Privacy Policy


Privacy Matters


We take our legal and ethical obligations regarding your privacy very seriously. After all, we are dealing with your personal information, including medical information. Our clients and members must be able to trust us to exercise the greatest care possible to maintain your right to confidentiality. You can rest assured that confidential information you share with us will stay with us. Your personal information will never be used for any purpose other than to provide you the service you have requested from MedExpert. We will never disclose your information to any third party, for any reason.

 

This Privacy Policy sets forth the practices of MedExpert International, Inc. ("MedExpert") regarding: (1) what personal information we collect about you-both online via the MedExpert website and offline via traditional, non-Internet forms; (2) how we use that information; (3) under what circumstances we disclose it; (4) what choices are available to you regarding such information collection; and (5) what security we use to protect such information. This Privacy Policy also provides some additional information for users of the MedExpert website, including a summary of MedExpert's compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations and our compliance with the newer Health Information Technology for Economic and Clinical Health (HITECH) Act.

 

I. Definitions

 

As used in this Privacy Policy, the following terms have the meanings indicated below:

  1. The term "we" or "us" means MedExpert.

  2. The term "you" means a person who has provided personal information to us in connection with obtaining a MedExpert service.

  3. The term "personal information" means any piece of information that on its own can specifically identify a current or former MedExpert user or other person who has provided personal information to us in connection with obtaining a MedExpert service. This would include, but is not limited to, full name, postal address, e-mail address, social security number, or financial information.

  4. The term "MedExpert website" means MedExpert's external website located at:
    http://www.medexpert.com and any future websites that we may develop.

  5. The term "MedExpert-related organizations" means any entity created by MedExpert.

  6. The term "third party" means a legal entity that is separate and independent from MedExpert, its state and local affiliates, or any MedExpert-related organization.

II. Personal Information Collected

 

We may collect personal information about you from the following sources:

  1. Personal Information that you voluntarily provide to us on Member Question forms and other MedExpert forms-whether online via the MedExpert website or offline via traditional, hard copy forms (such as your name, postal address, telephone number, e-mail address, or social security number).

  2. Other Personal Information that you voluntarily provide to us via the MedExpert website (such as an e-mail address if you subscribe to a MedExpert-produced electronic newsletter or other personal information contained in an e-mail that you send to us via the feedback feature of the MedExpert website).

  3. Personal Information that we receive from our state and local affiliates or other MedExpert-related organizations (such as your name, postal address, telephone number, e-mail address, social security number, etc.).

  4. Personal Information that we receive from third parties.

III. How We Use That Information

 

The personal information that MedExpert collects about you helps us and the clients for whom we work to efficiently and effectively represent you and provide you with the benefits due to you.

 

IV. Available Choices

 

Any personal information that you provide to us is voluntary. MedExpert users may update their personal information at any time.

 

V. Your California Privacy Rights

 

California residents have a right under state law to ask entities with whom they have an established business relationship to provide certain information regarding the sharing of personal information for direct marketing purposes during the past year.

 

MedExpert will honor such a request coming from any current or former MedExpert user or other person who has provided personal information to us in connection with obtaining an MedExpert product or service-whether residing in California or not.

VI. Information Security

 

We maintain administrative, technical, and physical safeguards designed to: (1) ensure the security and confidentiality of your personal information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information.

 

We store and process your personal information on our computers in the United States, and we protect it by maintaining physical, electronic and procedural safeguards in compliance with applicable U.S. federal and state regulations. We use computer safeguards such as firewalls and data encryption. We enforce physical access controls to our buildings and files. We also authorize access to personal information only for those employees who require it to fulfill their job responsibilities.

 

VII. HIPAA (Health Insurance Portability and Accountability Act) Compliance

 

MedExpert is fully compliant with HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996. A major component of HIPAA addresses the privacy of individuals' health information and how it can be used and disclosed. The HIPAA privacy laws became effective on 14 April, 2003.

 

HIPAA rules cover any health or medical information of identifiable individuals, including their medical records, medical billing records, any clinical or research databases, and tissue bank samples.

 

A HIPAA-compliant entity cannot use or disclose protected health information for any purpose other than treatment, payment, or health care operations without either the authorization of the individual or under an exception in the HIPAA regulations.

 

In addition to limiting the use and disclosure of protected health information, HIPAA also gives the patients the right to access this information and to know who the covered entity has disclosed this information to (including investigators' research files). It also restricts most disclosures to the minimum to accomplish the intended purpose and establishes criminal and civil penalties and fines for improper use and disclosure by HIPAA covered entities.

 

HIPAA "Marketing" Exemptions

 

[45 CFR 164.501, 164.508(a)(3)] In general, the use of patient health information for marketing purposes is prohibited under the HIPAA privacy policy without prior authorization from the patient. However, there are exceptions to the definition of marketing for which MedExpert qualifies. The U.S. Department of Health and Human Services Office for Civil Rights has issued a privacy review (http://www.hhs.gov/ocr/hipaa/guidelines/marketing.pdf) that states:

 

"A communication is not "marketing" if it is made for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the individual."

 

HIPAA requires compliant entities to:

 

  • Institute a required level of security for health information, including limiting disclosures of information to the minimum required for the activity

  • Designate a privacy officer and contact person

  • Establish privacy and disclosure policies to comply with HIPAA

  • Train employees on privacy policies

  • Establish sanctions for employees who violate privacy policies

  • Establish administrative systems in relation to the health information that can respond to complaints, respond to requests for corrections of health information by a patient, accept requests not to disclose for certain purposes, track disclosures of health information

  • Issue a privacy notice to patients concerning the use and disclosure of their protected health information

  • Establish a process through an IRB (or privacy board) for a HIPAA review of research protocols

Compliance with the Health Information Technology for Economic and Clinical Health Act (HITECH)

 

The Health Information Technology for Economic and Clinical Health (HITECH) Act introduces more stringent requirements concerning HIPAA compliance. MedExpert is fully compliant with the HITECH Act, meeting or exceeding these new requirements.

 

 

This document is effective June 15, 2010. MedExpert retains the right to amend or otherwise update this document at any time for any reason.