1. Medical Records Connection, LLC Privacy Policy

Last Updated on January 22, 2019

2. Overview

Your access to, and use of, the Medical Records Connection, LLC (the “Company”) Services which includes this website [medicalrecordsconnect.org] and the information, community, products and services that we provide to you and other users through this website portal provided by us in connection with our products and services (collectively, the “Services”) is subject to the Terms of Service and this Privacy Policy.

When it comes to the release your health information, you have certain rights. For medical treatments covered by Medicare, you may access and review your own health records from the past four years at an online website portal called “Blue Button”. This portal is designed for patients to download their own health information in a variety of formats, such as text and PDF. You may also provide written consent for other individuals or companies to access this information in electronic form using a Blue Button Access App, such as this one. This Privacy Policy describes how we will use, collect, and protect your private health information, either for our own use or on behalf of third parties, as well as other information we collect, if you provide consent for us to access your information through Blue Button, and explains how you can access and request modification of certain information that we may store about you. This Privacy Policy is incorporated and made part of the Terms of Service.

Medical Disclaimer: The information on our Services is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. All content, including text, graphics, images and information, contained on or available through the Services is for general information purposes only. The Company makes no representation and assumes no responsibility for the accuracy of information contained on or available through the Services, and such information is subject to change without notice. You are encouraged to confirm any information obtained from or through the Services with other sources such as your physician or insurer, and review all information regarding any medical condition or treatment with your physician.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THIS MOBILE APPLICATION. IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY PLEASE CALL YOUR HEALTH CARE PROVIDER OR 911.

The Company does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific products, procedures, treatments, services, opinions, health care providers, health insurers, plans or other information that may be contained on or available through the Services. THE COMPANY IS NOT RESPONSIBLE NOR LIABLE FOR ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER INFORMATION, SERVICES OR PRODUCTS THAT YOU OBTAIN THROUGH THIS SERVICE.

4. Your Acceptance of This Privacy Policy and Changes to It

By accessing, viewing or otherwise using the Service, you consent to the collection and use of your information by the Company, whether for our own use or on behalf of our third party partners, in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, you may not use the Service. You represent and warrant that you have permission to share any information you elect to provide through the Services, you consent to such information being shared as described in this Policy, including with healthcare providers and insurers you designate, and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information.

Company reserves the right to change, modify, add or remove portions of this Privacy Policy at any time, without prior notice. Changes take effect on the date that appears on the revised Privacy Policy. If you use the Services following a change in this Privacy Policy, your use will be understood to signal that you accept and agreed to be bound by the changes. Accordingly, we urge you to review this Privacy Policy frequently for changes

5. What information do we collect?

We collect personally identifiable information (“Personal Information”) and other non-individually identifiable information from you when you create and account, respond to communication such as e-mail, or otherwise use the Services in any manner. We may also collect your Personal Information on behalf of third parties, such as your health care provider or insurer as described below.

In order to use our Services, you will be to provide Personal Information. For example, when registering as a user on the Service, we may ask you for your name, e-mail address, mailing address, or phone number.

We may collect and use mobile device identifiers, IP addresses and session identifiers to analyze trends, to administer the Company Services, to track user activities, to infer user interests, and to otherwise learn about individual users and market segments. We may also collect and store certain other non-identifiable information, which is collected passively using various technologies, and cannot presently be used to specifically identify you.

Some of the Personal Information received by the Company in connection with providing the Services may be subject to privacy and security laws and regulations including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that govern the use and disclosure of certain individually identifiable health-related Personal Information (“Protected Health Information”).

We use “cookies" to enhance your experience and gather information about visitors and visits to the Services to help us understand your preferences based on previous or current activities. We also use cookies to help us compile aggregate data about Services traffic and Services interaction so that we can offer better experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our visitors and users. If you are using our platform on a computer, you can change your browser settings to set your cookie preferences. If you are accessing our platform from a mobile device, you can change your permissions and settings on your mobile device.

Our Company Services currently do not respond to “Do Not Track” (DNT) signals

6. Safeguarding Your Personal Information and Protected Health Information

The Company follows generally accepted industry security standards to safeguard and help prevent unauthorized access and maintain data security of Personal Information. We are also subject to HIPAA because we act as a healthcare clearinghouse, which means we receive Protected Health Information from one source in one format and convert it into another format for use by a different source. HIPAA requires us, healthcare providers, and insurers who receive and use your Protected Health Information to implement certain measures to safeguard the confidentiality, integrity, and availability of your Protected Health Information. Healthcare providers and insurers who access your Personal Information through the Service agree to handle Protected Health Information in compliance with HIPAA.

We encrypt your Personal Health Information when it is stored with our outside cloud computing services provider, who we require to comply with HIPAA to protect the security and privacy of your information. It will also be encrypted when transmitted electronically. However, no commercial method of information transfer over the Internet or electronic data storage is known to be 100% secure. As a result, we cannot guarantee the absolute security of any Personal Information submitted to or otherwise collected during your use of the Services. Accordingly, you understand and agree that you transmit all data, including Personal Information and Protected Health Information, to us at your own risk.

