Some of the information collected by RxNT is personal information. In general terms, “personal information” is information which you submit to RxNT and which identifies you or can be used to contact you, such as name, address, email address, phone number, social security number, and insurance-issued ID numbers. RxNT sometimes combines non-personal information with other information in a way that makes the combined information personal information. RxNT treats this combined information as if it were all personal information. RxNT does not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual.
CONFIDENTIALITY OF HEALTH INFORMATION
Some of the users of RxNT’s website and applications—such as healthcare providers— are subject to laws and regulations governing the use and disclosure of personal health information that they create or receive from other sources. Included among those laws are the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”).
When RxNT stores, processes or transmits “individually identifiable health information” (as that term is defined in HIPAA) on behalf of a healthcare provider who has entered into a user agreement with us, we do so as the provider’s “business associate,” as that term is defined in HIPAA. HITECH extended the privacy and security provisions of HIPAA to the business associates of covered entities. As a business associate, RxNT is prohibited from using individually identifiable health information to the same extent that the healthcare provider itself is prohibited from using it.
RxNT is required to take appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information which it collects, stores and processes on behalf of such providers.
METHODS OF COLLECTING DATA
The RxNT website obtains user information when you register to use one or more of RxNT’s applications by typing or otherwise transmitting information onto the website.
When you register with RxNT and use one or more of RxNT’s applications, RxNT obtains the following information:
(a) Your name, email address, age, password and other registration information.
(b) Information recorded in your electronic health record and provided by your healthcare provider.
(c) Information you enter into the system when using one of RxNT’s applications, such as text messages and other data.
Information gathered during your use of an RxNT application is intended to be used by the healthcare provider to render services to you as the patient.
Once you conclude the use of an RxNT application, data will be de-personalized and may be used for analytics to improve patient care.
RxNT may also use the information you provide us to contact you from time to time to provide you with important information, required notices and marketing promotions.
Automatically Collected Information
RxNT’s website may collect certain information automatically from your computer, mobile phone or tablet, including, but not limited to, the type of device used, the unique device ID, the IP address of the device, operating system type, the language your system uses, the type of Internet browsers used, location-based information (e.g., country and time zone) and information about the way RxNT’s applications are used. Generally speaking, this sort of data does not personally identify any particular user. Nevertheless, such data can be used in conjunction with personal information. In these circumstances, RxNT treats such combined information as personal information.
USE AND SHARING OF YOUR INFORMATION
We use non-personal information for evaluating the performance of the RxNT website, developing additional features and services, delivery of cookie-based content and for other purposes described in this Policy or in your End User Licensing Agreement.
With regard to personal information, RxNT appreciates its sensitivity and the need to limit its disclosure. Accordingly, we limit our sharing of your personal Information as follows:
- As required by law, such as to comply with a subpoena, search warrant, court order, judicial proceeding or similar legal process;
- When RxNT obtains your or your provider’s express consent;
- Your healthcare provider will have access to your RxNT account information, including your personal information and may: (i) receive and store your account information in its own system; (ii) change your password; (iii) restrict your ability to submit, delete or edit information; (iv) suspend or terminate your RxNT account access or (v) access or retain, for any purpose authorized by applicable law, any information you provide or otherwise store as part of your RxNT account;
- When RxNT believes in good faith that disclosure is necessary to protect the RxNT website and the information on it, protect your safety or the safety of others, protect our rights and the rights of third parties, investigate fraud, or respond to a governmental agency or court order;
- When RxNT provides such information to trusted services providers who work on our behalf, do not have an independent use of the information we disclose to them, and have agreed to adhere to the rules set forth in this Policy and applicable law. Such information is provided to them subject to the terms of this Policy and with the approval of your healthcare provider. These trusted services providers will execute legally binding confidentiality and security obligations and business associate agreements as appropriate;
- If RxNT is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding such information.
RxNT uses vendors and service providers and we may share any information we receive with them retained in connection with the provision of the RxNT applications. When protected health information is shared, such vendors and service providers will be bound by appropriate confidentiality and security obligations which include business associate contract obligations as required by HIPAA.
COMPLIANCE OF THIS POLICY WITH HIPAA AND HITECH
CONSENTS AND AUTHORIZATIONS
RxNT may request your consent or authorization in connection with its own use of or its sharing of your information with others, either because this Policy or applicable laws and regulations require us to obtain such consent or we deem such consent to be appropriate. No request by RxNT to obtain your consent in any way narrows the scope or applicability of this Policy. By using the RxNT website, you accept and agree to the treatment of information on the part of RxNT as described in this Policy.
Because the RxNT website allows users to share information, you should take care in selecting the persons with whom you share your personal and health information. Although the RxNT website processes and facilitates such transmissions, RxNT takes no responsibility or assumes any liability for the actions of other users or persons with whom you share such information.
Email communications received from users and RxNT’s communications often relate to administrative aspects of your care, e.g., appointment requests, reminders and cancellations and other notifications. RxNT may not offer you the option of opting out of receiving some of these messages although RxNT may allow you to change how often you receive such messages. In addition, if you have agreed to receive marketing announcements from RxNT, we will allow you to opt out of receiving those announcements. To opt out of such commercial emails, please click the link labeled “unsubscribe” at the bottom of any email we send you. If you have any questions about your choices or if you need any assistance with opting out, please contact us by sending an email to firstname.lastname@example.org. You can also write us at the address in the How to Contact Us section below in the menu at the bottom of this web page.
