Last updated [06/26/2017]
For Patients: ethizo’s patient portal allows patient end users to gather, edit, supplement, store, and track certain health care data. It also allows patients to communicate directly with their health care providers. Your health care provider will have provided you with certain privacy notices and practices that allow the health care provider to share your medical information via the Software. DocToMe’s access to your health care data is made available through a separate agreement between your health care provider and DocToMe.
For Health Care Providers: The Software’s provider portal allows health care providers and their team members to enter, edit, view, and share patient related data. It also allows health care providers to communicate with team members and patients. All access and use of this data is subject to the privacy notices and practices legally required of health care providers with respect to patient health information. Health care providers are responsible for determining uses and disclosures of patient medical information maintained in the Software, in accordance with their legal and professional responsibilities as health care professionals and state and federal medical privacy laws, including the federal Health Insurance Portability and Accountability Act (“HIPAA”).
HOW PATIENTS CAN USE AND SHARE THEIR INFORMATION
Patients can use and share the information made available about them on ethizo with their health care providers and others, as follows:
Please note that every end user has certain responsibilities when they share or access information via ethizo. When you provide Personal Information about other people, you represent that you have the authority to do so. If you give other people your username and password, it is your sole responsibility to keep that information secure. If you authorize use of your account by another person, you are in charge of deciding how much access that person has to your information.
HOW HEALTH CARE PROVIDERS USE PATIENT INFORMATION VIA ethizo
A patient’s Personal Information is collected by their care team as per guidelines described in the privacy policies provided to a health care provider, and with approval and under supervision of a health care provider. Collection, recording and sharing of a patient’s Personal Information under supervision by a health care provider means that the health care provider and his/her staff can collect, record and share a patient’s Personal Information using the Software.
A Patient’s health care provider may also communicate with the patient through ethizo or other means enabled by the Software, such as through text messages, push notifications, video communication, or in-app messaging.
HOW DOCTOME USES INFORMATION
DocToMe’s mission is to help patients manage health information in coordination with their health care providers. To accomplish this, DocToMe must collect certain information, including personal information, about patients and health care providers. When we say “Personal Information,” we mean information that alone or in combination with other information may be used to readily identify, contact, or locate a specific person, such as: name, address, email address, phone number, medical records or certain other health data, insurance information, and financial information. DocToMe does not collect or transmit Personal Information, except as indicated herein.
DocToMe may utilize Personal Information (which in some instances may include protected health information, or “PHI” as defined under privacy laws) on a limited basis as necessary to provide the services, including the following uses and disclosures:
DocToMe will maintain aggregate information regarding usage of the ethizo patient portal for product improvement purposes, but that data will not identify individual patients. Please note that we do not consider Personal Information or PHI to include information that has been anonymized so that it does not allow a third party to identify a specific individual.
AUTOMATICALLY COLLECTED INFORMATION AND ANONYMOUS INFORMATION
HOW WE MAY SHARE YOUR PERSONAL INFORMATION (NOT INCLUDING PHI)
DocToMe will not rent or sell any Personal Information, though we may provide Personal Information of patients to third parties only as per direction from the patient’s health care provider. We do not share Personal Information with other people or nonaffiliated companies for their direct marketing purposes, unless we have the end user’s permission. We may also share Personal Information as follows:
HOW WE MAY SHARE YOUR PROTECTED HEALTH INFORMATION
In some cases, it may be necessary for a patient end user to allow us to use PHI to facilitate or improve the Software.
WHEN DOCTOME USES YOUR PHI TO FACILITATE OR IMPROVE THE SOFTWARE WITHOUT DIRECTION FROM YOUR HEALTH CARE PROVIDER, IT WILL ALWAYS BE ANONYMIZED PRIOR TO TRANSFER TO A THIRD PARTY.
We may share aggregate or de-identified data with third parties for any purpose.
MODIFYING OR CLOSING YOUR ACCOUNT
An end user may change the settings in its account at any time.
Information related to a health record provided by a health care provider can only be modified or deleted by a health care provider. Any patient request for modification or deletion of a health care record must be made directly to the health care provider.
If an end user no longer desires to use the Software, it may close the account by sending us an email to firstname.lastname@example.org. After an account is closed, an end user will not be able to sign in or access any information. However, a patient’s health care provider is required to retain a patient’s Personal Information and/or PHI for six years as required by law and described in detail in Business Associate Agreement (“BAA”) between DocToMe and the health care provider. A patient end user can open a new account at any time through its health care provider.
We may retain and use your information as described in “Data Retention” below. Please note: if you have provided or shared information to third parties, retention of that information will be subject to those third parties’ policies and practices.
We take steps to ensure that information is treated securely and in accordance with this Policy. DocToMe strictly follows HIPAA/HITECH guidelines and regulations as described in the BAA between DocToMe and a health care provider. Unfortunately, neither the Internet nor any form of electronic storage can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us. We do not accept liability for any unintentional disclosure. DocToMe has a BAA with every health care provider that utilizes the Software. The BAA provides details about DocToMe’s responsibilities in case of an information security breach.
By using ethizo or providing an email address to us, the end user agrees that we may communicate with him or her electronically regarding security, privacy, and administrative issues relating to their use of the Software.
We will retain your information for as long as an account is active or as needed to provide the end user the Software and as per data retention polices described in the BAA between DocToMe and a health care provider. We will retain and use an end user’s information as necessary to comply with our legal obligations, prevent fraud or abuse, resolve disputes, enforce our agreements, or take other actions permitted by law. Anonymous or aggregated information that does not identify you personally may be retained indefinitely.
We do not knowingly collect, maintain, or use Personal Information or PHI from children under 13 years of age and no part of the Software is designed for or directed to children under the age of 13. If you learn that your child has provided us with Personal Information or PHI without your consent, you may alert us at email@example.com. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate any account created by such children.
If you are the parent or guardian of a child under the age of 13, you may choose to manage your child’s health information through your ethizo account.
If you are visiting or using the Software from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to processing globally. By providing your information, you consent to any transfer and processing in accordance with this Policy.
If you have questions or comments about this Policy, please email us at firstname.lastname@example.org.
Copyright © 2017 by DocToMe Inc.