WEBSITE and INTERNET PRIVACY POLICY
This Internet Privacy Policy (“Privacy Policy”) describes iHealthSync, LLC (“iHealthSync”) online data collection practices and how we use and protect your personal information collected online. This Privacy Policy applies only to the information collected on the general website (www.iHealthSync.com) and does not apply to information that iHealthSync obtains about you from other sources. We are committed to protecting your privacy online. Please read the information below to learn the following regarding your use of this site.
YOUR CONSENT:
By using the Website, you consent to the collection and use of your information in the manner we describe in this Privacy Policy. You acknowledge receipt of this Privacy Policy by accessing or
using our site and agree to be bound by all of its terms and conditions. IF YOU DO NOT AGREE
TO THESE TERMS, PLEASE DO NOT ACCESS OR USE THIS SITE.
CHANGES TO OUR POLICY:
We reserve the right to change this Privacy Policy at any time. Such changes, modifications,
additions, or deletions shall be effective immediately upon notice thereof, which may be given by posting the revised Privacy Policy on this page. You acknowledge and agree that it is your
responsibility to review this site and this Privacy Policy periodically and to be aware of any
modifications. Each version of our Privacy Policy will be prominently marked with an effective
date. Your continued use of the site after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by the modified Privacy Policy.
TYPES OF INFORMATION COLLECTED:
We currently do not collect information about users of or visitors to iHealthSync.com. However, if you communicate to us through iHealthSync.com, we will collect any information you provide us. No data transmission over the internet or any wireless network can be guaranteed to be perfectly secured. As a result, while we strive to protect your information using commercially available and industry standard encryption technology, we cannot ensure or guarantee the security of any information you transmit to us, and you do so at your own risk. Accordingly, we respectfully request that you NOT provide any Protected Health Information (“PHI”), or electronic Protected Health Information (“ePHI”) to us using the iHealthSync.com website, as any PHI/ePHI disclosed to us using this website is not secured nor safeguarded; we certainly want to ensure the appropriate administrative, physical, and technical safeguards are in place for you to protect your own information.
Federal, State, and Other Privacy Laws:
1. HIPAA/HITECH: iHealthSync protects and secures all PHI/ePHI through administrative, physical, and technical safeguards consistent with the requirements of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) [45 C.F.R. Parts 160, 162, 164], and its implementing rules and regulations, as well as the mandates of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) [42 U.S.C. 13001, et. seq.].
a. iHealthSync has a responsibility to protect individually identifiable health information under the regulations implementing HIPAA/HITECH as well as other federal and state laws protecting the confidentiality of personally identifiable information, and under general professional ethics. As such, iHealthSync has adopted administrative, physical, and technical safeguards to comply with HIPAA/HITECH.
2. GDPR: iHealthSync also take appropriate safeguards to protect Personal Data
(“PD”) and other information that may be subject to the General Data Protection
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April
2016 (“GDPR”) requiring the protection of natural persons with regard to the processing
of personal data and on the free movement of such data.
a. It is the policy of iHealthSync to remain compliant with the Privacy
Notice Requirements of GDPR as it pertains to individuals within the European
Union as designated by the European Commission or Swiss Federal Data Protection
Authority and particularly on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data. All personnel
of iHealthSync whom are responsible for processing, importing, or exporting personal data, including PHI of individuals who are patients that are being or have been treated by International Medical Record Providers, comply with the GDPR. The Chief Privacy Officer of iHealthSync is the Controller for GDPR compliance and ensures that Personal Data is processed on behalf of a patient in accordance with GDPR and iHealthSync standard policies on privacy and security and protecting health information.
