IntelliCentrics SEC3URE Platform Privacy Policy

 

OVERVIEW

IntelliCentrics, Inc. (collectively “IntelliCentrics,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal information in relation to the www.sec3ure.com platform (the “Platform”). To help explain things and to help you make decisions when you access or use the Platform, please read on. If you have any questions about this Privacy Policy and the Platform, you can contact us at Privacy@IntelliCentrics.com.

This IntelliCentrics SEC³URE Privacy Policy is effective from October 16, 2020.

 

ACCEPTING THIS PRIVACY POLICY

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. By accepting our Terms of Use when accessing the Platform, you are confirming that you have read and understand this Privacy Policy, including how and why we use your personal information, and you consent to the collection and processing of your information as described in this Privacy Policy and any addenda thereto. If you do not want us to collect or process your personal information in the ways described in this Privacy Policy, you should not access or use the Platform.

We are not responsible for the content or the privacy policies or practices of any of the Platform’s users (“Users”), third-party websites imbedded or linked through the Platform, or third-party applications.

 

WHAT INFORMATION WE COLLECT OR RECEIVE

We collect your personal information in the course of your use of the Platform in a few different ways. Here are some of the types of information we gather:

  • information you give us, such as your name, password, employer, credentials, facilities, in order to register and participate in the IntelliCentrics community; credit card information you send to our payment processor in order to carry out transactions; and other personal information you may choose to provide us, to provide the services you are requesting;
  • information we collect from third parties who perform services you choose or authorize as appropriate by the Intellicentrics application you subscribe to, such as information from your authorized representatives (such as an employer), from medical training, licensing, regulatory, or credential verification organizations and public records, from third-party service providers, from payment facilities, from healthcare providers, or others (note that for many third-party services, you will provide your information directly to that service provider and not to us);
  • information we collect from third parties as appropriate by application you subscribe to, who perform services or provide information about you pursuant to database searches or background checks requested or required for your authorized representatives (such as an employer) or for individuals or companies with which you have a relationship (such as a healthcare provider or facility);
  • information about your computer for system administration purposes, such as your IP address, operating system and browser type, which we may combine with data collected via “session cookies,” but this information is statistical data about our User’s browsing patterns and generally does not identify our Users; and
  • non-personal information that is collected on an aggregate basis as you browse our Site.

This may include the following “Personal Information:”

  • Identification information such as name, log-in, password, organization, mail and email addresses, phone number(s), For medical staff specifically: former name(s), Social Security number, place and date of birth, gender, or other responses to security questions, driver’s license number, photographs or bio-identifiers for proof of identity;
  • Employment-related information as appropriate by application you subscribe to, such as your employment status, employers, positions, and lengths of employment;
  • Healthcare information upon use of BioBytes, SEC³URE Link or SEC³URE Visitor, such as dates of services, scheduling information, types of procedures, and patient location, measurements of vital signs and biomarkers that you collect and history of current and past medical conditions,  (as more fully described in the HIPAA Privacy Practices Addendum to this Privacy Policy;
  • Credentials and other records as appropriate by application you subscribe to, of your education, training, certifications, professional history, and qualifications;
  • As appropriate by application you subscribe to, authorizations and purchase orders for products or services, such as Confirmation of acceptable background checks on a pass/fail basis based on the requirements set by IntelliCentrics, our third-party service provider, and/or by each healthcare provider or facility you select (the details of which are only shared with you and a selected healthcare provider or facility and are not further collected or stored by us without express authorization); Vaccination appointments, histories and/or proof of immunization; Pass/fail records of titer or other medical tests, based on Center for Disease Control standards, and other medical records as you authorize; Radiation dosimeter purchases and exposure histories; records of Training and Continuing Education; and Certificates of Insurance coverage which may be provided to us;
  • Access history, training records, and other information regarding your previous interaction(s) at facilities as appropriate by application you subscribe to;
  • Any other information or documents you may upload to your profile, such as photos, and for BioBytes, medical history, current symptoms, or information that would be in concert with vital signs or biomarker measurement,  or in questions, comments, complaints, or inquiries submitted to us; and
  • Website traffic data and data from emails, attachments, email addresses, metadata, and URLs. (For more information, see the section “How We Use Cookies and Similar Technologies” below, and our Cookie Policy.)

