Privacy Policy

How does The Health Portability and Accountability Act (HIPAA) control the use and security of your health information?

HIPAA does not control your use of your health information. HIPAA grants you the legal right to view and access your legal health record. It is a set of federal rules designed for health care providers, health insurance companies and other identified “covered entities” that control who can look at and receive your health information. HIPAA regulations also ensure that your privacy is protected to the greatest extent, with best practice policies and safeguards in place to minimize any exposure or misuse.

Must QRepublik comply with HIPAA?

No, we are working on behalf of health care consumers who are exercising their legal right to obtain, aggregate and use their own health information. Because we are not what the federal government considers a “covered entity”, QRepublik is not subject to HIPAA regulations.

Just because QRepublik is not legally required to be HIPAA compliant does it still meet its security standards?

Yes! We respect your privacy and understand the importance of securing your information. Therefore we choose to meet the highest possible standards to earn your trust. We meet the technical, physical and administrative safeguard requirements defined by the HIPAA Security Rule to be considered “safe” with regards to privacy protection for the QRepublik Private Profile. The QRepublik Public profile is designed to be shared in case of emergency and falls outside of HIPAA for this reason.

      In addition to following HIPAA security recommendations, QRepublik adheres to the FTC's Security by Design Guidelines:

      • Data security is carefully considered for each component of the QRepublik platform
      • Data is encrypted both in transit and at rest
      • QRepublik uses two-factor authentication
      • QRepublik is protected from common vulnerabilities
      • Our team stays current with knowledge of new vulnerabilities and keeps software appropriately updated

        We process the following personal data of the User

        Personal data
        Last Namemust be distributedPersonal Identification
        Namemust be distributedPersonal Identification
        Middle name (if any)distributed at the option of the subject
        Year of birthmust be distributedPersonal Identification
        Birth monthmust be distributedPersonal Identification
        Date of birthmust be distributedPersonal Identification
        Addressdistributed at the option of the subjectIf the swipe is switched to the YES position
        Diseasesdistributed at the option of the subjectIf the swipe is switched to the YES position
        Insurance Informationdistributed at the option of the subjectIf the swipe is switched to the YES position
        Emergency Contact Pointsdistributed at the option of the subjectIf the swipe is switched to the YES position
        Allergiesdistributed at the option of the subjectIf the swipe is switched to the YES position
        Attending physiciansdistributed at the option of the subjectIf the swipe is switched to the YES position
        Proceduresdistributed at the option of the subjectIf the swipe is switched to the YES position
        Laboratory Researchdistributed at the option of the subjectIf the swipe is switched to the YES position
        Vaccinationdistributed at the option of the subjectIf the swipe is switched to the YES position
        Medicinesdistributed at the option of the subjectIf the swipe is switched to the YES position
        Medical digital documentsdistributed at the option of the subjectIf the swipe is switched to the YES position
        Responsible Personsdistributed at the option of the subjectIf the swipe is switched to the YES position
        Additional Informationdistributed at the option of the subjectIf the swipe is switched to the YES position
        Pregnancydistributed at the option of the subjectIf the swipe is switched to the YES position
        Special categories of personal data*
        Racedistributed at the option of the subjectIf the swipe is switched to the YES position
        Nationalitydistributed at the option of the subjectIf the swipe is switched to the YES position
        Health statusdistributed at the option of the subjectIf the swipe is switched to the YES position
        Biometric Personal Data**
        Biometric Personal Datadistributed at the option of the subjectIf the swipe is switched to the YES position

        NETWORK PROTECTION

        QRepublik servers and supporting systems are protected from hackers and network intrusion using firewalls and other leading security measures.

        CONTROLLED EMPLOYEE ACCESS

        Certain QRepublik employees and system administrators may need to access the QRepublik system to provide operational / administrative support. Access rights are strictly controlled and access is only granted to those who require it to support the QRepublik system and its users. All QRepublik employees and subcontractors are required to sign confidentiality agreements. Access to the system is only granted after validation of the user’s identification credentials, assigned role and system permissions.

