Privacy Policy for Personal Health Survey, Personal Health Portal and PersonalHealthConnect

Privacy Policy for Personal Health Survey,
Personal Health Portal and PersonalHealthConnect

Online Privacy Policy Agreement

Applied Health Analytics (“we”, “us”, “our”) values its users’ privacy. This Privacy Policy will help you understand how we collect and use personal information from those who visit our websites, use our applications, or make use of our online facilities and services.

You are using Applied Health Analytics’ platforms because your employer offers a wellness program managed by a local health system. In this relationship, we serve as the technology provider for that program. Under the Health Insurance Portability and Accountability Act (HIPAA), the health system or your employer’s health plan is the “Covered Entity,” and Applied Health Analytics acts as their trusted “Business Associate.” This means our authority to handle your health information is governed by a strict legal agreement with them.

Our Policy has been designed to ensure our commitment to exceeding most existing privacy standards. We reserve the right to make changes to this Policy at any given time. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

This Policy applies to Applied Health Analytics and governs all data collection and usage by us. By using our services, including but not limited to http://personalhealthportal.net, https://personalhealthsurvey.net, and the personalhealthconnect mobile application, you are consenting to the data collection procedures expressed in this Policy.

Information We Collect

In order to provide our services, we may collect the following types of information:

Personally Identifiable Information (PII): This includes data such as your name, mailing address, and other identifiers required for your participation in the wellness program.
Protected Health Information (PHI): This includes
- Health screening results, biometric data (like height and weight), and lab values, which may be entered by health system staff.
- Your answers to Health Risk Assessments completed through https://personalhealthsurvey.net.
- Notes and communications from health coaches interacting with you through the platform.
Health and Activity Data from Connected Devices: If you grant permission, we collect health and activity data from services like Apple Health, Google Health Connect, or other wearable devices via our personalhealthconnect mobile app.
Technical Information: When you use our services, we may collect your IP address and use cookies to ensure our platform functions properly.

How We Use and Disclose Your Protected Health Information (PHI)

As a Business Associate, our use and disclosure of your PHI is limited by our agreement with the Covered Entity. We are permitted to use and disclose your PHI for Health Care Operations as directed by them. This includes:

Providing you with access to your health risk assessment results, lab results, and coaching notes within your http://personalhealthportal.net portal.
Allowing you to track your progress in health challenges and log activity from wearable devices synced via the personalhealthconnect app.
Making your information available to health coaches or clinicians who are part of your wellness program, as authorized by the Covered Entity.
Conducting data analysis on an aggregated or de-identified basis to help your employer and health system manage population health.
Performing other Health Care Operations as permitted by our Business Associate Agreement with the Covered Entity.

We will only use or disclose your PHI for other purposes if required by law or with your explicit written authorization. We will never sell your PHI.

Data Retention

We retain your personal information and PHI for as long as we have an active agreement with the Covered Entity (your health system or employer’s health plan) to provide our services. Our specific data retention period is governed by our Business Associate Agreement with the Covered Entity and any applicable state or federal laws that require the retention of health information.

At the end of our service agreement, we will either return all PHI to the Covered Entity or securely destroy it, as directed by them and as required by law. We will not retain your PHI for longer than is necessary to fulfill our contractual and legal obligations.

Your Rights Regarding Your Protected Health Information (PHI)

Under HIPAA, you have certain rights regarding your PHI. To exercise these rights, you should contact your health plan, provider, or employer’s wellness program (the Covered Entity) directly. We are legally obligated to assist the Covered Entity in fulfilling your requests. Your rights include:

The right to access and receive a copy of your PHI that we maintain on behalf of the Covered Entity.
The right to amend incorrect or incomplete PHI.
The right to an accounting of disclosures we have made of your PHI.
The right to request restrictions on how your PHI is used or disclosed.
The right to request confidential communications about your health matters.
The right to file a complaint. If you believe your privacy rights have been violated, you may file a complaint with the Covered Entity or with the Secretary of the U.S. Department of Health and Human Services. You will not be penalized for filing a complaint.

Breach Notification

We are required by law to maintain the privacy and security of your PHI. In the unlikely event of a breach of your unsecured PHI, we will notify the Covered Entity and cooperate fully in their notification to you.

Children’s Privacy

Our services are not directed to, and we do not knowingly collect information from, children under the age of 13 without verifiable parental consent. If we learn that we have collected PHI from a child under 13 without the necessary consent, we will take steps to delete the information as soon as possible.

Unsubscribe or Opt-Out

All users have the option to discontinue receiving non-essential communications from us. To discontinue or unsubscribe, please send an email that you wish to unsubscribe to contact@appliedhealth.net.

Security

Applied Health Analytics takes extensive precautions to protect your information. In compliance with the HIPAA Security Rule, when you submit sensitive information via our platform, your information is protected both online and offline using technical, administrative, and physical safeguards, including data encryption.

Acceptance of Terms

By using our platform, including http://personalhealthportal.net, https://personalhealthsurvey.net, or the personalhealthconnect app, you are hereby accepting the terms and conditions stipulated within this Privacy Policy.

Additional Terms

The Vital Privacy Policy.
The use of information received from Google Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.

How to Contact Us

If you have any questions or concerns regarding the Privacy Policy Agreement related to our website, please feel free to contact us at the following email, telephone number or mailing address.

Email: contact@appliedhealth.net
Telephone Number: (615) 665-8825
Mailing Address: Applied Health Analytics, 480 James Robertson Parkway, Suite 200, Nashville, Tennessee, 37219

Last updated: October 9, 2025