We only collect Personal Information that you choose to submit to us or authorize us or others to obtain. You may choose not to submit information to us, or to permit us or others to obtain it. If you choose not to do so, however, we will not be able to provide the corresponding service to you. You may also choose to ask us to amend or delete certain of your information already provided to us. If you choose to make such a request and we are able to agree to the request, we may no longer be able to provide the corresponding service to you.

FOR PLATFORM SERVICES OTHER THAN SEC³URE Link OR SEC³URE Visitor MANAGEMENT

The information we collect from Users for the Platform, other than for BioBytes, SEC³URE Link or SEC³URE Visitor, does not qualify as “protected health information” or “PHI” as defined by the Health Insurance Portability and Accountability Act of 1996, as amended from time to time (“HIPAA”), because the information is (i) willingly disclosed by Users to IntelliCentrics, either directly by a User or indirectly by another person who has been granted valid authorization by the User or third party to disclose such information, removing its HIPAA-protected status; (ii) not used or disclosed by IntelliCentrics for purposes of healthcare treatment, payment or operations by a healthcare provider or health plan, thus not qualifying as a use or disclosure by a “covered entity” under HIPAA; and (iii) not used by IntelliCentrics for or on behalf of a covered entity for purposes of a User’s healthcare treatment, payment or operations, thus not qualifying as a use or disclosure as a “business associate” under HIPAA. IntelliCentrics takes extra precautions with respect to the User information it collects, however, and has implemented this Privacy Policy and related security safeguards to protect such information from inappropriate access or use.

FOR BioBytes, SEC³URE Link AND SEC³URE Visitor MANAGEMENT

For services performed for Users of BioBytes, SEC³URE Link or SEC³URE Visitor, it is possible that, from time to time, we receive or maintain PHI from Users that are Facilities and providers and qualify as “covered entities” for HIPAA purposes.

The receipt or maintenance of PHI through BioBytes, SEC³URE Link or SEC³URE Visitor may be for treatment or operational purposes of the Facility or provider, but other than the respective Facility or provider, this PHI will not relate to Subscribers. Instead, the PHI will relate to patients or clients of the specific Facility or provider who have acknowledged the Facility’s or provider’s use of PHI via the Facility’s and/or provider’s Notice of Privacy Practices. Such individuals are not Users, and we are not responsible for the content or use of the Facility’s and/or provider’s privacy notices, policies, or practices, or for the Facility’s and or provider’s processes to maintain the confidentiality or integrity of the PHI as part of their third-party records.

Instead, we are solely responsible for our efforts to safeguard any PHI uploaded to the Platform by a Facility or its patients, which will be done in accordance with this Privacy Policy and the HIPAA Privacy Practices Addendum and Business Associate Addendum to this Privacy Policy, as well as applicable state and federal law.

When using, collecting, maintaining, or transmitting such non-User PHI for a Facility, we will only do so as allowed by HIPAA. Unless allowed by HIPAA or required by law, such PHI is not shared or otherwise used outside the Platform; however, we may aggregate such PHI for purposes of security and operations management, statistical analysis, or research and development. To the maximum extent possible, such use will result in de-identified data that can no longer be used to identify an individual and no longer qualifies as PHI.

 

HOW WE USE YOUR INFORMATION

We use your Personal Information to operate, provide, and improve the Platform. Our purposes for using your personal information include:

  • Providing the Platform to you, along with products and services that you request through the Platform, including providing healthcare providers and facilities you select with access to your profile, assistance with their credentialing processes and databases, and access tracking and control services, and responding to questions, comments, complaints, and other inquiries. With respect to BioBytes, access to your profile includes medical history, current symptoms, or information that would be in concert with vital signs or biomarker measurement;
  • Assisting third-party service providers in providing products and services that you request on the Platform as appropriate by application you subscribe to such as vaccinations, medical tests and histories, background checks, training, insurance, radiation dosimeters and reports, and other products and services;
  • Administering the Platform and running our business, including protection and improvement of the Platform, account management and analysis, customer support, communication, and market analysis;
  • Marketing of our products and services that we think may be of interest to you; and
  • Otherwise as we have a legitimate interest. For example, we may use it to communicate with you, to administer our Site and run our business, to protect ourselves and others, for our own individual or market research, or in connection with a corporate transaction such as a merger or acquisition. We may also use it when, in our judgment, we believe it is necessary, appropriate, or required, such as communicate with third parties such as insurers, service providers, consultants, advisors, or agents, or to comply with and enforce legal and regulatory requirements, agreements, and policies, or to protect a person’s vital interests. We may also use it for any other purpose disclosed to you at the time you provide personal information or with your consent.

