Privacy Policy

We are committed to protecting the privacy of your information. This Privacy Policy describes our privacy practices and how We use the information you provide when using our website eHIPAA. com. By using eHIPAA.com, you agree to and consent to the collection and use of your information as described below. This Privacy Policy is governed by and incorporated by reference into the Terms of Service, available at https://ehipaa.com/terms .

If you do not want us to use your information as described in the Privacy Policy, please do not use eHIPAA.com. Additionally, you may opt out of use of your information as described in this Policy by contracting Us as described below.

1. About Us

One of the organizations helping provide eHIPAA.com to you is CareMetx, LLC, which operates and manages eHIPAA.com. (eHIPAA.com and CareMetx are individually and collectively referred to as “We” and/or “Us” in this Privacy Policy and on this Website) We offer this Web site as a way to obtain your agreement (or authorization) to share certain health information about you. (“Our Services”) Before We share any information, We make sure you understand who will receive your health information and why they are requesting it. For example, your doctor may have suggested that you participate in a program that will help you pay for your medications. In order to determine if you are eligible for that program, you may need to provide certain personal or health information to the pharmaceutical company that manufacturers the medication you are taking. If you do not want to share your information in the way described, you may decide not to complete the agreement/authorization process. You understand that if you do not agree or authorize the disclosure, you may not be able to participate in the program being described to you. Our Web site may contain links to other Web sites. We are not responsible for the information practices or the content of such other Web sites. We encourage you to review the privacy policies of other Web sites to understand their information practices.

2. Information Collected

We collect information from individuals who visit our Web Site (“Visitors”) and individuals who subscribe to use the Services (“Customers”). In order to be able to use the Services, you will have to electronically submit data or information (“Customer Data”). When you sign up to use our Services, We will ask you for certain identifying information so that We can verify your identity. The Customer Data that We will ask you to provide in that verification process is your name, your birth date, and your email address. We may also request that you provide Us with a verification code that We send to your email address. In some cases We may request additional information to help verify your identify. If you choose to complete the agreement/authorization process, We will request that you submit an electronic signature as well. When expressing an interest in obtaining additional information about the Services, We will require you to provide us with personal contact information, such as name, address, phone number, and email address (“Required Contact Information”). As you navigate our Web site, We may also collect information through the use of commonly-used information-gathering tools, such as cookies (“Web Site Navigational Information”). Web Site Navigational Information includes standard information from your Web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on our Web sites (such as the Web pages viewed and the links clicked).

3. Use of Information Collected

We use the information you provide to Us to perform the Services. For example, if you provide Us with your verification information and a signed authorization form, We will provide your information to our business partner so that they may provide their Services to you. Before We provide information to those business partners, We will tell you who they are, and get your agreement (or authorization) to share your information. We use Web Site Navigational Information to operate and improve our Web sites.

4. Web Site Navigational Information

We use commonly-used information-gathering tools to collect information as you navigate the Company’s Web sites (“Web Site Navigational Information”). This section describes the types of Web Site Navigational Information that may be collected on our Web site and how this information may be used.

Cookies

We use cookies to make interactions with our Web site easy and meaningful. When you visit our Web site, one of our servers may send a cookie to your computer. Standing alone, cookies do not personally identify you. They merely recognize your Web browser. Unless you choose to identify yourself to us, either by responding to a promotional offer or filling out a Web form, you remain anonymous to Us. We use cookies that are session-based and persistent-based. Session cookies exist only during one session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you close your browser or turn off your computer. If you have chosen to identify yourself to us, We use session cookies containing encrypted information to allow us to uniquely identify you. Each time you log into the Services, a session cookie containing an encrypted, unique identifier that is tied to your account is placed your browser. These session cookies allow use to uniquely identify you when you are logged into the Services and to process your online transactions and requests. Session cookies are required to use the Services. We use persistent cookies that we can read and use to identify browsers that have previously visited our Web site. If you disable your Web browser’s ability to accept cookies, you will be able to navigate the Web site, but you may not be able to successfully use the Services. We may use information from session and persistent cookies in combination with Data about our Customers to provide you with information and operate the Services.

IP Addresses

When you visit our Web site, we collect your Internet Protocol (“IP”) addresses to track and aggregate non-personal information. For example, we use IP addresses to monitor the regions from which Customers and Visitors navigate our Web site. We also collect IP addresses from Customers whey they log into the Services as part of the Company’s security features.

Third Party Cookies

From time-to-time, We engage third parties to track and analyze usage and volume statistical information from individuals who visit our Web site. This information will not contain personal information or Customer Data.

5. Sharing of Information Collected

We may share Data about Customers with our service providers to ensure the quality of information provided. Unless described in this Privacy Policy, or the agreement/authorization that you may sign, We do not share, sell, rent, or trade any information provided with third parties for their promotional purposes. If you agree/authorize the sharing of your information, We will share your information with the party or parties described in that agreement/authorization.

We reserve the right to use or disclose information provided if required by law or if We reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process. We may share information We collect to another entity as part of a sale, merger, or reorganization of eHIPAA.com. If you do not wish Us to share personally identifiable information you provide as described herein, or if you wish to examine or update any personal information you may have provided to us, you may contact Us as indicated below.

We may disclose your information if We need to so a third-party vendor can help Us provide our services. We may also use other vendors. We make sure those vendors have strict confidentiality practices.

