Effective Date: October 1, 2016
Last Updated: November 30, 2017
TYPES OF INFORMATION WE COLLECT
Personally Identifiable Information
When you register for an account at the Site, we may collect the following types of information that are personal to you (“Personally Identifiable Information”):
Patient names and appointment information from your electronic health records (“EHR") system, subject to the terms of the Listen.MD™ Business Associate Agreement (“BAA”).
When you use the Site, we automatically collect certain non-personally identifiable information that helps us analyze the user experience so that we can improve our design and functionality, ultimately providing a better experience for you (“Usage Data”).
The types of Usage Data we collect include the following:
IP address, type of device, wireless carrier, time, date, browser used, non-precise geographic location (e.g. zip code and city), and actions taken by you with the Site (“Log Data”);
We may use widgets third-party websites to integrate with third-party websites or systems, such as your EHR. A widget is a simple application extension you connect to these third party HER systems or website, we receive Log Data that includes the EHR or site you are connecting with (“Widget Data”);
To instruct Listen.MD to delete, modify, or change any data, contact firstname.lastname@example.org and describe the data to be deleted, modified, or updated.
USE AND DISCLOSURE OF INFORMATION
Your trust is important to us, which is why we don't share your Personally Identifiable Information we receive about you with others unless we have: (a) received your permission; (b) provided you with notice through this Policy; or (c) removed your name or any other Personally Identifiable Information from it.
We may share your Personally Identifiable Information as follows:
With third party vendors, consultants and other services providers who work for us and need access to your information to do that work, subject to confidentiality restrictions; In general, the third parties we use will collect, use, and disclose your information only to the extent necessary to allow them to perform the services they provide to us. These partners may include business operations services (e.g. accounting, billing), language processing services (e.g. speech to text or text to speech), hosting (e.g. cloud infrastructure services), analytics (e.g. system outages, crashes, errors, user behavior, user demographics, A/B testing), electronic health record systems, marketing, academic institutions (e.g. research).
To provide information to representatives and advisors, like attorneys and accountants, to help us comply with legal, accounting, or security requirements;
To investigate fraud;
To comply with laws or to respond to lawful requests and legal process, including to respond to requests from public and government authorities;
In connection with or during negotiation of any merger, financing, acquisition, or dissolution, transaction, or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets to another company, subject to confidentiality protections;
widgets may be hosted by a third party that will collect your Log Data and use your Log Data in accordance with the privacy policies of the companies that provide that widget;
In addition to Usage Data, we may also create anonymous or de-identified Usage Data from the Personally Identifiable Information we receive by excluding information (such as your name) that makes the data personally identifiable to you. Together, we refer to Usage data and this type of anonymized Personally Identifiable Information as “Anonymous Information”). We use this Anonymous Information to analyze usage patterns in order to make improvements to our Site and may provide Anonymous Information to third parties for marketing, advertising, or other uses.
We use or disclose ePHI only to the extent such use or disclosure is permitted or required by our BAA with the relevant covered entity. We do not sell ePHI or Personally Identifiable Information.
If after you opt-in you change your mind, you may withdraw your consent for us to contact you, and/or for the continued collection, use or disclosure of your information, at any time, by contacting us at email@example.com.
Our Site is not directed to children under the age of 13. If you believe a child has provided us with information through the Site, contact us at firstname.lastname@example.org.
CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have the right to request information from us regarding the manner in which Listen.MD shares certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year; and
The names and addresses of the third parties that received the information; and if the nature of the third party's business cannot be determined from their name, examples of the products or services marketed.
This information may be provided in a standardized format that is not specific to you. The designated email address for these requests is: email@example.com.
Also, please note that we have not yet developed a response to browser “Do Not Track” signals, and do not change any of our data collection practices when we receive such signals. We will continue to evaluate potential responses to “Do Not Track” signals in light of industry developments or legal changes.
NOTICE TO TEXAS PATIENTS OF ELECTRONIC DISCLOSURE OF PHI
Listen.MD creates, receives, and discloses protected health information (“PHI”) in an electronic format. Listen.MD is required by Texas Health and Safety Code, Section 181.154 to provide notice to individuals that their PHI is subject to electronic disclosure. In general, Listen.MD electronically discloses your PHI only for the purposes of treatment, payment, health care operations, or as otherwise authorized or required by law. In accordance with Texas law, Listen.MD will ask you for your authorization prior to electronically disclosing your PHI for any other purpose.
If our company is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to provide services or products to you.
We take reasonable organizational, technical and administrative steps to help protect personal data against loss, misuse, unauthorized access or disclosure. Unfortunately, no transmission or storage system can be guaranteed to be completely secure, and transmission of information via the internet is not completely secure.
Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction. If you are located outside the United States, you are prohibited from providing information via the Site. If you choose to provide information to us despite this prohibition, please be aware that all information is stored within the United States and you assume sole responsibility and liability for any transfer from the European Union.
QUESTIONS AND CONTACT INFORMATION
If you would like to access, correct, amend or delete any Personally Identifiable Information we have about you, register a complaint, or simply want more information, contact our Privacy Officer at firstname.lastname@example.org. 11757 W. Ken Caryl Ave F168 Littleton, CO 80127.