Medfusion Privacy Statement
Effective Date: November 8, 2016
At Medfusion, our most important asset is our relationship with you. We want you to feel comfortable and confident when using Medfusion’s services. We would like to share with you information on our privacy practices and other privacy aspects of Medfusion’s services. Specifically, we address:
- To what products or services does this Privacy Statement apply?
- How do we protect your personal information?
- What information do we collect and how do we use it?
- When do we share your information?
- Can I opt-out of receiving future communications?
- How do I update my contact information?
- Will I be notified of changes to your privacy practices?
- Who can I contact with a privacy question?
By using the Medfusion products and services to which this Privacy Statement applies, you indicate that you have read and agreed to accept the terms of this Privacy Statement.
1. To what products or services does this Privacy Statement apply?
This Privacy Statement applies to the online services available to patients through the Medfusion Plus service.
Throughout this Privacy Statement, we refer to information that personally identifies you as “personal information.”
2. How do we protect your personal information?
While online data can never be 100% secure, we work to protect your personal information from loss, misuse or unauthorized access, alteration or destruction by maintaining appropriate physical, technical, and administrative security standards and procedures to safeguard our data systems. For example, when you transmit personal information to us, such as your name or contact information, it is protected by:
- An Internet connection using secure socket layer (SSL) technology.
- Encryption during transmission to make your information unreadable as it passes over the Internet.
- Use of a unique user name and password for each user.
We also educate our employees on the importance of our privacy and security policies, and we require that they comply with those policies. To learn more about Medfusion’s security practices, see “Tell me more about Medfusion’s Security Practices,” below.
3. What information do we collect and how do we use it?
When you use the Medfusion Plus service, we collect and use the following types of information:
Contact Information. When you register for Medfusion Plus, we ask for your contact information, such as your email address. We use this information in the event we need to contact you about your Medfusion Plus services. If you request customer or technical support, we may use your contact information to elicit your feedback regarding your support experience.
Logon Credentials. When you open a Medfusion Plus account, we set up a unique user name and password on your behalf so that you can control access to your account. You may change your password through the “forgot password” feature in Medfusion Plus. Additionally, if you elect to use Medfusion Plus’ ability to access your personal accounts with third-party insurance company, finance and healthcare-related Web sites or applications (the “Third-Party Sites“), then we will collect your logon credentials for the applicable Third-Party Sites.
Health Care and Other Information. In order to offer you Medfusion Plus, we obtain your permission to act as your agent to access your own health information, as well as your own insurance, financial and other healthcare-related information from Third-Party Sites, including the Apple iOS Health app. In order to provide this service, we maintain a copy of health information, originally obtained either directly from you or from your provider and use that information to provide you the service and communicate with you about products and services we feel may interest you. Though your provider may separately have his or her own copy of your health records, your Medfusion Plus copy is your information, under your control. If you elect to have Medfusion Plus access your personal accounts with Third-Party Sites, we will obtain your insurance, financial and other healthcare-related information from the Third-Party Sites. This Privacy Statement applies to our handling of this information.
If you wish to cancel your Medfusion Plus services, you may request to do so by emailing support at [email protected]. When you request that we close your account, we will remove your access to your personal information. Since your provider may also have a copy of or rights to all or some of your personal health information, that information may still be accessible by that provider. Similarly, your personal information relating to your insurance, finances and other healthcare-related information may still be accessible by the Third-Party Sites from whom such information was originally obtained.
Anonymous Statistical and Technical Information. We collect and use anonymous, aggregate statistical information to help improve Medfusion Plus and to develop new services. For example, we review what features are used the most frequently in Medfusion Plus, how many total customers may be viewing their information or what types of data are most commonly entered. Statistics like these help us to understand how our services are being used, what user trends may be and how to improve our service in future versions and products. This anonymous, aggregate information also assists us with troubleshooting and technical support.
