MedText Privacy Policy

Your privacy is very important to us, and we created this Privacy Policy (“Policy”) to demonstrate our firm commitment to privacy and security. This Privacy Policy describes how Medtext collects information from all end users of our Internet services (the “Services”), including those who access some of our Services but do not have accounts (“Visitors”) and those who may purchase Products and/or pay a monthly service fee to subscribe to the Service (“Members”). This Policy also explains what we do with the information we collect, and the choices Visitors and Members have concerning the collection and use of such information and the rights of any Member’s patients to access their Protected Health Information under relevant Federal cybersecurity and privacy laws. We request that you read this Privacy Policy carefully and please contact us should you have any questions.

Personal Information MedText Collects and How It Is Used

Introduction

Members may be asked to provide certain personal information when they sign up for our Products or Services including name, address, telephone number, billing information (such as a credit card number), and the type of personal computer being used to access the Services. The personal information collected from Members during the registration process (or at any other time) is used primarily to provide a customized experience as you use our Products and Services. Your information will never be licensed or sold to any third party. However, we may make limited disclosure of personal information under the specific circumstances described in the “Disclosure” section below.

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOUR PATIENTS

The MedText technology is designed to facilitate referrals from one Healthcare Provider (and/or their staff) to another Healthcare Provider (and/or their staff). Under no circumstances will health information about your patients be shared with another Healthcare Provider (and/or their staff), unless it is in support of a referral that you have made and in that case, health information will only be shared with the healthcare providers that you designate. Those healthcare providers, in accordance with the HIPAA guidelines have the ability to share that information with their various staff members and/or designees. In addition, there are situations where the law permits or requires us to use and disclose your patients’ health information without your authorization. Such situations are described below.

There are situations where MedText may use and/or disclose your patients’ health information without first obtaining your written authorization for purposes other than for treatment or health care operations. Except for the specific situations where the law requires us to use and disclose information (such as reports of births to the health department or reports of abuse or neglect to social services), we have listed all these permitted uses and disclosures in this section.

Specifically, we may use and disclose your patients’ protected health information as follows:

All Other Uses and Disclosures Require Your Prior Written Authorization

For situations not generally described in our Policy, MedText will ask for your written authorization before we use or disclose your patients’ health information. You may revoke that authorization, in writing, at any time to stop future disclosures of your patients’ information. Information previously disclosed, however, will not be requested to be returned nor will your revocation affect any action that we have already taken. In addition, if we collected the information in connection with a research study, we are permitted to use and disclose that information to the extent it is necessary to protect the integrity of the research study.

Responses to Email Inquiries

When Visitors or Members send email inquiries to MedText, the return email address is used to answer the email inquiry we receive. MedText does not use the return email address for any other purpose and does not share the return email address with any third party.

Voluntary Customer Surveys

MedText may periodically conduct both business and individual customer surveys. We encourage our customers to participate in these surveys because they provide us with important information that helps us to improve the types of products and services we offer and how we provide them to you. Your personal information and responses will remain strictly confidential, even if the survey is conducted by a third party. Participation in our customer surveys is voluntary. Information about how to opt-out of surveys will be contained in survey communications.

We may take the information we receive from individuals responding to our customer surveys and combine (or aggregate) it with the responses of other customers we may have, to create broader, generic responses to the survey questions (such as gender, age, residence, hobbies, education, employment, industry sector, or other demographic information). We then use the aggregated information to improve the quality of our services to you, and to develop new services and products. This aggregated, non-personally identifying information may be shared with third parties.

Automatic Collection of Information

Cookies: MedText may use “Cookies” to collect information. Cookies are small pieces of information stored by your browser on your computer’s hard drive, at a web site’s request. MedText Cookies do not contain any personal information, but are used primarily as follows:

Web Beacons We may also place small “tracker gifs” or “beacons” on many of the pages on our website, in online advertising with third parties, and in our email. We use these beacons, in connection with Cookies, to collect non-personal data on the usage of our site including but not limited to the date and time of the visit, the pages visited, the referring web page, the type of browser (e.g., Internet Explorer, Firefox, etc), the type of operating system (e.g., Windows, Linux, or OSX), and the domain name of the visitor’s Internet service provider (e.g., AOL). This information is collected about thousands of site visits and analyzed as a whole. This information is useful in, for example, tracking the performance of our online advertising such as online banner ads and to determine where to place future advertising on other web sites.

