Effective as of February 24, 2013
Our TRUSTe Privacy Seal
The Information We Collect
PatientPlus collects the following types of information (collectively, the “Information”), both directly from you and indirectly through your and other users’ use of the Platform.
1. Personal Information
When you set up an account to use the Services, either as a Doctor or Patient, or when you use certain aspects of the Services (such as when a Patient books an appointment with a Doctor), you will be required to provide us with personal information about yourself (collectively, the “Personal Information”). Such Personal Information includes your name, address, e-mail address, and phone number.
We do not collect any Personal Information from you when you use the Services unless you provide us with the Personal Information voluntarily. Also, Personal Information does not include Health Information.
2. Health Information
In order to make full use of the Services, Patients have the ability to upload, share, and permit their Doctors to share Health Information. See below for additional information concerning how we use and disclose your Health Information. Such Health Information includes the names of Patients’ Doctors, appointment information (such as dates, times, and reasons for visits), and any other medical information Patients share with us or authorize their Doctors to share via the Services. For purposes of the Services, “Health Information” means any information, whether oral or recorded in any form or medium, that relates to the past, present, or future physical or mental health or condition of a Patient; the provision of health care to a Patient; or the past, present, or future payment for the provision of health care to a Patient.
3. Billing Information
When Patients or Doctors make purchases through the Platform, they will need to provide us certain billing information, such as debit card numbers, credit card numbers, billing addresses, and similar information (collectively, the “Billing Information”).
4. Geolocational Information
In order to provide the Services while you are using our Mobile App, we may, with your consent, automatically collect geolocational information from your mobile device, your wireless carrier, or certain third-party service providers (“Geolocational Information”). Collection of such Geolocational Information occurs only when the Services are running on your mobile device. You may decline to allow us to collect such Geolocational Information, in which case PatientPlus will not be able to provide certain Services to you. Because your Geolocational Information is subject to abuse by others, please be sure to manage your mobile device and privacy preferences on the Services on an ongoing basis.
5. Other Information
In addition to the information noted above, we may collect additional information (collectively, the “Other Information”). Such Other Information may include:
a. From You. Additional information about yourself that you voluntarily provide to us, such as zip code, age, household income range, number of children, gender, personal interests, and your product and service preferences, and other information that does not identify you personally.
b. From Your Activity. Information that we automatically collect when you use the Services, including, without limitation:
• IP addresses, browser type and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website Visitors visit, etc.;
• Information about a mobile device, including universally unique ID (“UUID”), Platform type and version (e.g., iOS or Android), carrier and country location, hardware and processor information (storage, chip speed, camera resolution, NFC enabled, and network type (WiFi, 2G, 3G, 4G); and
• Activity and usage information occurring via the Services, including purchase information, tagging data, favorites, survey responses, preferences, session lengths; and similar data.
c. From Cookies. Information that we collect using “cookie” technology. Cookies are small packets of data that a website stores on your computer’s or mobile device’s hard drive so that your computer will “remember” information about your visit. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to help us collect Other Information and to enhance your experience using the Platform. If you do not want us to place a cookie on your hard drive, you may be able to turn that feature off on your computer or mobile device. Please consult your Internet browser’s documentation for information on how to do this and how to delete persistent cookies. However, if you decide not to accept cookies from us, the Platform may not function properly.
Treatment and Use of Health Information; Sharing Authorization
The Platform provides Patients the ability to communicate with certain individuals and entities (e.g., Doctors and family members) that they have approved in advance. Patients’ communications with such individuals and entities through the Platform may include Health Information. Patients (and not PatientPlus) are solely responsible for reviewing and approving any individuals and entities before deciding whether to share their Health Information with such individuals and entities.
As a user of the Platform, Patients hereby authorize PatientPlus to make the following disclosures and uses of their Health Information, in addition to the specific uses set forth in the “How We Use and Share the Information” section below:
- PatientPlus may disclose Health Information to those individuals and entities to whom Patients have granted access to view their Health Information.
- PatientPlus may use Health Information as necessary to (i) manage and administer its business, including providing Patients with the Services that they have requested on the Platform, and (ii) carry out its legal responsibilities.
- PatientPlus may disclose Health Information for purposes of treating Patients in a medical emergency. Such disclosure may be made to medical professionals (including Doctors, nurses, paramedics, and their related staff), family members, close friends, or anyone else whom PatientPlus reasonably believes such disclosure would be in the Patients’ best interest.
- PatientPlus may disclose Health Information if it is legally required to do so (for example, pursuant to an order of a court or administrative tribunal). Any such disclosure would be only to the extent expressly authorized by such order.
If the individuals and entities that Patients authorize to receive their Health Information from PatientPlus are not subject to federal or state health information privacy laws, subsequent disclosure by such persons and entities may not be prohibited and/or protected by those laws. Patients may revoke all or part of the authorization granted to PatientPlus above in writing at any time by sending a signed and dated statement to PatientPlus as set forth in the “How to Contact Us” section below:
Notwithstanding the foregoing, to the extent that PatientPlus has received your Health Information from a Covered Entity (as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)), in its capacity as a Business Associate (as defined under HIPAA), the terms of the applicable Business Associate Agreement shall govern PatientPlus’ use and disclosure of such Health Information, and shall supersede the foregoing in the event of an inconsistency between the two.
