Medcheck (“Medcheck”, “We” or “Us”), operates and hosts www.medchec.com patient portal website (“Portal”),and  related websites and services (together with Portal and application, the “Services”) on behalf of health care providers who provide care to patients who register and utilize the Services (Your “Provider” or “Providers”). 

1. Applicability of this Privacy Policy 

We provide the Services to you as a Business Associate to your Provider. As a Business Associate, we follow the rules that apply to Business Associates under HIPAA, as well as any other privacy and security rule that we agreed to with your Provider. 

Your Provider’s use and disclosure of your identifiable health information is subject to your Provider’s Notice of Privacy Practices. Please contact your Provider for a copy of their Notice of Privacy Practices. This Privacy Policy does not in any way govern our collection, use or disclosure of your identifiable health information in connection with any relationship that we may have with your Provider other than as the operator and host of the Services; any such collection, use or disclosure is governed by the Business Associate Agreement that we have with your Provider, and all applicable laws. 

2. Agreement to Privacy Policy 

By visiting the Portal or application and/or utilizing the Services, you agree to accept the practices described in this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy. 

3. Modifications to Privacy Policy 

We may revise this Privacy Policy at any time. We will take steps to notify you prior to these changes taking effect. Each time that you visit the Portal or the application, you should check the date of this Privacy Policy (set forth above) and review any changes that have been made since you last visited the website. 

4. What Information Is Collected 

1. Identifiable Information 

When you log in, your username and activity will be logged by our system in an audit log that we maintain on behalf of your Provider. We also collect your IP address, geolocation information, and information collected through surveys (all of which are explained in greater detail below). 

When you register for either of the Services, the registration process requires you to choose a username and password for your account, which you should keep and maintain as confidential. If you choose to share your username and password you understand that those individuals to whom you share that information may be able to access your identifiable health information, grant access to your identifiable health information by a third-party application, and/or add to your identifiable health information as though they were you. You will be responsible for all activities resulting from sharing or not maintaining the confidentiality of your username or password. 

If you are a registered patient user of the Portal, your identifiable health information (or that of the patient for whom you are the legal representative) currently stored electronically in your Provider’s records will become accessible to us in order to provide you access to such information through the Service. 

1. Non-Identifiable Information 

We and/or any third-party website analytics vendor (e.g. Google Analytics) on our behalf, may also collect nonidentifiable information, which is automatically collected as you browse or otherwise access the Services. We may collect such information by tracking, or asking our analytics vendor to track, your clickstream activity when such information is not tied to a user ID through the use of “cookie” technology or by tracking internet protocol (IP) addresses, as explained below. 

1. IP Addresses 

We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Service. By collecting your IP address, we may record the page that linked you to this Service, and other information about the type of web browser, computer, platform and settings you are using. This information only helps us determine how often different areas of the Service are visited. 

1. Geographic Location 

We may collect your geographic location based on your IP address and other location-based data. 

1. Surveys 

Users of the Service may have the opportunity to participate through the Service in various surveys depending on the survey and as permitted by law. Any survey responses that you choose to submit may be aggregated, deidentified and provided to third parties as set forth below. 

5. How Will Your Information Be Used and Disclosed? 

We will not sell, share or rent the information that is collected via the Service to others in ways that differ from what is disclosed in this Privacy Policy. 

1. Identifiable Health Information 

If you are a patient or the legal representative of a patient, any identifiable information that you share via the Service will be made accessible to your Provider and will become a part of the records maintained by your Provider, which records are subject to your Provider’s Notice of Privacy Practices. 

We may share your information only with our vendors to the limited extent permitted by applicable law. We require those vendors to comply with all applicable data privacy laws and regulations,. We do not sell, lease or rent your identifiable health information. 

We may share identifiable information with other third parties that you explicitly grant permission to through the Portal or the application. If you wish to stop sharing with third parties, you may revoke access permissions through the application.  

1. Non-Identifiable Information 

The nonidentifiable, aggregated information we collect may be shared with our vendors and used in the aggregate to create summary statistics that help us analyse website usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Service in the most user-friendly way, and identify system performance or problem areas. Aggregate data is information that describes the usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. We may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. 

6. Cookies and other Data Collection Technologies 

Like many companies, we may use “cookie” technology on and off of the Portal and the application. “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. Some cookies are temporary and are deleted when you exit your browser, while others are permanent and are stored on your computer so that we can recognize you when you return to our websites. In general, cookies can collect your IP address, information about the device that you used to visit our websites, your location, and your browsing behaviour. 

We use cookies and related technologies to improve your experience, including remembering your preferences and allowing you to log into your account. We also use analytics cookies to help us measure website traffic and tells us how visitors use the websites. One such cookie is Google Analytics. To learn more about how Google uses data when you visit our websites, please visit https://policies.google.com/technologies/partner-sites. 

The “help” portion of the toolbar on most browsers will tell you how to prevent your browser from accepting certain types of cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note that disabling cookies may prevent you from using and accessing the Services. 

In addition, if you visit the websites again after deleting a cookie, a new cookie may be activated. 

Since third parties may use their own cookies when you click on a hypertext link to their site or service, you should carefully review the privacy policy of other sites you link to, from the Portal or the application. 

7. Security 

No website can guarantee security or that loss, misuse or alteration to data hosted by or on, or accessed by or through, a website will not occur. To mitigate these risks, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your identifiable health information collected via the Services as required by applicable law. We use industry standards, such as Secure Socket Layers (“SSL”) or Transport Layer Security (“TLS”) technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL or TLS technology to create a protected connection between you and the Service to ensure confidentiality. It is our general practice to limit access to your identifiable health information to our employees and third-party agents who we reasonably believe need to have access to your information to provide you with the information or services you request via the Service. 

8.    Important Note Regarding Children 

Each practice is responsible for granting or restricting minors access to the Services based on their applicable state laws. Certain states may restrict use of the Services by minors. If a practice has provided us with identifiable information of a minor without parental or guardian consent, the parent or guardian should contact the practice to restrict access and remove the information. 

You represent that you are of sufficient legal age to use the Services and to create binding legal obligations for any liability you may incur as a result of the use of the Services. You understand that you are financially responsible for all uses of the Services by you and those using your login information.