Privacy Policy for Patient

At Medi-EHR, Inc. (“Medi-EHR,” “we,” or “us”), we are dedicated to safeguarding your privacy. We carefully handle the personal information we collect when you access or use medi-ehr.com and related websites, applications, and services owned and operated by Medi-EHR that link to this Privacy Policy (collectively, the “Services”).

This Privacy Policy is designed to help users of our Services (“Users,” “you,” or “your”) understand how we manage your personal information. For doctors, dentists, or other healthcare providers using our marketing services, please click here to review the categories of information we collect.

BY USING OR ACCESSING THE SERVICES IN ANY WAY, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY AND CONSENT TO OUR COLLECTION, USE, AND SHARING OF YOUR INFORMATION AS DESCRIBED HEREIN. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU MAY NOT USE THE SERVICES. IF YOU ARE USING THE SERVICES ON BEHALF OF ANOTHER PERSON (SUCH AS YOUR CHILD), YOU REPRESENT THAT YOU ARE AUTHORIZED TO ACCEPT THIS PRIVACY POLICY ON THEIR BEHALF.

HIPAA and PHI

Certain demographic, health, and/or health-related information that Medi-EHR collects about Users on behalf of our Healthcare Providers as part of providing the Services may be considered “protected health information” (“PHI”) governed by the Health Insurance Portability and Accountability Act (“HIPAA”). Specifically, when (i) Medi-EHR is providing administrative, operational, or other services to a Healthcare Provider that is a “Covered Entity” (as defined by HIPAA); and (ii) Medi-EHR receives identifiable information about a User on behalf of the Healthcare Provider, acting as a “Business Associate” (as defined by HIPAA); and (iii) this identifiable information is regulated as PHI.

This Privacy Policy does not cover PHI, which is regulated by HIPAA. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed. Please review the Notice of Privacy Practices of your Health Provider to understand how your PHI can be used and disclosed.

Personal data that a User provides to Medi-EHR when Medi-EHR is not acting as a Business Associate is not considered PHI and is therefore covered by this Privacy Policy. For example, we collect personally identifiable information (“PII”) when you (i) create an account, (ii) search for Healthcare Providers or available appointments with Healthcare Providers, (iii) post reviews, (iv) provide device/IP information or Web Analytics information by browsing our websites (see below), or (v) authorize your Covered Entity health provider to disclose PHI to Medi-EHR through a HIPAA Authorization form you have completed.

Personal Data

The following subsections outline the categories of Personal Data that we collect and have collected over the past twelve (12) months. “Personal Data” refers to any information that identifies or relates to a particular individual, including information commonly known as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations. For each category of Personal Data, these subsections also describe the source of that Personal Data, our commercial or business purpose for collecting it, and the categories of third parties with whom we share it. More detailed information regarding these sources and categories is provided below.

Categories of Personal Data We Collect

Category of Personal Data Examples of Personal Data Collected
Personal Identifiers
  • First and last name
  • E-mail address
  • Phone number
  • Mailing address
  • Zip code
Commercial Information
  • Payment card type
  • Last four digits of payment card
  • Billing contact
  • Billing email
Online Identifiers
  • IP Address
  • Device ID
  • Domain server
  • Type of device/operating system/browser used to access the Services
Internet Activity
  • Webpage interactions
  • Web analytics
  • Referring webpage/source through which you access the Services
  • Non-identifiable request IDs
  • Statistics associated with the interaction between your device or browser and the Services
Geolocation Data
  • IP address-based location information
User Demographic Data
  • Age
  • Date of birth
  • Zip code
Booking Appointment Data
  • Appointment date/time
  • Provider information
  • Appointment procedure
  • Whether or not user is a new patient for a particular provider
Sensitive Personal Information
  • Health information, such as:
  • Health conditions
  • Healthcare Providers visited
  • Reasons for visit
  • Dates of visit
  • Medical history and health information you provide us
  • Health Insurance information, such as:
  • Insurance plan
  • Member ID
  • Group ID
  • Payer ID
  • Health Insurance information, such as:
  • Insurance plan
  • Member ID
  • Group ID
  • Payer ID
Other Identifying Information That You Voluntarily Choose to Provide
  • Unique identifiers such as passwords
  • Personal Data in emails, letters, or other communications you send to us
  • Social Network Data (for accounts you chose to link to the Services)

