Privacy Policy

Health Data Analytics Institute, LLC Privacy Policy

Last Updated on March 25, 2020

Overview

Your access to, and use of, the Health Data Analytics Institute, LLC (the “Company”) website [medicalrecordsconnect.org] and the information, community, products and services that we provide to you and other users through this website portal provided by us in connection with our products and services (collectively, the “Services”) is subject to the Terms of Services and this Privacy Policy.

When it comes to the release your health information, you have certain rights. For medical treatments covered by Medicare, you may access and review your own health records from the past four years at an online website portal called “Blue Button”. This portal is designed for patients to download their own health information in a variety of formats, such as text and PDF. You may also provide written consent for other individuals or companies to access this information in electronic form using an app made available as part of the Services. If you provide consent for us to access your information through Blue Button, this Privacy Policy describes how we will use, collect, and protect your private health and other information we collect, either for our own use or on behalf of third parties, , and explains how you can access and request modification or deletion of certain information that we may store about you. This Privacy Policy is incorporated and made part of the Terms of Service.


Medical Disclaimer: The information on our Services is not intended or implied to be a substitute for professional medical advice, diagnosis or treatment. All content, including text, graphics, images and information, contained on or available through the Services is for general information purposes only. The Company makes no representation and assumes no responsibility for the accuracy of information contained on or available through the Services, and such information is subject to change without notice. You are encouraged to confirm any information obtained from or through the Services with other sources such as your physician or insurer, and review all information regarding any medical condition or treatment with your physician.

NEVER DISREGARD PROFESSIONAL MEDICAL ADVICE OR DELAY SEEKING MEDICAL TREATMENT BECAUSE OF SOMETHING YOU HAVE READ ON OR ACCESSED THROUGH THIS WEBSITE. IF YOU ARE EXPERIENCING A MEDICAL EMERGENCY PLEASE CALL YOUR HEALTH CARE PROVIDER OR 911.

The Company does not recommend, endorse or make any representation about the efficacy, appropriateness or suitability of any specific products, procedures, treatments, services, opinions, health care providers, health or life insurers, plans or other information that may be contained on or available through or in connection with the Services. THE COMPANY IS NOT RESPONSIBLE NOR LIABLE FOR ANY ADVICE, COURSE OF TREATMENT, DIAGNOSIS OR ANY OTHER INFORMATION, SERVICES OR PRODUCTS THAT YOU OBTAIN THROUGH OR IN CONNECTION WITH THIS SERVICE.


Your Acceptance of This Privacy Policy and Changes to It

By accessing, viewing or otherwise using any Service, you consent to the collection and use of your information by the Company, whether for our own use or on behalf of our third-party partners, in accordance with this Privacy Policy. If you do not agree to this Privacy Policy, you may not use the Service. You represent and warrant that you have permission to share any information you elect to provide through the Services, you consent to such information being shared as described in this Policy, including with healthcare providers and with insurers you designate, and that such information is accurate, current, non-misleading, and consistent and relevant for the purpose for which you are providing information.

Company reserves the right to change, modify, add or remove portions of this Privacy Policy at any time, without prior notice. Changes take effect on the date that appears on the revised Privacy Policy. Accordingly, if your account is active and you have subscribed to e-mail notifications, we will notify you of any material change to the Privacy Policy as determined by the Company’s Privacy officer. If you use the Services following a change in this Privacy Policy, your use will be understood to signal that you accept and agree to be bound by the changes.

What information do we collect?

We collect personally identifiable information (“Personal Information”) and other non-individually identifiable information from you when you create an account, respond to any communication such as e-mail, or otherwise use the Services in any manner. We may also collect your Personal Information on behalf of third parties, such as your health care provider or any insurer as described below.

In order to use our Services, you will be required to provide Personal Information. For example, when registering as a user on the Service, we ask you for your name, e-mail address, mailing address, or phone number.

