App Privacy Statement

Privacy Policy

It is important that you understand what data we collect, how we use it, and how you can control it.

Application Data Privacy

The Health Exchange Market (THEM) and the THEM Patient-Dashboard app with your permission collects your Personal Health Record (PHR) Data for medical and pharmaceutical research and for developing software applications. This includes data entered directly into the app as well as data you have authorized to be collected by the app, with certain conditions and exclusions outlined in detail later in this policy.


  • Your PHR data is NOT used for marketing and advertising, reporting about our company, or our
    customer activity.
  • Your PHR data CAN be shared with your insurer, primary care provider, or employer only if you
    provide written consent. If a feature requires consent, you’ll be notified.
  • We require Limiting Agreements that restrict what third parties can do with your PHR Data.
  • We immediately stop releasing your PHR Data if you terminate your relationship with us.
  • We have security measures that are reasonable and appropriate in protecting personal
    information – such as PHR data in any form – from unauthorized access, disclosure, or use.
  • Your PHR Data is stored in the USA only. We keep and review HR Data activity logs to discover
    and take appropriate action in the event of anomalies in log activity.


Regarding integration with third-party services, apps, and devices, these parties may have additional privacy statements. These will be made available for review when connecting said service, app, or device to THEM Patient-Dashboard.

Acceptance of Data Privacy Policy

Acceptance of this privacy policy allows access to the full scope of features within the THEM Patient-Dashboard app. Denial of the privacy policy will block the following features from THEM Patient-Dashboard:

  1. Data-sharing or consultation from any third-parties
  2. Data monetization or donation
  3. Clinical Trials tools and services
  4. Direct-to-Clinician reporting
  5. Algorithm-based diagnostics and certain analytical tools
  6. Blockchain related tools and services
  7. Connection to other apps and devices

However, should you choose to deny the privacy policy, you may still use the app as a means of locally organizing your medical records, manually sharing app-generated reports (that were not provided by a third-party) with your clinician, and use certain in-app analytics. If you choose to revoke a previously accepted privacy policy, all actions performed prior to revoking are subject to policy terms.

Data Storage

Data uploaded to The App is organized into two categories:


  1. “Online Data” is health data accessible through our API and can be used with all App features. Most of your connected medical records and other relevant health data falls into this category. If you have given consent for Online Data services such as Monetization, eligible data will automatically be assigned to this database.
  2. “Local Data” is stored in a database accessible only to you. This data is not accessible through our API and is for utility and organization purposes such as managing your receipts, prescriptions, and medical reminders. Some third-party apps and services prohibit certain “Online” features in their Terms of Service. Any data from these parties is stored here.


You will be shown available options for storage when you connect The App to any third-party service. For your protection and privacy, any data stored online is encrypted. Online Data is hosted on a secure cloud service, currently through AWS. Online Data is never associated with your name and is completely de-identified before going into any type of storage or transaction.  Our system is designed to revoke any data that has personally-identifiable information, this is to prevent anyone else from being able to identify you based on your data.

Data Monetization

THEM Patient-Dashboard allows you to sell your de-identified data in aggregate with other members’ data to research data buyers, except in certain situations detailed below. You will be compensated for the sale of your data based on price terms to be disclosed to you from time to time. You may also include consent to donate your data either to specific organizations or for a specific cause (e.g. Cancer research, Healthcare affordability). We will not make your data available, for monetization, gifting, or otherwise without your express consent.


Once your consent is given and a buyer has been located for your data you will be notified of the following:

  1. Who is buying your data.
  2. What it will be used for.

For example, you may receive a notification that a pharmaceutical research company is purchasing your data to determine what types of drugs should be prioritized in development. Once you consent to monetize your data, no additional work is required on your part. You can see a report of who accessed your data, when, and for what reason. At this time monetization is a complete opt-in or opt-out feature, there is no feature in place to selectively restrict which buyers can view data you’ve authorized for sale.

Any organization that has the ability to purchase your data has already been verified by THEM as a legitimate healthcare organization, as the system is intended to improve healthcare while compensating you for providing the data to make that possible.

Monetization Exclusion

Some data obtained from third-parties, such as CMS Blue Button, is eligible for some Online Data features, but is not eligible for Monetization. You will be notified when connecting these services to The App which, if any, Online Data features can be used in conjunction with these connected data sets.

Notice of Privacy Practices

We have reviewed the HIPAA law and related final regulations to ensure full and timely compliance of
systems and procedures with applicable HIPAA requirements.

