 |
 |
|
|
||
|
||
|
||
|
||
|
MedExpert International, Inc. (“MedExpert”) values the trust and privacy of its members and other supporters. This Privacy Policy sets forth MedExpert's practices regarding: (1) what personal information we collect about you—both online via the MedExpert website and offline via traditional, hard copy forms; (2) how we use that information; (3) under what circumstances we disclose it; (4) what choices are available to you regarding such information collection; and (5) what security we use to protect such information. This Privacy Policy also provides some additional information for users of the MedExpert website, including a summary of MedExpert's compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations.
II. Definitions
As used in this Privacy Policy, the following terms have the meanings indicated below:
1. The term “we” or “us” means MedExpert.
2. The term “you” means a person who has provided personal information to us in connection with obtaining a MedExpert service.
3. The term “personal information” means any piece of information that on its own can specifically identify a current or former MedExpert user or other person who has provided personal information to us in connection with obtaining a MedExpert service. This would include, but is not limited to, full name, postal address, e-mail address, social security number, or financial information.
4. The term “MedExpert website” means MedExpert's external website located at: http://www.medexpert.com and any future websites that we may develop.
5. The term “MedExpert-related organizations” means any entity created by MedExpert.
6. The term “third party” means a legal entity that is separate and independent from MedExpert, its state and local affiliates, or any MedExpert-related organization.
7. The term “cookie” means a small file that is placed on your computer that allows a website to store, and sometimes track, information about how you use that website.
8. The term “discussion forum” means an asynchronous website component that enables users to exchange ideas by posting questions and answers on relevant subjects. Discussion forums are also commonly referred to as “discussion groups,” “discussion boards,” “message boards,” “bulletin boards,” and “online forums.”
III. Personal Information Collected
We may collect personal information about you from the following sources:
1. Personal Information that you voluntarily provide to us on Member Question forms and other MedExpert forms—whether online via the MedExpert website or offline via traditional, hard copy forms (such as your name, postal address, telephone number, e-mail address, or social security number).
2. Other Personal Information that you voluntarily provide to us via the MedExpert website (such as an e-mail address if you subscribe to an MedExpert-produced electronic newsletter or other personal information contained in an e-mail that you send to us via the feedback feature of the MedExpert website).
3. Personal Information that we receive from our state and local affiliates or other MedExpert-related organizations (such as your name, postal address, telephone number, e-mail address, social security number, etc.).
4. Personal Information that we receive from third parties.
IV. How We Use That Information
The personal information that MedExpert collects about you helps us and our state and local affiliates and MedExpert-related organizations to efficiently and effectively represent you and provide you with valuable member benefits.
V. Available Choices
Any personal information that you provide to us is voluntary. MedExpert users may update their personal information at any time.
VI. Your California Privacy Rights
California residents have a right under state law to ask entities with whom they have an established business relationship to provide certain information regarding the sharing of personal information for direct marketing purposes during the past year. MedExpert will honor such a request coming from any current or former MedExpert user or other person who has provided personal information to us in connection with obtaining an MedExpert product or service—whether residing in California or not.
VII. Information Security
We maintain administrative, technical, and physical safeguards designed to: (1) ensure the security and confidentiality of your personal information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information.
We store and process your personal information on our computers in the United States, and we protect it by maintaining physical, electronic and procedural safeguards in compliance with applicable U.S. federal and state regulations. We use computer safeguards such as firewalls and data encryption. We enforce physical access controls to our buildings and files. We also authorize access to personal information only for those employees who require it to fulfill their job responsibilities.
VIII. HIPAA (Health Insurance Portability and Accountability Act) Compliance
MedExpert is fully compliant with HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996. A major component of HIPAA addresses the privacy of individuals’ health information and how it can be used and disclosed. The HIPAA privacy laws became effective on 14 April, 2003.
HIPAA rules cover any health or medical information of identifiable individuals, including their medical records, medical billing records, any clinical or research databases, and tissue bank samples.
A HIPAA-compliant entity cannot use or disclose protected health information for any purpose other than treatment, payment, or health care operations without either the authorization of the individual or under an exception in the HIPAA regulations.
In addition to limiting the use and disclosure of protected health information, HIPAA also gives the patients the right to access this information and to know who the covered entity has disclosed this information to (including investigators' research files). It also restricts most disclosures to the minimum to accomplish the intended purpose and establishes criminal and civil penalties and fines for improper use and disclosure by HIPAA covered entities.
HIPAA “Marketing” Exemptions
[45 CFR 164.501, 164.508(a)(3)] In general, the use of patient health information for marketing purposes is prohibited under the HIPAA privacy policy without prior authorization from the patient. However, there are exceptions to the definition of marketing for which MedExpert qualifies. The U.S. Department of Health and Human Services Office for Civil Rights has issued a privacy review (http://www.hhs.gov/ocr/hipaa/guidelines/marketing.pdf) that states,
A communication is not “marketing” if it is made for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health car providers, or settings of care to the individual.
HIPAA requires compliant entities to:
....................
This document is effective 18 June, 2007. MedExpert retains the right to amend or otherwise update this document at any time for any reason.