We collect and use mobile device identifiers, IP addresses and session identifiers to analyze trends, to administer the Company Services, to track user activities on this website, to infer user interests, and to otherwise learn about individual users and market segments. We also collect and store certain other non-identifiable information, which is collected passively using various technologies, and cannot presently be used to specifically identify you.

Some of the Personal Information received by the Company in connection with providing the Services is subject to privacy and security laws and regulations including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) that govern the use and disclosure of certain individually identifiable health-related Personal Information (“Protected Health Information”).

For more information about our HIPAA-compliant activities, please contact [info@medrecordsconnect.org].

We use “cookies" to enhance your experience and gather information about visitors and visits to the Services to help us understand your preferences based on previous or current activities. We also use cookies to help us compile aggregate data about Services traffic and Services interaction so that we can offer better experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our visitors and users. If you are using our platform on a computer, you can change your browser settings to set your cookie preferences. If you are accessing our platform from a mobile device, you can change your permissions and settings on your mobile device.

Our Company Services currently do not respond to “Do Not Track” (DNT) signals.

Safeguarding Your Personal Information and Protected Health Information

We cannot guarantee the absolute security of any Personal Information submitted to or otherwise collected during your use of the Services, but the Company takes every reasonable effort to protect your Personal Information. The Company follows generally accepted industry security standards to safeguard and help prevent unauthorized access and maintain data security of Personal Information.

We are also subject to HIPAA because we act as a healthcare clearinghouse, which means we receive Protected Health Information from one source in one format and convert it into another format for use by a different source. HIPAA requires us, healthcare providers, and any insurers who receive and use your Protected Health Information to implement certain measures to safeguard the confidentiality, integrity, and availability of your Protected Health Information. Healthcare providers and any insurers who access your Personal Information through the Service agree to handle Protected Health Information in compliance with HIPAA.

Further we encrypt your Protected Health Information when it is stored with our outside cloud computing services provider, who we require to comply with HIPAA to protect the security and privacy of your information. It will also be encrypted when transmitted electronically. However, no commercial method of information transfer over the Internet or electronic data storage is known to be 100% secure.

What Personal Information Do We Use?

We will only share elements of your individual Protected Health Information with entities that you have expressly authorized to acquire it through the Services (“Approved Third Parties”). These Approved Third Parties may include, without limitation, your healthcare providers, life or health insurers, or others who are involved in your care.

We may use the Personal Information and other data we collect from you when you register, access, view or use the Services, to communicate with you about access to your medical records. We may send you a welcome email, either from the Company or on behalf of Approved Third Parties, to verify your username and password when you create an account. We will communicate with you in response to your inquiries, to provide the services you request and to manage your account. We may send you requests on behalf of Approved Third Parties if they wish to access your Protected Health Information. We may send you notices when your records have been accessed, uploaded, or amended by Approved Third Parties. We will communicate with you by email or telephone, according to your account preferences.

We will also send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an email. Generally, you may not opt-out of these communications, which are not promotional in nature

What Information do We Share, and with Whom do we Share it?

We will not rent, sell or share your Personal Information or Protected Health Information with other people or non-affiliated companies except to provide the Services, when we otherwise have your permission, or as expressly permitted or required under this Privacy Policy.

We share your Personal Information, which might include your Protected Health Information, with the following people in the following ways:

  • With Your Consent: We may provide additional notice and ask for your consent if we wish to share your information with anyone in a materially different way than discussed in this Privacy Policy
  • With Approved Third Parties: We may share, transfer or otherwise disclose certain of your Personal Information (e.g., reports containing data related to enrollment, engagement, retention, and outcomes) to your health plan, your health care providers, in order to perform the Services, in connection with treatment, payment, or healthcare operations purposes, and for other purposes permitted or required by law.
  • Business Transfers: We may choose to sell our company or certain of our assets. In these types of transactions, customer information, including Personal Information about customers, is typically one of the business assets that are transferred but any data that is transferred will be subject to this Privacy Policy. If your personal information is part of such a transaction, we will notify you, which will provide you an opportunity to “opt-out”.
  • Protection of the Company and Other People: We may release Personal Information when we believe in good faith that release is necessary to comply with the law; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of the Company, our employees, our users, or others. If necessary, we will make all legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information (including your Protected Health Information). To the extent permitted by applicable laws, we will make such disclosures to you as quickly as we can but consistent with the legitimate needs of law enforcement or our need to conduct a thorough investigation.
  • De-identified Information: We may create De-Identified Information from the information that you share with us, including any Personal Information, and use such De-identified Information without restriction. We may, for example, share De-identified Information with health providers, government agencies, and insurers to administer certain services.

