Effective date: March 23rd, 2015.
HealthClues or one of its medical associates, may collect information from you that can be categorized as protect health information and other information that can lead to your personal identification. This can include information such as your email address, first name, last name and phone number to establish contact with you.
We may also request you to provide information such as clinical history, medical evidences and reports and any other information that will be required by HealthClues team, or its consultant surgeons to evaluate your medical case and provide you an evidence based recommendation.
We may utlize several modes of gathering relevant information including, but not limited to mediums, such as internet through our website or through secured web forms, phone calls from our team, emails, postal services and other mediums that are available and considered secure for the purpose of information transfer.
In order to keep our services safe from rouge attacks emanating from specific IP addresses or regions, we may also track certain information such as IP addresses, frequency of requests, pattern of navigation on the website. We also utilize website tracking tools and other analytics tools to help us gauge the user experience on the website and make continuous improvements.
We take the security of your private data very seriously. Our architecture is designed to meet the equivalent standards required in HIPAA (Health Insurance Portability and Accountability Act, United States), which is also the most stringent regulation pertaining to safeguarding Protected Health Information (PHI). Our compliance with the above regulations is ensured at every step involved in data collection, transmittance, processing and storage. We use industry standard Secure Sockets Layer (SSL) technology to secure information during transmit.
We have designed secure REST API’s that prevent un-authorized users from accessing un-authorized information on our website. We also analyze information such as IP addresses to track the location from where such requests are emanating as well as pattern and volume of such requests. We utilize HIPAA compliant database software to store all information that is categorized as protected health information.
HealthClues also keeps a strict separation between the personnels that require access to your information to provide required services vis-à-vis other personnels that don’t. Only authorized medical professionals and pre-identified technology professionals have access to users information. We employ the best industry practices in technology development dealing with sensitive information, with provisions for role based access to production, staging and development environments. We don’t allow access or use of any protected health information in development environment. Our architecture also ensures that a breach of attack in one sub-system doesn’t lead to a cascading effect and breach of entire information.
Information Usage:We may use the information for following purposes:
- Information categorized as protected health information can be shared within our team and medical consultants for the purpose of evaluation, in order to provide an evidence based opinion pertaining to users medical case.
- We may perform an analysis on the overall aggregate data or a segment of it, in order to derive medically signficant reports and statistics. We ensure that any personally identifiable information does not get reveleaded in this process.
- Upon requests from a government authority, we may have to share the overall or a segment of information with us, pertaining to one or more users.
- We may utilize the information residing with us to assess information you may find relevant and useful, and may therefore share information and marketing offers directly from us or our associates.
Restrictions on Information Usage:
- We would never sell protected health information to any third-party for any purpose, other than those required for providing the committed service to you.
- We never share or sell information that can be used for a targeted marketing campaign from a third-party.
- Our policy restricts any HealthClues personnel or a medical associate from accessing or using any protected health information, unless he or she is authorized to do so, for a purpose of successful completion of promised service.
- We do not allow any of our personnel to carry or save a protected health information onto any of their personal devices, including but not limited to personal computers, laptops, tablets or smart phones.
Your Rights Regarding Your Protected Health Information
You have certain rights regarding protected health information that we maintain about you.
- You may request us to review or obtaqin copies of your protected health information records. The request has to be made to us in writing through a medium such as an email. We may charge a fee for cost of producing, copying and mailing you requested information, but we will inform you in advance.
- You have the right to request that we restrict or limit how we use or disclose your protected health information for treatment, payment or health care operations. We may not agree to your request. If we do agree, we will comply with your request unless the information is needed for an emergency. Your request for a restriction must be made in writing. In your request, you must tell us: (i) what information you want to limit; (ii) whether you want to limit how we use or disclose your information, or both; and (iii) to whom you want the restrictions to apply.
- You have the right to request for disclosures on sharing of your protected health information, outside the normal business processes requiured to provide you a promised service through our platform. Any such request should specify the time period for disclosures accounting, not exceeding a period of six years. We may charge you for sharing of disclosures but you will be informed of the cost in advance.
- You have the right to request for amendment in the protected health information stored with us. However, this is limited to information we have created for you and does not include records or evidences that are obtained from a third-party.