Privacy Policy

Last Updated: September 29, 2020

We are committed to your privacy.

Introduction

Medchart Inc. ("Medchart") is an information technology service provider that enables you or your Designated Representatives to use electronic means to collect, access, maintain, and share (collectively, “Process”) your health information and medical records. Medchart respects your privacy and is committed to keeping this information accurate, confidential, and secure. We Process your information that identifies you personally only with your consent. We always ask for your permission before we share or use your information for a purpose other than to what you have consented. This Privacy Policy is based on U.S. privacy law in general as well as the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) promulgated by the US Department of Health and Human Services under the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state laws governing the disclosure of Personal Health Information.

The Scope of This Privacy Policy

This Privacy Policy describes Medchart’s approach  to protecting the privacy of Personal Information in its possession or control, in accordance with applicable law and Medchart's policies. This Privacy Policy governs our service offerings in the United States.

Changes to this Privacy Policy

This Policy is effective as of the “last updated” data listed above.  We reserve the right to change this Privacy Policy from time to time to ensure that it accurately reflects applicable law and Medchart policies. Non-material changes will be effective immediately, but Medchart will provide 30 days advance notice of material changes through, for example, website postings and/or Medchart newsletters. Please check this page regularly to ensure that you understand how Medchart Processes your Personal Information. By continuing to use Medchart services after the effective date of a change, you automatically accept the change.  

Definition of Terms Used in this Privacy Policy

Privacy

Privacy is an individual's right to retain control over the collection, use, and disclosure of her/his personal information.

Custodians

Custodians are health care plans, insurers, health care clearinghouses, health care providers, and other entities who transmit Personal Health Information to Medchart with your consent. Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.   Personal Information  Personal Information is information that identifies, relates to, describes, or could reasonably be linked or associated, directly or indirectly, with a particular consumer or household.   

Personal Health Information

Personal Health Information is Personal Information relating to the past, present, or future health status of an individual that is created, collected, transmitted, or maintained (collectively, “Processed”) by Custodians.  This includes health information that can be tied to an individual through identifiers such as: name; address; email address; telephone and fax numbers; social security numbers or other government issued IDs; insurance, medical record, or other account numbers; biometric identifiers; photographs or images; device identifiers; or other persistent identifiers that can reasonably be used to identify an individual.  Data from which all personal identifiers have been removed, such that the information cannot reasonably be used to identify the individual, is not considered Personal Information, nor is it Personal Health Information.

Capacity and Substitute Decision-Making

An individual is capable of consenting to Medchart’s Processing of Personal Health Information if the individual is able to understand the relevant information and the consequences of giving or withholding consent. Medchart presumes individual capacity unless it has reasonable grounds to believe that the individual is incapable of consenting.

An individual who is capable of consenting to Medchart’s Processing of Personal Health Information may also authorize another person – including family members, advisors, lawyers, or other health care providers - as a Personal Representative to act on her or his behalf. If the individual is incapable of making and understanding health decisions, for example if the individual is unconscious, deceased, or otherwise incapacitated, substitute decision-makers authorized by state or federal law to act as Personal Representatives may consent on her or his behalf.  

Substitute Decision-Maker or Personal Representative

A Personal Representative, in relation to an individual, means, unless the context requires otherwise, a person who is authorized by law as a substitute decision-maker to consent on behalf of the individual to the collection, use or disclosure of Personal Health Information about the individual.

Collection, Use, and Disclosure of Personal Information

Collection

Information that you affirmatively give us or ask us to collect:

When you register for a Medchart account, we collect the Personal Information that you or your Personal Representative provide directly, including your full name, contact information (including physical and email addresses, phone and fax numbers, etc.).  We also collect any other information that you provide including, without limitation, information about your health care providers, insurers, medical conditions.    

At your direction and with your consent, Medchart collects medical records and Personal Health Information from Custodians.    

If you have designated a Personal Representative, including an attorney or family member, you may give them access to and the ability to add additional Personal Information to your Medchart records.  

Information that we collect passively when you visit our website:  

Medchart collects information about how and when you use our website and our service offerings, including information about the pages you visit, the content you view on our sites and in our portals, We collect information about the apps, browsers, and devices you use to access our services, which helps us provide features like automatic product updates.  The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.  

