Background and the Medibanx Service
Medibanx provides security, privacy and agency to patients to manage their records as they see fit. In addition, Medibanx provides a system for which researchers and industry can anonymously interact with patients' records and compensate patients for the value of their records.
- Disclosure: making Personal Information available to a third party for that party’s own use.
- Personal Health Information means information that relates to the physical or mental care of an individual, including diagnostic, treatment, and care information.
- Personal Information means information about an identifiable individual, including Personal Health Information about that individual.
- _Transfer: _making Personal Information available to a third party for processing, storage or otherwise, solely to be used on behalf of Medibanx.
- _Use: _the treatment, handling, and management of Personal Information by and within Medibanx.
- Users: means individuals who use the Medibanx Service.
Medibanx is responsible for Personal Information in its possession or custody, including information that has been transferred to a third party for processing. Medibanx shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.
Medibanx shall implement policies and practices to give effect to these principles, including:
- implementing procedures to protect Personal Information;
- training staff and communicating to staff information about the organization’s policies and practices.
Personal Information We Collect About You and How We Collect It
We collect your Personal Information from you directly when you voluntarily provide it to us by using the Medibanx Service or our Site. For example, we may ask you to provide Personal Information in the following circumstances:
- in connection with the Medibanx Service, including when you open an account in order to use the Medibanx Service;
- in using the Site, for example your name and email address on our Contact Us page so we can respond to your correspondence;
- when you send us a question or comment by email; or
- otherwise use features of our Site that asks for Personal Information.
We may also collect Personal Information about you from other sources. For example, we may collect your Personal Health Information from your Health Care Provider(s) when you provided us with a Patient Consent form. We may receive Personal Information from your banking institutions regarding payments we make to you for contributing your relevant medical data.
Personal Information that Medibanx collects includes, but is not limited to:
- Information that you provide when you contact us to ask a question or request information about our company or services, or otherwise submit Personal Information to us with your communications or through our website contact form.
- Personal Information of our Users collected through the Medibanx Service. This includes:
- Contact information: such as your name, e-mail address, address, birthdate, phone number, and your health insurance number
- Personal Health Information when you onboard to use the Medibanx Service, such as your medical conditions, treatment information, surgeries, allergies, blood type, and your family doctor’s contact information; and
- Personal Health Information obtained from your Health Care Providers, including medical records and information pertaining to my medical care, history and payment or billing for such medical care; test results radiology studies.
- Technical information, including your login information, device type, time zone setting, and usage details ; and
- Service requests and inquiries.
Non-Personal Information (“NPI”) means information that is aggregated, anonymized or otherwise cannot be linked with any individual. Medibanx collects NPI through automated technologies or interactions. For example, when you use the Site, we may automatically collect:
- Usage details - when you access and use the Site, we may automatically collect certain details of your access to and use of the Site, including traffic data, location data, logs, and the resources that you access and use on or through the Site.
- Device information** **- we may collect information about your device and Internet connection, including the device's unique device identifier, IP address, operating system, browser type, mobile network information, and the device's telephone number.
The technologies we use for this automatic data collection may include:
- Cookies. A cookie is a small file placed on your computer or device. It may be possible to refuse to accept mobile cookies by activating the appropriate setting on your smartphone. However, if you select this setting you may be unable to access certain parts of the Site.
- Web beacons. Pages of the Site and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related app statistics (for example, recording the popularity of certain app content and verifying system and server integrity).
See the section below entitled “_How do We Collect, Use and Share NPI?_” for more information.
How Do We Use Your Personal Information?
Medibanx collects and uses Personal Information for the following purposes:
- to provide the Medibanx Service to you, including registering your account, and authenticating you when you log in to your account;
- to establish and maintain responsible commercial relations and to communicate with you in order to provide the Medibanx Service;
- to respond to your questions that you send us by email or through our Site;
- to improve the Medibanx Service, and help us develop new services, tools and product features;
- to process payments to you for contributing to Medibanx;
- to send you marketing messages, such as general or personalized notices and promotional messages, or to send news about Medibanx;
- to support our business functions such as internal business processes, marketing and advertising;
- to understand, research and improve our services;
- to meet any legal or regulatory requirements;
- to comply with applicable laws; and
- for any other reasonable purposes for which you may have provided your express consent or in which your consent can be reasonably implied.