Categories of Sources of Personal Data

Categories of Sources of Personal Data
From You
When You Provide Information Directly to Us
  • When you create an account or use our interactive tools and services, such as searching for Healthcare Providers or available appointments with Healthcare Providers.
  • When you provide information about yourself through booking an appointment with a Healthcare Provider.
  • When you provide information in free-form text boxes through the Services or through responses to surveys and questionnaires, or post reviews.
  • When you send us an email or otherwise contact us.
When Personal Data is Automatically Collected When You Use the Services
  • Through Cookies (defined below).
  • If you download and install certain applications and software we make available, we may receive and collect information transmitted from your device for the purpose of providing you the relevant Services. This includes information such as when you are logged on and available to receive updates or alert notices.
  • If you download our mobile application or use a location-enabled browser, we may receive information about your location and mobile device, as applicable.
From Third Parties
Service Providers
  • We may use service providers to analyze how you interact and engage with the Services, or to help us provide you with customer support.
  • We may use service providers to obtain information to generate leads and to create user profiles.
Analytics Partners
  • We may work with analytics partners to provide us analytics on website traffic or the usage of the Services.
  • We use this data to optimize and market our Services.
Healthcare Providers
  • We may receive certain data from your Healthcare Provider(s) to facilitate booking appointments and billing for services such as virtual care.
Social Networks
  • If you provide your social network account credentials to us or otherwise sign in to the Services through a third-party site or service, you understand some content and/or information in those accounts may be transmitted into your account with us.
Advertising Partners
  • We receive information about you from some of our service providers who assist us with marketing or promotional services related to how you interact with our Services, advertisements or communications.

Commercial or Business Purposes for Collecting Data

Providing, Customizing, and Improving the Services

– Creating and managing your account or other user profiles.
– Billing our healthcare provider clients.
– Providing you with the products, services, and information you request.
– Meeting or fulfilling the reason you provided the information to us.
– Providing support and assistance for the Services.
– Improving the Services, including testing, research, internal analytics, and product development.
– Personalizing the Services, website content, and communications based on your preferences.
– Fraud protection, security, and debugging.

Marketing the Services

– Marketing and selling the Services.
– Showing you advertisements, including interest-based or online behavioral advertising.
– Creating de-identified data sets derived from the Personal Data we have about you. This de-identified data often comes from the patient data we receive from Healthcare Providers or from your interactions with our Services. We maintain and use such information in de-identified form and do not attempt to re-identify the information, except as may be required or permitted by law.

Corresponding with You

– Responding to correspondence that we receive from you, contacting you when necessary or requested, including reminding you of an upcoming appointment, and sending you information about Medi-EHR or the Services.
– Sending emails and other communications that display content that we believe will interest you and according to your preferences, including notifying you about certain resources, Healthcare Providers, or Services.

Legal Requirements

– Fulfilling our legal obligations under applicable law, regulation, court order, or other legal process, such as preventing, detecting, and investigating security incidents and potentially illegal or prohibited activities.
– Protecting the rights, property, or safety of you, Medi-EHR, or another party.
– Enforcing any agreements with you.
– Responding to claims that any posting or other content violates third-party rights.
– Resolving disputes.

How We Disclose Your Personal Data

In certain circumstances, we may disclose your Personal Data with the following categories of service providers and other third parties for the indicated business purposes:

Categories of Third Parties With Whom We Share Personal Data Business Purpose for Sharing Data
Service Providers
Payment Processors
  • Our payment processing partner (currently Stripe) collects your voluntarily provided payment card information necessary to process your payment.
  • Please see Stripe’s terms of service and privacy policy for information on its use and storage of Personal Data.
Security and Fraud Prevention Consultants
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
Hosting, Technology and Communications Providers;

Communications Providers;

Fulfillment Providers;

Data Storage Providers;

Analytics Providers;

Insurance Verification Providers;

Staff Augmentation Personnel;

