Last updated January 13, 2023
Medcheck (“Medcheck”, “We” or “Us”), operates and hosts www.medchec.com patient portal website (“Portal”),and related websites and services (together with Portal and application, the “Services”) on behalf of health care providers who provide care to patients who register and utilize the Services (Your “Provider” or “Providers”).
We provide the Services to you as a Business Associate to your Provider. As a Business Associate, we follow the rules that apply to Business Associates under HIPAA, as well as any other privacy and security rule that we agreed to with your Provider.
- What Information Is Collected
- Identifiable Information
When you log in, your username and activity will be logged by our system in an audit log that we maintain on behalf of your Provider. We also collect your IP address, geolocation information, and information collected through surveys (all of which are explained in greater detail below).
When you register for either of the Services, the registration process requires you to choose a username and password for your account, which you should keep and maintain as confidential. If you choose to share your username and password you understand that those individuals to whom you share that information may be able to access your identifiable health information, grant access to your identifiable health information by a third-party application, and/or add to your identifiable health information as though they were you. You will be responsible for all activities resulting from sharing or not maintaining the confidentiality of your username or password.
If you are a registered patient user of the Portal, your identifiable health information (or that of the patient for whom you are the legal representative) currently stored electronically in your Provider’s records will become accessible to us in order to provide you access to such information through the Service.
- Non-Identifiable Information
We and/or any third-party website analytics vendor (e.g. Google Analytics) on our behalf, may also collect nonidentifiable information, which is automatically collected as you browse or otherwise access the Services. We may collect such information by tracking, or asking our analytics vendor to track, your clickstream activity when such information is not tied to a user ID through the use of “cookie” technology or by tracking internet protocol (IP) addresses, as explained below.
- IP Addresses
We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Service. By collecting your IP address, we may record the page that linked you to this Service, and other information about the type of web browser, computer, platform and settings you are using. This information only helps us determine how often different areas of the Service are visited.
- Geographic Location
We may collect your geographic location based on your IP address and other location-based data.
Users of the Service may have the opportunity to participate through the Service in various surveys depending on the survey and as permitted by law. Any survey responses that you choose to submit may be aggregated, deidentified and provided to third parties as set forth below.
- How Will Your Information Be Used and Disclosed?
- Identifiable Health Information
If you are a patient or the legal representative of a patient, any identifiable information that you share via the Service will be made accessible to your Provider and will become a part of the records maintained by your Provider, which records are subject to your Provider’s Notice of Privacy Practices.
We may share your information only with our vendors to the limited extent permitted by applicable law. We require those vendors to comply with all applicable data privacy laws and regulations,. We do not sell, lease or rent your identifiable health information.
We may share identifiable information with other third parties that you explicitly grant permission to through the Portal or the application. If you wish to stop sharing with third parties, you may revoke access permissions through the application.
- Non-Identifiable Information
The nonidentifiable, aggregated information we collect may be shared with our vendors and used in the aggregate to create summary statistics that help us analyse website usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Service in the most user-friendly way, and identify system performance or problem areas. Aggregate data is information that describes the usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. We may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide.
- Cookies and other Data Collection Technologies
Like many companies, we may use “cookie” technology on and off of the Portal and the application. “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. Some cookies are temporary and are deleted when you exit your browser, while others are permanent and are stored on your computer so that we can recognize you when you return to our websites. In general, cookies can collect your IP address, information about the device that you used to visit our websites, your location, and your browsing behaviour.
The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting certain types of cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note that disabling cookies may prevent you from using and accessing the Services.
In addition, if you visit the websites again after deleting a cookie, a new cookie may be activated.
No website can guarantee security or that loss, misuse or alteration to data hosted by or on, or accessed by or through, a website will not occur. To mitigate these risks, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your identifiable health information collected via the Services as required by applicable law. We use industry standards, such as Secure Socket Layers (“SSL”) or Transport Layer Security (“TLS”) technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL or TLS technology to create a protected connection between you and the Service to ensure confidentiality. It is our general practice to limit access to your identifiable health information to our employees and third-party agents who we reasonably believe need to have access to your information to provide you with the information or services you request via the Service.
- Important Note Regarding Children
Each practice is responsible for granting or restricting minors access to the Services based on their applicable state laws. Certain states may restrict use of the Services by minors. If a practice has provided us with identifiable information of a minor without parental or guardian consent, the parent or guardian should contact the practice to restrict access and remove the information.
You represent that you are of sufficient legal age to use the Services and to create binding legal obligations for any liability you may incur as a result of the use of the Services. You understand that you are financially responsible for all uses of the Services by you and those using your login information.