Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a Federal program that requests that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally are kept properly confidential. This Act gives you, the patient, the right to understand and control how your protected health information (“PHI”) is used. HIPAA provides penalties for covered entities that misuse personal health information.
As required by HIPAA, we prepared this explanation of how we are to maintain the privacy of your health information and how we may disclose your personal information.
We may use and disclose your medical records only for each of the following purposes: treatment, payment and health care operation.
- Treatment means providing, coordinating, or managing health care and related services by one or more healthcare providers. An example of this is a primary care doctor referring you to a specialist doctor.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collections activities, and utilization review. An example of this would include sending your insurance company a bill for your visit and/or verifying coverage prior to a any treatment.
- Health Care Operations include business aspects of running our practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis, and customer service. An example of this would be new patient survey cards
- The practice may also be required or permitted to disclose your PHI for law enforcement and other legitimate reasons. In all situations, we shall do our best to assure its continued confidentiality to the extent possible.
We may also create and distribute de-identified health information by removing all reference to individually identifiable information.
We may contact you, by phone or in writing, to provide appointment reminders or information about treatment alternatives or other health-related benefits and services, in addition to other fundraising communications, that may be of interest to you. You do have the right to “opt out” with respect to receiving fundraising communications from us.
The following use and disclosures of PHI will only be made pursuant to us receiving a written authorization from you:
• Most uses and disclosure of psychotherapy notes;
• Uses and disclosure of your PHI for marketing purposes, including subsidized treatment and health care operations;
• Disclosures that constitute a sale of PHI under HIPAA; and
• Other uses and disclosures not described in this notice.
You may revoke such authorization in writing and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your prior authorization.
You may have the following rights with respect to your PHI:
• The right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures of family members, other relatives, close personal friends, or any other person identified by you. We are, however, not required to honor a request restriction except in limited circumstances which we shall explain if you ask. If we do agree to the restriction, we must abide by it unless you agree in writing to remove it.
• The right to reasonable requests to receive confidential communications of Protected Health Information by alternative means or at alternative locations. • The right to inspect and copy your PHI.
• The right to amend your PHI.
• The right to receive an accounting of disclosures of your PHI.
• The right to obtain a paper copy of this notice from us upon request.
• The right to be advised if your unprotected PHI is intentionally or unintentionally disclosed.
If you have paid for services “out of pocket”, in full and in advance, and you request that we not disclose PHI related solely to those services to a health plan, we will accommodate your request, except where we are required by law to make a disclosure
We are required by law to maintain the privacy of your PHI and to provide you the notice of our legal duties and our privacy practice with respect to PHI.
This notice if effective as of December 19, 2014 and it is our intention to abide by the terms of the Notice of Privacy Practices and HIPAA Regulations currently in effect. We reserve the right to change the terms of our Notice of Privacy Practice and to make the new notice provision effective for all PHI that we maintain. We will post a copy and you may request a written copy of the revised Notice of Privacy Practice from our office.
You have recourse if you feel that your protections have been violated by our office. You have the right to file a formal, written complaint with the practice and with the Department of Health and Human Services, Office of Civil Rights. We will not retaliate against you for filing a complaint.
Introduction
This Privacy Policy applies to all software applications and websites (collectively the “Application(s)”) developed and/or distributed by MyDerm Portal, Inc. (“MyDerm Portal”) and licensed to designees. MyDerm Portal has created this Privacy Policy in order to disclose its use of consumer data collected through the Applications. By accessing or using the Application or any other MyDerm Portal product or service on any computer, mobile phone, tablet, console or other device (collectively, “Device”), you consent to our Privacy Policy. This Privacy Policy is effective as of December 19, 2014. Any questions regarding this policy should be directed by email to support@mydermportal.com. The following discloses MyDerm Portal’s information gathering and dissemination practices for its Application.
