ウェブサイトプライバシーポリシー

• Contact and support information you choose to provide, such as name, email, phone number, and general inquiry details.
• Technical information such as IP address, browser type, device type, pages visited, referral URL, date/time, and analytics information.
• At launch, the public website does not collect payment card information or host checkout. Patient payment card handling occurs through Elation Patient Payments or another approved payment workflow. If Sky later activates website-side checkout, this Privacy Policy, the Vendor Register, and the payment workflow will be updated before launch of that feature.
• The gateway website is designed not to collect medical history, symptoms, photographs, prescriptions, or other PHI. Do not submit medical details through public website forms.

• Operate and improve the website.
• Respond to general support inquiries.
• Route users to Elation or another approved clinical platform.
• Manage scheduling, billing, fraud prevention, analytics, security, and legal compliance.
• Send administrative notices, service updates, and non-emergency communications.

We may use cookies and similar technologies for necessary website functions, security, analytics, and performance. Sky e-Clinic applies a conservative tracking-control standard based on HHS Office for Civil Rights tracking-technology guidance (December 2022, updated March 2024) as modified by the 2024 AHA v. HHS federal court order (which vacated the portion of the guidance treating every IP-address-plus-unauthenticated-public-page-visit as PHI). HHS continues to advise that unauthenticated pages where users input or select health-care reasons, appointment data, service category, state, age, sex-at-birth, or handoff codes may involve health-context information when combined with identifiers. Sky's Hybrid Analytics Approach reflects that conservative posture:

• Pages that do not reveal a user's health-related context (such as the homepage, About, Contact, FAQ, top-level service index, blog, Disclaimer, Privacy Policy, Terms of Use, Licenses) may use general web analytics (currently Google Analytics 4) to measure aggregate traffic and improve the site.
• Pages where the URL, visible content, or query parameters reveal a user's connection to a specific health topic, service, or selection input do NOT load Google Analytics or any third-party tracking technology. These pages include: `/start` and any `/start` variant; any route containing state, age, sex-at-birth, visit-type, or service-category query parameters; any URL carrying a Sky handoff code; `/services/[category]/[item]` service-item detail pages; and `/visit/[state]/[item]` clinical intake pages. Such pages may use server-side aggregate page-view counters that do not transmit identifying information to third parties.
• We do not deploy advertising pixels (Meta/Facebook Pixel, TikTok Pixel, Google Ads remarketing, LinkedIn Insight Tag, etc.), session replay tools (Hotjar, FullStory, etc.), or chat widgets on Sky e-Clinic pages.
• Adding any new third-party script requires Privacy Officer review and update of this policy before deployment.

All clinical communication (medical history, symptoms, diagnoses, prescriptions, lab results, care instructions) flows exclusively through Elation Patient Passport, the approved HIPAA-compliant clinical platform. Sky e-Clinic uses Elation Patient Passport only after a Business Associate Agreement with Elation Health, Inc. is executed in accordance with HIPAA. The public Sky e-Clinic website does not collect, store, or transmit clinical information. Standard email, the public contact form, and LINE Official Account are used only for non-clinical inquiries (general questions, scheduling support, marketing). Patients should not include clinical details (symptoms, medications, conditions) in messages sent through these channels; if a clinical message is received through a non-Passport channel, we redirect the patient to Patient Passport without engaging in substantive clinical exchange.

• Service providers that host the website, process payments, provide analytics, support, security, email, or scheduling tools.
• Clinical systems such as Elation when you choose to start a visit or provide information through the clinical workflow.
• Government, legal, or safety recipients when required or permitted by law.
• Business transfers such as merger, acquisition, or reorganization, subject to applicable law.

We use reasonable administrative, technical, and physical safeguards. No system is completely secure. We keep website information only as long as reasonably necessary for the purposes described, unless a longer period is required by law, dispute, accounting, or security needs.

• You may request access, correction, deletion, or limitation of certain website information as required by applicable law.
• You may opt out of non-essential marketing emails using the unsubscribe method or by contacting us.
• HIPAA rights for PHI are described in the NPP and may differ from rights for public website data.

The public website is not intended for children to submit information without a parent or legal guardian. Pediatric visits require guardian involvement and are handled through the clinical platform.

Several US states have adopted consumer health privacy laws that protect consumer health data outside the scope of HIPAA (e.g., Washington's My Health My Data Act, Nevada SB 370, Connecticut Data Privacy Act, certain provisions of the California Consumer Privacy Act / California Privacy Rights Act). To the extent any such law applies to information processed through the Sky e-Clinic public website (the gateway, not the clinical platform), Sky e-Clinic complies with applicable state-specific consumer health privacy requirements. Specific applicability is being verified in counsel review; this notice will be updated as necessary.

If Sky e-Clinic implements an AI agent in the future, information submitted through that AI agent may include registration, scheduling, or intake-related information. If the AI agent receives, maintains, transmits, or creates PHI on behalf of Sky e-Clinic, the vendor must have an executed HIPAA Business Associate Agreement with Sky e-Clinic or its approved clinical platform before PHI flows. Sky e-Clinic will not permit patient data submitted through an approved AI agent to be used for model training unless expressly approved in writing by Sky, disclosed to patients where required, and approved by counsel.

Privacy contact: phone (808) 385-8760, email privacy-officer@skyeclinic.org for privacy / HIPAA matters, records@skyeclinic.org for medical-records access requests. For clinical inquiries, please use Patient Passport. Phone and the email addresses above are for non-clinical privacy inquiries. Mailing address: SKY E-CLINIC LLC, 1164 Bishop St STE 940, Honolulu, HI 96813. Sky e-Clinic is a solo-physician practice at launch; role-based email addresses are forwarded to the practice physician.