Our Platform enables dental providers, other providers and their staff to better coordinate the care of patients during referrals. Our goal is to facilitate referral management, collaboration, coordination, communication and the exchange of Personal Information among your patients, dental providers, and other providers, including without limitation, through the use of e-fax, secure email, and e-consults.
Confidentiality of Health Information
Dental providers and other providers using the Platform are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among those laws is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder (collectively the “HIPAA Rules”). When we store, process or transmit PHI (as such term is defined by the HIPAA Rules) on behalf of such a dental or health care provider, we do so as its “business associate” (as also defined by the HIPAA Rules). When we operate as a business associate, we are also subject to such laws and regulations governing the use and disclosure of PHI, and we are prohibited from, among other things, using PHI in a manner that the dental or health care provider itself may not. We are also required to, among other things, apply reasonable and appropriate technical, physical and administration safegaurds to protect the confidentiality, integrity and availability of PHI we store and process on behalf of such dental or health care providers. For example, we limit the dissemination of your PHI to only such designated staff as is minimally necessary to carry out the stated purposes we have communicated to you.
Information Collection and Use
MedCohere collects Personal Information when you register with MedCohere or when you upload Personal Information into MedCohere’s Platform. It is always your choice whether or not to provide us with your Personal Information. Whenever you visit our websites, MedCohere also receives and records information on our server logs from your browser, including your IP address, MedCohere’s cookie information, and the pages you request.
Below is a detailed list of what Personal Information MedCohere may collect when you use the Platform and how we may utilize your Personal Information with your consent:
- Registration — When you register for the Platform, we may collect certain Personal Information as part of the registration process, including for example, your name, company name, email addresss, phone number and other related contact information. We may use your contact information to send you information about our Platform or other services we may provide to you. We may also use your phone number for security verificiation purposes (i.e. to validate you are the correct user). We may collect your billing address and credit card information for billing purposes.
- Social Information — We collect information that you provide to us through the Platform pertaining to the patients and providers with whom you consent to share (or from whom you have received proper consent to share) Personal Information, as well as communications within the Platform between you and such individuals.
- Demographic Information — We may collect demographic information, such as geographic location, as part of your profile in the Platform. We may utilize your demographic information and other data derived through your utilization of the Platform to help us improve the Platform.
- Surveys and General Feedback — From time to time, we may send you survey questions or contact you with questions related to your experience to provide us with feedback on our Platform. We collect any responses that you provide. Participation in surveys or general feedback questions are elective and do not otherwise impact your access to the Platform.
- Marketing Communications and Advertisements — We may occasionally use your Personal Information to contact you about new product and features. You may affirmatively opt-out of receiving future marketing messages or advertisements and remove your name from our mailing lists. The opt-out provisions do not apply to information collected by cookies or used internally to recognize you and/or facilitate your utilization of the Platform, or information we may retain to comply with legal requirements.
- Audit Logs — We may collect or generate systems operations data incidentally including your Personal Information for the purposes of logging access/activity in our Platform. Audit logs help keep our Platform secure, including identity management, fraud prevention and the investigation of other illegal activities such as cyber attacks or to detect bots.
De-identified and Aggregated information
In addition to the uses of Personal Information above, we may remove the identifiable parts of your information to create de-identified forms (“De-identified Information”). De-identified Information may be compiled with other data in aggregated forms (“Aggregated Information”). We may use this data in the following ways:
- Disclosure for Business Purposes — We may license, sell or otherwise share De-identified and Aggregated Information with corporate partners, insurance companies, health care providers, institutional clients, investors and contractors for any purposes related to our business practices.
- Product Improvement — We may use De-identified and Aggregated Information for product improvement purposes (e.g., data analytics to monitor the use of the Platform or to increase the Platform’s functionality and user-friendliness).
- Research — We may use De-identified and Aggregated Information for research whether scientific, marketing, or business in nature. This research may be made public through publication such as within a scientific journal.
Personal Information Sharing and Disclosure
MedCohere does not rent, sell, or share your Personal Information with other people or non-affiliated companies, except to provide products or services you have requested, when we have your authorization to share such information, or when we provide the information to companies or consultants working on our behalf under confidentiality agreements. These companies and consultants (i.e., our cloud service provider or software developers) do not have any independent right to share your Personal Information.
Accessing, Changing, and Deleting Your Personal Information
You may request access, changes, or deletions to your Personal Information and request information about our collection, use and disclosure of such information by contacting us at email@example.com. We use best efforts to keep our records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your Personal Information as soon as possible. Your rights to access, change, or delete your Personal Information are not absolute. We may deny you such rights due to technological contrainsts, when required by law or if the request would likely reveal Personal Information about a third party.
Right to Data Portability
You have the right to receive the Personal Information that you provided to MedCohere in a structured, commonly used and machine-readable format. You also have the right to transfer your Personal Information to another referral management system without hindrance from MedCohere. Your right to data portability is not absolute. We may deny you such right when required by law or where technically infeasible.
