Privacy Policy

Last updated: september 13, 2016

This is MyMeds’ Privacy Policy. It applies to anyone who uses our Services.  Please read this Privacy Policy, which among other things, describes how MyMeds (“we,” “our” or “us”) collects, uses, protects and under what circumstances discloses your information.

MyMeds is dedicated to protecting the privacy rights of users of our Services.  Our policies with respect to the handling of Personal Information with respect to these Services are described within this Privacy Policy.

1.     Definitions we use in our Privacy Policy

·      “Health Care Operations” include functions such as quality assessment and improvement activities, conducting or arranging for medical review, legal services and auditing functions, general business and administrative activities.

·      “HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended.

·      “Medical Provider” means one or more clinically based providers who provide you with medical care in terms of identifying, diagnosing and treating medical conditions.

·      “Payment” means activities undertaken to obtain or provide reimbursement for health care, including determinations of eligibility of coverage, billing, collection activities, medical necessity determinations and utilization review.

·      “Personal Information” means information that can specifically identify you as well as information about you that may be combined with identifying information, such as your name, address, phone number, date of birth, social security number, email address, etc.

·      “PHI” or “Protected Health Information” has the meaning given under HIPAA.

·      “Services” means the MyMeds™ suite of applications that provide you with tools or techniques that help you to comply with your doctor’s instructions for taking your prescribed medicines.   These Services are provided both on our web site and via our mobile platforms.

·      “Sponsor” means the party, such as your employer; your health insurer or a pharmacy benefit management provider that has contracted with MyMeds to provide our Services to you.

·      “Treatment” means the provision, coordination or management of health care and related services, consultation between providers relating to an individual or the referral of an individual to another provider for health care.

2. Will This Privacy Policy Change?

Yes. Every participant should read and understand the following key points about any changes we make. We may modify, alter or update our Privacy Policy at any time, so we encourage you to review our Privacy Policy frequently. Continued use of our Services following a change means you agree with the terms of the revised Privacy Policy.  The following are some key points for you to remember:

·      We will not provide you with an individual notice of changes made to our Privacy Policy for items that we determine, in our sole discretion, are not significant or material changes. Examples of these types of changes would be to update regulatory references, correct administrative types of errors or to comply with new legal requirements that don’t significantly change how we handle your information.

·      For anything we determine, in our sole discretion, to be significant or material, we will provide you with some additional notice using the most recent email address you provided or by posting a notice on our web site.   A material change is any change that affects how your data is used or shared in any way that is not already described in this Privacy Policy.

·      We will not intentionally make any change or take any action that would violate any regulatory, privacy or security requirement, contractual obligation or other legal requirement.

·      Each time we make a material or significant change, we will update the date at the top of this document.

3. Why Do We Collect Information About You?

We collect information about you in order to determine your eligibility for our Services, to provide you with our Services and for us to tailor our Services for you. Information may include Personal Information like your name, address, gender, medicine taken or your health conditions.

We use the information collected from you to tailor our Services to your specific needs.  One example of this would be using your preferred email address and/or name in any of our communications sent to you.

4. What Services Do We Provide?

We provide eligible users with information and tools designed to help participants comply with their doctors’ instructions related to taking their medicines.  Our Services are delivered primarily via our web site and our mobile device applications.

5. How do we communicate with you?

We will make available to you a range of methods for communicating with us.  These include, but are not limited to, email, text, chat and push notifications (for smart phone devices).  You have the ability to choose the communication methods you prefer us to use to communicate with you and you also have the ability to opt out of any of these methods at any time.

6. Where Do We Get Information About You?

We collect information about you to provide our Services to our eligible users, to enhance our user’s experience, and to help provide security and/or to improve system performance.  We collect information about you from several sources, including:

From You:

  • When you provide us with information.
  • When you choose to complete surveys or questionnaires.
  • When you use any of our online Services.
    • We use various tracking methods when people visit our web site or use any of our Services. 
    • When you use our web site or mobile applications we will collect information that is specific to you.  The following are some, but not all of the types of information we will collect.  The specific elements change over time.
      • Date and time of use
      • Type of mobile device
      • Type of browser
      • Number of sessions
      • Activities you perform while using our application(s)

From your Sponsor:

  • Depending on the Services that your Sponsor has selected, we may collect medical or pharmacy related claims information from your insurer(s) or third-party administrators at the direction of your Sponsor.
  • Your Sponsor may provide personal information about you, your spouse and/or your dependents that may include, but is not limited to:
    • individual’s name
    • date of birth
    • gender
    • mailing address
    • telephone number
    • email address
    • medication related information
    • medical conditions
    • health insurance related data
    • marital status and/or
    • language spoken.

