NOTICE OF PRIVACY PRACTICES
Last Updated: September, 2012
THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW MEDICAL INFORMATION MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
This Notice of Privacy is given on behalf of Medtech Global USA, LLC and Medtech Healthcare Pty Limited ("Medtech"). Medtech is giving you this Notice of Privacy Practices (“Notice”) pursuant to the regulations (the “Privacy Rule”) established under federal laws (the Health Insurance Portability and Accountability Act or “HIPAA” and the Health Information Technology for Economic and Clinical Health Act or “HITECH Act”). Medtech is committed to protecting your medical privacy, including health information protected by HIPAA and other federal and state laws (collectively referred to hereinafter as “Personal Information”), and using that information appropriately.
This Notice is intended to describe your rights, and to inform you about the ways in which Medtech may use and disclose your Personal Information, and the obligations Medtech has when using and disclosing your Personal Information.
Medtech is committed to protecting your privacy through its secure information technology service, ManageMyHealth™ USA, and complying with applicable privacy laws. Medtech is also referred to as “we” and “us” in this Notice and when referred to, such reference includes any person or organization to which it has licensed or assigned its rights and obligations.
This Notice applies to your use of the ManageMyHealth™ USA website found at www.managemyhealthusa.com ("ManageMyHealth™ USA") as an account holder and the Personal Information collected by Medtech for the purposes of providing ManageMyHealth™ USA.In this Notice, “Personal Information” means your Health Information as well as any other information identifiable to you which is collected or stored by Medtech for the purpose of providing ManageMyHealth™ USA including your account information and any information contained in email communications between you and your participating Healthcare Provider(s) using your ManageMyHealth™ USA account.“Health Information” means any information about your health which is identifiable to you. “Healthcare Provider” means the healthcare provider who initially provided you access to your Health Information via ManageMyHealth™ USA.
ManageMyHealth™ USA is a personal health service that lets you review, gather, edit, store, and deal with health information online. With ManageMyHealth™ USA, you have the ability to access your own medical records. You can also share your Health Information with family, friends, and other healthcare providers, and have access to online health information management tools.
You can choose to share specific information (or all information) with other people (such as friends and family) and with applications (such as applications that add data to your health records, provide information to your Healthcare Provider, or use some of your health records to receive customised information about managing your health).
ManageMyHealth™ USA also provides information on well being generally and incorporates contributions from third parties.
By using ManageMyHealth™ USA, you accept the following statement: "I acknowledge that I have read this Notice, and agree to meet any obligations imposed on me in this Notice in using ManageMyHealth™ USA.I also acknowledge and agree to the collection, use and disclosure of my personal information by Medtech and my health services provider as is set out in this Notice.".
Collection of Personal Information
Your Personal Information is collected by Medtech for the purpose of providing the services available on ManageMyHealth™ USA. Medtech may also use your Personal Information for the purpose of making improvements to ManageMyHealth™ USA, for providing customer support and data repair services and for any other purposes described in this Notice.
Medtech may collect your Health Information indirectly from you from via your Healthcare Provider if you have authorized your Healthcare Provider to upload it to ManageMyHealth™ USA.This includes periodic updates to your Health Information, which may be supplied by third party healthcare providers where you have consented to share all or some of your Health Information with third party healthcare providers via ManageMyHealth™ USA.
Medtech may collect your Health Information directly from you when it is entered or uploaded by you to your ManageMyHealth™ USA account or communicated by you in email communications between you and your Healthcare Provider using your ManageMyHealth™ USA account.
If you submit or allow Health Information to be uploaded to ManageMyHealth™ USA on behalf of another individual (other than a minor in your care), you must be authorized to do so by the individual concerned. You must ensure that you have appropriate permission from that individual to provide that individual’s health information to Medtech and for Medtech and any authorised third parties to use and disclose that information in accordance with this Notice. Any such individual should have access to and should review this Notice.
The first time you sign in to ManageMyHealth™ USA, ManageMyHealth™ USA asks you to create an account. To create an account, you must provide personal information such as name, date of birth, e-mail address and physical address. This information is collected for the purpose of creating your account.
