top of page

Health Privacy Policy

Effective Date: 10/21/2025
Last Updated: 4/23/2026

Xport Health, Inc. ("Xport Health," "we," "us," or "our") respects the privacy of health information and other personal information. This Health Privacy Policy explains how we collect, use, disclose, and protect information through our websites, mobile applications, patient engagement tools, provider-facing platforms, communications, integrations, and related services (collectively, the "Services").

This policy is intended to describe Xport Health’s privacy practices in clear language. It does not replace any separate Notice of Privacy Practices issued by a physician, clinic, hospital, health plan, or other healthcare provider or covered entity that uses Xport Health’s Services.

By using the Services, or by providing information to us through the Services, you acknowledge that you have read and understand this policy.

1. Scope and Role of Xport Health

Xport Health provides digital health technology, patient engagement tools, remote monitoring workflows, care coordination support, analytics, and related services.

Depending on the context, Xport Health may act in different roles:

  1. Service Provider / Business Associate to Healthcare Organizations. When Xport Health provides services to or on behalf of a healthcare provider, health plan, or other regulated healthcare organization, we may create, receive, maintain, or transmit protected health information ("PHI") under a contract such as a Business Associate Agreement. In that situation, the applicable healthcare organization remains responsible for its own Notice of Privacy Practices and certain patient rights obligations.

  2. Direct Provider of Consumer-Facing Digital Services. In some cases, Xport Health may collect information directly from users of our website, mobile applications, forms, support channels, or digital tools.

  3. Independent Controller of Certain Operational Data. Xport Health may act independently with respect to certain business, security, administrative, technical, and legal compliance data.

Because our role can vary depending on the service and relationship, some privacy rights and disclosures may be handled directly by the healthcare organization with which you interact.

2. Information We Collect

We may collect the following categories of information:

A. Health and Health-Related Information

  • Symptoms, diagnoses, conditions, medications, allergies, treatment information, laboratory information, care plans, and other clinical or health-related data

  • Vital signs and biometric data, such as blood pressure, heart rate, oxygen saturation, blood glucose, respiratory rate, body temperature, weight, and similar measurements

  • Remote monitoring data and device-generated readings

  • Information about wellness, activity, sleep, nutrition, or other health status indicators when made available through the Services

  • Communications regarding care, check-ins, assessments, questionnaires, and patient-reported outcomes

B. Personal Information

  • Name, date of birth, phone number, email address, mailing address, and other contact information

  • Account credentials and authentication information

  • Demographic information

  • Insurance, eligibility, referral, scheduling, and billing-related information, where applicable

  • Emergency contact or caregiver information

C. Technical and Device Information

  • IP address, browser type, operating system, mobile device identifiers, app version, device model, language, time zone, and related technical information

  • Log files, timestamps, crash reports, diagnostic data, and security event information

  • Cookie, SDK, pixel, or similar online activity information where used on our websites or applications

D. Information From Third Parties and Integrations

  • Information received from healthcare providers, health plans, laboratories, pharmacies, care teams, or other authorized partners

  • Information imported from electronic health record systems, health information exchanges, or practice management systems

  • Information received from integrated medical devices, connected devices, Apple Health, Health Connect, or similar platforms, subject to applicable permissions and settings

  • Information provided by family members, caregivers, or authorized representatives

3. How We Collect Information

We collect information:

  • Directly from users, patients, caregivers, providers, and organizations using the Services

  • Automatically through websites, applications, devices, and system logs

  • Through integrations, APIs, data feeds, device connections, and interoperability tools

  • From service partners, providers, payers, and other authorized sources

4. How We Use Information

We may use information for the following purposes, as permitted by applicable law and our contractual obligations:

  • To provide, operate, maintain, improve, and support the Services

  • To facilitate care coordination, patient engagement, remote monitoring, chronic care workflows, and related clinical operations

  • To collect, review, organize, analyze, display, and transmit health data and related insights

  • To generate alerts, reminders, summaries, reports, and documentation support

  • To communicate with users, providers, caregivers, and authorized representatives

  • To personalize user experience and configure accounts and settings

  • To authenticate users and secure access to the Services

  • To troubleshoot, monitor performance, detect errors, and improve usability and functionality

  • To comply with contractual obligations, legal requirements, audits, investigations, and enforcement requests

  • To protect the rights, safety, and security of users, patients, providers, Xport Health, and the public

  • To prevent fraud, abuse, misuse, unauthorized access, and other harmful activity

  • To create de-identified or aggregated data where permitted by law

  • For internal business operations such as quality assurance, training, analytics, financial reporting, and corporate governance

We do not use health information for advertising purposes in a manner prohibited by law.

5. How We Disclose Information

We may disclose information in the following circumstances:

A. To Healthcare Organizations and Care Teams

We may disclose information to healthcare providers, care teams, health plans, and other authorized healthcare organizations in connection with providing the Services and supporting care, operations, payment, coordination, and other permitted activities.

B. To Service Providers and Contractors

We may disclose information to vendors, contractors, subprocessors, consultants, and other service providers who perform services on our behalf, such as cloud hosting, communications, customer support, identity verification, analytics, security, device connectivity, software infrastructure, and similar operational functions. These parties are required to protect information and may use it only as permitted by contract and applicable law.

