may no longer access and use the Service with respect to you and your Personal Information. Any disclosure of your PHR Data or Personal Information made prior to the authorization revocation cannot be recalled, removed, or retrieved by CarePassport.  By using the Service, you agree that CarePassport cannot, and has no obligation to, remove Personal Information from your Provider's, other third-party's or Authorized Individual's records once properly disclosed. 

4. Terminating Your Account. You may terminate your CarePassport account at any time by notifying us at In addition, except with respect to an Authorized Individual-Representative who establishes an account on behalf of a Dependent, CarePassport will terminate your account within thirty (30) days of its receipt of a death certificate certifying your death.  With respect to an Authorized Individual-Representative, CarePassport will terminate all accounts associated with such Authorized Individual-Representative within thirty (30) days of its receipt of a death certificate certifying the death of such Authorized Individual-Representative unless a Dependent also has a living Authorized Individual-Representative associated with the account.  Otherwise, CarePassport will maintain and/or destroy all PHR Data and Personal Information associated with your account in accordance with its then current document retention and destruction policies. Please note that copies of your Personal Information may remain in your Providers', other third-parties' and Authorized Individual-Representative's and/or Authorized Individual's records, as described in Section F.3, above. 

G. Data from Children Under the Age of 18

The Service is not intended for use by children younger than 18 years old. CarePassport will not knowingly collect information from site visitors younger than 18 years. However, parents or guardians may elect to establish CarePassport© Universal Patient Engagements for their children through the Service as Authorized Individuals-Representative and, in doing so, expressly consent to CarePassport utilizing such information as set forth in this Privacy Policy and the Terms of Use.

An Authorized Individual-Representative may authorize and/or have access to a CarePassport© Universal Patient Engagement for a Dependent.  Through the account, the Authorized Individual-Representative may:  (a) review and update the Dependent's personal health record as maintained on CarePassport©; and (b) engage in such communications and transactions as permitted between the Authorized Individual-Representative and the Dependent's Providers through the CarePassport© Universal Patient Engagement.  Accounts created for Dependents are specific to each healthcare Provider.  Thus, an Authorized Individual-Representative will have to specifically authorize each Provider to establish a CarePassport© account in the name of the Dependent.  A Dependent's CarePassport© account will be linked to an Authorized Individual-Representative's CarePassport© Universal Patient Engagement account until the earlier of the date:  (i) the Dependent reaches the age of 18; (ii) the Authorized Individual-Representative is no longer the legal representative of the Dependent; or, (iii) CarePassport© is notified by the Dependent's Provider or a court of law or agency with appropriate authority that the Dependent has been emancipated, attained legal custody of his or her own health information, or that a different Authorized Individual-Representative has been named. Each Authorized Individual-Representative agrees that a Dependent's CarePassport© account also may be linked to the CarePassport© account of another Authorized Individual-Representative, and each Authorized Individual-Representative will have the same rights to access and communicate through the Dependent's CarePassport© account.  

H. How CarePassport Protects Your Information

CarePassport uses both technical and procedural Security Measures to maintain the integrity and security of the CarePassport© Universal Patient Engagement and other databases, including the use of firewalls. CarePassport© encrypts all PHR Data during transmission between your Provider and CarePassport©Within CarePassport©, all Personal Information is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted. 


The safety and security of your Personal Information also depends on you. Never share your password with anyone else. Notify CarePassport promptly if you believe your password has been breached. Also, remember to log off of the CarePassport© site before you leave your computer.

I. Security Breach Notification Requirements

Pursuant to applicable law, CarePassport may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information. In the unlikely event that CarePassport must provide you a notice of a security breach, CarePassport will send you security breach notices to the e-mail address contained in your account information unless we are otherwise require by law. Please note: many e-mail systems have built in SPAM filters. If you have one in place, you should check with your system administrator or the available instructions to confirm that e-mails from CarePassport are not blocked by the filter (e.g., by confirming that the Service domain name ( is a permitted domain name.

J. Changes to this Privacy Policy 

CarePassport reserves the right to change the Privacy Policy in its sole discretion. In such case, CarePassport will post the new Privacy Policy on the web site and the effective date of the new Privacy Policy will be clearly marked. If CarePassport updates this Privacy Policy, your continued use of the Service (following the posting of the revised Privacy Policy) means that you accept and agree to the terms of the revised Privacy Policy. Remember, by using any part of the Service, you accept and agree to our Privacy Policy and privacy practices. 

K. More information

If you have additional questions, please contact CarePassport any time. Or write to the company at:

Privacy Matters c/o CarePassport Corp 300 Washington st Suite 504 Newton, MA 02458 (USA)


Date last modified: September 14th , 2015