Medtech may request other information for setting up your account, but we clearly indicate that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your ManageMyHealth™ USA account and editing your account profile.
An account allows you to manage one or more health records, such as the ones you create for yourself and your family members. You can choose what information to put in your records.
Any information submitted to ManageMyHealth™ USA community forums or blogs becomes public information and is not covered by this Notice. Accordingly you should be cautious as to what information you disclose in these forums.
Accuracy of Information
Medtech is not responsible for the accuracy of your Health Information at the point where it is uploaded to ManageMyHealth™ USA, whether by you or by your Healthcare Provider. You must take reasonable steps in the circumstances to ensure the accuracy of Health Information you upload to your ManageMyHealth™ USA account (including any corrections or modifications) and any Health Information provided by you on another individual’s behalf. You should not upload any Health Information to your ManageMyHealth™ USA account unless the accuracy of such information can be verified by your Healthcare Provider.
You must not use or rely on Health Information provided to you via ManageMyHealth™ USA if the information appears incorrect.
It is important for you to maintain the accuracy of your contact information so that you can be contacted at any time.
Storage of Personal Information
Any Personal Information you maintain with your ManageMyHealth™ USA account will be hosted on servers in a secure environment by a commercially reputable hosting vendor using best practice security techniques and encryption.
If you authorise your Healthcare Provider to upload your Health Information to ManageMyHealth™ USA, you are consenting to Medtech storing that information on your behalf and obtaining periodic updates to the records via your Healthcare Provider.
When any Health Information is uploaded to your ManageMyHealth™ USA account, it is sent over the Internet using Secure Sockets Layer (SSL). This method encrypts the information to help prevent others from reading it while it is in transit from a computer to ManageMyHealth™ USA.
Health Information held by Medtech is encrypted within the ManageMyHealth™ USA database. Personal Information is hosted in a secure environment by a commercially reputable third party hosting vendor, using best practice security techniques.
If you are using ManageMyHealth™ USA to upload Health Information, you should properly secure your computer. To help do this, you can use anti-spyware and virus protection software. You can also restrict access to your computer (for example, by using a strong password for your computer login and a network firewall).
Medtech cannot be held liable in any way for events beyond our control, including accidental or unauthorized access or disclosure of your Health Information caused by you or persons authorized by you accessing your ManageMyHealth™ USA account.
Accidental access could be obtained by leaving yourself logged on and leaving your computer unattended, ‘over-the-shoulder’ access or from unsecure print-outs of your information.
Unauthorized access could involve someone who is known to you guessing your password or a stranger/hacker circumventing our security measures. Social networking is the easiest way to achieve unauthorized access to your information. To prevent this never give your access details to anyone, and this includes your password and your secret answer.
Health Information uploaded to ManageMyHealth™ USA from your Healthcare Provider is encrypted during transmission. Personal Information provided to you via your web browser is similarly encrypted during transmission using the highest standard available, including VeriSign Digital Certificates. This provides at least 128 bit encryption or 256 bit encryption if you are using the latest version of the web browser.
ManageMyHealth™ USA is protected by a reputable network Firewall. Daily backups are performed to allow system restores to be performed in a disaster recovery situation.
Use of Personal Information
Use of your Personal Information by Medtech is limited to the purposes of providing the services available on ManageMyHealth™ USA and the other uses set out in this Notice as modified from time to time.
Medtech uses your Personal Information to provide and operate ManageMyHealth™ USA This includes using your Personal Information to make ManageMyHealth™ USA or its services easier to use, for example, by automatically filling data fields with your Personal Information to avoid the need to repeatedly enter information.
Medtech may use or allow your Personal Information to be used for providing you with informative content via your ManageMyHealth™ USA account which is customized to your needs, interests and preferences (as determined from your Health Information).
Disclosure of Personal Information
Disclosure of your Personal Information by Medtech is limited to the purposes of providing the services available on ManageMyHealth™ USA and the other possible disclosures set out in this Notice as modified from time to time.
