Updated as of February 15, 2017
Acceptance of Terms
We collect certain information from and about our users in three ways:
- directly from our web server logs
- with cookies
- from you and our other users
Web Server Logs
When you access or use our Services, we may track information to administer our Services and analyze its usage. Examples of information we may track include:
- Your Internet protocol address
- The kind of browser or computer you use
- Number of links you click within our Services
- State or country from which you accessed our Services
- Date and time of your visit
- Name of your Internet service provider
- Third party websites you linked to from our Services
- Pages or information you viewed on our Services
We use this information to analyze trends, administer and improve our Services, and monitor traffic and usage patterns for information security purposes and to help make our Services more useful.
Cookies and Web Beacons
A “cookie” is a small text file that may be transferred to your computer’s hard drive in order to personalize our services for you and to collect aggregate, non-personal information regarding usage of our Services by all of our users. Each computer is assigned a different cookie that contains a random, unique number. The cookie does not contain personally identifiable information. Our Services uses two different types of cookies: a “session” cookie, which is required to track a user session, for example, and which expires shortly after the session ends), and a “persistent” cookie, used to track unique visits to the Portal (defined below), as well as how the user arrived at the Portal (for example, through an email link or from a referral link), and the type of user (patient, provider, etc.). So that users are not counted twice, this cookie can “persist” anywhere from six months to two years.
Your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. If you reject our cookie, this may disable some of the functionality of our Services and you may not be able to use certain services.
Cookies cannot be used to run programs or deliver viruses to your computer. One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a web page, or navigate within a website, a cookie helps the website to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content and eases website navigation by providing and saving your preferences and login information as well as providing personalized functionality.
A “web beacon,” “clear GIF,” “web bug,” or “pixel tag” is a tiny graphic file with a unique identifier that is similar in function to a cookie, but would allow us to count the number of users that have visited certain pages or screens of our websites, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, web beacons can tell the sender whether and when the email has been opened. In contrast to cookies, which may be stored on your computer’s hard drive, web beacons are typically embedded invisibly on pages or screens.
We reserve the right to share aggregated site statistics monitored by cookies and web beacons with our affiliates and partner companies.
Email communications that you send to us via the email links on our Services may be shared with a customer service representative, employee, medical expert or agent that is most able to address your inquiry. We make every effort to respond in a timely fashion once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry.
The email functionality on our Services does not provide a completely secure and confidential means of communication. It is possible that your email communication may be accessed or viewed by another Internet user while in transit to us. If you wish to keep your communication private, do not use our email.
We may send certain messages, including electronic newsletters, notification of account statuses, and marketing communications on a periodic basis. If you wish to be removed from such messages, you may request to discontinue future ones. All such material will have information as to how to opt-out of receiving it, although certain messages (such as a secure message sent by a doctor or an account status update), may be required and will not have opt-out capabilities.
Third Party Advertising
We may allow third party advertising companies to serve ads when you access or use our Services. These companies use non-personally identifiable information regarding your access and use of our Services and other websites, such as the user IP address, pages viewed, date and time of your visit, and number of times you have viewed an ad (but not your name, address, or other personal information), to serve ads to you on our Services and other websites that may be of interest to you. In the course of serving advertisements to our Services, our third party advertiser may place or recognize a unique cookie on your browser. In addition, we may use clear GIFs or pixel tags to help manage our online advertising. These clear GIFs enable our ad serving company to recognize a browser’s cookie when a browser visits our Services. This allows us to learn which banner ads bring users to our Services. The information we collect and share through this technology is not personally identifiable.
Additional Privacy Policies for Portal, Demos, and API
Additional Privacy Policies for Portal, Demos, and API
As a service to some customers, we may also provide Portals, Demos or API to offer some customers additional features which may include secure, private access to their own records, as well as certain internet-based services which may include, among other things, assistance in finding a doctor, assistance in scheduling appointments, the ability to register for classes and pre-register for procedures, making payment for medical services rendered, and health and patient education materials (“Portal”). If you use any of our Services that include a Portal, Demo and/or API the following additional privacy terms and protections apply.