Direct messages Patients send from the Platform to healthcare providers or friends and family are sent only to the individuals that the Patient has specifically designated to receive that message by clicking on that individual’s (or group’s) avatar. Such designation indicates that the individual or group is set to receive the message. Any healthcare providers or friends and family that are part of the receiving party’s network do not see any messages that the Patient sends to the healthcare provider or friends and family members directly. Should Patients choose to check their Facebook or Twitter icons, the contents of that message will be sent to those accounts and will be public or private according to that site’s policies and the Patient’s privacy settings. If Patients send a message in error, they do have the opportunity to stop the message from being delivered by following the instructions on the Platform.
If any user chooses to use our referral service to nominate, share, email, refer a friend, refer a family member, send to friend, or invite a friend to inform them about a Doctor and/or our Services, we will ask the user for his or her friend’s name and email address. We will automatically send the referred friend or family member a one-time email inviting him or her to visit the profile of the Doctor and/or the Platform according to the user’s request. PatientPlus stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program. The referred friend or family member may contact us as set forth below to request that we remove this information from our database.
The Information Collected by or Through Third-Party Advertising Companies
Accessing and Modifying Personal Information and Communication Preferences
If you have registered for the Services, you may access, review, and make changes to your Personal Information, Health Information, Billing Information, and certain Other Information by following the instructions found on the applicable Platform. In addition, you may manage your receipt of marketing and non-transactional communications by clicking on the “unsubscribe” link located on the bottom of any PatientPlus marketing email. Patients and Doctors cannot opt out of receiving transactional e-mails related to their account. We will use commercially reasonable efforts to process such requests in a timely manner. You should be aware, however, that it is not always possible to completely remove or modify information in our subscription databases. In addition, please note that we are not responsible for updating or removing any information contained in Doctors’ or Doctors’ networks’ lists or databases.
How We Use and Share the Information
In addition to the uses and disclosures noted above with respect to Patients’ Health Information, we also use the Information to provide you the Services, solicit your feedback, inform you about our products and services and those of our third-party marketing partners, to administer our rewards and promotional programs, and to improve our Services to you. Also, we may use and share the Information as described below.
- Unless otherwise marked “private” through the functionality of the Platform, all of your posts on the Platform will be publicly viewable and shareable by other users.
- With your permission, we may share your Personal Information, Health Information, Geolocational Information, and certain Other Information with other registered users in your personal network whom you designate as having the right to view such information. You may change such designations at any time by following the instructions on the Platform.
- In order to provide the Services and administer our rewards and promotional programs, we may share your Personal Information, Geolocational Information, and Other Information with our third-party promotional and marketing partners, including, without limitation, business participating in our various programs.
- As part of our Services, we will list all Doctors in our publicly-accessible member directory. If you do not want to be listed in our directory, you may deactivate your account or you may contact us as set forth below.
- In an ongoing effort to better understand our users and our Services, we might analyze the Other Information and the Geolocational Information in aggregate form in order to operate, maintain, manage, and improve the Services and the Platform. This aggregate information does not identify you personally. We may share this aggregate data with our affiliates, agents, and business partners. We may also disclose aggregated user statistics in order to describe our products, Services, and Platform to current and prospective business partners and to other third parties for other lawful purposes.
- We may employ other companies and individuals to perform functions on our behalf. Examples may include providing marketing assistance, information technology support, order fulfillment, billing assistance, and customer service. These other companies will have access to the Information only as necessary to perform their functions and to the extent permitted by law.
- With your permission, third-party applications or services may access your Personal Information. We use standard OAuth (open authorization) to enable you to give permission to share your Personal Information with other websites and services, such as Facebook and Twitter (e.g., when you agree to a pop-up requesting you to allow another application to access your account information). We also use OAuth to allow us to share information about you that is stored by us without sharing your security credentials.
- We may share some or all of your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
- As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
- To the extent permitted by law, we may also disclose the Information when required by law, court order, or other government or law enforcement authority or regulatory agency, or whenever we believe that disclosing the such Information is necessary or advisable, for example, to protect the rights, property, or safety of PatientPlus or others.
How We Protect Your Information
We take commercially reasonable steps to protect the Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. Please understand, however, that no security system is impenetrable. We cannot guarantee the security of our databases, nor can we guarantee that the Information you supply will not be intercepted while being transmitted to and from us over the Internet. In particular, e-mail sent to or from the Platform may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.
Important Notice to Non-U.S. Residents
The Platform and the Services are operated in the United States. If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using the Services and/or providing us with any Information, you consent to this transfer.
How to Contact Us
137 Varick St. 2nd Floor
New York, NY 10013