Rume Medical Group, INC.
Last Updated: July ___, 2022
- Confidentiality of Health Information
Health information that Company receives and/or creates about you, personally, relating to your past, present, or future health, treatment, or payment for healthcare services, may be “protected health information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”). Your health information may also be protected by state privacy and laws and regulations.
Company understands that health information about you and your health is personal. We support your privacy and ensure that the transmittal and use of your information complies with all laws, except to the extent that you have authorized Company to transmit information to you by other means. In this regard, where applicable, we comply with HIPAA, HITECH, and other relevant state laws and regulations by entering into Business Associate Agreements with the treatment providers for which we provide services to ensure that your protected health information is appropriately safeguarded.
Set forth below is Company’s Notice of Privacy Practices.
- Collection of Information
We collect information you provide, such as when you email us, sign up through our Platform, or submit information through our Platform. We may collect, but are not limited to collecting, the following information: your name, gender, email address, mailing address, phone number, date of birth, payment and bank information provided.
Company does not knowingly collect or maintain personally identifiable information from persons under 18 years of age without verifiable parental consent. If you are under 18 years of age, then please do not use the Services without parental consent. If Company learns that personally identifiable information of persons less than 18 years of age has been collected without verifiable parental consent, then Company will take the appropriate steps to delete this information. To make such a request, please contact us at Support@_______________.com.
- Information We Collect from Your Use of the Services
We collect information about you when you use our Platform, including, but not limited to the following:
- Account Information. When you register with us using the Platform to create an account and become a registered user, you will need to provide us with certain personally identifiable information to complete the registration, including information that can be used to contact or identify you and payment or other billing information in some cases.
- Device Information. We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services. For example, we may collect and analyze information such as (a) IP addresses, geolocation information (as described in the next section below), unique device identifiers and other information about your mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (b) information related to the ways in which you interact with the Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
- Location Information. We may collect different types of information about your location, including general information (e.g., IP address, zip code) and more specific information (e.g., GPS-based functionality on mobile devices used to access the Services), and may use that information to customize the Services with location-based information, advertising, and features. For example, if your IP address indicates an origin in Los Angeles, California, the Services may be customized with Los Angeles-specific information and advertisements. In order to do this, your location information may be shared with our agents, vendors or advertisers. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can disable the GPS or other location-tracking functions on your device, provided your device allows you to do this. See your device manufacturer’s instructions for further details.
- Cookies and Other Electronic Technologies. We may use the tools outlined below in order to better understand users. As we adopt additional technologies, we may also gather additional information through other methods.
For more information on cookies, visit http://www.allaboutcookies.org.
- Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about your use of our Services, the websites of selected advertisers, and the emails, special promotions or newsletters that we send you. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
- Platform Analytics: We may use third-party analytics services in connection with the Platform, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that you type into the Platform. These analytics services generally do not collect personal information unless you voluntarily provide it and generally do not track your browsing habits across sites which do not use their services. We use the information collected from these services to help make the Platform easier to use.
- Mobile Device Identifiers: Mobile device identifiers are data stored on your mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of personal information (such as media access control, address and location) and traffic data. Mobile device identifiers help Company learn more about our users’ demographics and internet behaviors.
- Information from Third Parties
We may obtain additional information about you from third parties such as marketers, partners, researchers, and others. We may combine information that we collect from you with information about you that we obtain from such third parties and information derived from any other subscription, product, or service we provide.
- Aggregate or De-identified Data
We use the information that we collect for the following purposes:
- For the purposes for which you provided the information.
- To contact you when necessary or requested.
- To personalize your experience with the Services by informing you of products, programs, events, services, and promotions of Company, our affiliates, our partners and/or third parties that we believe may be of interest to you (see the “Opt-In Policy” below).
- To fulfill your purchase from us, including, to process your payments, communicate with you regarding your purchase or provide you with related customer service.
- To send mobile notifications (you may opt-out of this service).
- To provide, maintain, administer, improve, or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer.
- To customize and tailor your experience of the Services.
- To send emails and other communications that display content that we think will interest you and according to your preferences.
- To send you news and information about our Services.
- To track and analyze trends and usage in connection with our Services.
- To better understand who uses the Services and how we can deliver a better user experience.
- To use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts.
- To prevent, detect, and investigate security breaches, fraud, and other potentially illegal or prohibited activities.
- To enforce the legal terms that govern your use of the Services.
- To protect our rights or property.
- To administer and troubleshoot the Services.
- For any other purpose disclosed to you in connection with our Services.
We may use third-party service providers to process and store personal information in the United States and other countries.
We may share personal information about you as follows:
- With third parties to provide, maintain, and improve our Services, including service providers who access information about you to perform services on our behalf.
- With our affiliates, partners or other third parties to allow them to contact you regarding products, programs, services, and promotions that we and/or they believe may be of interest to you (See the “Opt-In Policy” below).