 

HOW WE SHARE YOUR INFORMATION

Information about our Users is an important part of our business, but we are not in the business of selling our Users’ personal information to others. We share personal information only as described below.

We may share your Personal Information with others, as follows:

  • Employees, contractors, and agents who “need to know” in order to serve you: We may share your personal information with our employees, contractors, and agents who “need to know” in order to serve you. These may include third-party service providers who perform services for us, such as our payment processor, but their use of such information is limited to the performance of their duties and is consistent with our purposes for using such information;
  • Third-party service providers you choose or authorize: We may share your personal information with the third-party services providers you select, who provide services to you as you choose or authorize including credential records, background checks, vaccination appointments and records, titer tests and other medical records, radiation dosimeters and reports, education and training, insurance coverage, and payment processing. In most cases, you will be directed to their websites and provide your information yourself. We require our service providers to maintain the confidentiality and security of your Personal Information and to use it only to provide services on yours or our behalf or as otherwise required or permitted by applicable law;
  • Other third parties you choose or authorize: We may share certain of your personal information with other third parties whom you have chosen or authorized, who are permitted by law to receive it, and who need that information in order to manage their accounts with us (such as your employer, or other entity on whose behalf you work); as appropriate to the Intellicentrics application you are using and
  • Protection of ourselves or others: We may share your personal information when we believe release is appropriate: to (a) comply with a law, legal process or regulations; (b) protect the vital interests of a person; (c) protect our property, Platform, services or legal rights; or (d) support our audit, compliance and governance functions.
  • Business transfers: As we continue to develop our business, we might sell or buy businesses or services. In such transactions, personal information may be one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Policy (unless, of course, the individual consents otherwise). Also, in the unlikely event that IntelliCentrics or substantially all of its assets are acquired, your information will be one of the transferred assets.
  • In aggregated form. We may aggregate your information with the information of others who use our Site and share the aggregated information with third parties to discover and reveal trends about how Users like you engage with our services. This normally results in information in a statistical or summary form that does not include any personal identifiers. To the extent possible, we will only use medical information in a way that ensures it is de-identified and no longer considered protected information for healthcare data privacy purposes (see HIPAA Privacy Practices Addendum.
  • At your option: Other than as set out above, you will receive notice when personal information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.

 

LINKS TO THIRD-PARTY SERVICE PROVIDERS

We provide links to websites of third-party service providers in order to make their services available to you through the SEC³URE Platform (“Linked Website”). These links may be helpful with regard to the requirements for some of the applications and credentialing for some of the Intellicentrics products.

Linked Websites are independent from us and are not governed by this Privacy Policy. We do not manage or control them or the products or services they provide, and consequently, accept no liability for them.

All of the Linked Websites use tracking “cookies.”

As a convenience to you, links to the privacy notices of the Linked Websites are provided below, together with certain information taken from them as of November 2018. But the descriptions below are not complete and may not include information which is important to you. You should consult their privacy notices before electing to receive products or services from them:

IQ Data Systems, Inc. d/b/a Backgrounds Online (“BGO”) provides background screening services. It states that it uses the ClickTale web analytics service to improve navigation and forms on its website; may place “advertising cookies” on a visitor’s computer so that when they visit another site that has an agreement with its advertising network, the other side will use the cookie to display an advertisement to them on the other site; and provides personally-identifying information to third parties such as courts, state agencies, employers, schools, references, credit bureaus, and other information sources, in order to prepare background reports. It states that it recognizes its responsibilities under the Fair Credit and Reporting Act; uses information only for purposes allowed by law; requires written authorization before conducting searches; provides pre-adverse action notification; provides full report only to (and allows discussion with) the user, not IntelliCentrics; commits to data security; that information is only to be used exclusively by BGO; and that it requires affiliates to handle information in accordance with its policies.