In some instances, RxNT may use tools (e.g., “cookies”) in its emails to users to collect usage information from you, such as the device (i.e., your computer, mobile device or tablet) that you are using to communicate with the RxNT website. By doing so, we can track resources and data accessed on the site per visitor, record general site statistics and activity, and assist users who may be experiencing problems with our website. Our purpose in doing all of this is to provide you and other users with the best possible service. In any event, cookies do not identify a specific user and are not used to collect any personal information. Moreover, you may disable your cookie information at any time by adjusting your browser preferences on your personal computer.
With regard to COPPA (Children’s Online Privacy Protection Act), we do not seek to collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
RxNT does not knowingly collect personal information from children. If RxNT learns that it has obtained personal information from a child, RxNT will delete that information as soon as practicable. If you discover that your child has provided us with personal information without your consent, please contact RxNT immediately.
While observing any applicable provisions of COPPA, the RxNT website does not prevent persons above the age of 18 years—such as healthcare providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility for the submission, use and transmission of such information.
SECURITY AND SAFETY OF THE RXNT WEBSITE
RxNT employs technical measures to help safeguard the confidentiality, integrity and availability of personally identifiable information that you might store and share through the RxNT website. Applicable law requires us to investigate potential or suspected threats to the RxNT website and to the confidentiality, integrity or availability of the information which RxNT stores. RxNT may use, retain and disclose information—including your personal and non-personal information—when it has a good-faith belief that it is necessary or advisable in order to:
- detect, prevent and address potential or suspected threats to the RxNT website or the confidentiality, integrity or availability of any information we store on our website;
- to detect, prevent and otherwise deal with illegal activity;
- to otherwise protect RxNT, you and third parties.
As stated above, RxNT may also use, preserve and disclose such information as required by law, e.g., to comply with a subpoena or similar legal process. The governmental entity initiating such legal process may prohibit RxNT from notifying the users or other individuals or entities identified in the requested information or take other actions that would otherwise be a violation of this Policy. RxNT may for these reasons preserve information from both active and disabled accounts for extended periods of time as necessary to comply with applicable law or as it deems appropriate under the circumstances.
RxNT utilizes and periodically evaluates the effectiveness of a number of technical, physical and administrative measures to prevent unauthorized access to its website, maintain data accuracy and ensure the appropriate use of your personal and non-personal information. These measures include encryption, firewalls, system alerts, and the use of industry-standard encryption technology. We also house such information in secure facilities that restrict physical and network access. RxNT applies what it regards as reasonable and accepted measures widely used in the IT industry to protect the confidentiality, integrity and availability of individually identifiable health information residing on and processed by the RxNT website. No security system, however, can be expected to prevent all potential security breaches no matter what technology is used.
RxNT may notify you and inform you of potential countermeasures if RxNT learns of a security vulnerability or risk. RxNT strongly encourages you to be conscientious in using well known and readily available technology to improve the security of your own system and devices.
ACCESS LIMITED TO U.S. USERS
Access to the RxNT website is administered in the United States and is intended solely for users within the United States, unless RxNT in advance and in writing authorizes specific users in specified locations outside of the United States who have executed such binding legal agreements and other documentation as RxNT may require. You should be aware that access by foreign nationals to systems located in the United States constitutes the exportation of technology under applicable U.S. law and may require compliance with U.S. export controls.
Personal Information transfers from the Europe Economic Community and individual countries with data-transfer restrictions are currently authorized by approved model contracts, agreements, certifications or other appropriate means.
Under no circumstances are you to use the RxNT website in any jurisdiction where accessing or using the RxNT website would violate U.S. law or any other law. Any information that you submit to us while outside of the United States will be transferred to RxNT systems that reside in the United States unless RxNT notifies you that it intends to transfer such information to specific RxNT systems that reside in one or more location(s) outside of the United States pursuant to such binding legal agreements and other documentation as RxNT may require from you and third parties. You consent to any such transfer of non-personal and personal information when you use the RxNT website and provide us with such information.
Please be assured that RxNT will always employ appropriate measures to protect the privacy and security of your personal information, regardless of where it is processed or stored.
UPDATES AND REVISIONS TO THIS POLICY
CORRECTING, UPDATING AND DEACTIVATING INFORMATION
RxNT complies with all laws regarding access to and correction of your information. The RxNT website provides you with access to the information you submit and the means to correct and update it. If you have an online account with us, you can log into your account at any time to access and update your information. You may also have your provider contact RxNT on your behalf. If you need assistance updating your personal information, please contact us via email addressed to email@example.com.
If you desire to deactivate your account, please have your healthcare provider contact us, whereupon RxNT will deactivate your account and archive your personal information and records. RxNT may retain archived information for a period of five years or longer as necessary to comply with legal obligations, resolve disputes and enforce our agreements and other authorized uses under this Policy.
Certain users—such as healthcare providers—may be required under HIPAA and other applicable laws to retain your information for extended periods of time, and RxNT will continue to retain such information on their behalf in accordance with such requirements. Patients should submit requests to access or correct their health information directly to their providers. RxNT also indefinitely stores non-personal information, including de-identified health information.
If you have any questions about this Policy or information security, please contact us at firstname.lastname@example.org.
Last updated October 7, 2016.
© 2017 RxNT Inc.