Effective February 1, 2018
DEARhealth and its affiliated entities (we, our or us) operate the dearhealth.com websites and various mobile applications (Sites). In operating the Sites, we collect information from present and prospective customers (including medical patients), medical professionals and other providers, healthcare plans and other users of our Sites.
This Policy explains our policies and practices regarding the collection, storage and use of certain personal information that you may provide in connection with your use of our Sites. This information includes “personally identifiable information” (PII), which is information that personally identifies you, such as your name, phone number, email address, and any other data that is tied to such information. As discussed below, this information may also include “protected health information” (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPPA) or other “Patient Data.”
The Sites are not intended to be used by children under the age of 13. As well, individuals under the age of 18 should not use any of our products or services unless they are doing so under the supervision of a parent or guardian, or medical professional.
The Information We Obtain.
We collect the information required to provide you with the information, products and services that you request, to communicate with you, and to update, promote, and distribute our products and services.
If you request information, products or services, we will ask you to provide the information required to respond to your request. You are not required to provide any information to us at any time. However, if you do not provide us with responsive information, we may be unable to provide you with the information, products or services you have requested. In some cases, your decision not to provide us with information may preclude your access to certain features and functions of our products and services.
We also obtain information by using forms posted on or linked to the Sites that seek information which may include your interests and concerns, preferences for products and services, or contact information. We also may seek information through email, and through other routine operations that we conduct in the ordinary course of operating our business.
Our Sites use common data gathering functionality, such as cookies and other devices that collect certain standard information generated by the web browsers of users of the Sites. We automatically collect and log information about you and your computer or mobile device when you visit our Sites. For example, we may log your operating system type, browser type, mobile device type, pages you viewed on a Site, how long you spent on a page on a Site, access times, your Internet protocol (IP) address, and other information about your use of and actions on the Site. If you permit it, we also may collect information about your location when you access the Site.
We do not request or collect medical information through our general website, www.dearhealth.com However, we provide certain web-based services, such as myportal.dearhealth.com, that involve access to, and the processing of, medical information concerning patients (Patient Data), which may include PHI. This information is provided to us by: (i) medical professionals who have obtained consent of the patient to provide us with patient information; or (ii) by the patient.
Authorized users of our products and services may use the sections of the Sites reserved for their use (login required) solely as provided in their respective agreements. We request information from authorized users to authenticate them and verify that their use of the products, service or information resources is authorized.
Promotional offers are governed by their terms and conditions. We may request information from those responding to offers to determine eligibility and to process and fulfill eligible responses.
How We Use Your Information.
We use the information we obtain from you:
- To provide products, services and information resources;
- To develop new and updated products, services and information resources;
- To administer and secure the Sites and our products, services and information resources; and
- To communicate with you concerning our products, services and information resources, which may include marketing and promotional activities (including the processing and fulfillment of promotional offers).
We may use and disclose aggregated information derived from our operations for a variety of development, promotional, communications, and other business purposes, provided that it does not disclose PII, PHI or other Patient Data.
Storage of Information
As do many online providers, we store and process our data, including the information you provide to us, on servers owned and maintained at facilities operated by Amazon Web Services (AWS). Further information about AWS data privacy practices can be accessed at https://aws.amazon.com/compliance/data-privacy-faq/. By using our Sites, you consent to the transfer and storage of your information to AWS.
Disclosure of Information.
The information we obtain in connection with your use of the Sites is not sold, rented, or otherwise disclosed to any person or entity except as this Policy states.
Third Party Links.
The Sites may contain links to third party sites to provide additional, value added services or for purposes of communication with such third parties (such as patient-physician communications). We are not responsible for the privacy practices of third party sites and strongly encourage you read and understand the privacy policies that apply to such sites.
Certain information provided to us, including certain Patient Data, may be Protected Health Information (PHI), as that term is defined in the HIPPA, and subject to HIPAA, the American Recovery and Reinvestment Act (“ARRA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and related regulations.
If you provide PHI in order to obtain services, you grant to us a non-exclusive, perpetual, irrevocable, royalty-free right and license to use, for any lawful business purpose, de-identified patient and administrative data (“De-Identified Use Data” as defined under HIPAA (45 C.F.R. § 165.514)) collected or provided through your use of the Sites, provided that such data is anonymized and aggregated. Such purposes may include, but are not limited to, benchmarking, analysis on effectiveness of treatment plans, or research. Should we choose to place the De-Identified Use Data in a database or otherwise incorporate such data in studies or analyses we conduct, no such data shall be identified as originating from you, your patients, your members or physicians. The De-Identified Use Data will not be utilized in any study, report or publication without first being integrated with a significant body of other data such that neither you, your patients, your members or physicians can be identified, unless advance written consent to such identification is obtained.
We use appropriate security measures to protect the information we obtain from unauthorized alteration, loss, disclosure, or use, including technological, physical and administrative controls over access to the systems used to provide the Sites and our products and services. For example, we restrict access to particular systems and information to those employees and independent contractors whose duties require them to have it. To obtain this access, employees and independent contractors are required to agree not to: (a) disclose that information; or (b) use their access or any confidential information except to exercise their rights or discharge their obligations under their respective agreements. We also encrypt communications when PII or PHI is requested or collected from the user of a Site.
Access and Changes to Information; Deletion of Information.
Authorized users of our products, services, and information resources have access to the information we store about them, and may change that information at no charge, subject to the terms of their respective agreements with us. Certain services we provide may reflect Patient Data as it appears in medical records maintained by the patient’s medical professionals or providers, and must be changed through those professionals or providers. We may retain the information we obtain for a period sufficient to provide the requested products and services, as necessary to comply with our legal obligations, and as our management deems appropriate.
Our Sites are intended for use by residents of the United States. If you are located outside the United States and choose to provide information to us, you should be aware that your information, including PII and PHI, will be transferred to, stored in and processed in the United States. Your consent to this Policy followed by submission of your information represents your agreement to that transfer.
Do Not Track Signals
Our Sites do not track users over time and across third party websites to provide targeted advertising, and so do not respond to Do Not Track (DNT) signals.
Changes to this Policy
We reserve the right to update or modify our Policy at any time and you should review the Policy from time to time. Your continued use of the Sites after we post any modifications to the Policy constitutes your acknowledgement of the changes and your agreement to them.
If you are an authorized user of a Site and we make any material changes to the Policy applicable to that Site, we will notify you either through the email address you have provided or by placing a prominent notice on that Site.
Compliance, Questions and Concerns.
Any questions or concerns concerning the Policy should be directed to firstname.lastname@example.org.
Any complaints will be acknowledged, investigated, and resolved between us and the parties concerned when possible, and will be reported to governmental authorities as required by applicable law or otherwise appropriate.