ClearStar Inc. provides medical testing services and related reports. It states that it uses tracking “cookies,” and may disclose personally-identifying information to third parties in order to provide the service its user has requested. It may also “engage third-parties in processing services requested by customers, such as screening for…occupational health.” ClearStar states that it requires such third parties to abide by ClearStar privacy policy and institute safeguards to protect the confidentiality of that information; recognizes its responsibilities under Fair Credit and Reporting Act; commits to compliance with applicable law; requires written authorization before performing services, including notice that report may be re-disclosed by client outside of HIPAA; disclaims responsibility for links to third-party Site; reports only status and “pass-fail” result to IntelliCentrics; allows access and correction; commits to data security; and is Privacy Shield-compliant.

CVS/MinuteClinic provides vaccination services and related reports. It states that it uses cookies of its own and third parties for website improvement and for advertising; commits to comply with applicable law; requires written authorization before services; disclaims coverage of HIPAA and requires IntelliCentrics to maintain security and confidentiality as well as MinuteClinic.

Landauer provides radiation dosimeters and related services, including records of radiation exposure. It states that it is the data controller of information submitted to it, and “may allow others to serve advertisements on our behalf across the Internet and to provide analytics services through cookies, web beacons and other technologies;” commits to comply with applicable law; has two privacy policies, one for European and one for U.S. residents; disclaims responsibility for links to third party Site; commits to data security; may use information for own marketing unless opt out or law requires opt in; does not distribute to outsiders for their own direct marketing.

Zuora provides payment processing services. Even though Zuora is embedded in the Platform, it performs its services through its own portal and website and according to its own privacy policies. Its Privacy Statement provides in part that it “partner[s] with third parties to display advertising on our Web site or to manage our advertising on other Site. Our third-party partners may use technologies such as cookies to gather information about your activities on this Site and other Sites to provide you advertising based upon your browsing activities and interests. If you do not wish to have this information used for the purpose of serving you interest-based ads, you may opt out by clicking here (or if you are located in the European Union click here). Please note this does not opt you out of being served ads. You will continue to receive generic ads.

InContact, Inc. (“inContact”) provides live-chat functionality on the Platform. Even though customer-service provided through such feature is provided by us, inContact requires Users to provide their RepID#, Email, and Phone Number directly to inContact.

Medical Sales Advocates (“MSA”) provides insurance procurement services through Nicholas Hill Benefits Group, Inc., which states that it reports only when and what services have been completed; does not share any personal data or underwriting information with any third party without express permission; uses industry-standard data protection; disclaims responsibility for links to third party Site; supplies information to insurance companies only with approval, and not for marketing or other purposes without permission (or as required by law); and will not sell personal information to third parties.

Medcom, Inc. provides training and education services. It states that it commits to take “all measure necessary” to preserve and protect any personally identifiable information of (or privacy obligations related to) IntelliCentrics, its customers, or those of their respective patients or customers of which Medcom may become aware or to which it may gain access.” For professionals, Medcom states that it will report to credentialing agencies, only for purposes of providing continuing-education credits or maintaining accreditation.

If you decide to access any of the Linked Websites, or obtain any of their services, you do so at your own risk.

 

HOW WE MAINTAIN AND PROTECT YOUR INFORMATION

We maintain physical, technical, organizational, and administrative safeguards designed to protect your personal information from unauthorized access or use. Among many other steps, these include unique user names and passwords for all Users; use of international industry standards for encryption; and control of information availability according to a User’s role, permissions, and associations within the Platform. User account information is shared only with authorized IntelliCentrics administrators and persons whom a User has authorized to see it. We also train employees to safeguard Personal Information and restrict access to Personal Information to those employees who need it in order to perform their duties, and we contractually require business partners with whom we share your Personal Information to safeguard it and to use it only for the purpose for which it was shared. We use Personal Information only for the purpose it was provided and as described in this Privacy Policy. Once it is no longer reasonably necessary for business purposes, we will destroy it in accordance with our record retention policy. However, we cannot ensure or warrant the security of any Personal Information you or others in relation to the Platform. Therefore, we cannot guarantee that the Platform is immune to unauthorized access to the personal information stored therein or to other information security risks.

We also contractually require business partners with whom we share your Personal Information to safeguard it and to use it only for the purpose for which it was shared.

