Last updated: september 13, 2016
· “Health Care Operations” include functions such as quality assessment and improvement activities, conducting or arranging for medical review, legal services and auditing functions, general business and administrative activities.
· “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended.
· “Medical Provider” means one or more clinically based providers who provide you with medical care in terms of identifying, diagnosing and treating medical conditions.
· “Payment” means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility of coverage, billing, collection activities, medical necessity determinations and utilization review.
· “Personal Information” means information that can specifically identify you as well as information about you that may be combined with identifying information, such as your name, address, phone number, date of birth, social security number, email address, etc.
· “PHI” or “Protected Health Information” has the meaning given under HIPAA.
· “Services” means the MyMeds™ suite of applications that provide you with tools or techniques that help you to comply with your doctor’s instructions for taking your prescribed medicines. These Services are provided both on our web site and via our mobile platforms.
· “Sponsor” means the party, such as your employer; your health insurer or a pharmacy benefit management provider that has contracted with MyMeds to provide our Services to you.
· “Treatment” means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or the referral of an individual to another provider for health care.
· We will not intentionally make any change or take any action that would violate any regulatory, privacy or security requirement, contractual obligation or other legal requirement.
· Each time we make a material or significant change, we will update the date at the top of this document.
3. Why Do We Collect Information About You?
We collect information about you in order to determine your eligibility for our Services, to provide you with our Services and for us to tailor our Services for you. Information may include Personal Information like your name, address, gender, medicine taken or your health conditions.
We use the information collected from you to tailor our Services to your specific needs. One example of this would be using your preferred email address and/or name in any of our communications sent to you.
4. What Services Do We Provide?
We provide eligible users with information and tools designed to help participants comply with their doctors’ instructions related to taking their medicines. Our Services are delivered primarily via our web site and our mobile device applications.
5. How do we communicate with you?
We will make available to you a range of methods for communicating with us. These include, but are not limited to, email, text, chat and push notifications (for smart phone devices). You have the ability to choose the communication methods you prefer us to use to communicate with you and you also have the ability to opt out of any of these methods at any time.
6. Where Do We Get Information About You?
We collect information about you to provide our Services to our eligible users, to enhance our user’s experience, and to help provide security and/or to improve system performance. We collect information about you from several sources, including:
- When you provide us with information.
- When you choose to complete surveys or questionnaires.
- When you use any of our online Services.
- We use various tracking methods when people visit our web site or use any of our Services.
- When you use our web site or mobile applications we will collect information that is specific to you. The following are some, but not all of the types of information we will collect. The specific elements change over time.
- Date and time of use
- Type of mobile device
- Type of browser
- Number of sessions
- Activities you perform while using our application(s)
From your Sponsor:
- Depending on the Services that your Sponsor has selected, we may collect medical or pharmacy related claims information from your insurer(s) or third-party administrators at the direction of your Sponsor.
- Your Sponsor may provide personal information about you, your spouse and/or your dependents that may include, but is not limited to:
- individual’s name
- date of birth
- mailing address
- telephone number
- email address
- medication related information
- medical conditions
- health insurance related data
- marital status and/or
- language spoken.
From your use of our web site and mobile application, including:
o Number of visitors to the web site
o The websites from which visitors came to our web site
o The pages visited while on our web site
o The length of visits to our web site
o The names of internet providers
o Internet Protocol (IP) addresses
o Browser information
o Connection speed
o Search terms used to find our web site
· MyMeds Session Cookies.
We use session cookies to maintain the state of the currently logged-in user and another cookie to represent and track that user within our system. Other cookies of this type are used for security related purposes to better protect you and our system from potential misuse.
· MyMeds Persistent Cookies.
Persistent cookies are used to track user preferences, such as preferred language, last page visited and similar types of helpful user items. These can be blocked, but the site may not function as expected if this is done.
7. Where will we keep your data?
Your data will be kept within a physically secure data center located within the United States.
8. Do We Share Information We Have About You?
· Disclosure To Our Business Partners.
