Mako Rx (“Mako Rx,” “we,” “us,” or “our”) recognizes the importance of protecting the privacy of your personal information, and we have prepared this Privacy Policy to provide you with important information about the privacy practices applicable to the Mako Rx Care Connect platform and any website or service that links to or refers to this Privacy Policy (collectively, the “Services”).
In addition, individually identifiable information that you provide to us for purposes of obtaining medical care (such information is also referred to as “Protected Health Information” or “PHI”) will also be subject to the regulations of the Health Insurance Portability and Accountability Act (“HIPAA”).
We are required by law to maintain the privacy of your PHI and to provide you with this Privacy Policy of our legal duties and privacy practices with respect to your PHI. We are also obligated to notify you following a breach of unsecured PHI. When we use or disclose your PHI, we are required to abide by the terms of this Privacy Policy (or other notice in effect at the time of the use or disclosure).
I. COLLECTION OF INFORMATION
We may collect the following kinds of information you provide directly to us when you use the Services:
For certain activities, such as when you register, use our services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:
• Contact information, such as your full name, email address, mobile phone number, and address;
• Username and password;
• For health care providers, information about your employment, such as your job title, practice area, primary specialty, and medical license status, gender, date of birth, languages spoken, educational background, address, photograph, social security number, Tax ID, NPI number, professional license information and bank account information;
• Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance; and
• Any other information you provide to us.
We may combine such information with information we already have about you. Information we collect automatically. We may collect certain information automatically when you use our Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information. We may also collect certain location information when you use our Services, such as your computer’s IP address, your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
We may use cookies, pixel tags, Local Shared Objects, and similar technologies to automatically collect this information. Cookies are small bits of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognize cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. Local Shared Objects (sometimes referred to as “Flash Cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the Services, you consent to our use of cookies and similar technologies.
We may also collect technical data to address and fix technical problems and improve our Services, including the memory state of your device when a system or app crash occurs while using our Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the Services, you are consenting to the collection of this technical data.
II. USE OF INFORMATION
We generally use the information we collect online to:
• Provide and improve the Services;
• Contact you;
• Fulfill your requests for products, services, and information;
• Send you information about additional clinical services;
• Analyze the use of the Services and user data to understand and improve the Services;
• Customize the content you see when you use the Services;
• Prevent potentially prohibited or illegal activities and otherwise;
• For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
III. SHARING OF INFORMATION
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect. We do not need any type of authorization from you for the following uses and disclosures:
• Healthcare providers, insurance companies, and other healthcare-related entities. We may share your information with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities relevant to providing you with treatment options and support. We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person’s or the public’s health or safety.
• We may disclose your PHI for the following public health activities: (1) to report health information to public health authorities for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to public health authorities or other government authorities authorized by law to receive such reports; (3) to report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.
• Authorized third-party vendors and service providers. We may share your information with third-party vendors and service-providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct-mail, mobile marketing, optimization and retargeting), performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
• Research partners. We may share your information with our research partners to conduct health-related research. Such sharing may be subject to your separate written authorization or without your consent or authorization if an Institutional Review Board or Privacy Board approves a waiver of authorization for disclosure. • Corporate affiliates. We may share your information with our corporate affiliates that are subject to this policy.
• Business transfers. We may share your information in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
• Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Mako Rx, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending an email to the email address in our records unless doing so would violate the law or unless you have not provided your email address to us.
• If we reasonably believe you are a victim of abuse, neglect or domestic violence, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.
• We may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if we (1) obtain your agreement; (2) provide you with the opportunity to object to the disclosure and you do not object; or (3) reasonably infer that you do not object to the disclosure. If you are not present, or the opportunity to agree or object to a use or disclosure cannot practically be provided because of your incapacity or an emergency circumstance, we may exercise our professional judgment to determine whether a disclosure is in your best interests.
• With your consent or at your direction. We may share information for any other purposes disclosed to you at the time we collect the information or pursuant to your consent or direction. Federal and state law requires special privacy protections for certain highly confidential information about you (“Highly Confidential Information”). This Highly Confidential Information may include the subset of your PHI that: (1) is maintained in psychotherapy notes; (2) is about mental health and developmental disabilities services; (3) is about alcohol and drug abuse prevention, treatment and referral; (4) is about HIV/AIDS testing, diagnosis or treatment; (5) is about sexually-transmitted disease(s); (6) is about genetic testing; (7) is about child abuse and neglect; (7) is about domestic abuse of an adult with a disability; or (8) is about sexual assault. In order for us to disclose your Highly Confidential Information for a purpose other than those permitted by law, we must have your written permission on an authorization form.
If you choose to engage in public activities on the Site or third-party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
IV. SECURITY
We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
V. YOUR CHOICES
You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at [EMAIL ADDRESS]. You may also request that we delete your personal information by sending us an email at [EMAIL ADDRESS].
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.
You have the right to request a restriction on the uses and disclosures of your PHI (1) for treatment, payment and health care operations purposes, and (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved in your care or with payment related to your care. Unless otherwise required by law, we are required to comply with your request for this type of restriction. For all other requests for restrictions on use and disclosures of your PHI, we are not required to agree to your request, but will attempt to accommodate reasonable requests when appropriate. If you wish to request additional restrictions, please email [EMAIL ADDRESS] to obtain a request form.
You may request access to your medical record file and billing records maintained by us in order to inspect and request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you would like to access your records, please email [EMAIL ADDRESS] to obtain a Record Request Form. If you request copies, we will charge you a cost-based fee, that includes (1) labor for copying the PHI; (2) supplies for creating the paper copy or electronic media if you request an electronic copy on portable media; (3) our postage costs, if you request that we mail the copies to you; and (4) if you agree in advance, the cost of preparing an explanation or summary of the PHI.
You have the right to request that we amend PHI maintained in your medical record file or billing records. If you desire to amend your records, please email [EMAIL ADDRESS] to obtain an Amendment Request Form. We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply. Upon request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time prior to the date of your request provided such period does not exceed six years.
VI. CHILDREN
We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our Services.
VII. CHANGES TO THE PRIVACY POLICY
We may update this Privacy Policy from time to time. When we update the Privacy Policy, we will revise the “Effective Date” date above and post the new Privacy Policy. We recommend that you review the Privacy Policy each time you visit the Services to stay informed of our privacy practices.
VIII. QUESTIONS
If you have any questions about this Privacy Policy or our practices, please email us at [EMAIL ADDRESS].