For the purpose of providing ManageMyHealth™ USA, Medtech may disclose your Personal Information to employees and representatives of Medtech in order that they can provide data repair activities and customer support services. Medtech follows strict internal procedures to ensure that its representatives and employees are made aware of and comply with privacy obligations that may apply to them in collecting, storing and disclosing your Personal Information.
Disclosure to other users of ManageMyHealth™ USA
A feature of ManageMyHealth™ USA is the ability to share your Health Information with people and services that can help you manage your health or meet your health-related goals. You can share information in a ManageMyHealth™ USA account with another person or business through ManageMyHealth™.
By default, access to your Personal Information will be limited to you and your Healthcare Provider (including other doctors within your Healthcare Provider’s practice). Medtech will disclose your Personal Information to your Healthcare Provider each time it accesses your ManageMyHealth™ USA account.
If you have granted consent to your Healthcare Provider to share your Health Information with other healthcare providers, Medtech may disclose your Health Information to those Healthcare Providers to the extent access is permitted. You may withdraw this consent at any time by contacting your Healthcare Provider.
You may increase the number of persons authorized to access your Health Information using an optional “trust list” functionality, which will allow you to grant access to other individuals involved with your care and family members. You decide what level and degree of access to grant other users of your ManageMyHealth™ USA records. To the extent you have permitted, Medtech may disclose your Health Information to these authorized users once you have granted them access.
Disclosure to third parties
Medtech may engage third parties to provide services on its behalf, such as website hosting; packaging, mailing; providing customer support services; and sending information to you about our products, special offers, and other new services. These third parties may have access to your Personal Information for the purpose of performing these services.
Medtech may disclose your Health Information to the following entities and/or under the following circumstances:
- To the Food and Drug Administration (FDA) relative to adverse events regarding drugs, foods, supplements, and other health productor to post marketing surveillance to enable product recalls, repairs, or replacement;
- To public health or legal authorities charged with preventing or controlling disease, injury, or disability;
- To law enforcement agencies as required by law or in response to a valid subpoena or other legal process;
- To health oversight agencies (medical licensing boards, e.g.) for activities authorized by law;
- In response to a court order, administrative order, subpoena, discovery request, or other lawful process by another person involved in a dispute involving a patient, but only if efforts have been made to tell the patient about the request or to obtain an order protecting the requested health care information;
- As authorized by and as necessary to comply with laws relating to workers’ compensation or similar programs established by law;
- Whenever required to do so by law;
- To researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of the patient’s information;
- To a coroner or medical examiner when necessary, for example, to identify a deceased person or to determine a cause of death, or to funeral directors consistent with applicable law to carry out their duties;
- To organ procurement organizations or other entities engaged in the procurement, banking or transplantation or organs for the purpose of tissue donation and transplant, consistent with applicable law;
- To notify, or assist in notifying a family member, personal representative, or another person responsible for the patient’s care, of the patient’s location or general condition;
- To a correctional institution or its agents, if a patient is or becomes an inmate of such an institution, when necessary for the patient’s health or the health and safety of others;
- When necessary to prevent a serious threat to the patient’s health and safety or the health and safety of the public or another person;
- As required by military command authorities, when the patient is a member of the armed forces, and to appropriate military authority about foreign military personnel;
- To authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law;
- To authorized federal officials so they may provide protection to the president, other authorized persons, or foreign heads of state or conduct special investigations;
- To a government authority, such as a social service or protective services agency, if Medtech reasonably believes the patient to be a victim of abuse, neglect, or domestic violence, but only to the extent required by law, if the patient agrees to the disclosure, or if the disclosure is allowed by law and Medtech believes it is necessary to prevent serious harm to the patient or to someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against the patient.
Medtech may allow the disclosure of your information in an unidentified, aggregated form to third parties for the purpose of outsourcing marketing services or for the analysis of population health statistics.