We may collect anonymous technical information, such as the software or browser version, or operating system used to access Medfusion Plus. We use this information to identify potential user difficulties related to your browser or other software to enable us to address those issues where possible.
We may also collect the IP address of the computer or device used to access Medfusion Plus. The IP address enables us to recognize repeat visits and differentiate users when the user does not log in. This enables us to recognize such as common user difficulties so we can improve the product. We may also derive data regarding your location from the IP address. We will leverage location services from Apple or Android only after obtaining user permission. We use your location data to improve your use of the Medfusion Plus application, such as by sorting lists of health care providers so that those whose addresses are closest to your current location appear first.
We also collect anonymous information about the pages viewed and links selected by users while using our services. This information helps us to determine areas of Medfusion Plus that are most helpful to our users and what areas may need improvement.
Business and Account Behavior Information. We may use information, including your health care information and your activities within your Medfusion Plus account, to display information within Medfusion Plus about products and services we feel may interest you. By using Medfusion Plus, you accept these in-product messages.
CHILDREN UNDER THE AGE OF 13 ARE NOT PERMITTED TO USE MEDFUSION PLUS. We do not knowingly request or receive any information from children. If you are the parent or guardian of a child under the age of 13 and you believe that your child has used Medfusion Plus and provided us with personal information, please contact us as described in Section 8, below, so that we may delete that information.
Other Information Sources. We may use publicly available sources outside of Medfusion Plus to verify or supplement the information you give us. For example, we may obtain address updates from the U.S. Postal Service or demographic information from direct marketing companies. We use this data to help us maintain accurate records and to improve the products and services that we deliver to you.
Former Users. If you are a former user of Medfusion Plus, we protect your information in the same manner that we treat information about our current users, and we will maintain and/or destroy your personal information in accordance with our then-current data retention and destruction policies.
Do not Track Signals. Some web browsers may transmit “do not track” signals to Medfusion Plus. There is no standard that governs what, if anything, websites should do if they receive these signals. Medfusion Plus’ sites currently do not respond to “do not track” browser signals or similar mechanisms.
Payment and Insurance Information. Although Medfusion Plus does not currently include credit card payment functions, we anticipate that subsequent versions of Medfusion Plus may include such functionality. If and when that functionality is launched within Medfusion Plus and you use Medfusion Plus service to pay your co-pay or outstanding balance(s) with your health care provider, we will collect your payment card information to process the payment. At such time, we may also collect your insurance information for billing purposes.
4. When and with whom do we share your information?
We understand that you are entrusting us with your personal information. There are occasions where we must share your information, such as to provide you with a Medfusion Plus service or other products or services you requested or when required by law.. Descriptions of when we share and with whom we may share your information are provided below.
With your health care providers. As the Medfusion Plus service’s functionality continues to be developed, we expect to develop and offer you the ability to export your information from the Medfusion Plus service to one or more of your health care providers at your request.
With service providers. In some cases, we may use third party service providers to provide a product or service you request, or to provide communications including marketing. These service providers act on our behalf. For example, we may use service providers to perform data analytics services for us regarding usage of Medfusion Plus so that we may improve and optimize the service. We may also engage service providers, such as outside legal counsel and forensic consultants, in the event of any legal proceedings or data breach investigations and responses arising out of use of or access to Medfusion Plus. Additionally, we may also engage service providers to perform services relating to the security of our systems, such as penetration testing and vulnerability assessments. Service providers are prohibited from using your information for their own purposes and must agree with restrictions on use and disclosure that are at least as restrictive as Medfusion’s privacy and security policies and the practices outlined in this Privacy Statement. We require third party service providers and vendors who have access to your information to employ security procedures and technology similar or equivalent to those used by Medfusion.
With partners. We have limited relationships with third parties, such as health insurance companies or employers, as well as application providers, to offer you products or services that we believe you may find beneficial. Some of these are “co-branded” products or services. We clearly identify third party services, applications and sites, so you will know who is receiving your information. When you request or use any of these third party products or services, such as the iOS Health app, you are permitting us to provide your personal information to the third party to fulfill your request or provide the product or service.
