PLEASE READ THIS PRIVACY POLICY CAREFULLY.
MyTabiCare ("MyTabiCare," "we," "us," or "our") is a U.S.-based digital care giving management and family support platform providing tools for care coordination, well-being tracking, and secure communication ("Features"). MyTabiCare App and mytabicare.com and https://tabitharm.com are owned and operated by Tabitha Resource Management, LLC.
We are committed to protecting your privacy, safeguarding Personal Information, and ensuring the confidentiality, integrity, and availability of Protected Health Information ("PHI") entrusted to us, in compliance with the Health Insurance Portability and Accountability Act ("HIPAA"), applicable Illinois laws, other U.S. federal and state privacy requirements.
This policy is also intended to comply with applicable Global Privacy Principles, the General Data Protection Regulation (GDPR), UK GDPR, the Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable Canadian provincial privacy legislation.
By creating an account, accessing the Platform, or using the Features, you acknowledge you have read and understood this Privacy Policy. If you do not consent to the provisions set forth in this Privacy Policy, DO NOT use this Site.
MyTabiCare is committed to maintaining strong privacy and data protection practices for users worldwide. The platform follows privacy and security safeguards consistent with internationally recognized regulatory frameworks.
MyTabiCare follows the security and privacy safeguards established under the Health Insurance Portability and Accountability Act (HIPAA), including:
These safeguards guide how MyTabiCare protects health-related information through administrative, technical, and physical security measures.
For users located in the European Union and the United Kingdom, MyTabiCare applies privacy practices consistent with the principles of the General Data Protection Regulation (GDPR) and UK GDPR, including:
For users located in Canada, MyTabiCare follows privacy practices consistent with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. These practices include:
Across all regions where the platform operates, MyTabiCare implements privacy protections based on widely recognized global privacy principles, including:
MyTabiCare continuously reviews its privacy and security practices to align with evolving international privacy regulations and best practices.
We implement appropriate administrative, physical, and technical safeguards to protect electronic Protected Health Information ("ePHI"). Because MyTabiCare stores, transmits, and processes Electronic Protected Health Information ("ePHI"); we maintain administrative, technical, and physical safeguards consistent with HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles, as described below.
When you use the Services in a manner that requires PHI processing, MyTabiCare may enter into a Business Associate Agreement ("BAA") where legally required.
MyTabiCare is NOT a covered entity itself. But is sometimes a Business Associate by providing services to a covered entity. In all our services, including consumer services where HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles does not apply, we still closely follow HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles rules to ensure the highest security and privacy to keep your data safe.
Our safeguards include:
This Privacy Policy applies to information collected through the MyTabiCare Platform (web, mobile, connected Features), PHI collected, stored, processed, or transmitted in connection with care coordination, non-PHI Personal Information collected from users, family members, and caregivers and information submitted through communications, support, or other interactions with us.
This Privacy Policy does NOT apply to offline data collection, third-party websites linked from our Platform, information processed by unaffiliated providers, caregivers, or individuals not contracted by MyTabiCare and actions taken by other users who receive your shared information. This Privacy Statement does not reflect the privacy practices of those sites, and you should consult the privacy policies of those sites to learn about their practices.
MyTabiCare does not knowingly collect information from children under age 13, and persons under age 18 may use the Platform only with the consent of a parent/guardian.
Parents or guardians may contact us to request deletion of a child's information.
We collect information in three primary categories:
"Personal Information" means information that identifies, relates to, describes, or can reasonably be linked to an individual user.
Examples include name, email address, telephone number, mailing address, login credentials, payment details (processed via secure third-party processors) and communication preferences.
PHI is collected only when MyTabiCare acts as a HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles "Business Associate" for users, families, payers, or providers.
PHI may include information related to a care recipient ("Loved One"), such as medical conditions or diagnoses, medication schedules, adherence, and health tasks, well-being metrics (hydration, nutrition, vitals, notes, daily observations), appointments, assessments, and care plans, uploaded documents containing PHI and information shared by family and caregivers.
MyTabiCare stores and transmits PHI only in encrypted, HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles-compliant environments.
If you contact us for customer support, we may ask you to provide information about your computer or mobile device or about the issues you are trying to resolve. This information is necessary to help us answer your questions. We may record your requests and our responses for quality control purposes.
For some of the Features, we may make chat rooms, forums, message boards, or news groups available to you. Please remember that any information disclosed in these areas is public. You should exercise caution when disclosing Personal Information in these areas, as this information is made available to other users. Do not disclose information in these public forums that might be considered confidential or proprietary or that you do not wish to be publicly available or that you are prohibited from disclosing.
This includes technical and usage information such as IP address, device type, operating system, browser type, click-stream activity, pages viewed, time spent, mobile device identifiers and aggregate usage trends.
NPI does not identify an individual unless combined with PI or PHI.
We collect information in the following ways:
When you create an account, create or update a Loved Ones profile, enter notes or care data, upload documents or files, complete forms, surveys, or questionnaires, communicate with support and participate in community features.
Through cookies, web server logs, analytics tools, device identifiers, session tracking, and performance monitoring tools.