3. SHIELD: iHealthSync has also developed, implemented, and maintains a data security program consistent with the New York State Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act [N.Y. General Business Law §899-aa and §899-bb, and N.Y. Technology Law §208] that includes Administrative, Physical, and Technical Safeguards that provide reasonable safeguards to protect the security, confidentiality and integrity of private information.
a. iHealthSync is obligated to disclose any breach of the security of its data
systems to New York residents whose “private information” was, or is reasonably
likely to have been, accessed or acquired without authorization by a third party
consistent with NY General Business Law §899-aa. The disclosure must be made
without unreasonable delay, and, in certain instances, disclosure may also need to
be made to law enforcement and the New York Attorney General within five (5)
business days of notifying the United States Secretary of the Department of Health
and Human Services of a breach of information.
b. iHealthSync Chief Privacy Officer is designated as the appropriate
individual to confirm that the corporation has a Data Security Program that is
continuously updated by the Information Security Officer (or Acting Information
Security Officer) and distributed for training to the Security and Compliance
personnel of the corporation. In addition, iHealthSync Chief Privacy
Officer is designated as the appropriate individual to provide any required breach
notification to a customer, patient, consumer, Secretary of the United States Health
and Human Services, or the New York State Attorney General.
4. CCPA: iHealthSync is considered a business associate of healthcare covered
entities such as hospitals and medical facilities. Accordingly, protected health information
that is collected by a covered entity or business associate is governed by the privacy,
security, and breach notification rules of HIPAA, HITECH, and the State of California
Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 ) of
Division
1). Notwithstanding, iHealthSync has also developed and implemented
a California Consumer Privacy Policy that is compliant with California Consumer
Privacy Act of 2018 (“CCPA”) [California Civil Code 1798.100, et. seq.].
a. iHealthSync does not sell any Personal Information or otherwise collect,
retain, use or disclose Personal Information for any purpose other than the services
it provides as a business associate to its clients who are healthcare covered entities.
Notwithstanding, iHealthSync may retain, use or disclose Personal
Information for the following purposes pursuant to the CCPA:
(i) to process or
maintain Personal Information on behalf of a Covered Entity as defined by
HIPAA/HITECH and in compliance with the State of California Confidentiality of
Medical Information Act (Part 2.6 (commencing with Section 56 ) of Division 1),
and the CCPA;
(ii) to retain and employ a Service Provider as a subcontractor,
where the subcontractor meets the requirements for a Service Provider under the
CCPA;
(iii) for internal use by iHealthSync to build or improve the quality
of its services, provided that the use does not include building or modifying
household or consumer profiles to use in providing services to another Business or
correcting or augmenting data acquired from another source;
(iv) to detect data
security incidents, or protect against fraudulent or illegal activity; or
(v) for the
purposes enumerated in Cal. Civ. Code section 1798.145(a):
(1) Comply with federal, state, or local laws.
(2) Comply with a civil, criminal, or regulatory inquiry, investigation,
subpoena, or summons by federal, state, or local authorities.
(3) Cooperate with law enforcement agencies concerning conduct or
activity that the business, service provider, or third party reasonably and in
good faith believes may violate federal, state, or local law.
(4) Exercise or defend legal claims.
(5) Collect, use, retain, sell, or disclose consumer information that is
deidentified or in the aggregate consumer information.
(6) Collect or sell a consumer's personal information if every aspect of
that commercial conduct takes place wholly outside of California. For
purposes of this title, commercial conduct takes place wholly outside of
California if the business collected that information while the consumer
was outside of California, no part of the sale of the consumer's personal
information occurred in California, and no personal information collected
while the consumer was in California is sold. This paragraph shall not
permit a business from storing, including on a device, personal
information about a consumer when the consumer is in California and then
collecting that personal information when the consumer and stored
personal information is outside of California.
b. Consistent with Cal. Civ. Code section 1798.145(c)(1), protected health
information that is collected by a covered entity or business associate is governed
by the privacy, security, and breach notification rules of HIPAA, HITECH, and
the State of California Confidentiality of Medical Information Act (Part 2.6
(commencing with Section 56 ) of Division
1). iHealthSync has implemented and maintains reasonable security measures, procedures and practices appropriate to the nature of the Personal Information and as required by the CCPA and any other applicable laws in connection with the Personal Information to protect such information from unauthorized access, destruction, use, modification or disclosure. iHealthSync will timely provide all information and cooperation reasonably necessary in the event of a security
incident or a breach of Personal Information, and will take all measures and actions necessary to remedy or mitigate the effects of a security incident or breach of personal Information. Regardless of the federal, state, or other privacy law that may also protect your privacy, iHealthSync does not disclose your information to others. Occasionally, we may be required by law enforcement, government agencies, or judicial authorities to provide identifiable information to the appropriate governmental authorities. We will disclose information upon receipt of a court order, subpoena, or to cooperate with a law enforcement or government agency investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies any activities that we in good faith believe to be unlawful.