With third parties on an aggregated, anonymous basis. We may share or sell anonymous, aggregate statistical information with third parties. Aggregate information means that your anonymous information is combined with similar anonymous information from other users such that it no longer reflects or can be used to identify an individual user. Such non-personal, aggregate information does not include any information that identifies an individual or that can be linked to a person’s identity.
Change of Control of our Business. If our business undergoes a change of control— whether through a merger, stock sale, asset sale, bankruptcy, reorganization or similar transaction—your personal information may be transferred to the party that acquires control of our business as a result of that change-of-control transaction. In that event, the protections afforded to your personal information under this Privacy Statement will continue to apply except as otherwise permitted by applicable law or if you consent to different terms.
For Legal Reasons. In some cases, we may be requested or required to disclose certain information without your consent to cooperate with regulators or law enforcement authorities, comply with legal process (such as a court order, subpoena, search warrant or law enforcement request), or as otherwise permitted by law to address a legal issue.
Links to partner/third party sites. We may also offer links to partner or other third party Web sites. We do not control the privacy or security practices used on these sites. Before you provide your personal information to these third parties, we recommend that you review their privacy policies to learn more about how they may use your information.
Within Medfusion, including our subsidiaries. We may share your contact information (name, address, phone number, email address), and the types of Medfusion products and services that you have used, among Medfusion and our subsidiaries (companies that are part of our corporate family through ownership or control) to provide you with a service or product you have requested. Unless you have asked us not to contact you, we may occasionally use your contact information to update you about new products or services we believe may interest you.
To the issuing bank and your health care provider’s bank. Although Medfusion Plus does not currently include credit card payment functions, we anticipate that subsequent versions of Medfusion Plus may include such functionality. If and when that functionality is launched within Medfusion Plus, Medfusion Plus will use your payment information to obtain authorization of the transaction from your credit card’s issuing bank and your health care provider’s bank and to process the payment. Similarly, we anticipate that Medfusion Plus will utilize the services of third-party service providers to perform the payment processing functions if and when they become available in Medfusion Plus.
5. Can I opt out of receiving future communications?
If you wish to stop receiving messages from us, you may do so by using the opt-out mechanism in the message you received. Our compliance with such opt-out requests may involve batch processing and other processes that take up to 10 business days. If you are still receiving messages more than 10 business days after opting out, you may contact us directly. Since your provider may also have a copy of or rights to all or some of your personal information, that information may still be accessible by that provider and you may continue to receive messages from the provider.
6. How do I update my contact information?
You can update your contact information by logging in to your Medfusion Plus account and changing your account information within the application. Medfusion Plus does not have the ability to make changes to personal information that is collected on your behalf from Third-Party Sites; in the event that you want to request changes to such personal information, you should contact the applicable third-party insurance company, financial institution or healthcare provider directly.
7. Will I be notified of changes to your privacy practices?
If we make material changes to any of our privacy policies or practices regarding personal information, we will update this Privacy Statement and notify you via the email you provided when setting up you account. We may also notify you through an in-app notification. Your continued use of Medfusion Plus after any such updates take effect will constitute acceptance of those changes.
8. Who can I contact with a privacy question?
If you have privacy-related questions that are not addressed here, please send an email to [email protected] or write us at: Privacy Team, Medfusion, Inc., 5501 Dillard Drive, Cary NC 27518.
Tell Me More about Medfusion’s Security Practices
We protect personal information stored on our servers from unauthorized access using reasonable safeguards such as firewalls, coupled with appropriate security procedures designed to protect your information from loss, misuse, unauthorized access or unauthorized alteration.
Our employees are required to attend training to safeguard your information. Using physical, technical and administrative safeguards, we restrict access to personal information to those employees and other parties who have a business or legal need to access the information consistent with this policy. Additionally, we use internal and external resources to review the adequacy of our security procedures.
