This Policy applies only to information collected through the Website and not to information collected offline or through any other websites. Please consult our Notice of Privacy Practices for further information regarding our use and disclosure of protected health information (PHI). By using the Website, you accept the privacy practices described in this Policy and our Notice of Privacy Practices.
I. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT, AND HOW IS IT COLLECTED?
Types of Information We Collect:
The information we collect from you varies depending on the way you use our Website or interact with us. The information we collect may include Personal Information. “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. The types of Personal Information we may collect/receive from you include without limitation:
- identifiers, such as your name, address, email address, phone number, IP address, account name, or similar identifiers;
- financial information, such as your account or credit card number;
- commercial information, including records of services utilized or considered, or other purchase history data;
- internet activity information, including but not limited to your browsing history, search history, and information regarding your interaction with the Website or advertisements;
- geolocation data;
- professional or employment-related information and other demographic information and profile data, such as age and income level;
- health insurance information, employment status and employer information; and
- inferences drawn from any of the information above used to create a consumer profile.
Personal Information does not include consumer information that is deidentified, aggregate consumer information, or publicly available information (i.e., information that is lawfully made available from government records).
We may also collect other types of information, such as:
- browser type and language, operating system, domain server, type of computer or device, and other information about the device you use to access the Website.
We may also collect PHI through the Website (e.g., via our New Patient Form) that may identify you and that relates to your past, present or future physical or mental health conditions and related healthcare services. We are required to abide by the terms of our Notice of Privacy Practices.
How Information is Collected:
Personal Information may be obtained from the following sources:
- directly from you, e.g., whenever you submit information on our Website (e.g., by filling out a form or online survey), request information, subscribe to our email list, or contact us;
- from technology when you visit the Website, including cookies and similar technologies; and
- from third parties, such as dealers and resellers, service providers, data brokers / resellers of data, business partners, advertising networks, and social media platforms and networks.
PHI may be collected through the Website directly from you when you submit information through the Website, e.g., by filling out a New Patient Form or other form, request information, subscribe to our email list, or contact us.
About “Do Not Track” Signals:
“Do Not Track” is a privacy preference that Internet users can set in their web browsers. When a user turns on the Do Not Track option, the browser sends a message to websites requesting them not to track the user. Like many websites, our Website does not currently respond to such requests sent via a Do Not Track signal.
II. WHY DO WE COLLECT PERSONAL INFORMATION, AND HOW DO WE USE IT?
Except as set forth herein and within our Notice of Privacy Practices, Personal Information is generally kept for our business purposes and primarily used to assist you in your current or future communications and/or transactions or in analyzing market trends.
We do not sell or lease your Personal Information to third parties. We do not provide your Personal Information to third parties, except as described herein and in our Notice of Privacy Practices.
Personal Information that is collected may be used:
- to bill you for services utilized, or to ship or deliver products (if applicable), and process and fulfill transactions;
- to provide you with information about our practice, services, events, and promotions;
- to get in touch with the visitor when necessary;
- to serve our own internal business purposes, such as maintaining or servicing accounts, providing customer service, verifying patient information, processing payments, and performing analytics;
- to conduct internal research for research, development and product/service improvement;
- to verify or maintain the quality or safety of a service or product and to improve, upgrade or enhance the service or product;
- to tailor our visitor’s experience at our Website, showing them content that we think they might be interested in, and displaying the content according to their preferences;
- for short-term transient use, such as customization of ads shown as part of the same interaction;
- for marketing or advertising;
- for services of third parties that you authorize;
- in a de-identified or aggregate format; and
- in the case of IP Addresses, to help diagnose problems with our server, administer our Website, help identify you and your shopping cart, and gather broad demographic information.
PHI that is collected through the Website may be used as set forth herein and within our Notice of Privacy Practices, and in connection with your treatment, payment and health operations.
III. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
We are not in the business of selling Personal Information to third parties. However, we do share your Personal Information with certain third parties, including:
- Our affiliates and/or affiliate partners and practices, for the purposes and under the conditions outlined above.
- Service providers who process Personal Information for business purposes on our behalf. This may include, for example, service providers who provide and manage our e-commerce platform, process credit cards and payments, arrange shipping and deliveries, host the Website, manage and service our data, distribute our emails, conduct research and analysis, provide advertising services, provide analytics, manage brand and product promotions, and administer certain services and features. We may disclose Personal Information to third-party analytics services, such as Google Analytics, to evaluate your use of the Website, compile reports on activity, collect demographic data, analyze performance metrics, and collect and evaluate other information related to the Website. Please note that third-party service providers have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these providers.
- Other third parties to the extent necessary to: (i) comply with a government request, a court order or applicable law; (ii) prevent illegal uses of our Website or violations of our policies; (iii) defend ourselves against third party claims; and/or (iv) assist in fraud prevention or investigation (e.g., counterfeiting).
- To another entity, in the event that we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, merger, acquisition, spin-off, dissolution or liquidation).
- To any other third party where you have provided your consent.
PHI that is collected through the Website may be used as set forth herein and within our Notice of Privacy Practices, and in connection with your treatment, payment and health operations. Your PHI may be disclosed:
- in connection with the coordination or management of your healthcare with a third party that has already obtained your permission to have access to your PHI;
- to other physicians who may be treating you;
- in to obtain payment for your healthcare services, which may include disclosure to your health insurance company;
- to support the business activities of our practice, including without limitation quality assessment activities, employee review and training, and conducting other business activities;
- to contact you to remind you of your appointment;
- to our third party “business associates” that perform various activities (e.g., billing) for our practice;
- for marketing activities to share information about services or products that we believe may be beneficial to you;
- unless you object, to family members, a close friend or any other person you identify to be involved in your healthcare;
- in an emergency treatment situation, in which event, we will attempt to obtain your consent as soon as reasonably practical after the delivery of treatment;
- in the course of any judicial or administrative proceeding, in response to a court or administrative order, or in response to a subpoena, discovery request or other lawful process;
- to comply with Worker’s Compensation laws and other similar legally established programs; and
- when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of HIPAA or other rules and regulations;
This Website may contain links to other parties’ websites. We are not responsible for the privacy practices or the content of such other websites.
