Effective: August 18, 2020
Last modified: August 18, 2020
Information We Collect from You
Credit Card Information
Nutrimedy uses Stripe to process credit card transactions. You may choose to pay for the Services using Stripe. If you use Stripe to make a payment, we do not receive or store any credit card information. You may also choose to enter credit card information through the Services. If you provide your credit card information through the Services, we will store such information for the duration of the transaction until your credit card is charged and the requested product or service has been purchased. After the transaction is complete, we will delete your credit card number and expiration date from our database. For convenience, we may store your billing address for use during future transactions.
"Personal information" is information through which you can be personally identified, including any photographs you may upload. Personal Information that we collect may include your full name, and/or other payment information (if applicable), your email address, phone number, certain health information, or any other information or data that you provide when using our Services. We collect personal information you choose to provide to us, including through registrations, applications, surveys, chat sessions or other inquiries. We do not collect information that would identify you unless you choose to provide it to us. You can choose not to provide us with certain information, but please be aware that may impact the Services provided to you.
What We Do with Your Information
We may also use your personal information to update you on special offers related to our products or services, improve our products and services, provide product announcements or information regarding health topics, deliver other information we believe you will find most relevant, and useful and in any other way we may describe when you provide the information or to which you consent. We may occasionally contact you to gather customer service information to help us determine how we can improve our services and products to better meet your needs. We may also de-identify and/or aggregate your data for various business purposes including product, service and program development and improvement. De-identified data, in individual or aggregated form, may also be used for research purposes both internally by Nutrimedy or with research partners and other third parties for the advancement of clinical and scientific knowledge.
This policy does not apply to personal information we collect from other sources. That information is governed by the agreement between us and the source of the data. We may combine or cross-reference your personal information with general information or other information we may have acquired about you or may acquire about you through other sources, including offline sources of information to help further customize the information, products or services we provide to you.
We use the general information we collect from you to help us understand and analyze users of our Services, including generating aggregate statistics about Services used. This data can then be used to tailor our Services’ content, deliver a better experience for our users. We may also collect, aggregate and maintain anonymous information about the visitors of our Services. We may further share such aggregate, non-identifiable information with business partners, sponsors and other third parties.
Sharing of personal information with Third Parties
If you invite family, friends or other third parties to be part of your team or join your chat sessions with your nutritionist, they will have access to the information shared during that session. You should also be aware that certain features within our Services may allow for group chat sessions or public forums. By inviting any third parties to join your chat sessions or participating in group sessions or public forums, you consent to the disclosure of your personal information, including information about your health and any health conditions to the other participants. We cannot control whether or how these participants will use your personal information or if they will subsequently disclose it. If you do not consent to the disclosure of this information to these third parties, you should not invite them to join your team or participate in the group sessions or other public forums.
We may also release your personal information to third parties as required by law, when we believe disclosure is necessary to comply with a legal or regulatory requirements, judicial proceeding, court order or legal process served on us, to protect the safety, rights or property of patients, customers, the public or the Company or defend the Company and its officers, directors, employees, attorneys, agents, contractors and partners, in connection with any legal action, claim, or dispute.
How We Keep Your Information Secure
We seek to safeguard the security of your personal information and have implemented reasonable security measures consistent with accepted practices in the healthcare industry to protect the confidentiality of your personal information and limit access to it. We have put in place a variety of information security measures to protect your personal information, including encryption technology, such as Secure Sockets Layer (SSL), to protect your personal information during data transport and at rest. However, despite our efforts to protect your personal information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your personal information over the Internet will be intercepted. Unfortunately, we cannot guarantee the absolute security of your personal information, nor can we guarantee that information that you provide will not be intercepted while being transmitted to us over the Internet. Therefore, we urge you to also take every precaution to protect your personal information when you are on the Internet or using the Services.
Nutrimedy uses industry-standard encryption technology to protect your privacy. We limit access to personal information about you to employees who we believe reasonably need to come into contact with such information to provide products or services to you in order to do their jobs. We have physical, electronic and procedural safeguards that comply with federal regulations to protect personal information about you. It is important for you to protect against unauthorized access to your password and to your computer or device. It is your responsibility to sign off when you finish using a shared computer or device.
Nutrimedy may use third party vendors and hosting partners to provide the necessary hardware, software, networking, storage and related technology required to operate the Services. The Nutrimedy database is stored on secured servers specifically designed for management of Personally Identifiable Information and Protected Health Information. The Information stored on the server may be transferred to, and stored at, a destination outside of your home country. These destination countries may have different or less protective privacy laws than those in your home country. The Information may also be processed by any service providers appointed by us who operate outside of your home country and their staff, and/or our own staff based outside of your home country. By permitting us to collect your Information, You agree to this transfer, storing or processing outside your home country. Information transferred will be treated in accordance with this Notice.
How to Opt Out
Third Party Websites
If you would like to update your personal information, delete your account, change your preferences or have any questions or concerns about your privacy, you may contact us at firstname.lastname@example.org. Please note that some information may remain in our records after deletion of your account, including any information or records we are legally obligated to retain.
NOTICE OF PRIVACY PRACTICES
EFFECTIVE DATE: November 28, 2017
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
UNDERSTANDING YOUR HEALTH RECORD/INFORMATION
Each time you visit a hospital, physician, dentist, or other healthcare provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information often referred to as your health or medical record, serves as a basis for planning your care and treatment and serves as a means of communication among the many health professionals who contribute to your care. Understanding what is in your record and how your health information is used helps you to ensure its accuracy, better understand who, what, when, where, and why others may access your health information, and helps you make more informed decisions when authorizing disclosure to others.