We enter into agreements with our trusted business partners to assist us in providing you with our medicine management solution. These business partners are authorized to use your personal information only as necessary to provide our Services to you or as otherwise covered by our agreements with them. These business partners are required by HIPAA and our agreements with them to protect your Personal Information (including your Protected Health Information) and to comply with applicable laws or regulations, including HIPAA.
· Disclosure To Sponsors.
We may share Protected Health Information with the Sponsor for plan administration purposes and/or coordination of your care. Unless the Sponsor is permitted to obtain individually identifiable Protected Health Information under U.S. law, we will de-identify such Protected Health Information before providing it to them. De-identified information is data that has been separated from information that would enable the recipient to identify a particular individual. When providing the Sponsor with access to your information, we ensure we provide them with only the minimum information necessary.
We will not share your individually identifiable Protected Health Information with your employer for employment-related purposes. Unless an employer has a legal right to obtain your Protected Health Information, such as for plan administration purposes, we will de-identify such information before providing it to your employer.
· Disclosure For Marketing Purposes.
We will not send marketing materials to you, except as permitted by HIPAA. We do not permit advertising. We do not sell and will not give your individually identifiable information to anyone or to any other entity for marketing purposes. We will use your information to communicate with you about our Services that are available to you as a benefit under your health plan.
· Disclosure To Meet Legal Requirements.
We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, (iv) in the event that we, or substantially all of our assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets, you will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information, or (v) for purposes of carrying out Payment or Health Care Operations (as defined above).
Sharing of information in any of these above cases will only be done when in full compliance with applicable laws, including HIPAA.
9. Do I Have Choices Related To My Personal Data?
You have the ability to “Opt Out” of communications from us if you wish by changing your communication preferences, but this will limit our ability to support you when or if you have questions. It will also limit our ability to provide you with important updates from us, and/or potentially from your Sponsor.
You may also tell us you do not want your data shared with us or shared by us with our partners and we will honor any such request, but if you choose this option we will not be able to provide you with the majority of our Services.
10. Can I Correct Errors With My Personal Data?
You always have the ability to access and correct or delete any errors with your Personal Information. We strongly encourage you to contact us if you have any issues in this regard by sending us an email at email@example.com. We will typically respond to your request within 10 business days.
We will retain your information for as long as your account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Your data will be deleted within 24-48 hours upon your request or within a short period of time after the contract under which you receive our Services is terminated.
Business Associate Agreements will require that the PHI be returned or destroyed if feasible.
Disposal of any physical or electronic Protected Health Information is performed in compliance with HIPAA.
11. Do We Comply With Regulatory Requirements?
Whenever we collect or receive Protected Health Information, we do so under agreements with our clients that require us to comply with the applicable Privacy Rule of HIPAA. You can learn more about the HIPAA Privacy, Security and Breach Notification Rules at http://www.hhs.gov/ocr/privacy/.
We take our obligations under HIPAA seriously and we take the necessary steps to safeguard your privacy and security.
12. Links To Other Websites
13. Data Security
Data security is implemented through physical, administrative and technical safeguards we have put in place and the operational procedures we adhere to in order to protect your information. We have a security program based on the ISO27001/2 security framework and incorporate various leading practice based recommendations for specific implementation items. Our entire program is audited annually by independent auditors as part of a SSAE16 SOC2 Type 2 audit.
14. Children’s Privacy
The site is not intended for use by children under the age of 13. We will not knowingly collect any personal information from persons under the age of 13. If you think that we have collected personal information from a person under the age of 13, please contact us immediately at firstname.lastname@example.org
15. Special Notification for California Residents
As was mentioned earlier, we do not share Personal Information for marketing purposes; however, individual customers who reside in California and have provided their Personal Information to us may request information about our disclosures of certain categories of Personal Information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following addresses: email@example.com or MyMeds, Inc., Attn: California Privacy Request, 807 Broadway St. NE, Suite 206, Minneapolis, MN55413. Within thirty days of receiving such a request, we will provide a list of the categories of Personal Information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.
16. MyMeds does not support DNT
17. Contact Us
For any questions or comments related to this or the other documents referenced within this document you may also write to us at firstname.lastname@example.org.