Use of Cookies


The Site uses "cookies" to help personalize and maximize your online experience. Cookies are small amounts of data that often include unique identifiers that enable the Site to recognize you and to keep track of your preferences. These identifiers are usually alpha-numeric strings, which cannot be used to identify you without additional information.  

Two types of cookies may be employed during your visit to the Site:  

- "Session" cookies, which are not permanently stored on your hard drive and are permanently deleted from your computer after two hours of inactivity or when you end your session, are used to help you to navigate around the site; and

- "Persistent" cookies, which remain on your computer so that the Site can recognize you when you return. These cookies, which are used primarily to personalize your site experience and save you time, will remain on your computer after you have left our Site and will expire when you log out of the Site, or 60 days after your last visit for security cookies, or two years after your last visit for advertisement and information notice cookies.

The Site uses cookies for the following:  

- When you return to the Site, cookies enable us to retrieve the information you previously provided, so you can easily use the features that you customized. Because of our use of cookies, we can deliver faster and more accurate results and a more personalized site experience. For example, if you personalize Medchart pages, or register for services, a cookie helps us to recall your specific information (such as user name, password and preferences).  When you watch a video clip or listen to an audio clip on or through the Medchart Site, a cookie may take note of which media player and which type of clip (high or low bandwidth) you prefer to use on your computer. Note, however, that you can change your video and audio preferences at any time or choose a player each time you view or listen to a clip.  

- Some parts of the Site use cookies to track user traffic patterns. We do this in order to determine the usefulness of the Site’s information to our users and to see how effective our navigational structure is in helping users reach that information.  

- We also use cookies to identify users who have been banned from using our forums for behavior that violates these General Terms and Conditions and to track click streams, for load balancing and to enable you to navigate through the site using redirection pages.  

Please note that you have the ability to disable cookies if you wish, generally through changing your internet browser settings. It may also be possible to change your browser settings to enable acceptance of specific cookies. For more information on enabling and disabling cookies, please refer to the help section on your browser. If cookies are disabled it may mean that not all the services of this Site might be available.  If you do not agree with Medchart’s use of cookies, please discontinue the use of this website.

Use  

Medchart uses Personal Information about you for the exclusive purposes of collecting, maintaining, and disclosing that information, including Personal Health Information, at your direction and on your behalf.  If we want to use your information for any other purpose, we will seek your explicit consent to do so.

Disclosure  

Medchart discloses Personal Information about you, including Personal Health Information, in order to provide the service, including to collect Personal Health Records from Custodians and to facilitate the disclosure of that information to third parties on your behalf and at your direction.  Medchart may also disclose Personal Information about you to third parties as required by applicable law and/or as necessary to protect our rights and the rights of third parties.  Unless prohibited by law, we will notify you of any such disclosures.    

Retention  

Medchart will retain Personal Information associated with your Medchart account for so long as it is necessary to provide our services to you.  Subject to certain limitations necessary to provide our services, operate our business, and comply with applicable law, you may delete your Personal Information at any time.    

Privacy Principles

Medchart Processes your Personal Information in accordance with globally recognized fair information practice principles described below:  

Accountability

Medchart is an information technology service provider that allows users to access, consolidate, and control their Personal Health Information collected from Custodians using electronic means. Medchart has established policies and procedures to protect patient privacy and safeguard Personal Information, including Personal Health Information.  Our Chief Privacy Officer (CPO), identified at the end of this document, is Medchart’s designated contact person and is accountable for our compliance with this Privacy Policy and applicable law.  

Consent

Medchart will normally obtain consent from you or your properly designated Personal Representative before Processing Personal Information about you. An individual can provide consent to the collection, use and disclosure of Personal Information about them expressly, implicitly, or through an authorized Personal Representative. When you sign up for Medchart's services, whether as an individual or an individual’s personal representative, we will ask for your express consent during the account creation process. You have the right to withdraw consent at any time, with certain exceptions.

Purpose Specification

Medchart will identify the purposes for which Personal Information is Processed at or before the time the information is collected. We will not use your Personal Information for any other purpose without your express consent.

