EFFECTIVE DATE: February 26, 2018
Users of Our Services
There are three kinds of users of our Services:
A “Patient” is an individual with an account on the HintMD platform. If you are a Patient, your account with HintMD has been created by and is paid for by your Physician.
A “Visitor” is an individual visiting our website or downloading our app without an account.
Our Relationship with Physicians and their Employees
Our Relationship with Patients
We are a service provider to your Physician, and your Physician is providing our services to you as a benefit of your relationship with that Physician. The records, data and information that are stored by our Services are owned and controlled by your Physician, subject to HIPAA and our BAA (both described below).
Our Relationship with Visitors
Where We Store Your Data
HintMD provides Services from the United States of America. So when you use our Services, the information you enter will be sent to and stored in our servers in the United States.
Protected Health Information: HIPAA and Our Business Associates Agreement
If you are a Patient, our Services are being used by your Physician to store and process information that may include health information that can identify you (known as “Protected Health Information”).
The types of Protected Health Information we store and process are limited. We do not store or process medical charts, diagnostic information or other detailed information about your diagnoses, treatments or health history.
The Protected Health Information that we may store and process depends on what your Physician provides and generally falls into one of these categories:
Information used to identify you, including your name and contact information (e.g., physical address, email address, phone number);
Lists of the treatments you received from your Physician;
Descriptions of any treatment services to which you have subscribed with your Physician; and
Financial information related to your subscriptions, payments and invoices for the services provided by your Physician.
If you are a Physician or a Visitor, we are not collecting Protected Health Information about you.
Other Information We Collect
We also collect and store data that we need to provide the Services and to improve those Services. This section will give you more information about the kinds of information we collect, but the specific information we collect will depend on the type of user you are, and whether you are using our app or visiting our website.
(a) Non-Health Personal Information. We may collect personal information that is not Personal Health Information in order to provide the Services to you and to improve the Services.
(c) Device and Traffic Data. Our servers automatically recognize and store your domain names, Internet Protocol addresses (the number assigned to your device when it accesses the Internet), device identifiers (small data files or similar data structures stored on or associated with your mobile device or wearable, which uniquely identify your device), and your device’s name, model, operating system and locale. The Services may also gather anonymous traffic data -- for example, the amount of data passing through our Services at any point in time -- that does not personally identify you but may be helpful for improving our business and how we serve you.
(d) Cookies and Similar Technologies. From time to time, we may use the standard cookies feature of major browser applications, pixels or web beacons that allows us to store a small piece of data on the computer, mobile device or wearable device you use to access our Services. We may also use similar technologies when you use our app. We do not set any personally identifiable information in cookies.
These technologies help us learn which areas of our Services are useful and which areas need improvement. You can choose whether to accept cookies and other web technologies by changing the settings on your browser. However, if you choose to disable these functions, your experience using our Services may be diminished and some features may not work as they were intended.
(e) Log Files. When you access our Services, we may automatically record certain log file information, including your request, browser type (when you access our website), referring / exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails we send you to help us track which emails are opened and which links are clicked. The information we collect helps us achieve a better, more accurate understanding of how our Services are used, and how we can improve them.
(f) Metadata. Metadata is usually technical data that is associated with the entry of specific data into our Services. For example, Metadata can describe how, when, where and by whom a piece of data was created and collected.
(g) Analytics Data. We may use third-party analytics tools to help us measure traffic and usage trends for the Services. These tools collect information sent by your device or our Services to assists us in improving the Service.
How We Use and Share Information
Our goal in using and sharing information is to create better services for you and your Physician. Here is how we use and share, or not share, the different kinds of information we collect.
We may use your personal information to verify your identity or to follow up with activities initiated on the Services. We may also use your contact information to stay in touch, inform you of any changes to the Services, or to send you additional information about HintMD.
If we ever use a different third party to help us provide our Services, our first choice will be to not provide that third party with access to any personal information. But if that third party needs access to your personal information in order to help us provide the Service, we will share the information with them only under an agreement that does not allow them to use it for any other purpose.
(b) Data Use by Physicians. Physicians create Patient accounts, and Patient accounts are business record for the Physicians. A Physician will always have access to the account created by that Physician, including all information in it. If a Patient receives treatments from more than one Physician using our Services, each Physician will only be able to access the account created by that Physician. A Physician can use that information for any information permitted by law and any agreement between the Patient and the Physician, including for the collection of any outstanding balances.
(c) Anonymous Information. We sometimes collect and use anonymous information to analyze our Services traffic. In addition, we may use anonymous information to help diagnose problems with our server, to administer our Services, or to display content according to your preferences. We may also strip your personal information from data about your use of the Services to create anonymized data that we aggregate with anonymized data of other users (for example, to determine the number of users we have in a particular region or the number of users who receive particular kinds of treatments from their Physicians). We may use anonymous and anonymized information for any legal purpose.
(e) Required Disclosure of Personal Information. We may disclose personal information, including Protected Health Information, if required to do so by law or in the good-faith belief that such action is necessary to (1) conform to the law or comply with legal process served on HintMD or any parent company, subsidiaries or affiliates, (2) protect and defend the rights or property of HintMD or the users of the Services, or (3) act under exigent circumstances to protect the safety of the public or users of the Services.
Changes to and Deletion of Personal Information
If you are a Physician, you have the ability to access, modify, delete and/or add to the data you provide us, including Patient information.
If you are a Patient and would like to review or request changes to the information that we collect about you, please contact us at email@example.com. Because your account is a business record for your Physician, our ability to make changes to or delete account information may be limited. We will, however, make any changes and deletions that are required by applicable law, including HIPAA, or agreed to between you and your Physician.
If you are a Visitor, we do not collect any personal information about you.
The Services have security measures in place to prevent the loss, misuse, and alteration of the information that we obtain from you, but we make no assurances about our ability to prevent any such loss or misuse to you or to any third party.
Areas We Do Not or Can Not Control
Our Services are used by you and your Physician. We do not input, electronically limit or control the input of any data by your Physician.
Not a Service for use by Children
We understand and are committed to respecting the sensitive nature of children’s privacy online. We provide our Services for use by adults 17 years old and older and do not direct any of our content or Services specifically at persons under 17 years of age. Accounts for Patients under 17 years of age may only be accessed and used by the Patient’s legal guardian. If we learn or have reason to suspect that a Services user is under age 13, we will block that person’s access to the account until it can be verified that the user is over 13. If we learn or have reason to suspect that a Services user is under age 17, we may exercise our right to terminate the account.
How to Contact Us
Updates and Changes