Privacy Rule

We have reviewed the Standards for Privacy of Individually Identifiable Health Information promulgated
by the Department of Health and Human Services (HHS) pursuant to HIPAA and HITECH. Please note
that the services THEM facilitates are excluded from compliance with these regulations as such services
are consistent with the use of de-identified patient data.

De-Identified Patient Data

De-identified patient data is health information from a medical record that has been stripped of all
“direct identifiers”—that is, all information that can be used to identify the patient from whose medical
record the health information was derived. According to the Health Insurance Portability and
Accountability Act (HIPAA), there are 18 direct identifiers that are typically present in patient medical
records. These include:

  • Names
  • Geographic subdivisions smaller than a state (e.g. street address, city and ZIP code)
  • All dates that are related to an individual (e.g., date of birth, admission)
  • Telephone numbers
  • Fax numbers
  • Email addresses
  • Social Security numbers
  • Medical record numbers
  • Health plan beneficiary numbers
  • Account numbers
  • Certificate/license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial numbers
  • Web universal locators (URLs)
  • IP address numbers
  • Biometric identifiers such as fingerprints and voice prints
  • Full-face photographic images
  • Other unique identifying numbers, characteristics or codes

According to HIPAA, there are 3 acceptable ways to de-identify patient data. The first is the “safe
harbor” option, in which all 18 identifiers are removed. Currently, THEM operates within this safe harbor
option. The second is the “statistical” option, in which a retained statistician determines which of the 18
identifiers can be maintained without creating greater than a “very small” risk that the data could be re-identified. The third is the “limited data set” technique, in which the organization removes 16 identifiers and protects what remains with special security precautions.

Why is De-identified Patient Data So Important?

De-identified patient data can be used to improve care, estimate the costs of care, and support public health initiatives. Scientists have been engaged in this process for years while achieving worthy results. Notable examples include:

• Harvard University researchers used de-identified patient data from electronic health records at Partner’s Healthcare System in Boston to discover previously unknown adverse events associated with diabetes drugs, and to identify cohorts of individuals that were at risk for morbid events ranging from heart attacks to domestic abuse.

• Epidemiologists in Utah used de-identified patient data from VistA, the electronic health record used by the Veteran’s Administration, to help define optimal care strategies for post-traumatic stress disorder, methicillin-resistant Staph aureus and congestive heart failure.

• Nephrologists in Hawaii used de-identified patient data from HealthConnect, the electronic health record by Kaiser Permanente, to improve care-coordination between primary care physicians and specialists for those afflicted with kidney disease.

• Analysts at IMS Health used de-identified data to estimate the economic impact of poorly-controlled asthma.

• Prior to being acquired by IMS Health, analysts at SDI Health used de-identified data to track prescribing patterns for scarce anti-viral drugs during recent flu outbreaks.

THEM and De-Identified Patient Data

Because THEM is seeking to help other entities improve the quality of health care and make positive life-changing impacts similar to those noted above, de-identified patient data is an extremely valuable source of information. After taking proper safeguards and in a manner consistent with vendor and commercial interests mentioned above, we intend to be a conduit to allow de-identified patient data to be used for a variety of purposes.

Is De-Identified Data the same thing as Protected Health Information?

No. De-identified data is a completely different category than Protected Health Information (PHI).1 PHI is personally identifiable health information. This information is extremely sensitive, private, and confidential, and it is covered by the HIPAA Privacy Rule. THEM is not allowed to share this information and will never do so because we enforce any vendor, supplier, or covered entity with patient data to extricate the 18 factors noted above. This not only ensures compliance with HIPAA by THEM but also helps any covered entity under HIPAA remain protected as well.


We are continuously enhancing our security framework. This allows us a unified security framework that provides the direction to ensure the availability, integrity and accuracy of company assets and vendor/customer data. The framework also provides the foundation that enables secure access to company assets by employees, customers and business partners anytime from anywhere. Components include, but are not limited to:

  • Security policies, procedures and guidelines
  • Security awareness and training
  • Risk assessment and management
  • Data classification
  • Security monitoring and reporting
  • Incident response/management
  • Security consulting
  • Security auditing
  • Implementation/utilization of the security tools of the trade

We have undertaken an extensive review and inventory of products and data transfers to verify those outside the scope of the HIPAA Rules. We have developed policies and procedures so that THEM is capable of conducting safe transactions of information that protects both the patients and the covered entity as defined under HIPAA.

1 As identified by the U.S. Department of Health and Human Services National Institutes of Health. Further information available at