Information Collected and Received
Actively Submitted Data: When you use the Application or otherwise actively send data to MyDerm Portal, you are providing, and MyDerm Portal collects, data such as your name, email address(es), mailing address(es), telephone number(s), and certain health/medical information about your patients, such as symptoms, diagnoses, and treatments. In each instance, you will know what data is collected through the Applications, because you actively submit it. MyDerm Portal collects actively submitted data primarily for the purpose for which you originally submitted the data (for example, registering for a user account on the Application, utilizing the MyDerm Portal services, and requesting email, telephone, fax, or short message service (“SMS”) communications from MyDerm Portal. MyDerm Portal may also use this data internally as research data to improve service offerings, and for purposes of advertising, promoting, and informing you of services and initiatives. For further clarification, MyDerm Portal may use certain health/medical information to provide data aggregation services. Aggregation is defined as combining certain health/medical information received from multiple sources to produce data analysis for marketing and/or any other legal purpose, provided an individual cannot be personally identified.
Passively Collected Data: When you use the Application, information regarding your Device and Internet connection, such as the IP address of your Device and/or Internet service provider, the date and time you access the Application, and the Device technology you are using, are passively collected. We may utilize technology, such as cookies, to collect such information. We may also use such cookies to collect information in connection with future uses of the Application, to recognize you as a previous user and to track your activity on the Application. We reserve the right to use other technologies and navigational data collection tools (log files, server logs, or click stream). MyDerm Portal passively collects this data primarily for purposes of administering, protecting and improving the Application and systems, to better understand the preferences of Application users, to identify server problems, to compile aggregated statistics about Application usage, and to help personalize your experience when using the Application.
We do not knowingly collect or solicit personal information from children under 13 years of age. If you are under the age of 18, you should use this website only with the involvement of a parent or guardian and should not submit any personal information to us. If we discover that a person under the age of 13 has provided us with any personal information, we will use commercially reasonable efforts to delete such person’s personal information from all MyDerm Portal systems.
Global Positioning System
Global Positioning System (GPS) tracking technology may need to be enabled in MyDerm Portal products and services in order to determine the location (latitude and longitude) of users of the MyDerm Portal products and services. This information is transmitted to MyDerm Portal, MyDerm Portal’s users, and temporarily stored by MyDerm Portal. MyDerm Portal does not provide this information to any other third party.
Uses of Information
Except as described in this section, we will not disclose your personal information to any third party without notifying you of our intent to share the information and giving you an opportunity to prevent your information from being shared.
We may use your information to do the following:
Enable Your Use
§ Enhance, customize and personalize your MyDerm Portal experiences and communications;
Operate, Improve and Analyze
§ Operate, provide, improve and maintain the Application, including analyzing user behavior and trends;
§ Send you administrative messages and other information about MyDerm Portal. Communicate with you about your account information or to provide you with customer service.
MyDerm Portal reserves the right to disclose information when required by law.
MyDerm Portal occasionally uses other companies to perform services necessary to our operations. In the course of providing these services, those companies may have access to your personal information. By contractual agreement, those companies must treat your information in accordance with this Privacy Policy. However, we will not be liable for any damages that may result from the misuse of your personal information by these companies.
Security
MyDerm Portal uses industry-standard technologies when transferring and receiving consumer data exchanged between MyDerm Portal and other companies to help ensure its security. These third parties have security measures in place to protect the loss, misuse and alteration of the information under MyDerm Portal control. MyDerm Portal’s servers are backed up regularly and protected by security systems.
Links
The Application may link to third party web sites. MyDerm Portal will make reasonable efforts to link only to sites that meet similar standards for maintaining each individual’s right to privacy.
Amendments
MyDerm Portal may amend this policy at any time. If MyDerm Portal is going to use personally identifiable information collected through the Application in a manner materially different from that stated at the time of collection, MyDerm Portal will notify users via email and/or by posting a notice on the Application for thirty (30) days prior to such use. This Privacy Policy may not be otherwise amended except in a writing that specifically refers to this Privacy Policy and is physically signed by both parties.
Successors and Assigns
This Privacy Policy inures to the benefit of successors and assigns of MyDerm Portal.