From your use of our web site and mobile application, including:

·       Non-Identifiable Information.  We will collect a range of information from all visitors to our web site using various methods and tools, including the use of cookies. Some of this information may be tied to your email address and as such, is identifiable as you. The types of information we collect include, but are not limited, to the following:

o   Number of visitors to the web site

o   The websites from which visitors came to our web site

o   The pages visited while on our web site

o   The length of visits to our web site

o   The names of internet providers

o   Internet Protocol (IP) addresses

o   Browser information

o   Connection speed

o   Search terms used to find our web site

·      Cookies.

Cookies are small files that a web site can store on your computer or mobile device for record keeping or other administrative purposes. We use both session ID cookies and persistent cookies. Session cookies expire when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. A persistent cookie will keep user preferences, for example language preference. If you are concerned about the use of cookies, you can choose to enable a feature in your browser software that will erase cookies, block all cookies or warn the user before cookies are stored or exchanged. If you reject all cookies, you may not be able to log into our web site or use all of our web site’s features.

Our partners, affiliates, tracking utility company and service providers may use session ID and persistent cookies to make it easier for you to navigate our web site. We have access and control over the use of cookies used by these parties on our web site.  As additional service providers are added, we will maintain control of the use of cookies by these parties on our web site.

·      MyMeds Session Cookies.

We use session cookies to maintain the state of the currently logged-in user and another cookie to represent and track that user within our system. Other cookies of this type are used for security related purposes to better protect you and our system from potential misuse.

·      MyMeds Persistent Cookies.

Persistent cookies are used to track user preferences, such as preferred language, last page visited and similar types of helpful user items. These can be blocked, but the site may not function as expected if this is done.

7. Where will we keep your data?

Your data will be kept within a physically secure data center located within the United States. 

8. Do We Share Information We Have About You?

We will disclose information we have about you in order to provide you with our Services. We will share your personal information with third parties only in the ways that are described in this Privacy Policy. Disclosures will only be made to entities that are legally entitled to the data and are contractually committed to protect the data in accordance with applicable regulatory and contractual requirements.

·      Disclosure To Our Business Partners.

We enter into agreements with our trusted business partners to assist us in providing you with our medicine management solution. These business partners are authorized to use your personal information only as necessary to provide our Services to you or as otherwise covered by our agreements with them. These business partners are required by HIPAA and our agreements with them to protect your Personal Information (including your Protected Health Information) and to comply with applicable laws or regulations, including HIPAA.

·      Disclosure To Sponsors.

We may share Protected Health Information with the Sponsor for plan administration purposes and/or coordination of your care.  Unless the Sponsor is permitted to obtain individually identifiable Protected Health Information under U.S. law, we will de-identify such Protected Health Information before providing it to them.  De-identified information is data that has been separated from information that would enable the recipient to identify a particular individual. When providing the Sponsor with access to your information, we ensure we provide them with only the minimum information necessary.

We will not share your individually identifiable Protected Health Information with your employer for employment-related purposes. Unless an employer has a legal right to obtain your Protected Health Information, such as for plan administration purposes, we will de-identify such information before providing it to your employer.

·      Disclosure For Marketing Purposes.

We will not send marketing materials to you, except as permitted by HIPAA.  We do not permit advertising. We do not sell and will not give your individually identifiable information to anyone or to any other entity for marketing purposes. We will use your information to communicate with you about our Services that are available to you as a benefit under your health plan.

·      Disclosure To Meet Legal Requirements.

