Use of www.mayahealth.com or other Maya websites and Maya’s Research Surveys (www.mayahealth.com/research/privacy) are governed by their own privacy policies. Please contact firstname.lastname@example.org if you have any questions.
Your healthcare provider (Provider) has a contract with Maya to use our software platform to manage, measure, and illustrate health outcomes. Maya’s services to you are offered as a component of Maya’s services to your Provider.
BY USING THE SOFTWARE AND SERVICES, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE OR SERVICES.
Participant-Identified Data means data stored within Maya's Services which is uniquely associated with you, the Participant, and can include information about the past, present, or future health status, health care, or payment for health care, or any other individually-identifiable information about you, the Participant.
De-Identified Data means data, derived from Participant-Identified Data, which has been deidentified using a process approved under the HIPAA Privacy RuleMaya collects information you willfully provide. For example, any forms you fill out with personally identifiable information, such as your name, email address, phone number or other information will be stored. Your Provider may ask you to complete health histories, health outcome surveys, or other questionnaires related to your health, all of which are stored.
When you use our Services, we also collect non-personally identifying information, including the browser type, language preference, referring site, and the date and time of each visit. This information is used by Maya to understand how users interact with and in optimization of our Services.
Maya also collects potentially personally identifiable information like Internet Protocol (IP) addresses for users that log into our Services.
Maya collects other data relating to the provision, use and performance of various aspects of the Services and related systems and technologies, for example, the features and functions of the system that you use, and the speed of system processing.
Maya’s uses of data collected include: (i) Maya uses information collected to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Maya offerings, (ii) Maya uses Participant-Identified Data to create De-Identified Data, (iii) Maya uses De-Identified Data in connection with its business, including to deliver services to other customers (iv) Maya uses information collected for clinical research and other outcomes studies.
Please note, after response to a subpoena there is always a risk that the disclosed data could be accessed by the requesting party. Maya cannot provide any further protection against this.
Insurance company & employer requests. Maya will not provide any person's data (PHI, PII, or non-PII) to an insurance company or employer. We are supporters of legislative efforts intended to prevent discrimination and to safeguard individuals' privacy.
Our practices include, but are not limited to, the use of the following security controls:
Security certifications. All data is stored only using hosting services that have complied with rigorous security certifications including HITRUST, ISO 27001, SOC 2 and others.
Segregation of Data. Sensitive data such a Participant-Identified Data is stored separately from less sensitive data, to reduce the possibility that non-authorized individuals could access the sensitive data.
Encryption. Maya uses industry-standard security measures to encrypt patient data both at rest and in transit.
Limited access to essential Maya personnel. Access to data is strictly limited to authorized personnel based on a need-to-know.
Right to Disclosure of Information: You have the right to request that we disclose certain information regarding our practices with respect to personal information.
Right to Delete Personal Information: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
Right to Opt out of Sales of Your Personal Information: You have the right to direct a business that sells your personal information to third parties not to sell your personal information. This right is referred to as “the right to opt-out.”
Right to Non-Discrimination: You may exercise your rights under the CCPA without discrimination.
Direct Marketing and Do Not Track Signals: Under California’s “Shine the Light” law, California residents may request and obtain a notice once a year about the personal information we shared with other businesses for their own direct marketing purposes.