 

HOW WE USE COOKIES AND SIMILAR TECHNOLOGY

  • Cookies: When you visit the Platform, we may send “session” cookies to your computer, to remember if you are logged in, to manage the session on our service provider’s server, and to balance website loads. We may also use “web beacons” to enable us to know whether you have visited a page or received a message, understand whether you came to our website in response to advertising and thus measure marketing campaigns and improve website performance, and/or relate your viewing of a web page or receipt of a message to other information about you, including your personal information. For the IntelliCentrics Site itself, we also employ Google Analytics and Google AdWords, whose cookies are set by Google, not IntelliCentrics, and which may use the data collected to contextualize and personalize the ads of its own advertising network. You may refuse to accept cookies by altering the settings on your internet browser. For details about our “cookies,” please see our Cookie Policy, which is part of this Privacy Policy.
  • Do not track signals and requests: ‘Do not track signals and requests’ are sent from your browser to the website you visit indicating that you do not want to be tracked or monitored. Websites are not required to accept these requests, and many do not. At this time, our Platform does not honor do not track signals or requests.

 

HOW YOU CONTROL YOUR INFORMATION

You may view, update, and delete certain information about your account at any time through the Platform. You may not, however, amend, delete or correct Personal Information which has been submitted by or obtained from a third party such as a credentialing company, records provider, or similar agency through the Platform. If you feel you need to challenge the accuracy of such information, you may contact that third-party provider directly, or you may contact us for assistance at Privacy@IntelliCentrics.com.

California (under the California Consumer Privacy Act of 2018 (“CCPA”), among others), Canada, the European Economic Area (under the General Data Protection Regulation (“GDPR”)), and some other jurisdictions provide individuals with specific rights. These rights may include rights and control over your personal information, including the right to know, the right to delete, and the right to opt-out of the sale of personal information that we may collect about you.

For example, you may click on the following links to find out more about these rights:

To exercise any rights your jurisdiction may provide, contact us at Privacy@IntelliCentrics.com. We may require you to verify your identity before exercising your individual rights. We will respond to your request within the time frames required in your jurisdiction.

We are a data “controller” as provided under the GDPR.

 

HOW YOU OPT-OUT OF MARKETING MATERIALS

You may opt-out of marketing and informational materials at any time. Either click on the “unsubscribe” feature at the bottom of an email or other electronic material, or contact us at Privacy@IntelliCentrics.com and indicate your wish. If you do so, we may still contact you regarding transactional or administrative topics, such as service requests.

 

INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

We maintain information received through or by the Platform in the United States. If you are providing information from another country, you understand and agree that it will be transferred, used, and stored in the United States.

 

CAN CHILDREN USE THE PLATFORM?

No. The Platform is not directed to children under 18. If you are under 18, you should not submit information to the Platform.

We do not knowingly collect information from children. If we obtain actual knowledge that we have collected information from a child under 18, we will promptly destroy it, unless we are legally obligated to retain it. If you believe we have mistakenly collected information from a child under 18, please contact us at Privacy@IntelliCentrics.com.

 

CHANGES TO THIS PRIVACY POLICY

We may change this Privacy Policy at any time, effective when we post the revised Privacy Policy on the Platform. Your use of the Platform means you accept our revised Privacy Policy. If, however, IntelliCentrics plans to use personal information in a manner that is materially different from that which is stated at the time such information was collected, IntelliCentrics will post notice of the change on the Platform for at least fifteen (15) days before the change will take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and share Personal Information.

 

CONTACT US

If you have questions, concerns or complaints about our privacy practices, please email us at Privacy@IntelliCentrics.com or contact us at (817) SEC³URE (732-3873)

 

IntelliCentrics SEC³URE Platform

HIPAA Notice of Privacy Practices Addendum

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

 

OVERVIEW

Pursuant to our SEC³URE Privacy Policy, which you have accessed and acknowledged by now accessing this HIPAA Notice of Privacy Practices Addendum (“HIPAA Notice”), IntelliCentrics describes our obligations and your rights regarding your Protected Health Information, or PHI, that we may create, receive, maintain, or transmit pursuant to use of BioBytes, SEC³URE Link or SEC³URE Visitor in relation to the www.sec3ure.com platform (the “Platform”). If you have any questions about this HIPAA Notice, you can contact us at Privacy@IntelliCentrics.com

This HIPAA Notice is effective from October 14, 2020.

Among other things, this HIPAA Notice describes how PHI may be used or disclosed to carry out treatment, payment, or healthcare operations, or for any other purposes that are permitted or required by law.

We are required to provide this HIPAA Notice pursuant to HIPAA.

