MedSys Health Privacy Policy
Effective Date: February, 2021
MedSys Technologies, Inc., (“Medsys Health”, “Medsys”, “we”, “us”, “our” or “Company”) operates the www.medsyshealth.com website (“Site”) as well as provides telemedicine, remote patient monitoring (RPM) and patient engagement services. This policy applies to all personal information and certain other types of information we collect, use, or access, including through our Site, our mobile application (“Application”), and the services we provide (the Site, the Application, and the services are collectively referred to in this policy as the “Services.”)
MedSys Health is committed to ensuring that your personal information
is protected and kept confidential. By using our Services or providing information to us, you consent to the collection, use, and disclosure of personal information (any information that reasonably identifies an individual person or household) and Protected Health Information (PHI) as outlined in this Privacy Policy. Please note that the collection, use, and disclosure of such information is also subject to the practices of the healthcare providers with whom you may interact through the Services, as described in a notice of privacy practices provided to you by such providers.
INFORMATION COLLECTION AND USE
MedSys Health collects certain PHI and other personal information that we receive from your healthcare provider or that you voluntarily submit to us. Personal information that we may collect includes, but is not limited to, identifying data such as name, social security number, address, email address, and telephone number. We may also collect PHI that relates to: an individual’s physical health; and the provision of health care to an individual.
MedSys Health is considered to be a “Business Associate” of healthcare providers that are “Covered Entities” under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Accordingly, MedSys Health maintains PHI in compliance with its contractual obligations with healthcare providers, the HIPAA Privacy Rule, and the HIPAA Security Rule.
Our main focus is providing a platform to allow individuals to receive telehealth services, remote patient monitoring and patient engagement services from various healthcare providers. MedSys Health collects information solely for the purposes of providing the Services, marketing and promoting our Services to you, and for our own market research. We use this information ourselves and share it as needed with our service providers solely for their performance of contracted services for us. We may also collect personal information for marketing, user experience monitoring and improvement, and related business purposes. We never sell personal information or PHI that we collect.
If you use the Application, you will log in using a username and password. The Application will collect certain vital signs (for example, heart rate and blood pressure). This information will be shared with your healthcare provider to assist your provider in evaluating or treating you.
If you submit information through our “Contact Us” form on the Site, we will collect your name, email address, phone number, company name, job title, and any questions or comments you choose to provide. We use this information to respond to your questions or comments.
You may be asked to submit personal information if you sign up for a demo. We may collect your name, job title, email address, phone number, and certain information about your company. We use this information to contact you about your request (such as a demo request or submitting a form asking for more information on our products and services) or provide you with requested content.
If you submit any personal information that is not your own, you represent that you have the authority to do so and you authorize us to use that information in accordance with this Privacy Policy.
If you contact us with a question, comment, or complaint by calling, email, or writing, we may collect your name and contact information (such as your email address or mailing address) in order for us to respond to your request. We may also keep a record of the correspondence in order to assist you in the future.
If you apply for a job at MedSys Health, you may provide us with certain personal information about yourself (such as that contained in a resume, cover letter, or similar employment-related materials). We use this information for the purpose of processing and responding to your application for current and future career opportunities.
MedSys Health maintains web logs to record data about visits to the Site. These logs may contain IP address information, type(s) of operating system(s) you use, the date and time you visited the site, information about the type of device you use to connect to the Site, and the Site pages you visited. We may also maintain logs regarding certain information collected by the Application. This is information is not associated with your personal information (e.g., username or other identifying information) and is only used for trouble-shooting any potential technical issues with the Application.
All Site and Application logs are stored securely and are accessible to a very limited number of employees and contractors as required. Those with access to this data adhere to strict guidelines regarding user data security and privacy.
Collecting IP addresses is standard practice and done automatically by many websites, applications, and other services. MedSys uses IP addresses to calculate usage levels of the Site, help diagnose problems with our servers, administer our Site, and monitor webpages from which you navigate to our Site.
