Last updated [06/26/2017]
For Patients: ethizo’s patient portal allows patient end users to gather, edit, supplement, store, and track certain health care data. It also allows patients to communicate directly with their health care providers. Your health care provider will have provided you with certain privacy notices and practices that allow the health care provider to share your medical information via the Software. DocToMe’s access to your health care data is made available through a separate agreement between your health care provider and DocToMe.
For Health Care Providers: The Software’s provider portal allows health care providers and their team members to enter, edit, view, and share patient related data. It also allows health care providers to communicate with team members and patients. All access and use of this data is subject to the privacy notices and practices legally required of health care providers with respect to patient health information. Health care providers are responsible for determining uses and disclosures of patient medical information maintained in the Software, in accordance with their legal and professional responsibilities as health care professionals and state and federal medical privacy laws, including the federal Health Insurance Portability and Accountability Act (“HIPAA”).
HOW PATIENTS CAN USE AND SHARE THEIR INFORMATION
Patients can use and share the information made available about them on ethizo with their health care providers and others, as follows:
- Patients can add Personal Information to their accounts, such as their address, phone number, date of birth, a profile photo, gender, blood type, health conditions, medications, allergies, and body measurements.
- Patients can upload important documents to their ethizo health profiles, such as medical, lab, insurance, legal, and other documents. Patients may also choose to include Personal Information about others in their profiles by providing DocToMe with names and contact information for emergency contacts and health care providers.
- Patients can manage their family’s records in the same ethizo account. When a patient adds a family member, the patient may choose to provide Personal Information about them as the patient builds a health profile.
- Patients can also allow family members or others to log in to their ethizo account using patient’s own email and password. Upon approval by the health care provider, your family member or other party will be granted access to your Personal Information. If you are a patient end user, and you allow a family member to log in to your account, you may select settings to control what information they can see. These settings can be changed by the patient at any time.
- Patients can create individual ethizo accounts for their family members or others. If a patient creates an account for a family member or other person, this information is transmitted to your health care provider.
- If a patient chooses to request health records, the health care provider will ask the patient to provide Personal Information as needed to complete a request form that complies with HIPAA requirements. Such Personal Information may include a Social Security number.
Please note that every end user has certain responsibilities when they share or access information via ethizo. When you provide Personal Information about other people, you represent that you have the authority to do so. If you give other people your username and password, it is your sole responsibility to keep that information secure. If you authorize use of your account by another person, you are in charge of deciding how much access that person has to your information.
HOW HEALTH CARE PROVIDERS USE PATIENT INFORMATION VIA ethizo
A patient’s Personal Information is collected by their care team as per guidelines described in the privacy policies provided to a health care provider, and with approval and under supervision of a health care provider. Collection, recording and sharing of a patient’s Personal Information under supervision by a health care provider means that the health care provider and his/her staff can collect, record and share a patient’s Personal Information using the Software.
A Patient’s health care provider may also communicate with the patient through ethizo or other means enabled by the Software, such as through text messages, push notifications, video communication, or in-app messaging.
HOW DOCTOME USES INFORMATION
DocToMe’s mission is to help patients manage health information in coordination with their health care providers. To accomplish this, DocToMe must collect certain information, including personal information, about patients and health care providers. When we say “Personal Information,” we mean information that alone or in combination with other information may be used to readily identify, contact, or locate a specific person, such as: name, address, email address, phone number, medical records or certain other health data, insurance information, and financial information. DocToMe does not collect or transmit Personal Information, except as indicated herein.
DocToMe may utilize Personal Information (which in some instances may include protected health information, or “PHI” as defined under privacy laws) on a limited basis as necessary to provide the services, including the following uses and disclosures:
- Account creation: An end user must provide Personal Information such as name, email address, and a password to create an account. This will allow DocToMe to connect patients and their health care providers, and for patients, is done in coordination with their health care providers.
- Communication: We may send email to the email address an end user provides to us to verify an account and for informational and operational purposes, such as account management, customer service and system maintenance.
- Customization: We use information we collect through the Software to customize an end user’s ethizo experience.
- Organization: We may organize information and patient data at the request of the health care provider.
- Other Services: A patient may choose to link its ethizo account to certain other services or devices, such as calendars, wearables, scales, fitness trackers, or other health monitoring devices, and DocToMe may collect information related to patient’s use of such services or devices. When these services or devices are administered by a third party, the information practices and policies for those services or devices are the responsibility of that third party.
- Questions: If an end user contacts DocToMe with questions and requests, we may collect information from the end user in order to provide assistance.
DocToMe will maintain aggregate information regarding usage of the ethizo patient portal for product improvement purposes, but that data will not identify individual patients. Please note that we do not consider Personal Information or PHI to include information that has been anonymized so that it does not allow a third party to identify a specific individual.