Certain medical information known as “Protected Health Information” or “PHI” is protected by HIPAA. Generally, PHI is health information, including demographic information, collected from you or created or received by a healthcare provider (such as a Facility or provider using BioBytes, SEC³URE Link or SEC³URE Visitor), a healthcare clearinghouse, a health plan, from which it is possible to individually identify you and that relates to:

  • Your past, present or future physical or mental health or condition;
  • The provision of healthcare to you, including your location within a healthcare facility; or
  • The past, present or future payment for the provision of healthcare to

 

OUR PRIVACY PLEDGE FOR MEDICAL INFORMATION

We understand that medical information about you and your health is personal, and we are committed to protecting it. In the course of providing services through BioBytes, SEC³URE Link with information provided to us by a Facility, a provider, a provider’s office (both virtual and/or physical structure), we may create procedure schedules and other records regarding healthcare treatment services provided to you and records relating the measurements that you have taken yourself for the purpose of your monitoring your vital signs or biomarkers and those related to your current or past medical history that you or your provider provide for us. In the course of providing services through SEC³URE Visitor with information provided to use by a Facility, we create information relating to a patient’s location within a Facility, including patient room, admission dates, discharge dates, and related information.

This HIPAA Notice applies to all the medical records and medical information practices of any third party that assists in the performance of services through BioBytes, SEC³URE Link or SEC³URE Visitor. Your personal doctor or healthcare provider, including the Facility or provider using Biobytes, SEC³URE Link or SEC³URE Visitor, may have different policies or notices regarding the use and disclosure of your medical information created by them. Moreover, this Notice and its terms and conditions do not extend to information submitted directly by you, whether through SEC³URE Link or through SEC³URE Visitor, because such information is submitted pursuant to your express or implied authorization and does not constitute PHI.

 

OUR USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION

We are permitted under HIPAA to use and disclose medical information in many different ways. The following categories describe different ways that we use and disclose medical information about you, or on behalf of the Facility or provider using BioBytes, SEC³URE Link or SEC³URE Visitor. For each category of uses and disclosures, we will explain what we mean and present an example. While not every use or disclosure in a category will be listed, all the ways we are permitted to use or disclose information will fall within one of the categories.

  • For Treatment. We may use or disclose medical information about you to facilitate medical treatment or services by healthcare providers. We may disclose medical information about you to providers, including hospitals, doctors, nurses, technicians, medical students or other personnel who are involved in taking care of you. We can share your health information with providers in person or remotely through the use of audio, video or online technology, which may be referred to as

For example, we might disclose information about the date or timing of your procedure to determine if the procedure may be scheduled or if a conflict exists. Similarly, we may use or disclose your medical information to allow determination of possible treatment options or alternatives that may be of interest to you.

  • For Payment. We may use and disclose medical information about you to determine eligibility for health plan benefits, to facilitate payment for the treatment and services you receive from healthcare providers, or to allow you to determine benefit eligibility or responsibility under your applicable healthcare coverage.

For example, we may tell your healthcare provider about your medical history to determine whether a particular treatment is warranted at the Facility and whether such procedure may be experimental, investigational, or medically necessary. We also may share medical information with a utilization review or pre-certification service provider. Likewise, we may share medical information with another entity to assist with the adjudication or subrogation of health claims or to another health plan to coordinate benefit payments.

  • For Healthcare Operations. We may use and disclose medical information about you for operations that are necessary for us to provide services to you, your provider or the Facility using BioBytes, SEC³URE Link or SEC³URE Visitor.

For example, we may use your medical information to conduct quality assessment and improvement activities, to assess our operational or financial risks and to perform other activities relating to use or performance of the Platform. In addition, we may use your medical information to conduct or arrange for medical review, legal services, audit services, and fraud and abuse detection programs, as well as business planning and development, such as cost management and general administrative activities.

  • Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that we believe may be of interest to you.

For example, you may be scheduled for a specific procedure at a Facility, and because of that procedure, your healthcare provider may advise or recommend other treatment options or alternatives that we can share with you.

  • To Business Associates. We are a “business associate” to the Facilities and providers using BioBytes, SEC³URE Link or SEC³URE Visitor, and we may contract with individuals and entities who will be our business associates to perform various functions on our behalf or to provide certain services for us. To perform these functions or to provide these services, our business associates may create, receive, maintain, transmit, use, or disclose your medical information, but only after they have agreed in writing with us to implement appropriate safeguards regarding your medical

For example, we may disclose your medical information to a business associate to communicate with you about the scheduling of your healthcare procedure or treatment or to provide support services, such as utilization management, records audit, or benefits determination.