SUBMIT, ACCESS, ADJUST, OR REMOVE YOUR INFORMATION
If you would like to access, correct, amend, remove, obtain a copy, or limit the use or disclosure of any personal information or PHI about you that has been collected and stored by MedSys Health, please notify our Privacy Officer by emailing privacy@medsyshealth.com so that we may respond to your request.
For your protection, we may need to verify your identity before fulfilling your request to access, correct, amend, remove, obtain a copy, or limit the use or disclosure of your personal information or PHI. We will use the email address from your request to identify personal information and/or PHI that MedSys has collected and stored. We will respond to your request at our earliest convenience and in compliance with in accordance with any applicable law.
We may need to retain certain information for compliance with applicable laws, to complete transactions that you began prior to requesting such access, change or deletion, or in the event that you have an active account using the Services. In general, we will retain your personal information or PHI for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
Please note that you may continue to receive certain transactional and account-related messages from us after opting out of marketing and promotional communications, such as system outage alerts.
“COOKIES” AND INTERNET TAGS
MedSys Health may collect and process information about your use of the Services, such as the Site pages you visit, the website you came from, and some of the searches you perform. We use this information to help improve the contents of the Site and the Services and to compile aggregate statistics about individuals using our Site and the Services for internal, market research purposes. In doing this, we may install “cookies” that collect your internet service provider, your operating system, and the date and time of access. A cookie is a small piece of information, which is sent to your browser and stored on your computer or other device. You can set your internet browser to accept cookies or to delete cookies. If you do not accept cookies, you may not be able to use all functionality of our Site or Application. We may use third party service providers to assist us in collecting and processing information through cookies.
MedSys Health may also use internet tags (also known as action tags, web beacons, single-pixel GIFs, clear GIFs, invisible GIFs, and 1-by-1 GIFs) and cookies on our Site or Application and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies may be placed both on online advertisements that bring users to our Site and on different pages of the Site. We use this technology to measure the visitors’ responses to the Site and the effectiveness of our advertising campaigns (including how many times a page is opened and what information is consulted) as well as to evaluate your use of the Site. The third-party partner or the web analytical service partner may be able to collect data about visitors to the Site and other sites because of these internet tags/cookies, may compose reports regarding the Site’s activity for us and may provide further services which are related to the use of the Site and the internet. They may provide such information to other parties, if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf.
If you would like more information about web tags and cookies associated with online advertising, please visit the Network Advertising Initiative website https://www.networkadvertising.org. (We are not affiliated with the Networking Advertising Initiative in any way.)
“Do Not Track” is a privacy setting that users can set in certain web browsers. If turned on, this setting requests that website not track information about users. At this time, we do not respond to “Do Not Track” browser settings or signals.
MOBILE DEVICES
When you download or use the Application (e.g., to deliver the Services), we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as search results and other personalized content. Most mobile devices allow you to turn off location services.
NON-PERSONAL DATA
MedSys Health may use non-personal information to analyze data. This process of data mining is done in the aggregate, is non-personal, and allows us to find correlations and patterns in the data.
MedSys Health does not provide any personal information to third party sites that display our interest-based ads. However, third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards (for example, users in the Northwest who have experienced allergies). Also, some third parties may provide us information about you (such as the sites where you have been shown ads or demographic information) from offline and online sources that we may use to provide you more relevant and useful advertising.
SHARING OF INFORMATION
MedSys Health shares personal information and PHI as permitted by law and as authorized by you, whether expressly or whether through your use of our Services. We do not sell personal information or PHI that we collect.
MedSys Health employs third parties to perform functions on our behalf. Examples include technical assistance, analyzing data, and providing marketing assistance. These service providers may have access to anonymized and non-anonymized personal information needed to perform their functions for us, but may not use this information for other purposes. Access to this information will permit them to provide services more efficiently and effectively to you and to us. We do not use PHI we collect or receive in our role as a HIPAA Business Associate to Covered Entities for any purpose (including our own commercial purpose) other than those permitted by the applicable HIPAA Business Associate Agreement or as required by applicable law.
