Effective as of October 11, 2023
The Medaxion Services have been developed for hospitals and medical groups (“Providers”) who have subscribed to the Services and the patients under their care (“Patients”) to facilitate and coordinate patient medical care and the administration of medical services by Providers and personnel who are authorized to access and use the Services, including, without limitation, administrators, physicians, nurses, and other caregivers (“Authorized Caregiver”) about patient encounters and detailed medical data related thereto.
Medaxion understands the importance of a Provider’s and Authorized Caregiver’s privacy relationship with their Patients and the importance of keeping Personal Information private. Personal information identifies you as an individual, such as your name, postal address, email address, date of birth, and telephone number (“Personal Information”).
Health Information is a part of the Personal Information we collect from Patients. Health Information is generally described as information we collect, receive, or create about a Patient and their healthcare.
For example, we may collect Personal Information about Providers or an Authorized Caregiver who uses the Services to help a Patient. We may collect information about a Patient unrelated to their healthcare, such as medical and family history, basic registration, demographics, insurance data, and other information from third parties included within a Patient’s profile.
If you are a Provider or Authorized Caregiver, we collect Personal Information about you when you register to use the Services. The Personal Information about Providers and Authorized Caregivers we collect includes, without limitation, the Provider’s and Authorized Caregiver’s name, position, specialty, email address, phone number, national provider number, credentials, OIDC details, and business postal address. We do not collect Health Information about Providers or Authorized Caregivers.
If you are a Patient, we collect Personal Information about you when you have registered with your Provider or Authorized Caregiver for care that involves using Medaxion’s Services when they schedule your care encounter.
Through this registration and scheduling action, we may collect information about you, including, for example, employment history, health care insurance information, demographic data, your personal medical history, and family medical history related to your care.
We may use your Personal Information as follows:
Patient Personal Information:
- To provide our Services to Providers and Authorized Caregivers, to communicate with them their use of our Services, to respond to inquiries, and for other customer service purposes.
- To service the needs of your care pathway, from registration to postoperative discharge and billing.
- To send you important information pursuant to your rights under HIPAA.
Provider and Authorized Caregiver Personal Information:
- For business purposes, such as data collection and analysis, audits, developing new products, and enhancing and improving our Site, Applications, and Services.
- To better understand how Providers and Authorized Caregivers access and use our Site, Applications, and Services, both on an aggregated and individualized basis
- To improve our Site, Applications, and Services, respond to user desires and preferences, and for other research and analytical purposes.
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
We may disclose your Personal Information, including Health Information (defined below) as follows:
If you are a Patient
- To your Provider or Authorized Caregivers, without further authorization, for treatment, payment, or operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures, such as your rights under HIPAA.
If you are an Authorized Caregiver
- To the Patient and their Provider and that Provider’s Authorized Personnel, as required for Patient care or Transfer of Care.
If you are a Provider
- To Patients as defined under the Patients Right to Information, to third-party service providers who provide services such as scheduling, assignment, data gathering, data analysis, payment processing, customer service, email delivery services, auditing services, and other similar services.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Health Information is a part of the Personal Information that we collect about Patients and falls into two categories:
“Protected Health Information” is individually identifiable health information created or received by or on behalf of a covered entity (for example, a health care provider or health plan) and which relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual. Protected Health Information is further defined by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and is subject to the protections of HIPAA.
“Additional Health Information” is a subset of Health Information that does not fall within the category of Protected Health Information above. For example, this would encompass information related to past, present, or future physical or mental health or conditions, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual but with the difference that such information was not created or received by us from or on behalf of a covered entity. We may collect Additional Health Information in connection with the Site or Applications.
We may use and disclose Protected Health Information and Additional Health Information to provide the Services as described in this policy, except our use and disclosure of Protected Health Information is further limited by the main federal health privacy law known as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Notice of Privacy Practices available from your Provider.
Currently, our systems do not recognize browser “do-not-track” requests. However, you may disable certain tracking as discussed in this section (e.g., by disabling cookies); you may opt out of targeted advertising by following the instructions located in such advertising.
Cookies: Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.
- Session Cookies: Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.
- Persistent Cookies: Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We do not currently use persistent cookies on the Site.
Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies can browse certain areas of the Site, but some features may not function.
With respect to Google Analytics specifically, we may collect some or all of the following information about your use of our Site and Applications, and we may be able to connect this information to other information we have about you:
- Pages visited, time of visit, and time spent on each page of the Site
- Type of web browser
- Type of operating system (OS)
- Screen resolution
- IP address
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy but by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
We use reasonable administrative, technical, and physical measures to protect Personal Information under our control; and Protected Health Information specifically per HIPAA rules. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at firstname.lastname@example.org
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
You may modify Personal Information submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site or Application for a period of time.
You may also contact us directly if you would like to review, correct, update, delete or otherwise limit our use of your Personal Information that has been previously provided to us by sending us an email at email@example.com. Please be aware that some contracts designate your Provider organization as the primary support interface, and our reponse to your request may redirect you to contact that team. In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit use of your Personal Information we may need to terminate your account with us and your ability to access and use the Services, and you agree that we will not be liable to you for such termination. Although we will use reasonable efforts to do so, you understand that it may not be legally or technologically possible to remove every record of your Personal Information from our systems. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
We may send periodic promotional or informational emails to Providers, provided such messages are not based on Protected Health Information. You may opt out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt out of receiving emails about recommendations or other information that may interest you, we may still send you e-mails about your account or any Services you have requested or received from us.
The Services are not permitted for use by individuals under the age of eighteen (18) unless they have provided the written consent of their parents or legal guardians, and we request that these individuals do not provide Personal Information to us. This is not true for Patient information used to provide care.
California residents may request a list of certain third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per calendar year. In your request, please attest that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us at: firstname.lastname@example.org. Please allow up to thirty (30) days for a response.