Protected Health Information and Personally Identifiable Information
Our Services may include pages that give you the opportunity to provide us with personal identifying information (“PII”) about yourself. If you choose not to provide this information, it may limit your ability to use certain functions of the site and/or request certain services or information. The Portal can provide you with access to some of your medical records. When you seek access to those records on the Portal, we need to confirm it is you so we ask you for information such as your name and email or physical address and other information such as your date of birth (which we may also use to make sure you are eligible to use the Portal in accordance with the Terms) and the answers to “secret questions” to which only you know the answers. This information may be used to help administer your user account and in managing your account. We may need to ask you for the information again when you sign in from a new device.
We may ask for information about your location and medical needs to assist with finding a physician, and may collect and pass on information to assist you in scheduling appointments, registering for classes and pre-registering for procedures.
In collecting your PII, our Services may also collect PHI. Just as we strive to protect your PII we are committed to protecting your PHI. If there is a breach of your PHI, we are required by law to notify you. Your PHI will remain confidential, and will only be disclosed to you or your personal representative, unless otherwise required by state or federal law. In all circumstances, unless otherwise required by law, we will obtain your written authorization before using or disclosing your PHI. This protection extends to PHI that is oral, written, or electronic.
How Else May Your Information Be Used And Disclosed?
In addition to the uses and disclosures of information outlined above, your information may also be used and disclosed as follows:
- If another individual is managing your account on your behalf (for example, a mother managing the account of her son), as authorized by you or as a personal representative under applicable law, that person can view all of your information in the Portal.
- We may use your information to send you surveys.
- Your healthcare providers may have access to your information for scheduling and healthcare services.
- We may use your information to respond to and fulfill your orders and requests.
- We may send you appointment reminders through messages or other alerts on the Portal.
- We may share information with marketing, treatment or health care operations support partners, who are also required to protect the confidentiality of your information, that will enable them to send you targeted messages or serve you targeted advertising, which will occur with your authorization or otherwise in compliance with HIPAA and other applicable laws.
- We may assign the information we have about you, including PII, in the event that all or part of our assets are sold or acquired by another party, including all or substantially all of our websites, or in the event of a merger for the same.
- We may use or disclose your information as required or allowed by applicable law.
Third Party Websites and Payments
What can I do to protect my Privacy?
In order to protect your privacy, you should:
- Never share your username or password.
- Always sign out when you are finished using the Portal.
- Use only secure web browsers.
- Employ common anti-virus and anti-malware tools on your system to keep it safe.
- Use a strong password with a combination of letters and numbers.
- Change your password often.
- Notify us immediately if you feel your login and/or password have been compromised at email@example.com.
Please note that if you share your Portal username and password with another person, this will allow that person to see your confidential medical record information. We have no responsibility concerning any breach of your confidential medical record information due to your sharing or losing your user name or password.
Children May Not Use the Portal
We will never ask for or knowingly collect information from children, if you are a child under the age of 13, you are not permitted to use this service and should immediately exit our Services or get an adult. Consistent with the Children’s Online Privacy Protection Act, we will not knowingly collect any information from children under the age of 13. Parents of un-emancipated minors may set up accounts for themselves to access their children’s medical records only as permitted pursuant to the Terms governing the Portal. If you think that we have collected personal information from a child under the age of 13 through this Portal, please contact us at firstname.lastname@example.org and we will dispose of the information.
What if I am accessing this Portal from outside of the United States?
If collected, we will take reasonable measures to protect the confidentiality of Social Security numbers and limit access to those with a need for such information. We prohibit the unlawful disclosure of Social Security numbers.
Your California Privacy Rights
Under California Law, California residents have the right to request in writing from businesses with whom they have an established business relationship, (a) a list of the categories of personal information, such as name, e-mail and mailing address and the type of services provided to the customer, that a business has disclosed to third parties (including affiliates that are separate legal entities) during the immediately preceding calendar year for the third parties’ direct marketing purposes; and (b) the names and addresses of all such third parties. To request the above information, please contact us at email@example.com with a reference to California Disclosure Information.
We will endeavor to respond to such requests to information access within 30 days following receipt at the e-mail address stated above. If we receive your request at a different e-mail address, we will respond within a reasonable period of time, but not to exceed 150 days from the date received. Please note that we are only required to respond to each customer once per calendar year.