We will not share Personal Information with a third party without prior authorization, except (i) in compliance with law, regulation or other legal processes (ii) to protect the rights, property or safety of us or others, (iii) in emergency situations, (iv) in the event that we, or substantially all of our assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganization, consolidation or liquidation, in which case Personal Information may be one of the transferred assets, you will be notified via email and/or a prominent notice on our web site of any change in ownership or uses of your Personal Information, as well as any choices you may have regarding your Personal Information, or (v) for purposes of carrying out Payment or Health Care Operations (as defined above).

Sharing of information in any of these above cases will only be done when in full compliance with applicable laws, including HIPAA.

9. Do I Have Choices Related To My Personal Data?

You have the ability to “Opt Out” of communications from us if you wish by changing your communication preferences, but this will limit our ability to support you when or if you have questions.  It will also limit our ability to provide you with important updates from us, and/or potentially from your Sponsor.

You may also tell us you do not want your data shared with us or shared by us with our partners and we will honor any such request, but if you choose this option we will not be able to provide you with the majority of our Services.

10. Can I Correct Errors With My Personal Data?

You always have the ability to access and correct or delete any errors with your Personal Information. We strongly encourage you to contact us if you have any issues in this regard by sending us an email at support@my-meds.com.  We will typically respond to your request within 10 business days. 

We will retain your information for as long as your account is active or as needed to provide you Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Your data will be deleted within 24-48 hours upon your request or within a short period of time after the contract under which you receive our Services is terminated.

Business Associate Agreements will require that the PHI be returned or destroyed if feasible.

Disposal of any physical or electronic Protected Health Information is performed in compliance with HIPAA.

11. Do We Comply With Regulatory Requirements?

Whenever we collect or receive Protected Health Information, we do so under agreements with our clients that require us to comply with the applicable Privacy Rule of HIPAA.  You can learn more about the HIPAA Privacy, Security and Breach Notification Rules at http://www.hhs.gov/ocr/privacy/.

We take our obligations under HIPAA seriously and we take the necessary steps to safeguard your privacy and security.

12. Links To Other Websites

If applicable, we may include links to other web sites on our web site at your Sponsor’s direction. We do not endorse and are not responsible for the information practices or privacy policies of these web sites operated by others that may be linked to or from our web site. If you decide to access a third party’s web site that may be linked to or from our web site, you should consult that web site’s Privacy Policy; Terms of Service, Terms of Use or other similar types of documents.

13. Data Security

Data security is implemented through physical, administrative and technical safeguards we have put in place and the operational procedures we adhere to in order to protect your information. We have a security program based on the ISO27001/2 security framework and incorporate various leading practice based recommendations for specific implementation items. Our entire program is audited annually by independent auditors as part of a SSAE16 SOC2 Type 2 audit.

14. Children’s Privacy

The site is not intended for use by children under the age of 13. We will not knowingly collect any personal information from persons under the age of 13. If you think that we have collected personal information from a person under the age of 13, please contact us immediately at support@my-meds.com

15. Special Notification for California Residents

As was mentioned earlier, we do not share Personal Information for marketing purposes; however, individual customers who reside in California and have provided their Personal Information to us may request information about our disclosures of certain categories of Personal Information to third parties for their direct marketing purposes. Such requests must be submitted to us at one of the following addresses: support@my-meds.com or MyMeds, Inc., Attn: California Privacy Request, 807 Broadway St. NE, Suite 206, Minneapolis, MN55413. Within thirty days of receiving such a request, we will provide a list of the categories of Personal Information disclosed to third parties for third-party direct marketing purposes during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this paragraph.

16.  MyMeds does not support DNT

At this time MyMeds sites do not recognize automated browser signals regarding tracking mechanisms, which may include ‘do not track’ instructions. However, you can change your privacy preferences regarding the use of cookies and similar technologies through your browser. You may set your browser to accept all cookies, block certain cookies, require your consent before a cookie is placed in your browser, or block all cookies. Please consult the ‘Help’ section of your browser for more information.

17.  Contact Us

If you have any questions, comments or complaints about our Privacy Policy or our Services please contact us so we can help. You can reach us by using the methods identified below.

For any questions or comments related to this or the other documents referenced within this document you may also write to us at support@my-meds.com.