IV. How do we protect your personal information?
We have put in place appropriate security measures to help protect your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We will take all required actions to notify you and any applicable regulator in the event of any suspected personal data breach.
It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
V. HOW YOU CAN MANAGE YOUR PERSONAL INFORMATION.
You may elect not to receive online communications from us. You may opt-out of receiving future electronic communications by following the unsubscribe directions in those communications.
You have the right to inspect and copy your PHI. This means you may inspect and obtain a copy of your PHI that is contained in a designated record set or as long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your physician and the practice uses for making decisions about you. You have the right to request a restriction of your PHI. This means you may ask us not to use or disclose any part of your PHI for the purpose of treatment, payment or healthcare operations. You may also request that any part of your PHI not to be disclosed to family members or friends who may be involved in your care or for notification purposes as described in the Notice of Privacy Practices. Your request must state the specific restriction and to whom you want the restriction to apply. We are not required to agree to a restriction that you may request. If granted, this restriction will remain in place until such time you request, in writing and witnessed, that it be removed from your file. Please refer to our Notice of Privacy Practices for more information regarding your PHI. You may complain to the Secretary of Health and Human Services, or to us by writing to us, if you believe your privacy rights with respect to PHI have been violated.
VI. CONSUMER PRIVACY FOR CALIFORNIA RESIDENTS
If you are a California resident, the processing of certain personal data about you may be subject to the California Consumer Privacy Act (“CCPA”) and other applicable California state privacy laws. Beginning January 1, 2020, the CCPA gives you certain rights with respect to the processing of your Personal Information.
This section provides additional privacy disclosures and informs you of key additional rights as a California resident:
Right to Know Request:
Under the CCPA, you have a right to request information about our collection, use, and disclosure of your personal information over the prior 12 months, and ask that we provide you with the following information:
- Categories of and specific pieces of Personal Information we have collected about you.
- Categories of sources from which we collect Personal Information.
- Purposes for collecting, using, or selling Personal Information.
- Categories of third parties with which we share Personal Information.
- Categories of Personal Information disclosed about you for a business purpose.
- If applicable, categories of Personal Information sold about you and the categories of third parties to which the Personal Information was sold, by category or categories of Personal Information for each third party to which the Personal Information was sold.
To make a verifiable request for information about the Personal Information we have collected about you, please email us at Joyce[at]HighMountainOrthopedics.com.
Right to Delete Request:
Under the CCPA, you also have a right to request that we delete personal information, subject to certain exceptions. You may exercise your right to delete by emailing us at Joyce[at]HighMountainOrthopedics.com. Once your request is verified and we have determined that we are required to delete that information in accordance with applicable law, we will delete your Personal Information accordingly. Your request to delete your Personal Information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.
We do not knowingly collect household data. If all the members of a household makes a Right to Know or Right to Delete request, we will respond as if the requests are individual requests.
General Requests under CCPA:
You may make a verifiable consumer request related to your personal information twice per 12-month period. We will not discriminate against you for exercising any of your rights under the CCPA.
Requests made through Agents:
You may designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.
Disclosures of Personal Information for a Business Purpose:
We may have disclosed certain Personal Information (e.g., username; display name; email address; billing information and history; business information, if applicable) to third party recipients for one or more business purposes within the previous 12 months.
California Privacy Rights under the “Shine the Light” Law:
Pursuant to Section 1798.83 of the California Civil Code (a separate law from the CCPA), residents of California have the right to ask us for a notice describing the categories of Personal Information we have shared with third parties or among our affiliated companies, for their direct marketing purposes, during the preceding calendar year. If you are a California resident and would like a copy of this notice, please send an email message to Joyce[at]HighMountainOrthopedics.com with “Request for California Privacy Information” in the subject line and body of your message. Please allow 30 days for a response.
VII. Children’s Privacy
We do not direct our Website to, nor do we knowingly collect any personal information from, persons under the age of 18.
You must be 18 years of age or older to enter our Website, submit Personal Information to us, place an order on the Website, or participate in any of our online promotions.
If you are the parent or guardian of a minor who you believe has provided us with Personal Information, we ask that you contact us at Joyce[at]HighMountainOrthopedics.com.
We will update this Policy from time to time. We will notify visitors of such changes by posting a revised Policy on the Website. Such changes will be effective immediately upon posting of the revised Policy to the Website. We encourage you to check back periodically so that you are always aware of any such changes.
IX. HOW DOES THIS POLICY APPLY TO INTERNATIONAL USESRS?
The Website that links to this Policy is intended for visitors located in the United States. If you choose to provide us with your Personal Information, you consent to the transfer, storage, and processing of that information on our servers located in the United States and around the world. The information collected may be subject to international and U.S. state and federal law. If you are accessing the Website from outside the U.S., please be advised that you may be transferring your personal information to us in the United States where data protection and privacy laws may be different than the laws of your country. By using the Website, you consent to the transfer and use of your personal information in accordance with this Policy.
X. HOW TO CONTACT US
If you have any questions or concerns about this Policy, please contact us at:
High Mountain Orthopedics
Attn: Practice Manager
342 Hamburg Turnpike, Suite 102
Wayne, NJ 07470