Such as family caregivers, professional caregivers, health care providers, payment processors and integrations or connected apps (with your authorization).
You agree you will not provide us with information about any individual unless you are legally authorized to do so.
We do not share information provided by you that is personally identifiable with others unless we say so in this Privacy Statement, where we are otherwise required by law or contract to do so or where you give us permission.
MyTabiCare uses PI, PHI, and NPI to:
We may use PHI for:
We do not use PHI for marketing without explicit authorization.
We may use PI (but not PHI without authorization) to:
If you do not wish to receive offers related to additional products and services that may be of interest to you, you will have an opportunity to unsubscribe from future mailings or communications.
We use various data elements to detect:
Where applicable, we rely on the following legal bases for processing personal data:
We DO NOT sell PI or PHI. We may disclose information in the following ways:
You may grant access to family members, caregivers, providers and other authorized parties. MyTabiCare is not responsible for actions taken by individuals to whom you voluntarily grant access.
We share PHI only with HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles-compliant vendors who provide secure hosting, process payments, provide analytics, deliver customer support tools and provide secure communication or file storage.
All vendors handling PHI sign Business Associate Agreements (BAAs).
If MyTabiCare is involved in merger, acquisition, asset transfer and bankruptcy, PHI will be transferred only as allowed by HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles and applicable law.
We may disclose PI or PHI when required to comply with federal or state law, respond to subpoenas or legal process, prevent fraud or abuse, and protect the rights, safety, and property of users and law enforcement obligations.
HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles limit what information may be shared in these situations.
MyTabiCare uses cookies and similar technologies to recognize users, maintain session state, save preferences, improve functionality and support analytics.
We honor browser "Do Not Track" signals where technically feasible.
You may decline certain cookies, but portions of the Platform may not function properly.
MyTabiCare uses administrative, physical, and technical safeguards meeting or exceeding HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles requirements, including encryption of PHI in transit and at rest, access controls and identity management, secure hosting environments, intrusion detection and monitoring, audit logs and access tracking, regular penetration testing and role-based access permissions.
Despite these measures, no method of electronic transmission is 100% secure.
In the event of a personal data breach that may pose a risk to individuals, we will notify affected individuals and applicable regulatory authorities as required by law.
Notification timelines may vary depending on jurisdiction.
We retain PI and PHI only for as long as necessary to provide the Features, meet contractual or legal obligations, maintain accurate audit logs and comply with HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles and applicable state laws.
Users may request deletion of PI or PHI, subject to legal retention requirements.
Depending on your role and applicable law, you may have rights to access PI or PHI, correct inaccuracies, request deletion (where permitted by HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles), request restriction of PHI, receive an accounting of disclosures and revoke authorizations, request data portability and withdraw consent where processing is based on consent.
We will respond to all valid requests within required timeframes. Requests may be submitted using the contact information listed below.
For Canadian Residents: Additional rights may apply under provincial privacy legislation, including Quebec's Act Respecting the Protection of Personal Information in the Private Sector.
We may send service updates, Feature announcements and educational content.
We do not use PHI for marketing without a signed HIPAA, GDPR, UK GDPR, PIPEDA and Global Privacy Principles authorization.
Users may opt out of marketing communications at any time.
You agree to maintain the confidentiality of your login credentials, only upload information you are authorized to share, not misuse the Platform to upload unlawful, harmful, or unpermitted content, and immediately notify us of unauthorized access.
Our Platform may contain links to third-party sites. We do not control, endorse, or guarantee their privacy practices. You are encouraged to review their policies separately.
MyTabiCare is operated in the United States and other countries. Data may be stored on servers in the U.S. or other territories and is subject to U.S. laws, including HIPAA, GDPR, UK GDPR, PIPEDA, and Global Privacy Principles. Those who choose to access this site from other locations access the Site on their own initiative and are responsible for compliance with local laws.
If you access or use the MyTabiCare mobile application on a device running Apple's iOS operating system, the following terms apply:
This application is licensed to you, not sold, for use only under the terms of this Agreement and in accordance with the usage rules set forth in the Apple App Store Terms of Service. Your use of the iOS version of the application is additionally subject to Apple's Standard End User License Agreement ("Standard EULA"), which is incorporated herein by reference.
You may review the Standard EULA at the following link: https://www.apple.com/legal/internet-services/itunes/dev/stdeula/
In the event of any conflict between this Agreement and the Standard EULA, the Standard EULA shall govern solely with respect to your use of the application on Apple-branded devices.
We may update this Privacy Policy periodically to reflect changes in our services and policies. When changes occur, we will revise the "Effective Date" at the top of this document.
We encourage you to review this Privacy Policy periodically to be informed of how we are protecting your information.
Individuals located in certain jurisdictions may lodge complaints with their local data protection authority.
If you have questions or wish to exercise your rights, contact us at:
MyTabiCare Privacy Office
Email: privacy@mytabicare.com
Address: 2501 Chatham Rd, Suite R
Springfield, IL 62704, USA
MyTabiCare keeps you connected to the care you trust
anytime, anywhere