          USER PASSWORDS

          Users must enter their username and password to get granted access to the QRepublik system. These credentials are created by users upon registration. To reset a password, the information will be sent to the user’s email in file. If two-factor authentication is enabled, then once the user enters the account password a unique passcode will be sent via text message. Administrators will not have access to user passwords and passwords can only be reset by following a link sent by email upon user request.

            ENCRYPTION

            Encryption provides a secure way for users to exchange information with web sites via their web browsers by “scrambling” the information as it is submitted. This makes it unusable to anyone who does not possess a protected decryption key to “unscramble” the information. QRepublik provides encryption for user interactions through Secure Socket Layer (SSL) technology using a robust 256 bit encryption key. QRepublik also leverages industry best practice encryption standards (e.g. S/MIME, X.509 certificates, TLS) whenever health information is transmitted in or out of QRepublik.

            PHYSICAL SITE SECURITY

            The QRepublik servers and supporting systems are physically secured and protected in Amazon Web Services' world class data centers in the United States. Access to the physical systems is carefully controlled by security measures including multiple levels of authentication requirements (e.g. user keys, biometrics), security guard and registry check-in requirements, and state of the art security monitoring and alerting systems.

            TRACKING ACCESS AND DISCLOSURES

            According to HIPAA standards, QRepublik logs pertinent details anytime health information is viewed edited or exported in order to ensure the integrity of the system.

            PERSONAL IDENTIFIABLE INFORMATION/ PUBLIC PROFILE

            This privacy policy covers how QRepublik treats your personal information (“Personal Information”) that QRepublik collects and receives on QRepublik ’s websites (“Websites”) and Mobile Apps (“Apps”), including information related to your past use of the Websites. Your Personal Information is information about you that may or may not be personally identifiable like your user name, password, email address, or personal profile data that is not otherwise publicly available. Your Personal Information also includes all of the information that you input onto the QRepublik Website or QRepublik App and which is also accessible via QR code reader. This policy does not apply to the practices of companies that QRepublik does not own or control or to people that QRepublik does not employ or manage. All Personal Information that is entered into the Websites or App by you is private to you except to the extent that you opt to share such Personal Information with other persons who may access the Websites and App. Other than for the reasons explicitly described below, it is the policy of QRepublik not to disclose Personal Information to any third party at any time.

            SUBMISSIONS

            Conversely, given that a portion of the purpose of the Websites and App is to share what its customers have experienced with others, our policy regarding Submissions is very different. While our objective is to safeguard your identity, privacy and anonymity, our goal is also to publicly publish and promote the Submissions that describe what you have experienced without identifying who you are so that others can recognize experiences that have been shared by people who are similar in background to themselves. Always use caution when giving out any personally identifiable information about yourself, other family members or friends in the Websites and App. QRepublik does not control or endorse the content, messages or information exchanged by means of the Websites and, therefore, QRepublik specifically disclaims any liability with regard to the Websites and App and any actions resulting from your participation in the Websites and App. QRepublik collects Personal Information when you register with, use or visit the Website, and when you visit the pages of certain QRepublik partners. QRepublik may combine information about you that we have with information we obtain from business partners or other companies. When you register, we ask for information such as your user name, password, email address, and personal profile. Once you register with QRepublik and sign in to a Website you may not be completely anonymous to us. QRepublik may collect information about your transactions with us and with some of our business partners. QRepublik may set and access cookies on your computer.

            MEDICATION REMINDERS WITHIN THE APP

            The QRepublik Application is intended as a helpful backup reminder system that you can personalize for taking your medications. You should not and must not rely on the Application as your primary tool for determining whether and when to take medication, the Application might not function as intended. Specifically, the Application will not operate properly if your device is broken or powered off, if the Application software is not enabled or if any hardware or software on your device prevents the Application from operating as intended. The maintenance of your mobile and computing devices is under your responsibility. You acknowledge that the Application, and the utility of any of its alerts or notifications, depends on information that you input into the Application. You are solely responsible for ensuring that the correct medication is taken at the proper times and in the proper dosages. Persons using the Application assume full responsibility for the use of the Application and agree that we are not responsible or liable for any claim, loss, or damage arising from the use of the Application.