Disputes: All disputes, controversies and claims from or relating to this Privacy Policy, including any subsequent updates, shall be submitted to arbitration before the American Arbitration Association (“AAA”) in accordance with the AAA Commercial Arbitration Rules. The place of arbitration shall be Austin, Texas and the proceedings shall be English. The arbitrator may award any form of individual or equitable and injunctive relief. Any award will be final and conclusive to the parties and may be entered in any court of competent jurisdiction. The parties may also plead to any court of competent jurisdiction for a temporary restraining order, preliminary injunction, or other interim relief, without breach of this paragraph and without reducing the scope of the powers of the arbitrator. You agree to the entry of injunctive relief to stop any lawsuit or to remove you as a participant in such a suit. By agreeing to this provision, you waive your right to bring, join, or participate in a class action lawsuit related to this Privacy Policy; however, you do not waive your rights or remedies to pursue an individual claim in binding arbitration. The preceding provision is an independent covenant, which you may opt out of by providing written notice of your decision within thirty (30) days of the date that you first use the Application.
Contacts
If you have any questions about this Privacy Policy, the practices of our sites, or your dealings with any MyDerm Portal Application, you can contact support@mydermportal.com. Upon request, MyDerm Portal will provide you with access to information (e.g., name, address, phone number) that MyDerm Portal collects and maintains about you. Email support@mydermportal.com or visit www.mydermportal.com to view options for changing and modifying information previously provided.
INFORMED CONSENT FOR TELEMEDICINE SERVICES
Telemedicine involves the use of electronic communications to enable health care providers to
treat patients over the internet. The information exchanged may be used for diagnosis, therapy, follow-up and/or education, and may include any of the following:
- Patient medical records
- Medical images
Electronic systems used will incorporate network and software security protocols to protect the confidentiality of patient identification and imaging data and will include measures to safeguard the data and to ensure its integrity against intentional or unintentional corruption.
Expected Benefits:
- Improved access to medical care by enabling a patient to remain in his/her residence while the physician assesses and provides treatment.
- More efficient medical evaluation and management.
Possible Risks:
As with any medical procedure, there are potential risks associated with the use of telemedicine.
These risks include, but may not be limited to:
- In some cases, even with optimal resolution images and accurate assessment questionnaires, the physician’s assessment, diagnosis, and treatment decisions may differ from that of an in-person exam and thus result in a different diagnosis and treatment plan.
- In rare cases, information transmitted may not be sufficient (e.g. poor resolution of images) to allow for appropriate medical decision making by the physician;
- Delays in medical evaluation and treatment could occur due to deficiencies or failures of the equipment;
- In very rare instances, security protocols could fail, causing a breach of privacy of personal medical information;
- In rare cases, a lack of access to complete medical records may result in adverse drug interactions or allergic reactions or other judgment errors;
By using this telemedicine application, I understand and agree to the following:
1. I understand that the laws that protect privacy and the confidentiality of medical information also apply to telemedicine, and that no information obtained in the use of telemedicine which identifies me will be disclosed to researchers or other entities without my consent.
2. I understand that I have the right to withhold or withdraw my consent to the use of telemedicine in the course of my care at any time, without affecting my right to future care or treatment.
3. I understand that I have the right to inspect all information obtained and recorded in the course of a telemedicine interaction, and may receive copies of this information for a reasonable fee.
4. I understand that a variety of alternative methods of medical care may be available to me, and that I may choose one or more of these at any time.
5. I understand that telemedicine may involve electronic communication of my personal medical information.
6. I understand that it is my duty to inform my physician of electronic interactions regarding my care that I may have with other healthcare providers.
7. I understand that I may expect the anticipated benefits from the use of telemedicine in my care, but that no results can be guaranteed or assured.
8. I understand that even with the best resolution images a telemedicine visit may not provide the same assessment and diagnostic accuracy that an in-person visit can provide.
You agree that you have read and understand the information provided above regarding telemedicine, have discussed it with my physician or such assistants as may be designated, and all of my questions have been answered to my satisfaction. By proceeding, you hereby agree to give your informed consent for the use of telemedicine in my medical care.