Protected Health Information Notice of Privacy Practices

Effective as of September 16, 2024.

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Protected Health Information Notice of Privacy Practices (“Notice”) describes the legal duties and privacy practices of Wave Life, Inc. (“Wave Life”, “we”, “us”, or “our”) relating to your protected health information (“PHI”) in connection with our mental health platform and related services, as well as your rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Changes to this Notice 

We reserve the right to change the terms of this Notice at any time, and the changes will apply to all PHI we have about you. The new notice will be available on request by contacting our Privacy Officer at privacy@wavelife.io. 

Our Responsibilities

Wave Life is required by law to:

  • maintain the privacy of your PHI;

  • provide you with this Notice of our legal duties and privacy practices with respect to your PHI;

  • follow the terms of this Notice currently in effect and describe how we will provide you with any revised versions of this Notice; and

  • notify affected individuals in the event of a breach of unsecured PHI. 

How We May Use or Disclose Your Health Information

We use your PHI for treatment, payment, and healthcare operations purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your PHI will fall into one of the categories listed below. PHI may be stored electronically and is subject to electronic disclosure. 

We need your written authorization to use or disclose your PHI for any purpose not covered by one of the categories below.  For example, except in limited circumstances, we will not use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. You may revoke any authorization you provide at any time. If you revoke your authorization, we will no longer use or disclose your PHI for those purposes except to the extent we have already taken action based on your authorization.

We may use and disclose your PHI for the following purposes:

  • Treatment

Wave Life provides a mental health platform that makes emotional wellbeing an achievable part of your everyday life. Our platform connects you to mental health coaches and 24/7 tools to help you build self-awareness, discover your values, and cope with stress. In some cases, we may disclose your PHI to authorized healthcare professionals where relevant and may use and disclose PHI to provide you with our coaching services and tools.

  • Payment

Wave Life may use and disclose your PHI for purposes of billing and payment. For example, we may disclose your PHI to health plans or other payers to determine whether you are enrolled with the payer or eligible for health benefits or to obtain payment for our services. If you are insured under another person’s health insurance policy (for example, parent, spouse, domestic partner or a former spouse), we may also send invoices to the subscriber whose policy covers your health services.

  • Healthcare Operations

Wave Life may use and disclose your PHI for activities necessary to support our healthcare operations, such as performing quality checks on our coaching sessions, conducting internal audits, arranging for legal services, training and improving our artificial intelligence models used for training coaches, or developing our coaching strategies.

  • Business Associates

We may provide your PHI to other companies or individuals that need it to provide services to us. These other entities, known as "business associates," are required to maintain the privacy and security of PHI. For example, our business associates may use your PHI to conduct billing, record and transcribe coaching sessions, or provide storage services on our behalf.

  • Individuals Involved in Your Care

We may disclose relevant PHI to a family member, friend, caregiver or other individual involved in your healthcare or payment for your healthcare, if you tell us that this is acceptable to you or you do not object; or if in our professional judgment, we believe that you do not object.

  • As Required by Law

We may use and disclose your PHI as required by law. 

  • Law Enforcement Activities and Legal Proceedings

We may use and disclose your PHI if necessary to prevent or lessen a serious threat to your health and safety or that of another person. We may also provide PHI to law enforcement officials, for example, in response to a warrant, investigative demand or similar legal process, or for officials to identify or locate a suspect, fugitive, material witness, or missing person. We may disclose your PHI as required to comply with a court or administrative order. We may disclose your PHI in response to a subpoena, discovery request or other legal process in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.

  • Research

We may use or disclose PHI for research purposes when permitted by law, such as when an Institutional Review Board or privacy board has reviewed the research proposal and plans to ensure the privacy of your PHI and determined that your authorization is not required. We may also use or disclose PHI about deceased patients to researchers if certain requirements are met.

We may use and disclose a limited data set containing some of your PHI for research purposes. However, we will only disclose a limited data set if we enter into a data use agreement with the recipient.

  • Public Health Activities

We may use and disclose your PHI for certain public health activities, including disclosures to public health authorities as required or permitted by law.

  • Incidental Uses and Disclosures

Sometimes, your PHI may be used or disclosed in the course of our primary uses and disclosures, such as for treatment, payment or healthcare operations. For example, we may us your name in a telephone conversation with a provider. We are permitted to make such incidental uses and disclosures as long as we take reasonable steps to minimize them, and have in place appropriate safeguards to protect them.

State Law Disclosure

For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Your Rights

  • Access to PHI

You have the right to access certain PHI that we have created. You may request access by contacting us at privacy@wavelife.io. If your request is denied, you may request that the denial be reviewed.

  • Amend PHI

You may request corrections to your PHI by making a written request. However, we may deny the request in some cases (such as if we determine the PHI is accurate). If we deny your request to change your PHI, we will provide you with a written explanation of the reason for the denial and let you know about further actions you may take.

  • Accounting of Disclosures

You have the right to receive a list of certain disclosures of your PHI made by Wave Life. Under the law, this may not include disclosures made for treatment, payment, or healthcare operations or certain other purposes.

  • Request Restrictions

You have the right to ask us to limit what we use or share about your PHI. You may contact us and request us not to use or share certain PHI for treatment, payment, or operations or with certain persons involved in your care. Please note, we are not required to agree and may decline your requests in certain circumstances if would affect your care, except that we will agree not to disclose your PHI to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.

  • Request Confidential Communications

You have the right to request that we send your PHI by alternative means or to an alternative address, and we will accommodate reasonable requests. 

  • Choose Someone to Act For You

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.

  • Copy of this Notice

You have the right to obtain a paper copy of this Notice upon request.

How to Exercise Your Rights

You may write or send an email to us with your specific request. Wave Life will consider your request and provide you a response. Please note, these rights are not absolute. When making a request, you must include sufficient information for us to understand and respond to your request.

Complaints/Questions

If you believe your privacy rights have been violated, you have the right to file a complaint with us. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. Wave Life will not retaliate against any individual for filing a complaint.

If you would like to file a complaint with us or have any questions about this Notice or our privacy practices, please contact us using the information below.

Contact Us

To contact Wave Life, you may email privacy@wavelife.io or write to us at the address below:

Wave Life, Inc.
Attention: Privacy Officer
700 El Camino Real, Suite 120

United States

Consent

By using the Wave Life platform and app, you acknowledge that you have reviewed and understood Wave Life’s Notice of Privacy Practices. You understand that:

  • You have certain rights regarding the privacy of your Protected Health Information (PHI).

  • Wave Life may use your PHI for purposes related to treatment, payment, and healthcare operations.

  • The Notice of Privacy Practices provides detailed information on how Wave Life may use and share your PHI for other purposes.

  • You have specific rights concerning your PHI as outlined in the Notice.

  • Wave Life may update the Notice periodically, and you can request a current copy by contacting our Privacy Officer at privacy@wavelife.io.

By continuing to use the Wave Life platform, you agree to these terms.