AUTOMATICALLY COLLECTED INFORMATION AND ANONYMOUS INFORMATION
- Cookies: A cookie is a small text file that may be stored on the hard drive of a computer or device when you access a website. When you visit ethizo, we may assign your device one or more cookies to facilitate access to our Software and to personalize your experience. You may refuse the service of cookies to your device or delete any existing cookies by changing your browser preferences. As the means by which you can do this vary from browser to browser or device, please refer to your browser’s help menu or device setting for more information. If you refuse or delete cookies, you may not be able to take advantage of all features and functionality of ethizo.
- Information collected automatically: We may automatically collect information from your browser or device when you use ethizo. This information may include an IP address, device identifier, your browser type, access times, the content of any undeleted cookies your browser received from us, and other non-personally identifiable information that can help us optimize the Software.
HOW WE MAY SHARE YOUR PERSONAL INFORMATION (NOT INCLUDING PHI)
DocToMe will not rent or sell any Personal Information, though we may provide Personal Information of patients to third parties only as per direction from the patient’s health care provider. We do not share Personal Information with other people or nonaffiliated companies for their direct marketing purposes, unless we have the end user’s permission. We may also share Personal Information as follows:
- With permission: We may share Personal Information or other information about an end user with third parties at end user’s permission or direction, including when a patient or health care provider directs us to send information to a health care provider.
- Service providers: We may share any information we receive with vendors and service providers retained to help us provide or improve the Software.
- As required by law and similar disclosures: We may access, preserve, and disclose end user Personal Information, other account information, and content if we believe doing so is required or appropriate to: comply with law enforcement requests and legal process, such as a court order or subpoena; defend against legal claims; respond to end user requests; protect the rights, property, and safety of end users, DocToMe, or others; or as otherwise required by law.
- In connection with a merger, sale, or other asset transfer: If we are involved in a merger, acquisition, financing, reorganization, or other substantial corporate transaction, or in the unlikely event of bankruptcy, any information we possess, including Personal Information, may be shared, sold, or transferred as part of such a transaction as permitted by law and/or contract. In such cases, we cannot control how other entities may use or disclose such information.
HOW WE MAY SHARE YOUR PROTECTED HEALTH INFORMATION
In some cases, it may be necessary for a patient end user to allow us to use PHI to facilitate or improve the Software.
WHEN DOCTOME USES YOUR PHI TO FACILITATE OR IMPROVE THE SOFTWARE WITHOUT DIRECTION FROM YOUR HEALTH CARE PROVIDER, IT WILL ALWAYS BE ANONYMIZED PRIOR TO TRANSFER TO A THIRD PARTY.
We may share aggregate or de-identified data with third parties for any purpose.
MODIFYING OR CLOSING YOUR ACCOUNT
An end user may change the settings in its account at any time.
Information related to a health record provided by a health care provider can only be modified or deleted by a health care provider. Any patient request for modification or deletion of a health care record must be made directly to the health care provider.
If an end user no longer desires to use the Software, it may close the account by sending us an email to firstname.lastname@example.org. After an account is closed, an end user will not be able to sign in or access any information. However, a patient’s health care provider is required to retain a patient’s Personal Information and/or PHI for six years as required by law and described in detail in Business Associate Agreement (“BAA”) between DocToMe and the health care provider. A patient end user can open a new account at any time through its health care provider.
We may retain and use your information as described in “Data Retention” below. Please note: if you have provided or shared information to third parties, retention of that information will be subject to those third parties’ policies and practices.
We take steps to ensure that information is treated securely and in accordance with this Policy. DocToMe strictly follows HIPAA/HITECH guidelines and regulations as described in the BAA between DocToMe and a health care provider. Unfortunately, neither the Internet nor any form of electronic storage can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us. We do not accept liability for any unintentional disclosure. DocToMe has a BAA with every health care provider that utilizes the Software. The BAA provides details about DocToMe’s responsibilities in case of an information security breach.
By using ethizo or providing an email address to us, the end user agrees that we may communicate with him or her electronically regarding security, privacy, and administrative issues relating to their use of the Software.
We will retain your information for as long as an account is active or as needed to provide the end user the Software and as per data retention polices described in the BAA between DocToMe and a health care provider. We will retain and use an end user’s information as necessary to comply with our legal obligations, prevent fraud or abuse, resolve disputes, enforce our agreements, or take other actions permitted by law. Anonymous or aggregated information that does not identify you personally may be retained indefinitely.
We do not knowingly collect, maintain, or use Personal Information or PHI from children under 13 years of age and no part of the Software is designed for or directed to children under the age of 13. If you learn that your child has provided us with Personal Information or PHI without your consent, you may alert us at email@example.com. If we learn that we have collected any Personal Information from children under 13, we will promptly take steps to delete such information and terminate any account created by such children.
If you are the parent or guardian of a child under the age of 13, you may choose to manage your child’s health information through your ethizo account.
If you are visiting or using the Software from the European Union or other regions with laws governing data collection and use, please note that you are agreeing to the transfer of your information to the United States and to processing globally. By providing your information, you consent to any transfer and processing in accordance with this Policy.
If you have questions or comments about this Policy, please email us at firstname.lastname@example.org.