7. What Personal Information Do We Use?

We will only share elements of your individual Protected Health Information with entities that you have expressly authorized to acquire it as the primary service of the app (“Approved Third Parties”) These may include, without limitation, your healthcare providers, health insurers, or others who are involved in your care

We may use the Personal Information and other data we collect from you when you register, access or view the Services, or use the Services to communicate with you about access to your medical records. We may send you a welcome email, either from the Company or on behalf of Approved Third Parties, to verify your username and password when you create an account. We will communicate with you in response to your inquiries, to provide the services you request and to manage your account. We may send you requests on behalf of Approved Third Parties if they wish to access your health information. We may send you notices when your records have been accessed, uploaded, or amended by Approved Third Parties. We will communicate with you by email or telephone, according the your account preferences.

We will also send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature

8. What Information do We Share, and with Whom do we Share it?

We will not rent, sell or share your Personal Information with other people or non-affiliated companies except to provide the Services, when we otherwise have your permission, or as expressly permitted or under this Privacy Policy.

We share your Personal Information, which might include your Personal Health Information, with the following people in the following ways:

• With Your Consent: We may provide additional notice and ask for your consent if we wish to share your information with anyone in a materially different way than discussed in this Privacy Policy
• With Approved Third Parties: We may share, transfer or otherwise disclose certain of your Personal Information (e.g., reports containing data related to enrollment, engagement, retention, and outcomes) to your health plan, your health care providers, in order to perform the Services, in connection with treatment, payment, or healthcare operations purposes, and for other purposes permitted or by law.
• Business Transfers: We may choose to sell our company or certain of our assets. In these types of transactions, customer information, including Personal Information about customers, is typically one of the business assets that are transferred. By continuing to use the Services, you acknowledge that if we sell or transfer our business or an asset (e.g., our website) to another company, we will share your personal information with such company and will require such company to use and protect your personal information consistent with this Privacy Policy.
• Protection of the Company and Other People: We may release Personal Information when we believe in good faith that release is necessary to comply with the law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of the Company, our employees, our users, or others. If necessary, we will make all legally disclosures of any breach of the security, confidentiality, or integrity of your Personal Information (including your Protected Health Information) To the extent permitted by applicable laws, we will make such disclosures to you as quickly as we can but consistent with the legitimate needs of law enforcement or our need to conduct a thorough investigation.
• De-identified Information: We may create De-Identified Information from the information that you share with us, including any Personal Information, and use such De-identified Information without restriction. We may, for example, share De-identified Information with health providers, government agencies, and insurers to administer certain services to or on your behalf you.

9. Retention of Your Personal Information

We will store your Personal Information for as long as we believe is necessary or appropriate (i) to carry out the purpose(s) for which we collected it, or (ii) to comply with applicable laws, contracts, or other rules or regulations, which may extend beyond the termination of our relationship with you. Unless otherwise set forth in the applicable Terms of Service or a separate agreement with you governing the applicable Services, if you cease using such Service, we may retain or destroy, at our discretion, all Personal Information and non-personally identifiable information we collect through your use of such Service. All retained Personal Information will remain subject to the terms of this Privacy Policy.

10. Use from Outside the United States

You understand and agree that if you are using the Services from a country outside the United States and provide Personal Information to the Company, you will be authorizing and consenting to the transfer of Personal Information about yourself to the United States. You understand that the privacy laws of the United States may be different from and not as comprehensive or protective as those in your country, and you agree that the transfer of your Personal Information to the United States occurs with your consent. Personal Information collected on the Company Service may be stored and processed in the United States or abroad.

11. Correcting and Updating Your Personal Information

You can request that we correct or update your Personal Information associated with your user account by contacting us by e-mail [info@Company.com], or you may access your user settings and update it yourself. You may also request an accounting of disclosures of your Protected Health Information. It may take us up to 60 days to process your request. If we cannot respond to your request within that time, we will provide you with a reason why, and we may request another 30 days to respond. At this time, we cannot correct or update your Personal Health Information—please contact your health care provider or insurer.

12. Opt-Out Choices

To “opt-out” of (1) any consents previously given to us, (2) receiving communications from us, or (3) having Personal Information disclosed to third parties, send an e-mail to info@medrecordsconnect.org

13. Privacy and Third Party Links

This Privacy Policy applies solely to information collected by the Company through our website located at [www.healthdataanalytics-institute.com] and the services we make available, whether collected on our behalf or that of Approved Third Parties This Privacy Policy does not apply to the third party sites and services, including Blue Button, that are accessible through these links and we suggest that you contact the operator of the third party service to obtain details about their privacy policies

14. Exclusions

This Privacy Policy shall not apply to any unsolicited information you provide to us through the Services or through any other means. This includes, but is not limited to, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

15. Children’s Privacy

The Company Service is intended only for use by adults, either for themselves or on behalf of their minor children. We do not knowingly collect information directly from children under the age of thirteen. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through the Company Service, please contact us, and we will endeavor to delete that information from our databases.

16. Contact Us

We welcome your questions, comments, and concerns about the Services. Please send us any and all feedback pertaining to the Services to info@medrecordsconnect.org

The information contained in this Privacy Policy is subject to change without notice.