- In connection with, or during the negotiation of, any merger, sale of Company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business (but only under non-disclosure and confidentiality agreements and protections).
- If we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request; to enforce applicable user agreements or policies; to protect the security or integrity of our Services; and to protect us, our users or the public from harm or illegal activities.
We may also share aggregated, non-personally identifiable information with third parties.
When you supply us with personally identifiable information in connection with your use of the Services, you may be asked to indicate whether you are interested in receiving information from us about our product and service offerings and if you would like us to share personally identifiable information about you with our affiliates, partners or other third parties for their marketing purposes. If you do choose to opt-in, you will receive such communications and/or we will share your information in accordance with your “opt-in” consent.
You may, of course, choose not to receive additional marketing information from us or choose not to allow our sharing of your personally identifiable information as follows: at any time, you can follow a link provided in our marketing-related email messages (but excluding e-commerce confirmations and other administrative emails) to opt out from receiving such communications; or at any time, you can contact us in accordance with the “Contact Us” section below to opt out from receiving such communications.
If you decide to contact us to change your contact preferences to opt out of receiving communications from us, please specify clearly which of the following choices you are opting out of: (a) receiving marketing communications from us; (b) allowing us to share personally identifiable information about you with our affiliates and partners for their marketing purposes; and/or (c) allowing us to share personally identifiable information about you with other third parties for their marketing purposes.
We will endeavor to implement your requested change as soon as reasonably practicable after receiving your request. Please be aware that your requested change will not be effective until we implement such change. Please note that if you choose not to allow our sharing of your personally identifiable information, we are not responsible for removing your personally identifiable information from the databases of third parties with which we have already shared your personally identifiable information as of the date that we implement your request. If you wish to cease receiving marketing-related e-mails from these third parties, please contact them directly or utilize any opt-out mechanisms in their privacy policies or marketing-related e-mails.
Please note that if you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages. You cannot opt-out from receiving these administrative messages. We reserve the right, from time to time, to contact former customers or users of the Services for administrative purposes or in order to comply with applicable laws, rules or regulations.
- Social Media and Third Party Platforms
We take reasonable measures, including administrative, technical, and physical safeguards, to help protect personal information from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Company cannot ensure or warrant the security of any information you transmit to us or from our online products or services, and you do so at your own risk.
- How You Can Access and Update Your Information
You may update or correct information about yourself at any time or by emailing us at Support@_______________.com.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject cookies; however, our Services may not function properly if you do so.
- Options for Opting out of Cookies and Mobile Device Identifiers
If you are interested in more information about interest-based advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link or TRUSTe’s Advertising Choices Page to opt-out of receiving tailored advertising from companies that participate in those programs.
Please note that even after opting out of interest-based advertising, you may still see Company’s advertisements that are not interest-based (i.e., not targeted toward you). Also, opting out does not mean that Company is no longer using its tracking tools—Company still may collect information about your use of the Services even after you have opted out of interest-based advertisements and may still serve advertisements to you via the Services based on information it collects via the Services.
- How Company Responds to Browser “Do Not Track” Signals
We are committed to providing you with meaningful choices about the information collected on our Platform for third-party purposes, and that is why we provide above the Network Advertising Initiative’s “Consumer Opt-out” link, Digital Advertising Alliance’s Consumer Opt-Out Link, and TRUSTe’s Advertising Choices page. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations and solutions. For more information about DNT signals, visit http://allaboutdnt.com.
Our Services may contain links to other websites and those websites may not follow the same privacy practices as Company. We are not responsible for the privacy practices of third party websites. We encourage you to read the privacy policies of such third parties to learn more about their privacy practices.
- No Rights of Third Parties
- Notice of Privacy Practices
Company is dedicated to maintaining the privacy of your protected health information (“PHI”). PHI is information about you that may be used to identify you (such as your name, social security number or address), and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of healthcare to you, or (c) your past, present, or future payment for the provision of healthcare. In conducting its business, Company may receive and create records containing your PHI. Company is required by law to maintain the privacy of your PHI and to provide you with notice of its legal duties and privacy practices with respect to your PHI.
Company must abide by the terms of this Notice while it is in effect. This Notice is in effect from the date noted above until Company replaces it. Company reserves the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable law. If Company changes the terms of this Notice, the new terms will apply to all PHI that it maintains, including PHI that was created or received before such changes were made. If Company changes this Notice, it will post the new Notice on its Platform and will make the new Notice available upon request.
- Uses and Disclosures of PHI. Company may use and disclose your PHI in the following ways:
- Treatment, Payment and Healthcare Operations. Company is permitted to use and disclose your PHI for purposes of (a) treatment, (b) payment and (c) healthcare operations. For example:
- Treatment. Company may disclose your PHI to a physician in connection with the provision of treatment to you.
- Payment. Company may use and disclose your PHI to your health insurer or health plan in connection with the processing and payment of claims and other charges.