Virtual Care Providers

  • To perform operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, web service analytics) and/or make certain services, features or functionality available to our Users.
  • Debugging to identify and repair errors that impair intended functionality.
  • Short-term, transient use of Personal Data that is not used by another party to build a User profile or otherwise alter your user experience outside the current interaction.
  • Maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of our Services.
Selected Third Party Recipients
Analytics Partners
  • To track how users found or were referred to the Services and otherwise interact with the Services.
Ad Networks
  • Ad customizing and serving.
  • Auditing related to a current interaction and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
Healthcare Providers
  • Healthcare Providers with whom Users choose to schedule through the Services.
  • If you choose to use the applicable Services, Healthcare Providers in order to enable them to refer you to, and make appointments with, other Healthcare Providers on your behalf or to perform analyses on potential health issues or treatments.
  • In the event of an emergency.
Insurance Providers
  • To determine eligibility and cost-sharing obligations and to otherwise obtain benefit plan information on your behalf.
Health Information Exchanges
  • Health Information Exchanges and related organizations that collect and organize User information (such as Regional Health Information Organizations) to make your information more securely and easily accessible to your Healthcare Providers. The goal of such organizations is to facilitate access to health information to improve the safety, quality, and efficiency of patient-centered care. More information on Health Information Exchanges can be found here.
Other Uses that You Authorize
  • Any information that you may reveal in a review posting or online discussion, or forum is intentionally open to the public and is not in any way private. We recommend that you carefully consider whether to disclose any Personal Data in any public posting or forum. What you have written may be seen and/or collected by third parties and may be used by others in ways we are unable to control or predict.
Third-Party Business Partners You Access Through the Services
  • We will disclose certain Personal Data if you choose to use any service to log in to the Services. This includes logging in via social media platforms such as a Google or Facebook account.
  • To meet or fulfill the reason you provided the information to us.

Legal Obligations

We may disclose any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “How We Disclose Your Personal Data” sections above.

Business Transfers

All Personal Data may be transferred to a third party if we undergo a merger, acquisition, bankruptcy, or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Data that is Not Personal Data

We may create aggregated and/or de-identified data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified, or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build, and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.

We may also use screen recording tools in order to understand and analyze how individuals navigate and use our website. This technology will record mouse movements, clicks and similar actions, but we do not disclose any personal data with the screen recording tools and we do not link such information to your personal data.

In addition, we may use artificial intelligence (“AI”) tools to enhance or operate certain functions of the site, such as chat and customer service features.

Information Collected Automatically

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs, mobile identifiers, and JavaScript (collectively, “Cookies”) to enable our servers to recognize your device and web browser and tell us how and when you visit and use our Services. We do this to analyze trends, learn about and advertise to our user base, and operate and improve our Services. For example, we use Cookies to tailor the Services or customize advertisements on and off of our Service by tracking navigation habits, measuring performance, storing authentication status so re-entering credentials is not required, customizing user experiences with the Services, and for analytics and fraud prevention. Cookies are small pieces of data – usually text files – placed on your computer, tablet, phone, or similar device when you use that device to visit our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s).

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required to provide you with features or services you have requested. For example, certain Cookies enable you to log into the secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.
  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services such as by collecting information about the number of visitors to the Services, what pages visitors view on our Services, how long visitors are viewing pages on the Services, mouse clicks, mouse movements, scrolling activity, and text typed into the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns to help us improve our campaigns and the content for those who engage with our advertising. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of cookies by visiting the Google advertising opt-out page or the Google Analytics Opt-out Browser Add-on page.
  • Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests to provide advertising on and off of our Service that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”
  • Web Beacons. Web Beacons (e.g., clear GIFs or pixel tags) are tiny graphic image files embedded in a webpage or email that may be used to collect information about the use of our Services, the web services of selected advertisers, and the emails, special promotions, or newsletters that we send. The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ web services or opening emails, and for what purpose. Also, it allows us to enhance our interest-based advertising (discussed further below).
  • Mobile Device Identifiers. Mobile device identifiers help Medi-EHR learn more about our Users’ demographics and internet behaviors. Mobile device identifiers are data stored on mobile devices that may track mobile devices and data, activities occurring on and through it, and the applications installed on it. Mobile device identifiers enable the collection of Personal Data, such as media access control, address, location, and tracking data, including without limitation IP address, domain server, type of device(s) used to access the Services, web browser(s) used to access the Services, referring webpage or other source through which you accessed the Services, other statistics, and information associated with the interaction between your browser or device and the Services.
  • Cross Device Matching. To determine if users have interacted with content across multiple devices and to match such devices, we may work with partners who analyze device activity data and/or rely on your information (including demographic, geographic, and interest-based data). We may also provide de-identified data to these partners to supplement this analysis. Based on this data, we may display targeted advertisements across devices that we believe are associated or use this data to further analyze usage of Services across devices.