Access to, correction and deletion of Personal Information
Access to Health Information
To access your Health Information held by your participating Healthcare Provider, an access code must be ordered in person from the Healthcare Provider. One specific e-mail address must be provided along with a valid photo-id.
We will act reasonably to ensure you will have access to your Health Information uploaded to your ManageMyHealth™ USA account at all times, however we cannot guarantee that access to your Health Information will always be available. Access may be temporarily unavailable if a planned outage is required or if ManageMyHealth™ USA experiences an unplanned outage. Such events are considered beyond our control but all reasonable efforts will be used to re-establish the service as soon as possible.
To protect your security, access to your account will be blocked following 3 failed attempts to logon. Your account can be unblocked by using the forgotten password function on the website. When your account is blocked, you will be offered the opportunity to obtain a copy of any Health Information you have uploaded to your account. Health Information that was provided by your Healthcare Provider or any other third party can be obtained from the relevant third party.
Correction of Health Information
You have the right to correct the Health Information available through your ManageMyHealth™ USA account at any time.
Information uploaded by you can be modified by you at anytime. If you modify your Health Information available on ManageMyHealth™ USA you must consider what impact that may have on a person or healthcare provider authorized by you who may have previously received the information. If this impact is significant you should inform the individual or healthcare provider of the change. You should not make any modifications to the Health Information you have uploaded to your ManageMyHealth™ USA account unless the accuracy of the modifications can be verified by your Healthcare Provider.
Health Information uploaded to your ManageMyHealth™ USA account which was provided to Medtech by your Healthcare Provider or other third party cannot be modified by Medtech. You may request to have this information corrected at any time by contacting your Healthcare Provider or other relevant third party and requesting a correction.
Deletion of your Health Information
You can close your ManageMyHealth™ USA account at any time by signing into your account and editing your account profile. We will wait 90 days before permanently deleting your Personal Information. On your request, we can provide copies of your Health Information to you before we do so.
Sharing records with applications through ManageMyHealth™ USA
No application has access to your information through ManageMyHealth™ USA unless and until an authorised user opts in through ManageMyHealth™ USA to grant it access. You control what health information you allow an application to access and the length of time they can access the information.
To keep you informed of the latest improvements, ManageMyHealth™ USA will send you a newsletter. By creating an account you have given us your implied consent to send you such newsletters. If you do not want to receive the newsletter, you can unsubscribe at any time.
The primary unique identifier used within ManageMyHealth™ USA is chosen by you together with an email address, which you have authorized us to use to communicate with you. No other unique identifier is linked to you by ManageMyHealth™.
While an email address is globally unique we cannot guarantee that it will always be assigned to the same person. If an email address is no longer used by an individual it is then typically ‘made available’ to anyone else who wants to use it, much the same as a phone number. In the case of children we allow the use of a parent’s email address. Once an individual becomes 16 years old they become responsible for maintaining their account access by other persons such as their parents.
For most purposes other than treatment, payment, or health care operations, you have the right to receive an Accounting of the disclosures we made of your protected health information. The Accounting will exclude disclosures we may have made directly to you, disclosures to friends or family members involved in your care, and disclosures for purposes you specifically authorized in writing. The right to receive an Accounting is subject to certain other exceptions, restrictions, and limitations. A request for an Accounting must be made in writing. The time period for the requested accounting must be specified and it may not be longer than six years.
Changes to this Privacy Statement
This Privacy Statement may be updated from time to time - the "last updated" date is included at the top of the Notice. We encourage you to review this Notice periodically to stay informed about how we may use and disclose your Personal Information. Your continued use of ManageMyHealth™ USA constitutes your acknowledgement that you have read this Notice and any updates that are accessible on our website (at www.managemyhealthusa.com).
Enforcement of this Privacy Statement
Medtech is required to comply with applicable privacy legislation when dealing with Personal Information. If you would like any further information or have any queries relating to this Notice or our information handling practices in general, or to register a complaint regarding our privacy practices, please contact us at:
Medtech Global USA, LLC
1536 Cole Blvd, Suite 350
Lakewood, CO USA 80401