At CHESS, we don’t sell or give the Connections App to patients directly; you’re getting the Connections App through a healthcare provider or treatment center or other type of organization that has a contract with us for our eRecovery solution. Throughout the rest of this document, this other organization who is enabling your use of the Connections App and who will know almost everything about how you use it and almost all the data you enter into it, will be referred to as the “Provider” or “your Provider”.
If you’re like most people, you want your personal information protected, perhaps especially your clinical information and the details of addiction and your recovery from addiction.
- The data about you that will be stored by CHESS
- Who has access to this data
- Who else might get access to the data
- What other patients might know about you or find out about you
- Optional capture of location data
- Optional notifications outside of the App
- Where your data is stored
- How we protect and secure your data
- How long data is stored
- What to do if you want your identifiable data erased or deleted
- Our policy regarding children
- Your consent
- How you can contact us
The data about you that will be captured and stored by CHESS
In the course of creating or getting an account, your use of the Connections App, and the Provider’s use of the eRecovery solution, personally identifiable information (“PII”) about you will be captured and stored by CHESS.
The PII that may be stored through your interactions with the Connections App and through the use of eRecovery by your Provider includes, without limitation, your name, username, alias name, email address, physical address, IP address, gender, date of birth, telephone numbers, photographs, names of personal contacts, medical information (health plan name, health plan identifier, level of care, primary substance of abuse, mental illness, current treatment facility, comorbidity, whether you are receiving medication-assisted therapy (MAT), whether you are pregnant), employment status, income range, the names of high risk locations you may enter, recovery goals, recovery tasks, answers to survey questions, social wall posts and comments, and the content of all messages, both individual and group messages, you might send using the Connections App to other patients, to counselors, coaches, or other authorized users of eRecovery, including messages, text messages, or emails you might send to CHESS Health or its employees.
Some of the data you enter and some of the data about you will be stripped of any detail (e.g., name, birthdate, etc.) that could identify you (hence called “De-identified Data”). This de-identified data is stored with de-identified data from lots of other patients so that your Provider and other Providers can compare data about large populations to learn about addiction treatment outcomes and other useful analytics. No one performing this analysis will ever know what data in this large population is yours.
Who has access to this data
Your Provider has access to all of the PII.
CHESS, which operates and supports the eRecovery solution for the Provider, has access to all the PII and the Automatically Collected Information.
Your Provider and other Providers can perform analytics and benchmarking on the de-identified data described above.
Who else might get access to the data
CHESS may disclose your data to other organizations when (1) required to by law, such as to comply with a subpoena, or similar legal process; or (2) when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
What other patients might know about you or find out about you
Your provider is also giving the Connections App to other patients. If you are not careful, these patients may be able to identify you through your use of the Connections App.
- When you first access the Connections App, you will be prompted to set up an alias name, which should be something different than your real name
- You pick your alias name
- Your Provider will assign you to a ‘Team’ – any patients in your team will see your alias name, any details you share about yourself on your ‘Wall’, and they will see whatever photograph, if any, you choose for your profile.
- Your Provider will assign you to a ‘Group’ to participate in online discussions through messages. All patients in your group will be able to see your alias name and they will see your profile photograph.
- Any messages you send to an individual in your Group or to the entire Group will be identified by your alias and your profile picture.
CHESS and your Provider cannot promise that another patient also using the Connections App will not know your identity.
Optional capture of location data
The Connections App has an optional feature, High-risk Locations, which enables you to input an address or specific location that you think could trigger you to relapse. If you set a High-risk Location and then you go near the location with your phone, the Connections App is designed to warn you that you are near this location and offer you support options to avoid relapse. This is an optional feature and it only works if you set your phone to always share your location with the Connections App.
Even if you are using the High-risk Location feature and you have set your phone to share your location with the App, CHESS does not track, collect or store your location or the precise location of your mobile device. If you are using the feature, then CHESS will store the names you give the high-risk locations entered and it will store when a high-risk alert is triggered. Your Provider will not know the names of these locations.
Optional notifications outside of the App
The Connections App has an optional capability to push notifications to the home screen of your mobile device. This feature is optional. To be enabled, you must first allow notifications from Connections on your mobile device. At any time, notifications can be turned off through the settings within the Connections App and/or through the settings on your mobile device.
If enabled, a push notification is a message that pops up on a mobile device and can be sent at any time, even when you are not using the app. If you opt to allow push notifications from the Connections App, you will receive notifications such as, reminders, schedules, message alerts, but never anything detailed or specific. Please be aware that these notifications will indicate that they are from the Connections App and may be seen by others who have access to your phone.
Where your data is stored
CHESS stores your data on secure Amazon Web Services (“AWS”) servers. You can learn more about AWS and how it helps us protect your information here: https://aws.amazon.com/compliance/hipaa-compliance/.
How we protect and secure your data
We are committed to safeguarding the confidentiality of your data. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. For example, we limit access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve the Connections App. In addition, CHESS employs a variety of technical safeguards to protect the confidentiality, integrity, and availability of your data including encryption of the data in transit and at rest and other industry best practices. Please be aware that, although we strive to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.
How long data is stored
Your data will be stored by CHESS as long as your Provider remains a customer of CHESS.
What to do if you want your identifiable data erased or deleted
If you have stopped using the Connections App, have deleted the app from all mobile devices, and want to be sure your identifiable data is cleared from all databases, you can reach out to your Provider to get your identifiable data erased or deleted from the CHESS servers.
Our policy regarding children
The Connections App is not for patients under the age of thirteen. If a parent or guardian becomes aware that his or her child has entered their own personal data into the Connections App or somehow been given an account by a Provider, please contact us at firstname.lastname@example.org.
You will also have to accept our End User License Agreement (EULA) before you can create an account and start using the App. Read it carefully too.
How you can contact us