NxStage Privacy Policy for the Nx2me® App

NxStage Medical, Inc. and its affiliates (collectively referred to as “NxStage” throughout this policy) takes privacy very seriously. We are committed to protecting the privacy and confidentiality of health information that we obtain from you and your NxStage products and services through the use of the Nx2me application, and any Successor Products (collectively referred to as the “Nx2me App” throughout this policy) on behalf of your health care provider. The Nx2me App connects a NxStage hemodialysis device to a tablet computer to help your healthcare provider monitor your condition, and in doing so, processes personal information. Successor Products refers to applications developed and distributed in the future that serve the same or similar purposes of connecting a NxStage at home medical device to a mobile computing device to provide medical condition information to your health care provider. This Policy explains our privacy practices regarding personal health information and other data that is collected, used and disclosed through your use of the Nx2me App.

Please note that NxStage may obtain, or may have already obtained, similar or matching information while providing services or products to you that are unrelated to the Nx2me App product or services. That information may be subject to the terms on which it was first obtained by NxStage.

Collection of Information

Collection of Health Information

We collect health information when you use the Nx2me App. When you use the Nx2me App, we collect identifying information necessary to create an account that will be used by your health care provider to store and manage health information. Thereafter, the Nx2me App will collect information from you and your NxStage products and services during your medical treatments. Examples of the types of information collected include:

  • patient name;
  • patient username;
  • patient password;
  • NxStage equipment serial numbers;
  • treatment dates and times;
  • treatment values, labs drawn and medication administered; and
  • treatment assessments and notes.
Collection of Non-Health Information Generally

We may collect certain non-health information to provide the Nx2me App through Internet-enabled devices. This information may include the URL (or web addresses) of websites used to transfer health information from the Nx2me App to NxStage and your health care provider (for the purposes described in this policy).

We may also collect and maintain logs of Internet communications between the Nx2me App service components. These logs may contain information about the mobile device application software used to connect to the Nx2me App services, such as the operating system and other performance and troubleshooting information.

Collection of Non-Health Information through Mobile Device Management Software

At your health care provider’s request, we may use mobile device management software to assist your health care provider in managing the tablet computer provided to you by your health care provider, who may restrict your usage of such tablet computer to the Nx2me App or related health care purposes. This software allows us to assist with tablet computer management, including restricting access to the App Store, gaming and content. It also allows us to erase all data and settings, lock the device and remove the passcode, list installed applications, apply settings, and install and remove applications and data.

If you are using the Nx2me App on your own tablet computer, you may choose to allow us to use mobile device management software to assist you with respect to the Nx2me App. For example, we and/or the software provider could help you add or remove the Nx2me App, get updates to the application, add or modify network settings necessary to use the application, and provide other troubleshooting assistance to help with the proper functioning of the Nx2me App. You may be subject to separate agreements with the licensor of the mobile device management software, in which case its agreements and policies apply and govern between you and it for those activities.

When using the mobile device management software (whether on the tablet computer provided to you by your health care provider or whether on your own tablet computer), we and the software provider may collect certain non-health information. Examples of the types of information collected include:

  • Device information, such as the amount of battery life remaining or hard drive space
  • Network information, including your Internet Protocol address (or IP address);
  • List of installed applications;
  • Whether or not the tablet computer is online

Use and Disclosure of Information

Uses and Disclosures of Health Information on Behalf of Health Care Providers

We will disclose your health information to your health care provider for the purposes of medical treatment or other lawful purposes that may be established by contract between NxStage and your health care provider. We may also disclose your health information to other organizations acting on behalf of your health care provider if instructed to do so by your health care provider and permitted under applicable law. We may use health information for the management and administration of NxStage, as well as data aggregation, data de-identification, and legal obligations, to the extent such use of health information is permitted or required by your health care provider and not prohibited by law. You have the right to request that we limit the collection, use and disclosure of your personal health information – provided that certain collections of personal health information may be necessary in order to use the Nx2me App.

Disclosures to Third Party Service Providers

NxStage may occasionally hire service providers to perform limited tasks on our behalf, such as answering patient questions and providing technology resources. In the event that your information must be disclosed to a service provider, we will ensure that the service provider agrees to abide by the same privacy and security principles that apply to us. Only the information needed to perform tasks on behalf of NxStage is disclosed to service providers. Service providers are not permitted to use your information for any purpose other than providing services on behalf of NxStage.

Uses for Operation and Improvement of the NxStage Service

Non-health information may be used or shared to maintain and improve the operation of the Nx2me App. For example:

  1. URLs may be used to ensure that information collected from your NxStage home medical device and mobile device application software is properly routed to us and shared with your health care provider, and
  2. log files may be used to assess the performance of the Nx2me App and other NxStage products and identify ways to improve efficiency, such as improving system response times.
  3. As mentioned in the “Collection of Information” section above, non-health information collected through the use of mobile device management software may be used to assist in the set-up of or to troubleshoot issues with the Nx2me App.
Disclosures to Satisfy Legal Obligations or Defend Legal Rights

To the extent permitted by applicable law, we may also disclose your information if we believe such disclosure is necessary to:

  1. comply with the law or legal process served on NxStage;
  2. protect and defend the rights or property of NxStage (including the enforcement of our agreements); or
  3. act in urgent circumstances to protect the personal safety and welfare of NxStage customers, employees, or members of the general public.
Aggregated and De-identified Data

We may aggregate your health information with health information collected from other patients that use the Nx2me App. Aggregated data is not associated with your individual identifiable records – it is de-identified, meaning that individual identifiers will be removed in order to prevent any person or process from determining the identity of the data subject through any reasonably foreseeable means. Aggregated and/or de-identified data may be used to:

  1. improve the Nx2me App and other NxStage medical services and products;
  2. market the Nx2me App and other NxStage medical services and products; and
  3. protect your health information.

De-identified data may be disclosed to third parties. Data will only be aggregated or de-identified in ways permitted by your health care provider and applicable law.

Safeguards

We use appropriate safeguards to prevent the unauthorized use or disclosure of your information. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the information that we create, receive, maintain, or transmit on behalf of your health care provider. Please be aware, however, that no information system is 100% secure, and therefore we cannot guarantee against all potential security breaches. Moreover, the transmission of information over wireless and wired networks is not inherently secure, and we are not responsible for the transmission of information over networks that we do not control.

In order to enhance the security of your information, you should select a strong password. A strong password should include a combination of lowercase and uppercase letters, numbers, and special characters and should not contain your names, addresses, or significant dates or those of your friends or family. Memorize your password or store it in a safe location. In addition, you should not leave your mobile device unattended in public places.

Access to Health Information

We will make available to your health care provider, information necessary for you to exercise your rights to access, amend, and request an accounting of your health information in accordance with applicable privacy laws including the Health Insurance Portability and Accountability Act (“HIPAA”) and its regulations.

Additional Information

For additional information about our privacy practices, see our general privacy statement at http://www.nxstage.com/privacy-policy-canada.

Changes to this Privacy Policy

We reserve the right to update this Privacy Policy from time to time by posting a new Privacy Policy at this location. We will note the effective date of the latest version of our Privacy Policy at the bottom of this page. You are advised to consult this Privacy Policy regularly for any changes, and your continued use of the Nx2me App after such changes have been made constitutes acceptance of those changes.

Contact Us. If you have any questions regarding this Privacy Policy, please contact:

NxStage Medical, Inc.
Attn: Compliance Officer
350 Merrimack Street
Lawrence MA 01843

Effective Date: June 1, 2014