While Medfusion makes every effort to use appropriate physical, technical and administrative security measures, the Internet is not a 100% secure environment. There is no guarantee that the information may not be accessed by breach of our physical, technical or administrative safeguards.
To protect the information that you store on your personal computer system, we recommend installation of a personal firewall and anti-virus software. The FTC’s OnGuard Online Website has information on computer security and tips on safeguarding personal information that you may find useful.
Tell Me More about Medfusion’s Web Technologies
Like many Web sites, we use a variety of technologies to manage our sites. Among these are cookies, which are pieces of information that our Web sites provide to your browser. Cookies allow us to track overall site usage and determine areas users prefer. If you choose to decline cookies while using Pre Check, you may not be able to access certain features of Medfusion Plus. Most browsers accept and maintain cookies by default. You can check the “Help” menu of your browser to learn how to change your cookie preference or, if you are using Microsoft Internet Explorer or Mozilla Firefox, you can visit their Web sites for additional information about cookies. We also use browser local storage, which are used to store the technical information needed to facilitate your use of Medfusion Plus.
When we track activity while using Medfusion Plus or other Medfusion Web sites, we collect information such as your IP address, browser type and version, and pages you view. We also keep track of how you got to our site and any links you click on to leave our site. We do not track URLs that you type into your browser, nor do we track you across the Internet once your leave our sites. We use your Web site activity to help us resolve technical support issues. We may also use this information to offer you a personalized Web experience and to tailor our offerings to you.
We may access and set cookies using Web beacons, also known as single-pixel GIFs, which are invisible graphical images. These Web beacons tell us useful information regarding Medfusion Plus, such as which pages users access. When we send you emails, we may include a single-pixel GIF to determine the number of people who open our emails. When you click on a link in an email, we record this response to allow us to customize our offerings to you.
We also use single-pixels GIFs and cookies to help manage our online advertising. These cookies and GIF files are provided on our behalf by our ad-serving service providers and enable us to learn which links bring users to Medfusion Plus sites. Limited demographic and transactional information such as IP address, country, order id, and purchase amount, is transmitted back to our ad-serving service providers when you use Medfusion Plus sites. This information is anonymous and does not contain your name, address, telephone number, or email address. This information is used only in the aggregate to evaluate which links users find most helpful in reaching Medfusion Plus sites.
We do not currently include third-party ads within Medfusion Plus. If we begin including ads in subsequent versions of Medfusion Plus, then advertising networks that would serve ads on our Web sites may assign a different cookie to you. The information collected would be anonymous and would not linked to your personal information. These cookies may be used to select which ads you see and determine the effectiveness of this advertising. You may choose to decline cookies from third-party ad servers, which Medfusion does not control.
To provide you with a seamless experience, we may occasionally use framing. For example: though your browser may indicate you are at a Medfusion site, you may be on a partner’s site. To determine which site you are on, right-click on the page and then select “properties.”
Support and Feedback.
When contacting us for assistance or submitting feedback to us about Medfusion Plus, we may collect information about the product you are using, the help screen you are on, browser version and operating system. This information helps us to better understand your issue or suggestion.
Please note that Medfusion Plus is intended for the exclusive use of residents in the United States of America. It is not our intent to gather personal information from individuals residing outside of the United States. MEDFUSION PLUS IS DESIGNED TO COMPLY WITH THE LAWS AND REGULATIONS OF THE UNITED STATES ONLY. Nothing in Medfusion Plus should be considered a solicitation or promotion of any product or any indication for any product that is not permitted by the laws or regulations of the country where the Medfusion Plus user resides. You acknowledge that Medfusion Plus is operated and managed on servers located and operated within the United States. By using Medfusion Plus, you agree and consent to the transfer to and processing of personal information on servicers located in the United States. You understand that the protection of such information may be different than required under the laws of other countries, including the laws of your residence or location.