ROBYN'S HIPAA Authorization
Last Updated: December 23rd, 2023

Robyn (“Robyn”, “we”, “our” or “us”) offers services (“Robyn Services”) such as helping you to find and learn about healthcare providers and booking appointments with such healthcare providers (each, your “Healthcare Provider”). In order to best provide the Robyn Services, we may collect, use, share, and exchange health-related information you or your Healthcare Provider share with us. Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), health and health-related information may be considered “protected health information” or “PHI” if such information is received from or on behalf of your Healthcare Providers who are subject to HIPAA.

HIPAA protects the privacy and security of your PHI by limiting the uses and disclosures of PHI by most healthcare providers and by health plans (“Covered Entities”) as well as entities that provide certain assistance or services to Covered Entities (“Business Associates”). Robyn is a Business Associate of certain of your Healthcare Providers. Under certain circumstances described in HIPAA, an individual needs to sign an authorization form before your Healthcare Provider(s), and their Business Associates, can use or disclose PHI.

Not all of the providers you may book appointments with on Robyn are HIPAA “covered entities”. This HIPAA Authorization (“Authorization”) only applies to health information considered PHI received by Robyn by or on behalf of your Healthcare Providers who are subject to HIPAA. Your decision to execute this Authorization in the event you do not share identifiable health information with Robyn subject to HIPAA will not affect your use of the Services or our use of such personal information which will remain subject to our Privacy Policy.

Non-Protected Health Information

As a condition of creating your Robyn account, you are required to read and agree to Robyn’s Privacy Policy. Our Privacy Policy explains how we process and share information received from you that is not covered by HIPAA (“Non-PHI”).

Your PHI Authorization

The purpose of this Authorization is to request your written permission to allow us to use and disclose your PHI in the same way as we use and disclose your Non-PHI. If Robyn is a Business Associate of your Healthcare Providers, Robyn needs your Authorization to be able to use and disclose your PHI in the same way it can currently use and disclose your Non-PHI in accordance with our Privacy Policy when Robyn is not working on behalf of your Healthcare Providers. If you e-sign this Authorization, Robyn will rely on this Authorization to use and disclose PHI as described in this Authorization and the HIPAA requirements that apply to Business Associates will not apply to such uses and disclosures. If you e-sign this Authorization, you give your permission to Robyn to retain your PHI and to use and/or disclose your PHI in the same way that you have agreed that your Non-PHI can be used and disclosed.

Specifically, you agree that we can use and disclose your PHI to:

• Provide you with updates and information about the Robyn Services;

• Notify you of providers and services we think you may be interested in learning more about;

• Share information with you regarding additional services or products which we think you may be interested in;

• Conduct internal analysis for Robyn’s business purposes;

• Market to you third party products and services; and

• Support development and proper functioning of the Robyn Services.

Redisclosure

If Robyn discloses your PHI, Robyn will require that the person or entity receiving your PHI agrees to only use and disclose your PHI to carry out its specific business obligations to Robyn or for the permitted purpose of the disclosure (as described above). Robyn cannot, however, guarantee that any such person or entity to which Robyn discloses your PHI will not re-disclose it in ways that you or we did not intend or permit.

Expiration and Revocation of Authorization

Your Authorization remains in effect until you provide written notice of revocation to Robyn.

YOU HAVE THE RIGHT TO REVOKE THIS AUTHORIZATION AT ANY TIME FOR ANY REASON OR FOR NO REASON AT ALL.

If you wish to revoke this Authorization, you must notify Robyn by submitting a revocation by emailing hello@wearerobyn.co. Your decision not to execute this Authorization or to revoke it at any time will not affect your ability to use the Robyn Services. A revocation of Authorization is effective after you submit it to Robyn, but it does not have any effect on Robyn’s prior actions taken in reliance on the Authorization before revoked.

Once Robyn receives your revocation of Authorization, Robyn can only use and disclose your PHI as permitted in Robyn’s agreements with your Healthcare Provider(s). Your revocation of Authorization does not affect Robyn’s use of your non-PHI.