YOUR HEALTH INFORMATION RIGHTS
Unless otherwise required by law, your health record is the physical property of the healthcare practitioner or facility that compiled it. However, you have certain rights with respect to the information. You have the right to:
Receive a copy of this Notice of Privacy Practices from us upon enrollment or upon request.
Request restrictions on our uses and disclosures of your protected health information for treatment, payment and health care operations. This includes your right to request that we not disclose your health information to a health plan for payment or health care operations if you have paid in full and out of pocket for the services provided. We reserve the right not to agree to a given requested restriction.
Request to receive communications of protected health information in confidence.
Inspect and obtain a copy of the protected health information contained in your medical and billing records and in any other Practice records used by us to make decisions about you. If we maintain or use electronic health records, you will also have the right to obtain a copy or forward a copy of your electronic health record to a third party. A reasonable copying/labor charge may apply.
Request an amendment to your protected health information. However, we may deny your request for an amendment, if we determine that the protected health information or record that is the subject of the request:
was not created by us, unless you provide a reasonable basis to believe that the originator of the protected health information is no longer available to act on the requested amendment;
is not part of your medical or billing records;
is not available for inspection as set forth above; or
is accurate and complete.
In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records.
Receive an accounting of disclosures of protected health information made by us to individuals or entities other than to you, except for disclosures:
to carry out treatment, payment and health care operations as provided above;
to persons involved in your care or for other notification purposes as provided by law;
to correctional institutions or law enforcement officials as provided by law;
for national security or intelligence purposes;
that occurred prior to the date of compliance with privacy standards (April 14, 2003);
incidental to other permissible uses or disclosures;
that are part of a limited data set (does not contain protected health information that directly identifies individuals);
made to patient or their personal representatives;
for which a written authorization form from the patient has been received
Revoke your authorization to use or disclose health information except to the extent that we have already taken action in reliance on your authorization, or if the authorization was obtained as a condition of obtaining insurance coverage and other applicable law provides the insurer that obtained the authorization with the right to contest a claim under the policy.
Receive notification if affected by a breach of unsecured PHI
HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
This organization may use and/or disclose your medical information for the following purposes:
Treatment: We may use and disclose protected health information in the provision, coordination, or management of your health care, including consultations between health care providers regarding your care and referrals for health care from one healthcare provider to another.
Payment: We may use and disclose protected health information to obtain reimbursement for the health care provided to you, including determinations of eligibility and coverage and other utilization review activities.
Regular Healthcare Operations: We may use and disclose protected health information to support functions of our practice related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient complaints, physician reviews, compliance programs, audits, business planning, development, management and administrative activities.
Appointment Reminders: We may use and disclose protected health information to contact you to provide appointment reminders.
Treatment Alternatives: We may use and disclose protected health information to tell you about or recommend possible treatment alternatives or other health related benefits and services that may be of interest to you
Health-Related Benefits and Services: We may use and disclose protected health information to tell you about health-related benefits, services, or medical education classes that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care: Unless you object, we may disclose your protected health information to your family or friends or any other individual identified by you when they are involved in your care or the payment for your care. We will only disclose the protected health information directly relevant to their involvement in your care or payment. We may also disclose your protected health information to notify a person responsible for your care (or to identify such person) of your location, general condition or death.
Business Associates: There may be some services provided in our organization through contracts with Business Associates. Examples include physician services in the emergency department and radiology, certain laboratory tests, and a copy service we use when making copies of your health record. When these services are contracted, we may disclose some or all of your health information to our Business Associate so that they can perform the job we have asked them to do. To protect your health information, however, we require the Business Associate to appropriately safeguard your information.
Organ and Tissue Donation: If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Worker's Compensation: We may release protected health information about you for programs that provide benefits for work related injuries or illness.
Communicable Diseases: We may disclose protected health information to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
Health Oversight Activities: We may disclose protected health information to federal or state agencies that oversee our activities.
Law Enforcement: We may disclose protected health information as required by law or in response to a valid judge ordered subpoena. For example in cases of victims of abuse or domestic violence; to identify or locate a suspect, fugitive, material witness, or missing person; related to judicial or administrative proceedings; or related to other law enforcement purposes.
Military and Veterans: If you are a member of the armed forces, we may release protected health information about you as required by military command authorities.
Lawsuits and Disputes: We may disclose protected health information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release protected health information about you to the correctional institution or law enforcement official. An inmate does not have the right to the Notice of Privacy Practices.
Abuse or Neglect: We may disclose protected health information to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Fundraising: Unless you notify us you object, we may contact you as part of a fundraising effort for our practice. You may opt out of receiving fundraising materials by notifying the practice’s privacy officer at any time at the telephone number or the address at the end of this document. This will also be documented and described in any fundraising material you receive.
Coroners, Medical Examiners, and Funeral Directors: We may release protected health information to a coroner or medical examiner. This may be necessary to identify a deceased person or determine the cause of death. We may also release protected health information about patients to funeral directors as necessary to carry out their duties.
Public Health Risks: We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose such as controlling disease, injury or disability.
Serious Threats: As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Food and Drug Administration (FDA): As required by law, we may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Research : We may disclose information to researchers when an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information has approved their research.