 

SPECIAL SITUATIONS

  • As Authorized by You. If you request, we will disclose your medical information to you or your personal representative, as well as to persons authorized by you to receive such medical information. Note, however, we are not required to disclose information to a personal representative if we have reasonable belief that:
    • You have been, or may be, subjected to domestic violence, abuse, or neglect by such person; or
    • Treating such person as your personal representative could endanger you; and
    • In the exercise of our professional judgment, we determine it is not in your best interest to treat the person as your personal
  • To Family and Friends. Your PHI may be used or disclosed to family members, other relatives, close personal friends or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if (1) your agreement is obtained; (2) you are provided with the opportunity to object to the disclosure, and you do not object; or (3) it can be reasonably inferred that you do not object to the disclosure.
  • As Required by Law. We will disclose medical information about you when required to do so by federal, state or local law. For example, we may disclose medical information when required by public health disclosure laws or by a court order in a litigation proceeding such as a malpractice
  • To Avert a Serious Threat to Public Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be made to someone able to help prevent the threat. For example, we may disclose medical information about you in a proceeding regarding the licensure of a
  • Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
    • To prevent or control disease, injury or disability;
    • To report births and deaths;
    • To report child abuse or neglect;
    • To report reactions to medications or problems with products;
    • To notify people of recalls of products they may be using;
    • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
    • To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will make this disclosure only if you agree or when required or authorized by
  • Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. Examples of these oversight activities include: audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the healthcare system, government programs and compliance with civil rights
  • Lawsuits and If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We also may disclose medical information about you in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to inform you about the request or to obtain an order protecting the information requested.
  • Law Enforcement. In the following situations, we may release medical information if asked to do so by a law enforcement official:
    • In response to a court order, subpoena, warrant, summons or similar process;
    • To identify or locate a suspect, fugitive, material witness or missing person;
    • About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
    • About a death we believe may be the result of criminal conduct;
    • About criminal conduct at a hospital; and
    • In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the
  • Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information to funeral directors as necessary to carry out their
  • Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation or
  • Military and Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military
  • National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by
  • If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with healthcare; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
  • Electronic Disclosures of Medical Information. Some jurisdictions require that we provide notice to you if your medical information is subject to electronic disclosure. This HIPAA Notice services as general notice that we may disclose your medical information electronically for treatment, payment or healthcare operations or as otherwise authorized or required by state or federal law.

 

OTHER USES OF MEDICAL INFORMATION

We will not sell or use or disclose your medical information for marketing purposes. The term “marketing” does not include any of the following communications: (i) a face-to-face communication made by we to you; (ii) a promotional gift of nominal value provided by we to you; (iii) a communication to describe our health-related products or services (or payment for such products or services) that are provided by us, so long as we do not receive direct or indirect payment in exchange for the making of the communication; (iv) a communication for treatment, including case management or care coordination, or to recommend alternative treatments; or (v) a communication made to provide refill reminders or communicate about a drug or biologic that is being prescribed provided any payment received in exchange for the communication is a reasonable amount.

Other uses and disclosures of medical information not covered by this HIPAA Notice or the laws that apply to us will be made only with your written permission. In addition to marketing communications as described above, this includes use or disclosure of “psychotherapy notes,” or disclosures of medical information that constitute “sale of medical information” under HIPAA. If you provide us such permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. It is important to note that we are unable to take back any disclosures already made with your permission, and that we are required to retain the medical information for our records. If the privacy laws of a particular state impose a stricter privacy standard, we will comply with the stricter law.

 

YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION

You have the following rights regarding certain medical information we maintain about you:

  • Right to Inspect and Copy. You have the right to inspect and copy your medical information that may be used to perform services via BioBytes, SEC³URE Link or SEC³URE Visitor. If the information is maintained electronically, and you request an electronic copy, we will provide a copy in the electronic form and format you request, if the information can be readily produced in that form and If the information cannot be readily produced in the form or format requested, we will work with you to come to an agreement on the form and format. If we cannot agree on an electronic form and format, we will provide you with a paper copy.

