We take seriously our obligations to safeguard and protect your personal information!
STAT DOCTORS™ is an e-health service offered by Stat Health and our network of medical groups. When we use the term “Stat Health” we are referring to Stat Health Services Inc. When we use the term “our medical groups” we are referring to the medical groups in our provider network, and when we use the term “our STAT DOCTORS™ medical professionals” or similar terms we are referring to the licensed medical professionals practicing with the medical groups in our provider network. “You” or “your” or similar terms refer to you as a user of our Services.
All medical services are provided by licensed medical professionals practicing with the medical groups in our provider network. Stat Health helps you access them through our STAT DOCTORS™ e-health service.
1. Our Promise to You.
We know you are entrusting us with some of your most personal and valuable information, including your personal medical information. Your trust is built, in part, on our commitment to respect the privacy and confidentiality of your medical information. We are committed to safeguarding and protecting your personal information, including medical information about you.
Our STAT DOCTORS™ e-health service includes, without limitation, the following services (collectively, the “Services“):
- (a) the facilitation of electronic or telephonic medical consultations between the registered users of our STAT DOCTORS™ service and the licensed medical professionals practicing with the medical groups in our provider network;
- (b) the facilitation of the electronic ordering of prescriptions written by our STAT DOCTORS™ medical professionals for our registered users during a STAT DOCTORS™ medical consultation;
- (c) the provision of electronic health record (“EHR”) storage and maintenance services for our registered users and their STAT DOCTORS™ medical professionals; and
- (d) the provision of information about products and services of interest to our users through our website (the “Site”).
2. Collection and Use of Information – In General.
When using our Services, we will ask you for certain personally identifiable information. This refers to information about you that can be used to contact or identify you, and information on your use or potential use of the Services and related services (collectively, “Personal Information“). Personal Information that we might collect would include things like your name, phone number, credit card or other billing information, your email address and the email address of your contacts, home and business postal addresses, website URLs, certain medical information, and any other information or data that you provide when using the Services.
The main reason we collect Personal Information from you is to provide you a safe, smooth, efficient, and customized user experience. We only collect Personal Information we consider absolutely necessary to achieve that goal. You always have the option not to provide some, or any, Personal Information by either choosing not to become a registered user of the Services, or else by skipping the particular feature of the Services for which the Personal Information is being collected. You can use the Services anonymously, but once you become a registered user of the Services, we will ask you to provide Personal Information, such as:
- Various contact and identity information (e.g., mailing address and phone number)
- Medical information (e.g., date of birth, past medical history, allergies)
- Other personal information as indicated (our forms indicate what information is required, and what information is optional)
- Billing information (e.g., credit card number)
You can use your credit card securely on this Site. We have partnered with Authorize.Net to offer safe and secure credit card and electronic check transactions to you.
The Authorize.Net Payment Gateway account manages the complex routing of sensitive customer information through the credit card and electronic check processing networks (see an online payments diagram). Authorize.Net adheres to strict industry standards for payment processing, including:
- 128-bit Secure Sockets Layer (SSL) technology for secure Internet Protocol (IP) transactions;
- Industry leading encryption hardware and software methods and security protocols to protect customer information; and
- Compliance with the Payment Card Industry (PCI) Data Security Standard.
You are under no obligation to provide us with this Personal Information. We use your Personal Information to provide the Services and administer your inquiries. You may change or delete any information that you provide. Please see “Changing or Deleting Your Information” below for further information.
3. How We Use Your Non-Medical Personal Information.
Some of the Personal Information we collect from you is unrelated to your receipt of medical services or consultation through the Services. We use such non-medical Personal Information to provide, administer, and improve the Services, including to:
- Enable users to easily navigate the Services
- Resolve service and billing problems
- Troubleshoot technical problems
- Bill any amounts due from you
- Better understand users’ needs and interests
- Personalize your experience
- Detect and protect us against error, fraud, and other criminal activity
- Enforce our Terms
- Provide you with system or administrative messages, and as otherwise described to you at the time of collection
- Provide you with further information and offers from us that we believe you may find useful or interesting
If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or select the appropriate option in your user profile. (See “Changing or Deleting Your Information,” below.)
4. How We Use Your Medical Personal Information (PHI).
We are dedicated to maintaining the privacy and integrity of your protected health information (“PHI“). PHI is information about you that may be used to identify you (such as your name, social security number, or address), and that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In providing the Services, we will receive and create records containing your PHI. We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI.
5. Log Data.
When you visit the Services, our servers automatically record information that your browser sends whenever you visit a website (“Log Data“). This Log Data may include information such as your computer’s Internet Protocol (“IP“) address, browser type, or the webpage you were visiting before you came to our Services, pages of our website and Services that you visit, the time spent on those pages, information you search for on our Services, access times and dates, and other statistics. We use this information to monitor and analyze use of the Services and for the Services’ technical administration, to increase our Services’ functionality and user-friendliness, and to better tailor it to our visitors’ needs. For example, some of this information is collected so that when you visit the Services again, it will recognize you and serve information appropriate to your interests. We also use this information to verify that visitors to the Services meet the criteria required to process their requests.
7. Web Beacons.
We may also occasionally use “web beacons” (also known as “clear gifs,” “web bugs,” “1-pixel gifs,” etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or e-mail, that can tell us if you have visited a particular area of the Services. For example, if you have given us permission to send you emails, we may send you an email urging you to use a certain feature of the Services. If you do respond to that email and use that feature, the web beacon will tell us that our email communication with you has been successful. We do not collect any PHI with a web beacon, and do not link web beacons with any other PHI you have given us.