 

You can decide whether to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on your browser software) allowing you to decide on acceptance of each new Cookie in a variety of ways. You may also be able to reject mobile device identifiers by activating the appropriate setting on your mobile device. You can also delete all Cookies that are already on your device. Although you are not required to accept Medi-EHR’s Cookies, if you block, reject, or delete them, you may have to manually adjust some preferences every time you access the Services, as some functionalities may not work.

To explore what Cookie settings are available to you, look in the “preferences” or “options” section of your browser’s menu. To find more information about Cookies, including how to manage and delete Cookies, please visit here.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications, and services that you do not wish such operators to track certain of your online activities over time and across different websites. We generally do not support “Do Not Track” requests sent from a browser at this time. To find out more about “Do Not Track,” you can visit here. However, if you are a resident of state with an applicable privacy law, we treat opt-out preference signals as a means of opting out of the sale or sharing of personal information, or of opting out of the processing of personal information for targeted advertising, as applicable, to the extent such signals are present and readable.

Information about Interest-Based Advertisements

We may serve advertisements and allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to collect data on the Services and serve advertisements on and off of the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you or derived or inferred from the online activity or usage patterns of particular users on the Services and/or services of third parties. Such information may include IP address, mobile device ID, operating system, browser, webpage interactions, geographic location, and demographic information, such as gender and age range. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including Web Beacons, from an ad network to you through the Services. Web Beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. This information helps Medi-EHR learn more about our Users’ demographics and internet behaviors. Web Beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web Beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a webpage from their site.

Please note that even after opting out of Interest-Based Ads, you may still see Medi-EHR advertisements that are not interest-based (i.e., not targeted toward you).

Data Security

The security of your Personal Data is important to us. We seek to protect your Personal Data from unauthorized access, use, and disclosure using appropriate physical, technical, organizational, and administrative security measures based on the type of Personal Data and how we process that data. We endeavor to follow generally accepted industry standards to protect the Personal Data submitted to us, both during transmission and in storage.

For example, the Services use industry-standard Secure Sockets Layer (SSL) technology to allow for the encryption of Personal Data. We store and process your information on our servers in the United States and abroad. We maintain what we consider industry-standard backup and archival systems. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanisms; limiting access to your computer or device and browser; and signing off after you have finished accessing your account.

Although we work to protect the security of your account and other data that we hold in our records, for example, by making good faith efforts to store Personal Data in a secure operating environment that is not open to the public, please be aware that no method of transmitting data over the Internet or storing data is completely secure. We cannot and do not guarantee the complete security of any data you share with us, and except as expressly required by law, we are not responsible for the theft, destruction, loss, or inadvertent disclosure of your information or content.

Data Retention

We retain Personal Data about you as necessary to provide our Services or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, provide our Services, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

For example:

We retain your account information and credentials for as long as you have an account with us.
We retain your device/IP data for as long as we need it to ensure that our systems are working appropriately, effectively, and efficiently.
We retain any protected health information (“PHI”) consistent with our obligations under our Business Associate Agreements with Covered Entities and HIPAA.

Children’s Privacy

The Services are not directed to or intended for use by children under 13 years of age. If you are a child under the age of 13, please do not attempt to register for or otherwise use the Services or send us any Personal Data. By accessing, using, and/or submitting information to or through the Services, you represent that you are over the age of 13. As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data from children under the age of 13. If we learn that we have received any Personal Data directly from a child under age 13 without first receiving their parent’s verified consent, we will use that Personal Data only to respond directly to that child (or their parent or legal guardian) to inform the child that they cannot use the Services. We will then subsequently delete that child’s Personal Data. If you believe that a child under 13 may have provided us with Personal Data

If you are between the age 13 and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.

If you use the Services on behalf of another person, regardless of age, you agree that Zocdoc may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.

Changes to this Privacy Policy

We reserve the right to amend our Privacy Policy at our discretion and at any time. When we make changes to the Privacy Policy, we will notify you by email or through a notice on our website homepage. Use of the information we collect is subject to the Privacy Policy in effect at the time such information is collected.

Contact Information

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data, your choices, and rights regarding such use, please do not hesitate to contact us at:

E-mail: support@medi-ehr.com
Address: 90 Washington Valley Rd, Bedminster, NJ 07921
Phone: 888.633.1367
Fax: 800.853.3242