Many patients and caregivers are concerned with how health care companies use their data…and rightfully so.

Trusted hospital systems and start-ups alike have been found to be using patient health data in ways that patients are unaware.

Nell founded Folia Health to create a new kind of health care company - one that makes it possible for you to live your healthiest life. And that includes making sure you feel confident that your data is safe and secure with Folia.

Read our Q&A below with co-founder and CTO Dan below to understand our approach to privacy and security. And jump over to our Data Dividends page to learn more about our revenue-share program!

Privacy Q&A with Dan

Dan Toffling is co-founder and Chief Technology Officer of Folia Health. The Toffling family’s experience in caregiving inspired Dan to join Nell in starting Folia. Read more about how they’ve learned to break down barriers for their daughter, Mila.

Folia: As CTO of an early stage start-up, you wear a lot of hats, not the least of which is data privacy and security.  Start us off with the difference between the two.

Dan: Privacy involves the patient’s right to decide who has access to his/her data, and the policies around how that is handled at an organizational level. Security involves protecting data and user accounts through controls, technology, and processes. To use the analogy of your local bank, privacy involves your right to keep information about your accounts and transactions confidential and clarifies who has access to it, and security involves the building design, security staffing, verifying identity, etc.  

F: Why are privacy and security so important at Folia?

D: We understand that Folia members are entrusting us with very personal and sensitive information during some of the most stressful and difficult times in their lives. So we have put a lot of effort into not just meeting, but exceeding the standards legislated under HIPAA (Health Insurance Portability and Accountability Act). All of our employees use Folia to track our own health or our children’s health, so we sit at the receiving end of good privacy and security practices as well.

F: What are some of Folia’s practices with regard to data security?

D: We use industry best practices, such as multi-factor authentication, business associate agreements (BAAs) with vendors (such as email, data storage, etc.), virtual private networks (VPNs), etc. to ensure our systems are as secure as possible. 

On the human front, we have an in-depth security policy that all employees review several times a year. We also adopt practices such as limiting data access only to employees who require it to perform their job responsibilities, ensuring no protected health information (PHI) is stored on individual laptops, and enforcing a clean desk policy so no PHI is ever left exposed on someone’s desk or on the screen of an unlocked laptop.  

Visits_withframe.png

F: Tell us about privacy and data-sharing practices at Folia.

D: Folia members have the opportunity to opt-in or opt-out of sharing their data. It is always an individual choice. The two types of Folia partnerships that involve data sharing are:

  1. Sharing data with your clinic to help with pre-visit planning.

  2. Sharing data (usually anonymized) for research to improve care.

F: How does sharing data with clinics work?

D: Part of Nell’s original vision was to harness the power of patient and caregiver observations to improve their own care.

The Bridge Program launched in 2019, and it allows Folia data to be automatically sent to clinics in a structured and actionable way.

When their clinics incorporate Folia into pre-visit planning, Folia users say they experience better alignment and shared decision making. However we know that not everyone wants their data automatically sent to clinics, so Folia users can always control this in their Sharing Settings.

F: How does research work?

D: Nell’s vision also included using patient and caregiver knowledge to improve care for whole patient populations. That’s where research comes in, and it’s also what generates revenue for our company so we can provide Folia to all patients and caregivers for free.

This is also a user opt-in, and data shared with research partners is de-identified and aggregated. This means that identifiable information (names, contact information, email addresses, etc.) are never shared with third parties without an explicit study-specific consent, and datasets are reviewed by researchers as a whole (not at an individual level).

Any research initiative that matches your Folia data with other health data (like a patient registry) would require an additional opt-in so users can provide explicit permission for their data to be used in that way. We also have restrictions on what research partners can do with Folia data.

F: What types of research partnerships are we talking about?

D: Foundational to Folia is the idea that patients and caregivers have the power to transform care for themselves and the broader patient community, and that is the north star that guides how we operate and grow this company. 

We commit to only engaging in research partnerships that benefit how patients receive care. For transparency, we will publish descriptions of all active research projects, and once research projects are completed we will publish the names of the research partners as well as a summary of research results. We codified these operating principles when we launched the Data Dividends program.

F: Is Folia data ever used for other purposes?

D: Your Folia data will never be sold or shared for marketing purposes. We have received positive feedback from patients and caregivers who like learning about us and engaging with us on social media, and we have a Facebook pixel installed in our publicly accessible webpages (the www.foliahealth.com website, and the homepage of my.foliahealth.com) to help us understand how online traffic gets to our website. However no information that you enter within your Folia account (i.e. information you enter during your log-in or after) is ever shared for marketing purposes.


We invite other digital health companies to join us in setting this new standard for data privacy and transparency around data use. Join the dialogue.

 
 
 

Privacy Blog Posts