C. With User Direction or Consent

We may disclose information when a user directs us to do so, gives consent, or authorizes a connection, integration, or disclosure.

D. For Legal, Regulatory, and Safety Reasons

We may disclose information as required or permitted by law, regulation, subpoena, court order, governmental request, public health obligation, or similar legal process, or when we believe disclosure is necessary to protect health, safety, rights, property, or the security of the Services.

E. Business Transfers

We may disclose information in connection with a merger, acquisition, financing, restructuring, asset sale, bankruptcy, or other corporate transaction, subject to applicable confidentiality and legal requirements.

F. De-Identified and Aggregated Information

We may use and disclose information that has been de-identified or aggregated so that it does not reasonably identify an individual, as permitted by law.

6. HIPAA and Protected Health Information

When Xport Health handles protected health information on behalf of a healthcare provider, health plan, or other HIPAA covered entity, our use and disclosure of that PHI is governed by applicable law and our contract with that covered entity, including any Business Associate Agreement.

In those circumstances:

  • The healthcare provider or other covered entity is generally responsible for issuing its own Notice of Privacy Practices

  • Patient rights requests relating to PHI may need to be directed to the relevant provider, plan, or other covered entity

  • Xport Health may assist the covered entity in responding to such requests when required by law or contract

If you are a patient receiving care from a provider that uses Xport Health, please review that provider’s Notice of Privacy Practices for additional information about how your PHI may be used and disclosed.

7. Consumer Health Data and Non-HIPAA Data

Not all health-related information is regulated by HIPAA. In some circumstances, Xport Health may collect or process health-related information that falls outside HIPAA but is still protected by other federal or state privacy, consumer protection, or breach notification laws.

For example, if Xport Health offers consumer-directed tools, website features, mobile app features, or connected-device functionality outside a covered entity relationship, we may process health-related data subject to applicable consumer privacy and health data laws.

We do not sell personal health data in exchange for money. We do not share consumer health data for cross-context behavioral advertising or other uses prohibited by applicable law.

8. Data Retention

We retain information for as long as reasonably necessary to:

  • Provide the Services

  • Fulfill the purposes described in this policy

  • Comply with contractual, legal, regulatory, accounting, tax, audit, billing, recordkeeping, and enforcement obligations

  • Resolve disputes and enforce agreements

  • Maintain security, integrity, backup, disaster recovery, and business continuity processes

Retention periods may vary based on the type of information, the Services involved, the nature of the relationship, applicable law, and contractual requirements.

9. Security Measures

We maintain administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, disclosure, alteration, or destruction. These measures may include access controls, authentication procedures, encryption where appropriate, logging, monitoring, workforce training, incident response procedures, vendor oversight, and other security controls.

No system or method of transmission or storage is completely secure. Accordingly, we cannot guarantee absolute security.

10. Breach and Incident Response

If Xport Health becomes aware of a security incident or unauthorized disclosure involving information we maintain, we will investigate, take appropriate containment and remediation steps, and provide notice where required by applicable law, regulation, or contract.

Where Xport Health acts on behalf of a HIPAA covered entity, notification obligations may be governed by our contract and applicable breach notification requirements.

11. Individual Rights and Choices

Depending on the applicable law and the nature of the relationship, individuals may have rights regarding their information, including the right to:

  • Access certain information

  • Request correction or amendment of certain information

  • Request deletion of certain information, subject to legal exceptions

  • Request restrictions on certain processing or disclosures

  • Request a copy of information in a portable format where applicable

  • Withdraw consent where processing is based on consent

  • Opt out of certain non-essential communications

  • Lodge a complaint with Xport Health or with an applicable regulator

These rights are not absolute and may be limited by law, regulation, patient safety considerations, contractual obligations, technical feasibility, record retention requirements, or the role in which Xport Health is acting.

If Xport Health acts as a service provider or business associate for your healthcare provider or health plan, we may direct your request to that organization, which may be the appropriate party to respond.

12. Cookies, Analytics, and Similar Technologies

Our websites and applications may use cookies, software development kits, pixels, local storage, and similar technologies to:

  • Operate and secure the Services

  • Remember preferences and settings

  • Measure performance and functionality

  • Analyze usage trends

  • Improve user experience

Where required by law, we will provide additional notice, obtain consent, or offer choices regarding certain optional technologies.

13. Third-Party Services and Links

The Services may contain links to third-party websites, tools, integrations, or services that are not controlled by Xport Health. This policy does not apply to the privacy practices of those third parties. We encourage users to review the privacy policies of any third-party service they use.

14. Children’s Privacy

Xport Health does not knowingly collect personal information directly from children except as permitted by law and as necessary to provide Services in connection with healthcare, caregiver-authorized use, or services arranged through a healthcare organization or authorized adult.

15. Cross-Border Processing

If information is processed or accessed outside the jurisdiction in which it was collected, it may be subject to the laws of those jurisdictions. Xport Health will take reasonable steps to ensure appropriate protections consistent with applicable law.

16. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the "Last Updated" date above and take additional steps where required by law. Material changes may be communicated through the Services, by email, by posting an updated policy, or by other appropriate means.

17. Contact Information

If you have questions about this policy or wish to submit a privacy request, please contact:

Xport Health, Inc.
Attn: Privacy Officer
3723 Greenville Avenue

Dallas, TX, 75206
care@xporthealth.com

bottom of page