For example: your IP address may be used to estimate your location and personalize your experience with the Site or the Application; we may share information such as IP address, user name, email address, and cookie and web beacon information with third parties in order to tailor advertising to our various market segments; your IP address and email address and the page you are viewing may be shared with a third party that operates the “chat” feature for our Services; and aggregate data about IP addresses, pages loaded, time to load pages and errors encountered may be used by third-party performance monitoring and improvement products.
These third parties may be required to disclose information, as described in the section below entitled “Disclosures in Accordance with Law.”
In some regions, MedSys Health partners with local resellers to offer our products and services. If you are located in those regions, we may share personal information with those partners for customer relationship management or email marketing purposes.
SECURITY OF INFORMATION COLLECTED
MedSys Health uses account information in a password-protected environment as a security measure to protect your data that is accessible through our Site or the Application. We use administrative, physical, and technical safeguards to protect data that we collect or store, including the use of safeguards such as data backup, audit controls, access controls, and data encryption. MedSys Health uses industry standard SSL/TLS encryption to enhance security of electronic data transmissions. MedSys Health will comply with all applicable HIPAA regulatory requirements to the extent that we have access to, or otherwise store, process, use, or transmit PHI.
Although MedSys Health tries to protect your personal information and PHI, it is impossible to guarantee that data is 100% safe. We urge you to take precautionary measures in maintaining the integrity of your data. You are responsible for making sure no one can see or access your account and log-in/password information.
If you use our Services through a potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other Internet provider’s privacy and security policy with respect to Internet use.
MedSys Health is not responsible for your handling, sharing, re-sharing and/or distribution of your PHI or personal information. Moreover, if you forward PHI or personal information electronically to another person, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
THIRD PARTY SITES/TRUSTED RELATIONSHIPS
As noted above, under HIPAA, MedSys Health may be a Business Associate of healthcare providers who use our Services. We may share information with healthcare providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and healthcare operations, and otherwise as agreed or authorized by you.
In some cases, our Site contains links to other sites, including links to healthcare thought leadership articles in third-party publications that are not affiliated with MedSys Health. We do not share your PHI or personal information with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We encourage you to review their particular privacy policies for information about their collection and use of your information.
DISCLOSURES IN ACCORDANCE WITH LAW
MedSys Health discloses PHI and/or personal information about you as required or permitted by law, including complying with legal process (for example, we may disclose your information as necessary to comply with an civil, criminal, or regulatory investigation). We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities and may, in our sole discretion, disclose personal information or other information to satisfy any law, regulation, subpoena, or government request. We reserve the right to report to law enforcement agencies any activities we reasonably believe in our sole discretion to be unlawful. We reserve the right to release personal information or other information about users who we believe are engaged in illegal activities or are otherwise violating or abusing a third party’s rights, even without a subpoena, warrant, or court order, if we believe, in our sole discretion, that such disclosure is necessary or appropriate to operate our web site or to protect our rights or property, or that of our affiliates, or our officers, directors, employees, agents, third-party content providers, suppliers, sponsors, licensors, or other users. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
CHILDREN
Neither our Site nor our Application are designed or intended to appeal to minors and we do not knowingly collect personal information or PHI from children under the age of 13 through the Site or the Application. If you believe we have inadvertently collected information about a child under the age of 13, please email us at privacy@medsyshealth.com and let us know. If we learn that we have collected information about a child under the age of 13 without the parent’s or guardian’s consent, then we will delete the child’s information.
CHANGES TO THIS PRIVACY POLICY
MedSys Health reserves the right to amend this Privacy Policy at any time. In the event changes are made, we will post an updated Privacy Policy on the Site and in the Application.
QUESTIONS
If you have any questions with respect to personal information, please email us at privacy@medsyshealth.com.