However, please note that your healthcare records are not maintained by us and instead reside with the Facility or provider using BioBytes, SEC³URE Link or SEC³URE Visitor. Therefore, to obtain information or make a request concerning your health information with respect to services beyond BioBytes, SEC³URE Link or SEC³URE Visitor or with respect to your specific medical condition or procedure, please contact the respective Facility or provider where you received the healthcare treatment services facilitated through use of BioBytes and/or SEC³URE Link or where you authorized and received visitors through use of SEC³URE Visitor.

If you request a copy of the information, you may be charged a reasonable fee for the costs of copying, mailing or other supplies related to your request. Note: Your request to inspect and copy your medical information may be denied in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to Privacy@IntelliCentrics.com.

  • Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. To request an amendment, your request must be made in writing and submitted to Privacy@IntelliCentrics.com. Your request must include a reason that supports your request. Note: Your request to amend your medical information may be denied if it is not in writing or does not include a reason to support the request. In addition, your request may be denied if you ask we to amend information that:
    • Is not part of the medical information kept by or for us;
    • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
    • Is not part of the information that you would be permitted to inspect and copy; or
    • Is already accurate and

If your request to amend your medical information is denied, you may file a statement of disagreement with we and any future disclosures of the disputed information will include your statement.

  • Right to an Accounting of Disclosures. You have the right to request an “accounting” of certain disclosures of your medical information. The accounting will not include (1) disclosures for purposes of treatment, payment or healthcare operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends and family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible

To request this list or accounting of disclosures, you must submit your request in writing to Privacy@IntelliCentrics.com. Your request must state a time period, which may not be longer than six years before the date of your request. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. You may be charged for the costs associated with providing additional lists. We will notify you of the cost involved and you may withdraw or modify your request at that time before any costs are incurred. If the accounting of disclosures cannot be provided within 60 days of the date of your request, an additional 30 days is allowed if we give you a written statement of the reasons for the delay and the date by which the accounting will be provided.

  • Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or healthcare You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. We are not required to agree to your request. To request restrictions, you must make your request in writing to Privacy@IntelliCentrics.com. Your request must include:
  • The information you want to limit;
  • Whether you want to limit our use, disclosure or both; and
  • To whom you want the limits to apply (for example, disclosures to your spouse).
  • Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you only at work or by mail. Note, however, that a request to receive medical information by email will not be secure because the information is sent through your employer’s corporate email system and is not encrypted. To request confidential communications, make your request in writing to Privacy@IntelliCentrics.com. You are not required to provide a reason for your request. We will accommodate all reasonable Your request must specify how or where you wish to be contacted.
  • Right to be Notified of a Breach. You (and potentially other parties) have the right to be notified if we or a business associate become aware of a breach of unsecured medical information that results in improper use or disclosure about you. Any such notification will be made to you in accordance with applicable state or federal law.
  • Right to a Paper Copy of this HIPAA Notice. You have the right to a copy of this HIPAA Notice. You may ask us to give you a copy of this HIPAA Notice at any time. Even if you have agreed to receive this HIPAA Notice electronically, you are still entitled to a paper copy of this HIPAA Notice upon your

If you have any questions regarding your rights with respect to your medical information, or if you contact the business associate and are not satisfied with the outcome of your request, please contact us at Privacy@IntelliCentrics.com.

 

CHANGES TO THIS HIPAA NOTICE

We reserve the right to change this HIPAA Notice and to make the revised or changed notice effective for medical information we already have about you, as well as any information we receive in the future. If we make any material change to this HIPAA Notice, we will provide you with a copy of our revised Notice at the time required and in a manner permitted by law.

 

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with us, the applicable Facility, by mail with: U.S. Department of Health & Human Services, Centralized Case Management Operations, 200 Independence Avenue SW, Room 509F HHH Bldg., Washington, DC 20201, or email at OCRComplaint@hhs.gov or via the OCR Online Portal. To file a complaint with us or to address any questions regarding this HIPAA Notice, us at Privacy@IntelliCentrics.com.

All complaints must be submitted in writing. We will not retaliate against or penalize you for filing a complaint.

 

ACKNOWLEDGING THIS HIPAA NOTICE

By accessing this HIPAA Notice and accepting our Terms of Use and SEC³URE Privacy Policy, you affirmatively acknowledge receipt of this HIPAA Notice and affirmatively consent to the use and disclosure of your medical information as described herein.

Should you request a paper copy of this HIPAA Notice, we may request that you affirmatively acknowledge receipt and acceptance thereof in writing.