Retention of your Personal Information
- Termination — You may unenroll from our Platform at any time by emailing us at firstname.lastname@example.org. MedCohere reserves the right to decide, at its sole discretion, to no longer offer you the Platform at any time.
- Children — MedCohere does not knowingly collect Personal Information from children under the age of 13, and our Platform is not directed at users under the age of 13. If we find that Personal Information has inadvertently been collected for an individual under the age of 13, we will immediately delete it.
United States Jurisdiction and Governing Law
California Online Privacy Protection Act Notice
- Do Not Track — We currently do not support the Do Not Track (DNT) browser setting or respond to DNT signals. DNT is a preference you can set in your browser to let the websites you visit know that you do not want them collecting certain information about you.
- Third Party Marketing — If you are a California resident then under Cal. Civ. Code § 1798.83 you may request and obtain from us once a year, free of charge, information about the Personal Information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at the contact information provided below. In your request, please attest to the fact that you are a California resident and provide a current California address for your response.
If you have questions, suggestions, or complaints about your privacy please email MedCohere at email@example.com.
We are committed to resolving complaints about your privacy and our collection or use of your Personal Information in a timely fashion. If you submit a reasonable complaint or inquiry concerning your data privacy, we will promptly investigate and we will respond to the inquiry or complaint within 45 days. If it is justified, we will take appropriate remediation measures.
Copyright © 2018 MedCohere All rights reserved.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOUR PATIENTS MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice serves as a notice for MedCohere, Inc. We will follow the terms of this Notice and may share health information with each other for purposes of treatment, payment and health care operations as described in this Notice and as required under the Health Insurance Portability and Accountability Act of 1996.
OUR DUTIES REGARDING YOUR PATIENTS’ HEALTH INFORMATION
We respect the confidentiality of your patients’ health information and recognize that information about your patients’ health is personal. We are committed to protecting your patients’ health information and to informing you and your patients of their rights regarding such information. We are also required by law to protect the privacy of your patients’ protected health information and to provide you and your patients with notice of these legal duties.
This Notice explains how, when and why we typically use and disclose health information and our privacy rights regarding your patients’ health information. In our Notice, we refer to our uses and disclosures of health information as our “Privacy Practices.” Protected health information generally includes information that we create or receive that identifies your patients and their past, present or future health status or care or the provision of or payment for that health care. We are obligated to abide by these Privacy Practices as of the effective date listed above.
We may, however, change our Privacy Practices in the future and specifically reserve our right to change the terms of this Notice and our Privacy Practices. We will communicate any change in our Notice and Privacy Practices as described at the end of this Notice. Any changes that we make in our Privacy Practices will affect any protected health information that we maintain.
Generally, our Privacy Practices strive:
- To make sure that health information that identifies your patients is kept private;
- To give you this Notice of our Privacy Practices and legal duties with respect to protected health information;
- To follow the terms of the Notice that is currently in effect; and
- To make a good faith effort to obtain from you acknowledgment that you have received or been given an opportunity to receive this Notice.
MedCohere is required to notify users whose patients’ PHI has been breached. Notification must occur by first class mail within 60 days of the breach. This notice must:
- Contain a brief description of what happened, including the date of the breach and the date of discovery;
- The steps the individual should take to protect themselves from potential harm resulting from the breach;
- A brief description of what MedCohere is doing to investigate the breach, mitigate losses, and to protect against further breaches.
MedCohere’s Business Associate Agreements with subcontractors provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate subcontractors.
Access to E-Health Records
Individuals have the right to access their own e-health record in an electronic format and to direct MedCohere to send the e-health record directly to a third party. MedCohere may only charge for labor costs under electronic transfers of e-health records..
Accounting of E-Health Records for Treatment, Payment, and Health Care Operations
Individual’s have a right to request an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This accounting right is limited to disclosures within the three-year period prior to the individual’s request.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOUR PATIENTS
Our Platform is designed to facilitate referrals from one dental provider (and their staff) to another provider (and/or their staff). Under no circumstances will health information about your patients be shared with another provider (or their staff), unless it is in support of a referral that you have made and in that case, health information will only be shared with the providers that you designate. Those providers, in accordance with the HIPAA guidelines, have the ability to share that information with their various staff members and/or designees. In addition, there are situations where the law permits or requires us to use and disclose your patients’ health information without your authorization. Such situations are described in this section of the Notice. Specifically, we may use and disclose your patients’ protected health information as follows:
For Permitted or Required by Law Activities.
There are situations where we may use and/or disclose your patients’ health information without first obtaining your written authorization for purposes other than for treatment, payment or health care operations. Except for the specific situations where the law requires us to use and disclose information (such as reports of births to the health department or reports of abuse or neglect to social services), we have listed all these permitted uses and disclosures in this section.
- For Public Health Activities.We may use or disclose health information to a public health authority that is authorized by law to collect or receive information in order to report, among other things, communicable diseases and child abuse, or to the F.D.A. to report medical device or product-related events. In certain limited situations, we may also disclose health information to notify a person exposed to a communicable disease.
- For Health Oversight Activities.We may disclose health information to a health oversight agency that includes, among others, an agency of the federal or state government that is authorized by law to monitor the health care system.