- Healthcare Operations. Company may use and disclose your PHI in connection with its healthcare operations, such as providing customer services and conducting quality review assessments. Company may engage third parties to provide various services for Company. If any such third party must have access to your PHI in order to perform its services, Company will require that third party to enter an agreement that binds the third party to the use and disclosure restrictions outlined in this Notice.
- Authorization. Company is permitted to use and disclose your PHI upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time.
- As Required by Law. Company may use and disclose your PHI to the extent required by law.
- Special Circumstances. The following categories describe unique circumstances in which Company may use or disclose your PHI:
- Public Health Activities. Company may disclose your PHI to public health authorities or other governmental authorities for purposes including preventing and controlling disease, reporting child abuse or neglect, reporting domestic violence and reporting to the Food and Drug Administration regarding the quality, safety and effectiveness of a regulated product or activity. Company may, in certain circumstances disclose PHI to persons who have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Workers’ Compensation. Company may disclose your PHI as authorized by, and to the extent necessary to comply with, workers’ compensation programs and other similar programs relating to work-related illnesses or injuries.
- Health Oversight Activities. Company may disclose your PHI to a health oversight agency for authorized activities such as audits, investigations, inspections, licensing and disciplinary actions relating to the healthcare system or government benefit programs.
- Judicial and Administrative Proceedings. Company may disclose your PHI, in certain circumstances, as permitted by applicable law, in response to an order from a court or administrative agency, or in response to a subpoena or discovery request.
- Law Enforcement. Company may, under certain circumstances, disclose your PHI to a law enforcement official, such as for purposes of identifying or locating a suspect, fugitive, material witness or missing person.
- Decedents. Company may, under certain circumstances, disclose PHI to coroners, medical examiners and funeral directors for purposes such as identification, determining the cause of death and fulfilling duties relating to decedents.
- Organ Procurement. Company may, under certain circumstances, use or disclose PHI for the purposes of organ donation and transplantation.
- Research. Company may, under certain circumstances, use or disclose PHI that is necessary for research purposes.
- Threat to Health or Safety. Company may, under certain circumstances, use or disclose PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Specialized Government Functions. Company, may in certain situations, use and disclose PHI of persons who are, or were, in the Armed Forces for purposes such as ensuring proper execution of a military mission or determining entitlement to benefits. Company may also disclose PHI to federal officials for intelligence and national security purposes.
12.2 Your Rights Regarding Your PHI. You have the following rights regarding the PHI maintained by Company :
- Confidential Communication. You have the right to receive confidential communications of your PHI. You may request that Company communicate with you through alternate means or at an alternate location, and Company will accommodate your reasonable requests. You must submit your request in writing to Company.
- Restrictions. You have the right to request restrictions on certain uses and disclosures of PHI for treatment, payment or healthcare operations. You also have the right to request that Company limits its disclosures of PHI to only certain individuals involved in your care or the payment of your care. You must submit your request in writing to Company. Company is not required to comply with your request. However, if Company agrees to comply with your request, it will be bound by such agreement, except when otherwise required by law or in the event of an emergency.
- Inspection and Copies. You have the right to inspect and copy your PHI. You must submit your request in writing to Company. Company may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. Company may deny your request to inspect and/or copy your PHI in certain limited circumstances. If that occurs, Company will inform you of the reason for the denial, and you may request a review of the denial.
- Amendment. You have a right to request that Company amend your PHI if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is maintained by Company. You must submit your request in writing to Company and provide a reason to support the requested amendment. Company may, under certain circumstances, deny your request by sending you a written notice of denial. If Company denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
- Accounting of Disclosures. You have a right to receive an accounting of all disclosures Company has made of your PHI. However, that right does not include disclosures made for treatment, payment or healthcare operations, disclosures made to you about your treatment, disclosures made pursuant to an authorization, and certain other disclosures. You must submit your request in writing to Company and you must specify the time period involved (which must be for a period of time less than six years from the date of the disclosure). Your first accounting will be free of charge. However, Company may charge you for the costs involved in fulfilling any additional request made within a period of 12 months. Company will inform you of such costs in advance, so that you may withdraw or modify your request to save costs.
- Breach Notification. You have the right to be notified in the event that Company (or a Company Business Associate) discovers a breach of unsecured PHI.
- Paper Copy. You have the right to obtain a paper copy of this Notice from Company at any time upon request. To obtain a paper copy of this notice, please contact Company by calling (___) ___-____.
- Complaint. You may complain to Company and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated. To file a complaint with Company, you must submit a statement in writing to Company at Support@_______________.com. Company will not retaliate against you for filing a complaint.
- Further Information. If you would like more information about your privacy rights, please contact Company by calling (___) ___-____ and ask to speak to the Privacy and Security Officer. To the extent you are required to send a written request to Company to exercise any right described in this Notice, you must submit your request to Support@_______________.com.