Except as otherwise permitted or required by applicable law or regulation, we will only retain your Personal Information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize or aggregate your Personal Information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
Do We Disclose or Transfer Your Personal Information to Others?
We may also disclose your information, including Personal Information, in the event we sell or transfer all or a portion of our business or assets (including corporate reorganization, merger or amalgamation with another entity, dissolution or liquidation).
From time to time we may disclose your Personal Information to third parties under the following limited circumstances:
- when necessary to protect our safety, property or other rights, our representatives, customers and users of the Medibanx Service, including to detect and prevent fraud;
- with your consent; or
- when otherwise required or permitted by law.
How Do We Collect, Use and Share NPI?
Medibanx uses NPI in an ongoing effort to better understand and serve our Users and to improve the content and functionality of our Site.
Specific Uses of NPI by Medibanx:
- To conduct internal research on our customers and potential problems to better understand and serve them, including usage patterns, demographics, interests and behaviors.
- To diagnose or service technology problems reported by our users or engineers that are associated with the IP addresses controlled by a specific web company or ISP.
- We use anonymized and aggregated information about Users interaction with our Site to test our systems, data analysis, developing new services and improving and/or personalizing your experience on our Site.
Withdrawing Your Consent
Where you have provided your consent to the collection, use, and disclosure of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us by email at email@example.com. Please note that if you withdraw your consent, we may not be able to provide you with a particular feature or service. We will explain the impact to you at the time to help you make your decision.
How Do We Protect Your Personal Information?
Medibanx protects your Personal Information by security safeguards appropriate to the sensitivity of the information. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us on Google Cloud Platform’s HIPAA compliant cloud storage with limited access to only key personnel who are legally bound to confidentiality agreements. Although we take reasonable and appropriate measures to protect the security of your Personal Information, no data transmission over the Internet can be guaranteed to be completely secure.
We also take reasonable steps to ensure that our employees, contractors and vendors are aware of the importance of maintaining the confidentiality of Personal Information and have signed confidentiality/non-disclosure agreements with them as applicable. We endeavour to limit access to Personal Information to those personnel that require access to such personal information on a ‘need to know’ basis in order to perform their obligations.
The safety and security of your information also depends on you. You are solely responsible for maintaining the secrecy of your username, password, and any other account information. We ask you not to share your password with anyone.
How May I Access and Correct my Personal Information
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes. By law you have the right to request access to and to correct the Personal Information that we hold about you.
If you want to review, verify, correct, or withdraw consent to the use of your Personal Information you may also send us an email at firstname.lastname@example.org to request access to, correct, or delete any personal information that you have provided to us. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your Personal Information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
- Information protected by solicitor-client privilege.
- Information that is part of a formal dispute resolution process.
- Information that is about another individual that would reveal their personal information or confidential commercial information.
- Information that is prohibitively expensive to provide.]
If you are concerned about our response or would like to correct the information provided, you may contact our Ian Taylor at email@example.com.
We comply with the CAN-SPAM Act and we will not send you electronic communications in contravention of this law. You may have also opted in to receive email communications from us. If you opted-in to receive such communications, we may use the information to: communicate with you regarding our products, and promotions; provide you with other information that you request; and/or improve our product and service offerings.
You will always have the opportunity to “unsubscribe” from receiving any of our e-mail or other communications at any time and we will ensure that our emails include instructions on how to unsubscribe if you no longer wish to receive future emails from us. At any time, may opt-out of contact from us by clicking on the unsubscribe link in the email. If you decide to unsubscribe, we will only contact you for the purposes allowed under applicable law.
Links to Other Sites
Children Under the Age of 18
Only individuals 18 or older may use the Medibanx Service. A parent or a legal guardian of individuals under the age of 18 may register for an account on behalf of minor.
Contact Information and Challenging Compliance
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information and our compliance with this policy and with applicable privacy laws. To discuss our compliance with this policy, please contact our Privacy Officer using the contact information listed above.