- For Law Enforcement Activities.We may disclose limited health information in response to law enforcement official’s request for information to identify or locate a victim, a suspect, a fugitive, a material witness or a missing person (including individuals who have died) or for reporting a crime that has occurred on our premises or that may have caused a need for emergency services.
- For Judicial and Administrative Proceedings.We may disclose health information in response to a subpoena or order of a court or administrative tribunal.
- To Coroners, Medical Examiners, and Funeral Directors.We may release health information to a coroner or medical examiner to identify a deceased person or to determine the cause of death.
- For Purposes of Organ Donation.We may disclose health information to an organ procurement organization or another facility that participates in the procurement, banking or transplantation of organs or tissues.
- For Purposes of Research.We may conduct and/or participate in medical, social, psychological and other types of research. Most research projects are subject to a special approval process to evaluate the proposed research project and its use of health information before we use or disclose health information. In certain circumstances, however, we may disclose health information to people preparing to conduct a research project to help them determine whether a research project can be carried out or will be useful, so long as the health information they review does not leave our premises.
- To Avoid Harm to a Person or for Public Safety.We may use and disclose health information if we believe that the disclosure is necessary to prevent or lessen a serious threat or harm to the public or the health or safety of another person.
- For Specialized Government Functions.We may use and disclose health information of certain military individuals, for specific governmental security needs, or as needed by correctional institutions.
- For Workers’ Compensation Purposes.We may disclose your health information to comply with the workers’ compensation laws or other similar programs.
- For Appointment Reminders and to Inform You of Dental-Related Products or Services.We may use or disclose your health information to contact you for dental appointments or other scheduled services or to provide you with information about treatment alternatives or other dental-related products and services.
All Other Uses and Disclosures Require Your Written Prior Authorization.
For situations not generally described in our Notice, we will ask for your written authorization before we use or disclose your patients’ health information. You may revoke that authorization, in writing, at any time to stop future disclosures of your patients’ information. Information previously disclosed, however, will not be requested to be returned nor will your revocation affect any action that we have already taken. In addition, if we collected the information in connection with a research study, we are permitted to use and disclose that information to the extent it is necessary to protect the integrity of the research study.
YOUR PATIENTS’ RIGHTS REGARDING THEIR HEALTH INFORMATION
This portion of our Notice describes your patients’ individual privacy rights regarding their health information and how they may exercise those rights.
Requesting Restrictions of Certain Uses and Disclosures of Health Information.
You may request, in writing, a restriction on how we use or disclose your patients’ protected health information for treatment or for activities related to our health care operations. You may also request a restriction on what health information we may disclose to someone who is involved in your patients’ care, such as a family member or friend.
We are not required to agree to your request. Additionally, any restriction that we may approve will not affect any use or disclosure that we are legally required or permitted to make under the law.
Requesting Confidential Communications.
You may request and receive reasonable changes in the manner or the location where we may contact your patients for appointment reminders, lab results or other related information. You must make your request in writing and specify the alternate method or location where your patients wish to be contacted.
We will accommodate your reasonable request, but in determining whether your request is reasonable, we may consider the administrative difficulty it may impose on us.
Inspecting and Obtaining Copies of Your Patients’ Health Information.
You may ask to look at and obtain a copy of your patients’ health information. You must make your request in writing.
Requesting a Change in Your Health Information.
You may request, in writing, a change or addition to your patients’ health information. The law limits your ability to change or add to your patients’ health information. These limitations include whether we created or include the health information within our medical records or if we believe that the health information is accurate and complete without any changes. Under no circumstances will we erase or otherwise delete original documentation in your patients’ health information unless required by law to do so.
Requesting an Accounting of Disclosures of Your Patients’ Health Information.
You may ask, in writing, for an accounting of certain types of disclosures of your patients’ health information. The law excludes from an accounting many of the typical disclosures, such as those made to care for your patients or where you provided your written authorization to the disclosure.
Generally, we will respond to your request within 60 days of receiving your request unless we need additional time.
Obtaining a Notice of Our Privacy Practices.
We provide you with our Notice to explain and inform you of our Privacy Practices, and this Notice is available on our website. Even if you have requested this Notice electronically, you may request a paper copy at any time.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice concerning our Privacy Practices affecting all the health information that we now maintain, as well as information that we may receive in the future. We will provide you with the revised Notice by making it available to you upon request and by posting the revised Notice on our website.
We welcome an opportunity to address any concerns that you may have regarding the privacy of your patients’ health information. If you believe that the privacy of your patients’ health information has been violated, you may file a complaint with the individual listed in this notice and with the Secretary of the U.S. Department of Health and Human Services. YOU WILL NOT BE PENALIZED OR RETALIATED AGAINST FOR FILING A COMPLAINT.
TO MAKE ANY REQUEST OR COMPLAINT TO MEDCOHERE IN CONNECTION WITH THIS NOTICE, PLEASE CONTACT at email: firstname.lastname@example.org
Copyright © 2018 MedCohere, Inc All rights reserved.