Retention of Your Personal Information

We will store your Personal Information for as long as we believe is necessary or appropriate (i) to carry out the purpose(s) for which we collected it, or (ii) to comply with applicable laws, contracts, or other rules or regulations, which may extend beyond the termination of our relationship with you. Unless otherwise set forth in the applicable Terms of Service or a separate agreement with you governing the applicable Services, if you cease using such Service, we may retain or destroy, at our discretion, all Personal Information and non-personally identifiable information we collect through your use of such Service. If you would like us to delete your Personal Information, please contact us at [info@medrecordsconnect.org] and request that we delete your Personal Information. All retained Personal Information will remain subject to the terms of this Privacy Policy.

Use from Outside the United States

You understand and agree that if you are using the Services from a country outside the United States and provide Personal Information to the Company, you will be authorizing and consenting to the transfer of Personal Information about yourself to the United States. You understand that the privacy laws of the United States may be different from and not as comprehensive or protective as those in your country, and you agree that the transfer of your Personal Information to the United States occurs with your consent. Personal Information collected on the Company Service may be stored and processed in the United States or abroad.

Correcting and Updating Your Personal Information

You can request that we correct or update your Personal Information associated with your user account by contacting us by e-mail [info@medrecordsconnect.org] or you may access your user settings and update it yourself. You may also request an accounting of disclosures of your Protected Health Information. It may take us up to 60 days to process your request. If we cannot respond to your request within that time, we will provide you with a reason why, and we may request another 30 days to respond. At this time, we cannot correct or update your Protected Health Information—please contact your health care provider or your insurer.

Opt-Out Choices

To “opt-out” of (1) any consents previously given to us, (2) receiving communications from us, or (3) having Personal Information disclosed to third parties, send an e-mail to info@medrecordsconnect.org or alternatively you may revoke access via through the Services.

Privacy and Third Party Links

This Privacy Policy applies solely to information collected by the Company through our websites located at www.HDA-institute.com and medicalrecordsconnect.org and through the services we make available, and applies to information whether collected on our behalf or that of Approved Third Parties. This Privacy Policy does not apply to the third party sites and services, including Blue Button, that are accessible through these links and we suggest that you contact the operator of the third party service to obtain details about their privacy policies.

Exclusions

This Privacy Policy shall not apply to any unsolicited information you provide to us through the Services or through any other means. This includes, but is not limited to, any ideas for new products or modifications to existing products, and other unsolicited submissions (collectively, “Unsolicited Information”). All Unsolicited Information shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.

Your California Rights

The California Consumer Privacy Act (“CCPA”) provides California residents with specific rights regarding personal information. The CCPA does not apply to certain information, such as information subject to the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and certain other state or federal privacy laws. The CCPA also does not apply to businesses which do not have annual gross revenues in excess of twenty-five million dollars, collects personal information of 50,000 or more California consumers, households, or devices, or derives 50% or more of its annual revenue from selling consumers’ personal information. At this time, the Company is not subject to the CCPA. We will update this Privacy Policy in the future as to comply with applicable laws.

Children’s Privacy

The Company Service is intended only for use by adults, either for themselves or on behalf of their minor children. We do not knowingly collect information directly from children under the age of thirteen. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through the Company Service, please contact us, and we will to delete that information from our databases.

Contact Us

We welcome your questions, comments, and concerns about the Services. Please send us any and all feedback pertaining to the Services to info@medrecordsconnect.org

The information contained in this Privacy Policy is subject to change without notice.