Collection, Use, Disclosure, and Retention Limitations

With your consent, Medchart helps you consolidate and access your Personal Health Information on a secure online account. Specifically, we: collect copies of your official medical records from Custodians; if necessary, convert your paper records into an electronic format, and promptly and securely dispose of the paper copy; upload the electronic copy of your records onto a secure, encrypted online database; allow you to access these records on your personal password-protected Portal on our website; and allow you to authorize other users (such as your healthcare provider, family members, or lawyers) to securely access, use, and disclose your records.

Medchart collects Personal Information about you only by fair and lawful means, either from you directly or from Custodians. This information may include your name, date of birth, address, contact information, health history, records of your visits to medical service providers, and details of the care that you received. Upon enrolling in Medchart's services you agree and understand that the collection of Personal Information is for your personal record keeping purposes, including disclosure to third parties at your direction or at the direction of your Personal Representative.

Medchart will use your Personal Information only for the reasons it was collected, unless you expressly consent to our use or disclosure of that information for another reason. We will retain your Personal Information only for so long as necessary to provide the services you have requested.  Medchart may share your Personal Information with our affiliates and service providers who may be involved in delivering Medchart's services, providing customer support, and conducting customer research or satisfaction surveys. These service providers are obligated by contract to protect your Personal Information, they are not permitted to use this information for any purpose except providing the service, and they are only given the information necessary to perform their designated functions. Medchart does not authorize any service providers to use or disclose your Personal Information for their own marketing or other purposes. We may also share your Personal Information with our financial, insurance, legal, accounting or other advisors that provide such professional services to us.

Your Personal Information may be processed and/or stored outside of the United States as necessary or appropriate to provide our services. No matter where your data is stored, we undertake reasonable measures to protect your Personal Information.  When it is stored and/or Processed in other jurisdiction, our Processing of that data may be subject to the laws of such countries and made available to third parties under applicable law. By providing us with your information, you allow your Personal Information to be transferred outside of United States.

Accuracy

Medchart will keep the Personal Information in its possession or control accurate, complete, current and relevant, based on the most recent information available to Medchart. Please be aware that we cannot modify Personal Information provided by Custodians. However, if you believe that any other Personal Information is inaccurate or incomplete, please notify us [via email or your account.  

Data Security

The safety and privacy of your information is our top priority, and Medchart has deployed appropriate physical, administrative, and technical measures designed to safeguard your Personal Information against theft, loss, unauthorized access, copying, modification, use, disclosure and disposal. These measures include appropriate security policies, employee training, the use of nondisclosure agreements, audits and compliance monitoring, and access controls (facility and workstation).  

Medchart uses strong encryption technologies to secure your information, and monitors and upgrades our systems to reflect new technology and other developments. Access to your online profile and medical records is protected by your personal login details. We strongly encourage you to take advantage of our optional 2-factor authentication system (a verification code sent to your registered cell phone or email at time of login) to minimize the likelihood of unauthorized access in case your login details have been lost or stolen.

Transparency

This Privacy Policy is designed to provide a comprehensive description of Medchart’s privacy practices, including information about the Personal Information we collect, how we use that information, and to whom we disclose it.

- Medchart may disclose Personal Information to our service providers who help us provide the service or to third parties (such as family members, lawyers, or health care providers) at your direction.

- Medchart does not sell Personal Information to anyone for any purpose.

- MedChart does not knowingly collect Personal Information about minors without the express consent of their parent, guardian, or duly appointed Personal Representative.

If you would like to know more about Medchart’s policies and practices related to the management of personal information, please contact our Chief Privacy Officer via email sent to privacy@medchart.com.  

Access to Personal Information

Except as restricted by law, MedCchart will inform you or your Personal Representative about the existence, use and disclosure of any personal information about you in our possession or control, and will provide access to that information. You may also have the right to challenge the accuracy and completeness of the information and to ask that it be amended or deleted. To ask if we are processing Personal Information about you, to learn what personal information about you that we have, and to whom we may have disclosed that information, please send an email to privacy@medchart.com.

Please be sure to include your full name, address, telephone number, and email address.  We may need to ask for additional information to verify your identity.  

Complaints and Questions

For more information about our privacy protection practices, or to raise a concern you may have about our practices, please contact:

Juliana Doxey
Chief Privacy Officer, Medchart, Inc.

215 S. Denton Tap Rd., Suite 290 
Coppell, TX, 75019
USA

Email: privacy@medchart.com

Toll-free: 1-833-603-0407
Fax: 1-888-929-2687