USER CHOICES ON COLLECTION AND USE OF INFORMATION; RIGHT TO OBJECT OR OPT OUT:
We may, from time to time, send emails regarding our services. In addition, if you indicated
through contacts with us, that you are interested in receiving offers or information from us and our partners, we may occasionally send you direct mail or emails about services we feel may be of interest to you. iHealthSync will send you these direct mailings and only if you indicated
that you do not object to these offers and/or desire to opt out of receiving such communication. On occasion a contracted vendor may be used to send the direct mailings. If you do not want to receive such mailings, simply tell us when you give us your information.
PRIVACY POLICIES OF THIRD-PARTY SITES:
Except as otherwise discussed in this Privacy Policy, this document only addresses the use and
disclosure of information we collect from you. Other sites accessible through our site have their
own privacy policies, data collection, use and disclosure practices. Please consult each site's
privacy policy. We are not responsible for the policies or practices of any third-party website you access from this Website including facebook.com, LinkedIn.com, YouTube.com and others that we may utilize on our site.
NO MEDICAL CARE NOR ADVICE
iHealthSync does not provide medical care and cannot guarantee clinical outcomes. The
information contained in the Website, newsletters, emails or other information or content provided by iHealthSync, is neither intended nor implied to constitute medical advice, diagnosis
or treatment. We do not endorse, sponsor or recommend any of the third parties referenced on the Website, newsletters, emails or other information or content provided by us, nor any products, services, treatments, information or content provided by such third parties.
MISCELLANEOUS PROVISIONS AND DISCLAIMERS:
Errors and/or omissions in the website, are unintentional and excepted. iHealthSync assumes no responsibility, and shall not be liable for any damage or injury to you, your computer
or other personal property including, but not limited to, damages caused by viruses that infect your computer equipment or other property on account of your access to our Website or from your downloading of any materials, data, text, images, video or audio, or other items from the Website. All responsibility and liability for any damages caused by viruses contained within the electronic files of this site are disclaimed. The user is advised to make his/her own arrangements for protection of his/her computer resources form such viruses. Some links in this Website may lead to websites which are not under our control. You should understand that providing a link does not mean that we have looked at all those sites, that we have checked them out, or that we endorse them. External sites are not endorsed by us and we make no representation or warranty as to the contents contained in any such external website. When you visit any of those websites you will leave our website and we will accept no responsibility or liability in respect of the material or any website which is not under our control. We disclaim any responsibility if some website you link to has material on it that offends you in any way. Any advertisements seen on the site is not an indication of the responsibility of iHealthSync for any content on such advertisement and we provide hyperlinks of such advertisements to their respective sites without any knowledge or responsibility for such provision. Such advertisements are displayed purely as a business contract between the advertiser and ourselves to lend space on our website's pages for a specified period of time. This website is provided as a service to our visitors. We reserve the right to delete, modify or supplement the content of this website at any time for any reason without notification to anyone. Any and all portions of this disclaimer shall automatically apply to all modifications, additions, improvements and/or Amendments as they appear on the website.
CHILDREN UNDER THE AGE OF 13:
We believe in the importance of protecting the privacy of children online. The Children’s Online
Privacy Protection Act (“COPPA”) governs information gathered online from or about children
under the age of 13. No part of the Website, or any services made available through the Website, are designed, or intended to attract or solicit children under the age of 13. No personal information is knowingly collected from any person under the age of 13. If you believe that we have received information from a child under age 13, please contact us immediately toll free at (855-512-2155) and direct such communication to our Compliance Team.
PRIVACY AND SECURITY
iHealthSync is committed to preserving the security and privacy of all data and information. Our Compliance Team closely monitors the security and privacy of all information to ensure proper requirements are met. If you have a concern about the privacy and security of any health information, you may reach our Compliance Team at (855-512-2155) for further information. Written communication may also be directed to our Compliance Team at 6500 River Place Blvd, Austin Texas 78730
CONTACT INFORMATION:
If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us by sending correspondence to:
Compliance Team
iHealthSync
6500 River Place Blvd, Austin Texas 78730
Telephone: (855-512-2155)