Because Web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, Web beacons cannot function.
We may use a third-party vendor to help us manage some of our email communications with you. While we may supply this vendor with email addresses of those we wish them to contact, your email address is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor’s servers (although this process will be invisible to you) which will register that you have clicked on that link, and have visited our Services. We never share any information, other than your email address, with our third-party email vendor, which does not share these email addresses with anyone else.
Even if you have given us permission to send emails to you, you may revoke that permission at any time by following the “unsubscribe” information at the bottom of each such email.
9. Messages and Transactions.
Comments or questions sent to us using email or secure messaging forms will be shared with our staff and medical professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. However, these communications will not become part of your medical record or a designated record set unless and until you use the Services to obtain medical advice or a medical consultation from a STAT DOCTORS™ medical professional.
When you use a service on the secure section of the Services to interact directly with our STAT DOCTORS™ medical professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
10. Pharmacy Location and Prescription Routing.
As part of the registration process for the Services, you will be asked to select a pharmacy convenient to you from a list provided by the Services. To generate the list of pharmacies, we may use two pieces of information: (1) a specific address; (2) your current location. In both cases, you must agree to let us use this information. We do not send the pharmacy any information about your current location or home address. If you receive a prescription through the Services, you will be able to pick up your prescription at the pharmacy you selected during registration.
11. Information Sharing and Disclosure
We will not rent, sell, or share Personal Information about you with other people or non-affiliated companies except to provide the Services, when we otherwise have your permission, or under the following circumstances:
- Aggregate Information and Non-Identifying Information. We may share aggregated information that does not include Personal Information and we may otherwise disclose non-identifying Information and Log Data with third parties for industry analysis, demographic profiling, and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
- Service Providers. We may employ third-party companies and individuals to process your payments, facilitate our Services, to provide the Services on our behalf, to perform Services-related services (including, without limitation, maintenance services, database management, web analytics and improvement of the Services’ features), or to assist us in analyzing how our Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
- Business Partners and Other Trusted Entities. To the extent permitted by applicable laws, we may also provide Personal Information to our business partners or other trusted entities for the purpose of providing you with information on goods or services we believe will be of interest to you. You can, at any time, opt out of receiving such communications by setting the appropriate option in your user profile or by contacting us at firstname.lastname@example.org.
- Compliance with Laws and Law Enforcement. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of Stat Health or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
- Business Transfers. We may sell, transfer or otherwise share some or all of its assets, including your Personal Information, in connection with a merger, acquisition, reorganization or sale of assets, or in the event of bankruptcy.
12. Changing or Deleting Your Information.
All registered users may review, update, correct or delete the Personal Information in their registration profile by contacting us at email@example.com or by making the appropriate modifications in your user account preferences. If you completely delete all such information, then your account may become deactivated. If you would like us to remove your records from our system, please contact us and we will attempt to accommodate your request if we do not have any legal obligation to retain the records.
We employ administrative, physical, and technical measures designed to safeguard and protect information under our control from unauthorized access, use, and disclosure. These measures include encrypting your communications by utilizing Secure Sockets Layer (“SSL”) software, and using a secured messaging service when we send you Personal Information electronically. In addition, when we collect, maintain, access, use, or disclose your Personal Information, we will do so using systems and processes consistent with information privacy and security requirements under applicable federal and state laws, including, without limitation, HIPAA. All data will be encrypted when we store it or transmit it, and we will use secure servers that we will back up daily.
We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your Personal Information, including, without limitation, breaches of your unencrypted electronically stored “personal information” or “medical information” (as defined in applicable state statutes on security breach notification). To the extent permitted by applicable laws, we will make such disclosures to you via email or conspicuous posting on the Services in the most expedient time possible and without unreasonable delay, insofar as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Services by Internet or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed at the end of this document. In addition, if you have privacy or data security related questions, please feel free to contact the office identified at the end of this document.
14. Our Employees.
Every one of our employees has completed HIPAA training and job-specific training on how to protect and respect your Personal Information, including your PHI. We have clear policies in place in the event of a privacy or security concern regarding your Personal Information, so we can react quickly and resolve the issue appropriately. We will limit access to your Personal Information to personnel who have a need to know it for purposes of delivering our STAT DOCTORS™ service. All of our personnel must comply with our restrictions on access, use, and disclosure of PHI or face disciplinary action, up to and including termination.
15. International Transfer.
Your information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer your Personal Information to the United States and process it there. Your submission of such information represents your agreement to that transfer.
16. Links to Other Sites.
The Services are not directed to children. We do not knowingly allow or solicit anyone under the age of 13 to participate independently in any of the Services. We do not knowingly collect personally identifiable information from children, except in the context of a STAT DOCTORS™ medical consultation when a parent is present and has consented to treatment. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, please contact us. Access to the Services for dependents (children over the age of 3 or a spouse or domestic partner) are only accessible through the primary Account holder’s username and password. Minors are not allowed to complete a STAT DOCTORS™ medical consultation without parental consent and assistance. If we become aware that a user of the Services is under the age of 13 and has provided us with Personal Information without verifiable parental consent, we will delete such information from our files.
18. Agreement and Changes.
19. Contacting Us.
Last Revised: July 23, 2014