Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
ZenMD’s Commitment to Your Privacy
ZenMD is dedicated to maintaining the privacy of your protected health information (‘PHI’). PHI is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care. In conducting its business, ZenMD will receive and create records containing your PHI. ZenMD is required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.
ZenMD must abide by the terms of this Notice while it is in effect. This current Notice takes effect on June 13, 2018, and will remain in effect until ZenMD replaces it. This Policy does not apply to information collected by any third party, including through any external website that may link to or be accessible from ZenMD. Please check directly with each such third party to avoid unfair surprises and misunderstandings.
Uses and Disclosures of PHI
ZenMD may use and disclose your PHI in the following ways:
- Treatment, Payment and Health Care Operations.ZenMD is permitted to use and disclose your PHI for purposes of (a) treatment, (b) payment and (c) health care operations. For example:
- ZenMD may disclose your PHI to another physician or health care provider for purposes of a consult or in connection with the provision of follow-up treatment.
- ZenMD may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of claims and other charges.
- Health Care Operations.ZenMD may use and disclose your PHI in connection with its health care operations, such as providing customer services and conducting quality review assessments. ZenMD may engage third parties to provide various services for ZenMD. If any such third party must have access to your PHI in order to perform its services, ZenMD will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice.
- ZenMD is permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
- As Required by Law.ZenMD may use and disclose your PHI to the extent required by law.
The following categories describe unique circumstances in which ZenMD may use or disclose your PHI:
- Public Health Activities.ZenMD may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. ZenMD may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Workers’ CompensationWorkers’ Compensation. ZenMD may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries.
- Health Oversight Activities.ZenMD may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the health care system or government benefit programs.
- Judicial and Administrative Proceedings.ZenMD may disclose your PHI, in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request.
- Law Enforcement.ZenMD may, under certain circumstances, disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
- ZenMD may, under certain circumstances, disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents.
- Organ Procurement.ZenMD may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation.
- ZenMD may, under certain circumstances, use or disclose PHI that is necessary for research purposes.
- Threat to Health or Safety.ZenMD may, under certain circumstances, use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Specialized Government Functions.ZenMD, may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. ZenMD may also disclose PHI to federal officials for intelligence and national security purposes.
Your Rights Regarding Your PHI
You have the following rights regarding the PHI maintained by ZenMD:
- Confidential Communication.You have the right to receive confidential communications of your PHI. You may request that ZenMD communicate with you through alternate means or at an alternate location, and ZenMD will accommodate your reasonable requests. You must submit your request in writing to ZenMD.
- You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or health care operations. You also have the right to request that ZenMD restrict its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to ZenMD. ZenMD is not required to comply with your request. However, if ZenMD agrees to comply with your request, it will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
- Inspection and Copies.You have the right to inspect and copy your PHI. You must submit your request in writing to ZenMD. ZenMD may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. ZenMD may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, ZenMD will inform you of the reason for the denial, and you may request a review of the denial.
- You have a right to request that ZenMD amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by ZenMD. You must submit your request in writing to ZenMD and provide a reason to support the requested amendment. ZenMD may, under certain circumstances, deny your request by sending you a written notice of denial. If ZenMD denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Accounting of Disclosures.You have a right to receive an accounting of all disclosures ZenMD has made of your PHI. However, that right does not include disclosures made for treatment, payment or health care operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to ZenMD and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, ZenMD may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. ZenMD will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
- Breach Notification.You have the right to be notified in the event that ZenMD (or a ZenMD Business Associate) discovers a breach of unsecured PHI.
- Paper Copy.You have the right to obtain a paper copy of this Notice from ZenMD at any time upon request. To obtain a paper copy of this notice, please contact ZenMD by calling 628-400-6400
- You may complain to ZenMD and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with ZenMD, you must submit a statement in writing to ZenMD: Attn: Security Officer, 11271 Ventura Blvd, Ste 345 Studio City, CA 91604. ZenMD will not retaliate against you for filing a complaint.
Cookies are small text files which a website may put on your computer or mobile device when you first visit a site or page. The cookie will help ZenMD to recognize your device the next time you visit. For example, cookies can help us to remember your username and preferences, analyze how well our website is performing, or even allow us to recommend content we believe will be most relevant to you.
- To provide the service you have asked for. Some cookies are essential so you can navigate through the website and use its features. Without these cookies, we would not be able to provide the services you’ve requested. For example, some cookies allow us to identify subscribers and ensure they can access the subscription only pages. If a subscriber opts to disable these cookies, the user will not be able to access all of the content that a subscription entitles them to. These cookies don’t gather information about you that could be used for marketing or remembering where you’ve been on the internet. Essential cookies keep you logged in during your visit.