Disabling Cookies and Beacons: If you are uncomfortable with the collection of such information through the use of Cookies and Beacons, we recommend disabling these features through your browser preferences, though please understand this will limit the performance and functionality of MedText’s Web site. Your browser documentation should provide specific procedures for disabling cookie and beacon support.

Health Data Privacy

Assuring that confidential health information is used, disclosed, protected, and transmitted in conformity with the Administrative Simplification components of the Health Insurance Portability and Accountability Act of 1996, 45 CFR Parts 160, 162, and 164, and the Health Information Technology for Economic and Clinical Health Act (collectively “HIPAA”) is of paramount importance to MedText. Protected health information (“PHI”), as defined by HIPAA, is stored by the MedText in a manner that conforms with the HIPAA Security Rule. Individual customers that are also Covered Entities, as defined by HIPAA, are responsible for the disclosure of PHI transmitted via SMS text messaging or uploading to the MedText’s system. MedText is not responsible for any disclosure of PHI in transit as MedText has no control over the Customer’s service provider. MedText’s only obligation related to PHI is for PHI stored by MedText. To the extent that MedText stores PHI that has been uploaded by a Customer, MedText acknowledges its obligation as a Business Associate of the Customer, as defined by HIPAA. MedText and Customer shall enter into the MedText’s Business Associate Agreement upon request of the Customer.

Child Privacy

Protecting the online privacy of children is especially important, and those under the age of 13 are protected by federal law. For that reason, MedText does not knowingly permit children under the age of 13 to become registered members of our sites, without verifiable parental consent. MedText does not knowingly collect or solicit personal information about children under 13, except with their parent’s express consent.

If we ever include children under the age of 13 as part of our intended site audience, those specific web pages will, in accordance with the provisions of the Children’s Online Privacy Protection Act (“COPPA”), be clearly identified and provide an explicit privacy notice; and we will provide processes to obtain parental approval, provide access to information and allow parents to request removal of their children’s personal information. MedText encourages parents and guardians to spend time with their children online and to participate in their interactive activities and interests.

Public Forums

Some parts of our site may enable you to participate in public services such as discussion boards, chats, and live events. Please use discretion when posting personal information about yourself when using these services. Be aware that when you disclose personal information at these sites, such as your name, member name, email address, etc., the information may be collected and used by others to send unsolicited email. The services are open to the public, and what you post there can be seen by anyone and is not protected. MedText cannot control the comments that you may receive while you participate in these services. You may find other people’s comments to be offensive, harmful or inaccurate.

MedText’s Commitment to Data Security

We implement a variety of administrative, managerial, and technical security measures to help protect your personal information. MedText has various internal control standards which relate specifically to the handling of personal information. These include certain controls to help safeguard the information we collect online. Our employees are trained to understand and comply with these controls and we communicate our Policy, practices and guidelines to our employees. However, while we strive to protect your personal information, you must also take steps to protect your information. We urge you to take every precaution to protect your personal information while you are on the Internet.

Services and Web sites we sponsor have security measures in place to protect the loss, misuse, and alteration of the information under our control. While we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining this information.

Where to Direct Questions About Our Privacy Policy

If you have any questions about this Privacy Policy or the practices described herein, you may contact us by email at hello@medtextapp.com.

Accounting of E-Health Records for Treatment, Payment, and Health

Starting January 1, 2014, HITECH will require MedText to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual’s request.

MedText must either: (1) provide an individual with an accounting of such disclosures it made and all of its business associates disclosures; or (2) provide an individual with an accounting of the disclosures made by MedText and a list of business associates, including their contact information, who will be responsible for providing an accounting of such disclosures upon request.

Obtaining a Copy of Our Privacy Policy

We provide you with this Policy to explain and inform you of our Privacy Practices, and this Policy is available on the MedText website. Even if you have requested this Policy electronically, you may request a paper copy at any time.

Revisions to This Policy

MedText reserves the right to revise, amend, or modify this policy, our Terms of Service agreement, and our other policies and agreements at any time and in any manner, by updating this posting.

last revision on October 2, 2018