top of page
Logo.png

OPENBOOK PRIVACY POLICY

INTRODUCTION

At Openbook, we believe that healthcare transparency begins with transparency about your data. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our website, mobile application, and services (collectively, the "Services").

We are committed to respecting your privacy and have voluntarily adopted the CARIN Alliance Code of Conduct to safeguard and secure your health information. This Privacy Policy complies with applicable federal and state laws, including HIPAA (where applicable), the Washington State My Health My Data Act, the Nevada Health Data Privacy Act, and other emerging state consumer health data privacy laws.

Please read this Privacy Policy carefully to understand our practices regarding your information. By using our Services, you acknowledge that you have read and understand this Privacy Policy and consent to the practices described herein.

OUR COMMITMENT TO PRIVACY

Openbook is built on consumer trust. Our fundamental privacy principles include:

  • Transparency: We clearly communicate what data we collect and why

  • Control: You maintain control over your data with easy-to-use privacy tools

  • Purpose limitation: We only use your data for the purposes specified

  • Data minimization: We collect only what's necessary to provide our services

  • Security: We implement industry-leading protections for your information

WHAT INFORMATION WE COLLECT

Personal Information

  • Identification Information: Name, email address, phone number, postal address

  • Account Information: Username, password, account preferences

  • Demographic Information: Date of birth, gender, location

​

Consumer Health Data

  • Insurance Information: Insurance carrier, plan information, member ID, group numbers

  • Healthcare Provider Information: Provider names, addresses, specialties, network status

  • Health Service Information: Appointments scheduled through our platform, healthcare services searched for or viewed

  • Pricing Information: Cost estimates, claims information, historical payment data (when authorized)

  • Health-Related Search Data: Your searches for health conditions, treatments, providers, or symptoms

  • Location Information: Geographic information when you use location-based features to find nearby providers

​

Device and Usage Information

  • Device Information: IP address, device type, operating system, browser type

  • Usage Information: Pages visited, features used, time spent on the platform, search terms

  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy

HOW WE COLLECT INFORMATION

We collect information:

  • Directly from you: When you register for an account, create a profile, search for providers, schedule appointments, or interact with our platform

  • From healthcare providers: When they list their services, pricing, and availability (we never receive your medical records unless you explicitly authorize sharing)

  • From insurance companies: When authorized by you to access information about your coverage

  • From third-party sources: Public databases, healthcare quality organizations, government databases, and other legally available sources for provider information

  • Automatically: When you use our Services through cookies, log files, web beacons, and similar technologies

HOW WE USE YOUR INFORMATION

We use your information to:

Essential Services

  • Provide our core healthcare transparency and navigation platform

  • Process and confirm appointments

  • Verify insurance coverage and provide cost estimates

  • Facilitate communication with healthcare providers

  • Authenticate your identity and maintain your account

​​

Platform Improvement

  • Enhance and personalize your experience

  • Develop new features and services

  • Perform analytics and research on platform usage

  • Debug and fix technical issues

  • Maintain the security and integrity of our platform

​​

Communication

  • Respond to your inquiries and support requests

  • Send service-related announcements and updates

  • Provide personalized recommendations for healthcare providers

  • Deliver content relevant to your healthcare needs

All uses of your information are subject to your control and preferences as described in the "Your Privacy Rights and Choices" section below.

INFORMATION SHARING AND DISCLOSURE

We may share your information with:

Healthcare Providers

  • When you schedule an appointment or request information from a provider

  • Only the specific information needed to fulfill your request

  • Subject to your explicit authorization

​

Insurance Companies

  • To verify coverage or estimate costs

  • Only with your explicit authorization

  • Limited to the minimum necessary information

​

Service Providers

  • Third parties that help us operate our platform (e.g., hosting, analytics, customer support)

  • Under contracts that require them to protect your information

  • Only for the specific purposes we authorize

​

Legal Requirements

  • In response to a legal request, such as a subpoena, court order, or government demand

  • To protect our rights, privacy, safety, or property

  • To investigate, prevent, or take action regarding illegal activities

​

Business Transfers

  • In connection with a merger, acquisition, or sale of assets

  • With continued protections under the applicable privacy policy

​

With Your Consent

  • When you explicitly authorize us to share information

  • For purposes you have agreed to

  • We will never sell or rent your personal information or health data to third parties for their marketing purposes.

DATA SECURITY

We maintain industry-standard administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of sensitive information both in transit and at rest

  • Access controls limiting who can view your information

  • Regular security assessments and penetration testing

  • Employee training on privacy and security practices

  • Incident response planning and procedures

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

YOUR PRIVACY RIGHTS AND CHOICES

You have several rights and choices regarding your information:

Access and Portability

  • Review your personal information and health data

  • Download your information in a structured, commonly used format

  • Request information about how your data has been shared

​

Correction

  • Update or correct inaccurate information

  • Complete incomplete information

​

Deletion

  • Request deletion of your account and personal information

  • Understand what information we may retain for legal purposes

​

Consent Management

  • Withdraw consent for specific uses of your information

  • Opt out of marketing communications

  • Control third-party data sharing

​

Preference Management

  • Update communication preferences

  • Manage privacy settings through your account dashboard

  • Set device-level privacy controls (e.g., location services)

To exercise these rights, please visit your account settings or contact us using the information in the "Contact Us" section below.

CHILDREN'S PRIVACY

Our Services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately so we can remove the information.

For teens aged 16-18, special protections apply in accordance with applicable state laws. Parents or legal guardians may exercise privacy rights on behalf of their minor children in accordance with applicable law.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will notify you through the Services or by other means, such as email. The "Last Updated" date at the top of this policy indicates when it was last revised.

We encourage you to review the Privacy Policy whenever you access our Services or otherwise interact with us to stay informed about our information practices.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Please see our California Privacy Notice for more information

CONTACT US

If you have questions, concerns, or requests related to this Privacy Policy or your information, please contact us:

Email: privacy@openbook.health 

ADDITIONAL INFORMATION

Cookie Policy

Our detailed Cookie Policy explains how we use cookies and similar technologies, including your choices for managing these technologies.

​

HIPAA Notice

When applicable, our HIPAA Notice of Privacy Practices describes how protected health information may be used and disclosed by covered entities.

​

CARIN Alliance Adherence

Openbook has voluntarily adopted the CARIN Alliance Code of Conduct for consumer-directed health information exchange. This means we adhere to privacy guidelines that assure trustworthy practices in how we handle your health information. The CARIN Alliance works to improve health information exchange and ensure that consumers have safe and secure access to their health information.

DEFINITIONS

  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular consumer or household.

  • Consumer Health Data: Personal information that identifies your past, present, or future physical or mental health status, including diagnoses, treatments, searches for healthcare providers, health insurance information, and related information.

  • HIPAA: The Health Insurance Portability and Accountability Act of 1996, a federal law that establishes standards for the privacy and security of protected health information.

  • CARIN Alliance: A multi-stakeholder collaborative working to advance consumer-directed exchange of health information.

  • Cookies: Small text files placed on your device that can be used to identify your browser and remember certain information.

  • Encryption: The process of converting information into code to prevent unauthorized access.

​

This Privacy Policy represents our commitment to protecting your privacy while providing transparent healthcare services. Your trust is essential to our mission of making healthcare more accessible, understandable, and affordable for everyone.

© 2025 by Openbook

bottom of page