- To improve your browsing experience. These cookies allow the website to remember choices you make, such as your language or region and they provide improved features. These cookies will help remembering your preferences and settings, including marketing preferences, remembering if you’ve filled in certain forms, so you’re not asked to do it again, remembering if you’ve been to ZenMD before and restricting the number of times you’re shown a particular advertisement. We might also use these cookies to highlight ZenMD services that we think will be of interest to you based on your usage of the website.
- Analytics. To improve your experience on ZenMD, we like to keep track of what pages and links are popular and which ones don’t get used so much to help us keep ZenMD relevant and up to date. It’s also very useful to be able to identify trends of how people navigate (find their way through) ZenMD and if they get error messages from web pages. This group of cookies, often called “analytics cookies” are used to gather this information. These cookies don’t collect information that identifies you. The information collected is anonymous and is grouped with the information from everyone else’s cookies. We can then see the overall patterns of usage rather than any one person’s activity.
- To show advertising that is relevant to your interests. We may sell space on ZenMD to advertisers. The resulting ads often contain cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with our permission. They remember that you have visited a website and this information is shared with other organizations such as advertisers.
Most browsers allow you to turn off cookies. To do this, look at the “help” menu on your browser. Switching off cookies may restrict your use of ZenMD and/or delay or affect the way in which it operates.
Personal information you provide to us is stored on a password protected server accessible only by administrator. We use SSL. However, we cannot guarantee the security of your personal information transmitted to ZenMD because any transmission of information over the Internet has its inherent risks. You are responsible for keeping your login credentials, if any, confidential.
ZenMD is not directed to children under the age of 16. We do not knowingly collect any personal information about children under the age of 16. If we obtain actual knowledge that we have collected personal information about a child under the age of 16, that information will be promptly deleted from our database, unless it is necessary to retain it for legal purposes.
If a parent believes that his or her child has submitted personal information to us, he or she can contact us via e-mail. We will promptly delete the information upon learning that it relates to a child under the age of 16. Please note that it is possible some of this information may remain archived in web logs and back-up archives after we delete the information from our active database.
Your California Privacy Rights
We will not share any personal data with third-parties for their direct marketing purposes to the extent prohibited by California law. If our practices change, we will do so in accordance with applicable laws and will notify you in advance. California law requires that operators of online services disclose how they respond to a Do Not Track signal. Some browsers have incorporated “Do Not Track” features. Most of these features, when turned on, send a signal or preference to the online service that a user visits, indicating that the user does not wish to be tracked. We do not currently respond to Do Not Track signal.
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside the United States and choose to provide information to us, please note that we transfer the information, including personal information, to the United States and process it there, if there is a legal basis for us to do it.
EU Users’ Rights
- Your GDPR rights to be informed, to access, rectify, erase or restrict the processing of your personal information. You have the right to receive free information about what personal data we have obtained about you, where it is stored, for how long, for what purposes it is used, to whom it was disclosed. You have the right to require that we, without undue delay, rectify of inaccurate personal data concerning you. That means you can request we change your personal data in our records, or have you incomplete personal data completed. You have the “right to be forgotten,” i.e. to have us delete your personal information, without undue delay, if the data is no longer necessary in relation to the purposes for which it was collected. However, GDPR gives us the right to refuse erasure if we can demonstrate compelling legitimate grounds for keeping your information.
- GDPR gives you the right to restrict processing if any of the following applies:If you contest the accuracy of your personal data, we will restrict processing it for a period enabling us to verify its accuracy.
ii. The processing is unlawful and you oppose its erasure and request instead the restriction of its use.
iii. We no longer need your personal data for the purposes of the processing, but you require us to restrict processing for the establishment, exercise or defence of legal claims.
iv. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override yours.
- Right to data portability. Upon request, we will provide you your personal data in our possession, in a structured, commonly used and machine-readable format. You have the right to transmit that data to another controller if doing so does not adversely affect the rights and freedoms of others.
- Right to object. You can object, on grounds relating your particular situation, at any time, to processing of your personal information, if based on point (e) or (f) of Article 6(1) of the GDPR. We will then have to stop processing, unless we can demonstrate compelling legitimate grounds for the processing. If you object to the processing for direct marketing purposes, we will have to stop processing for these purposes.
- Right to withdraw consent. GDPR grants you the right to withdraw your earlier given consent, if any, to processing of your personal data at any time.
- Rights related to automated decision making. As a responsible business, we do not rely on any automated decision making, such as profiling.
We retain your personal data for as long as your account is active or for as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise permitted or required by law. We will retain and use information as necessary to comply with our legal obligations, resolve disputes, and enforce our rights. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.
Further Information. If you would like more information about your privacy rights, please contact ZenMD by calling 628-400-6400 and ask to speak to the Privacy and Security Officer. To the extent you are required to send a written request to ZenMD to exercise any right described in this Notice, you must submit your request to ZenMD at: Attn: Security Officer, 11271 Ventura Blvd, Ste 345 Studio City, CA 91604.