Mobile Apps for Patients
Our mobile applications for patients, including MyUTHealth for iOS and Android, connect to servers and systems operated and maintained by Epic – to provide patients with secure, mobile access to health information in those servers and systems.
We refer to our mobile applications for patients as “mobile apps” in this policy.
This policy describes how we collect and use your information when you use our mobile apps.
We may update this policy at any time, and future updates are effective as soon as they are published. Your use of any of our mobile apps is also subject to the applicable End User License Agreement. If you use our mobile apps, you agree to the applicable End User License Agreement and consent to the use of your information as described in this policy.
Your Personal Information
The Limited Ways We Use Your Information
We do not sell or license your information. These are the limited ways we interact with your information in connection with our mobile apps:
- When you choose to add a profile photo to our mobile apps, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our mobile apps, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. If you already have a photo stored in your profile through your healthcare organization – we do not interact with that photo in any way.
- When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our mobile apps, the identifiers are deleted.
- When you choose to view documents from UTHealth or UT Physicians (such as letters or images) using our mobile apps, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our mobile apps.
- Hello Patient offers automatic appointment arrival and if you choose to enable it, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our mobile apps or you disable automatic appointment arrival, the identifiers are deleted.
- Hello Patient and On My Way offer location-based check in for in-person appointments, or allows you to find healthcare providers near you, you may choose to allow our mobile apps to interact with your location data for those purposes. We do not store your location data.
- MyUTHealth allows you to notify front desk staff electronically when you arrive for an appointment. You may choose to allow our mobile apps to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.
- While you use our apps, we collect non-identifying information so we can provide customer service to you or your healthcare organization and understand how people use our mobile apps so we can improve our products. This information includes the time you began using the app, the healthcare organization you interacted with, any error messages or codes, the model of device used and its operating system, and the version of our mobile app used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.
- You may contact us through the methods listed on Our Website (www.MyUTHealth.org ). If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.
For Android Users – Required Google Play Disclosures for Certain Health Apps
Google has determined our mobile apps are subject to their COVID-19 apps requirements. As a result, we are required to provide the following information so we can make our mobile apps available to you in the Play store.
- Our mobile apps interact with your microphone only if you choose to use your microphone to navigate our mobile apps. Our mobile apps interact with your camera roll only if you choose to add a profile photo to a profile in our mobile apps. This information is not used in connection with COVID-19.
- Our mobile apps access, collect, use, and share your information as stated above in the section titled, “The Limited Ways We Use Your Information.”
- Our mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information on file with your healthcare organization. We may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile apps. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.
How We Protect Your Personal Information
We use technical controls and safeguards to protect the privacy, security, integrity, and availability of your personal information.
- We enable the use of multi-factor authentication for users of our mobile apps by default. Multi-factor authentication is required when you use our mobile apps unless your healthcare organization makes or allows changes to this control.
- We use https for secure communication between servers.
- When we store data on your mobile device, we store it in app-private storage that cannot be accessed by other apps.
- Before data is shared from our mobile apps, we provide in-app notifications so you can choose if you want to share the data.
- We disable screen-shot functionality by default for Android devices, and allow Android users to choose if they want to enable the function. We cannot disable this functionality in iOS.
- We maintain internal policies and processes that limit access to your information to our staff who need to know the information to perform their jobs.
- We maintain internal data retention and deletion policies to help us ensure we only store information about your use of our mobile apps as we describe in this policy.
You can take other steps to protect your information:
- Do not share the username and password you use with our mobile apps.
- Change your password immediately if you believe any unauthorized access has occurred.
- Use the security tools on devices you use with our mobile apps.
- Do not root or jailbreak devices you use with our mobile apps. Doing so can create security risks by removing your devices’ built-in security measures and exposing sensitive information on your device.
Your Privacy Rights
GDPR and UK GDPR Privacy Questions
If you need to contact our Data Protection Officer or EU Representative, please email firstname.lastname@example.org or call +1 713-500-3391.
Contact UTHealth Houston Privacy Officer
If you have any questions about this policy, contact us at +1 713-500-3391 or at email@example.com.