6. Customer Data

Customers may electronically submit data or information to the Services for hosting and processing purposes (“Customer Data”). CareMetx eHIPAA.com will not share or distribute Customer Data except as provided in a separate agreement.

7. Security

CareMetx eHIPAA.com uses robust security measures to protect Customer Data from unauthorized access, maintain data accuracy, and help ensure the appropriate use of Customer Data. When the Services are accessed using modern web browsers, Secure Socket Layer (.SSL.) technology protects Customer Data using both server authentication and data encryption. These technologies help ensure that Customer Data is safe, secure, and only available to the Customer to whom the information belongs and those to whom the Customer has granted access. We also implement an advanced security method based on dynamic data and encoded session identifications, and host our Web site in a secure server environment including firewalls, intrusion detection systems, and other advanced technology to prevent interference or access from unauthorized users. We also have policies and other organizational measures in place, including recurrent employee training on data protection and strict procedures to deal with any suspected personal data breach. Unfortunately, no Web site, server or database is completely secure. we cannot guarantee that your personal information will not be disclosed, misused or lost by accident or by the unauthorized acts of others. Customers are responsible for maintaining the security and confidentiality of any verification codes that they may receive.

8. Collection of Information from Minors

We do not knowingly collect identifiable information from anyone under the age of 18 through the Site. If you are under 18, please do not give Us any information that would allow Us to identify you. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children to never provide identifying information through any website without their permission. Please contact Us if you discover an individual under 18 has submitted their information contrary to this Privacy Policy and we will ensure that their information is properly removed.

9. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy, and when updated, the effective date of the new version will be at the top of this statement.

10. Contacting Us

If you have any questions, comments or requests regarding this Policy or our processing of your information, please contact:

Email: privacyrequests@caremetx.com

Phone: 1-877-690-0220 (Toll Free)

11. Supplemental Privacy Notices

Some states have specific requirements supporting consumer privacy. If you would like more information regarding our support of the relevant policies for your state, please reference your state below:

California

We permit residents of California to use our Site. Therefore, it is our intent to comply with the California Business and Professions Code § 22575-22579, the California Consumer Privacy Act of 2018 (“CCPA”) and California Civil Code § 1798.83, known as the “Shine the Light” law. If you are a California resident, you may request certain information regarding our disclosure of Personal Information to any third parties for their direct marketing purposes. In summary, you must presume that we collect electronic information from all Visitors. You may contact Us at either method provided in Section 11 with any questions or to exercise your rights as a California Resident. Any terms defined in the CCPA have the same meaning when used in this notice.

Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:

Personal information does not include:

   •Publicly available information from government records.

   • De-identified or aggregated consumer information.

   • Information excluded from the CCPA’s scope, such as:

      o Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.

      o Financial Information covered by the Gramm-Leach-Bliley Act, and implementing regulations.

We obtain the categories of personal information listed above from the following categories of sources:

   • Directly and indirectly from activity on our Site. For example, from submissions through our website portals or websites usage details collected automatically. Indirectly from you when you visit and interact with our Site.

   • Directly from you when you submit information to Us. For example, if you submit a form to Us, or provide us with information over the telephone, that contains your personal information in connection to your use of Our Services.

Use of Personal Information

We may use or disclose the personal information We collect for one or more of the following business purposes:

   • To provide you with information, products or services that you request from Us.

   • To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.

   • To improve our Site and present its contents to you.

   • For testing, research, analysis and product development.

   • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.

   • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

   • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

   • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information We collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosure of Personal Information

We may disclose your personal information to a third party for a business purpose. When We disclose personal information for a business purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we may have disclosed the following categories of personal information for a business purpose:

   • Unique personal identifier, Name, Date of birth, Signature, Address, Telephone number, Insurance policy number, Financial information, Medical information, or Health insurance information.

We may disclose your personal information for a business purpose to the following categories of third parties:

   • Pharmaceutical company that manufacturers the medication you are taking

   • Contracted Business Partners

   • Contracted Third Party Vendors

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that We disclose certain information to you about Our collection and use of your personal information over the past 12 months. Once We receive and confirm your verifiable consumer request, we will disclose to you any of the following, as requested:

   • The categories of personal information We collected about you.

   • The categories of sources for the personal information We collected about you.

   • Our business or commercial purpose for collecting that personal information.

   • The categories of third parties with whom We share that personal information.

   • The specific pieces of personal information We collected about you.

   • If we disclosed your personal information and identify the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that We delete any of your personal information that We collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, We will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for Us or Our service providers to:

   1. Comply with legal obligations.

   2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

   3. Debug products to identify and repair errors that impair existing intended functionality.

   4. Make other internal and lawful uses of that information that are compatible with the context in which you provided it

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), We will inform you of the reason and extension period in writing. If you have an account with Us, we will deliver our written response to that account. If you do not have an account with Us, We will deliver our written response by mail or electronically, at your option. Any disclosures We provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons We cannot comply with a request, if applicable.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

   • Deny you goods or services.

   • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.

   • Provide you a different level or quality of goods or services.

   • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Exercising Your Rights under CCPA

If you wish to exercise your rights under California law, please do not hesitate to contact us at:

Email: privacyrequests@caremetx.com

Phone: 1-877-690-0220 (Toll Free)

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

   • Provide sufficient information that allows Us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

   • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.