Collection of Information
When you register for the Application or subscribe to our Services (“Enroll”), we collect personal information that can identify you (“Personally Identifiable Information” or “PII”) that includes, but is not limited to: (1) your name and your contact data (such as your e-mail address, phone number and billing and physical addresses); (2) demographic data (such as your gender and your date of birth); (3) insurance information (such as your insurance provider and insurance group number); (4) payment information (such as your credit or debit card number); (5) name and address of your employer; and (6) family member names and dates of birth (for primary’s dependents). We also may collect PII or protected health information (“Protected Health Information” or “PHI”) from you when you make a request to be connected with an independent medical practice (“Medical Practice”), in order to schedule an appointment (“Appointment”) or to request an on-call licensed physician assistant or advance practice nurse (a “Provider”) to provide non-emergency general adult or pediatric healthcare services at your location (“Visit”); creating a profile; or completing surveys. This may include, but is not limited to: (1) date and time of appointment; (2) name of Provider whom the appointment is made; and (3) location of the appointment.
The information that we collect varies depending upon how you use our Services. When you Enroll, you will need to provide us with health-related information that a Provider will need to determine whether he/she is willing to provide medical services to you. That information will be associated with your profile. Any PHI that you provide through the Application briefly describing your symptoms (or those of any minor for whom you request Services) will be sent to an independent Medical Practice and Provider, if available, to be used for treatment, processing your payment for the Visit, and other health care operations.
FetchMD will not use any PHI for any other purpose without your written authorization, or unless otherwise permitted or required by law. You may revoke, in writing, any such authorization at any time, except to the extent we have taken action in reliance thereon. We maintain an electronic medical records system containing health information regarding your Appointment and/or Visit with the Provider, but we will not have any independent access to an independent Medical Practice’s detailed health record, if any, created as a result of a Visit.
Protected Health Information. In connecting you with an independent Medical Practice to provide you with their medical services in connection with an Appointment or a Visit, the Application may collect PII and PHI from you and transmit it electronically.
Neither FetchMD nor any other party not working directly with the independent Medical Practice will be authorized to access PHI kept by the independent Medical Practice. We will transmit any PHI describing your symptoms (or that of any minor for whom you are requesting Services) to any independent Medical Practice in a secured electronic transaction. You have a right to a paper copy of any PHI that we transmit (including that of a minor for whom you are acting) and a right to amend PHI in accordance with applicable legal requirements. If you wish to communicate with an independent Medical Practice or Provider directly by email or other electronic means, you may request that those communications be through a system that protects your confidentiality. Providers will accommodate reasonable requests in accordance with applicable law. Otherwise, your electronic communications may not be secure.
Tracking and/or Analytics Services. We may use tracking and/or analytics services with your use of the Application. On your mobile device these services may record unique mobile gestures such as tap, double-tap, zoom, pinch, scroll, swipe and tilt but do not collect personally identifiable information that you do not voluntarily enter in the Application. These services do not track your browsing habits across mobile applications that do not use the same services. When you use our website these services may include collecting information such as your IP address, browser type, domain names, access times and referring website addresses. We are using the information collected by these services to understand user behavior and optimize site performance.
Non-Personally Identifiable Information. We also collect non-Personally Identifiable Information that is not health information or medical information in the form of statistics and information regarding the Application user’s statistics and metrics obtained from third party devices (for example, steps, distance, calories burned, GPS coordinates, bat speed, hand speed, swing time, etc.), which may be combined with personal information you submit through the Application and/or Services so that you can fully enjoy the benefits of the Application’s tracking, monitoring, and diagnostic tools. We may also request the following optional information as part of your profile so that you can fully enjoy the features and functions of our Services: your weight, height, and gender.
Mobile Device Information. Your use of the Application may also include collection of information from your mobile device. For example, the Application may request your permission to collect location data and/or may request access to multimedia (photos or videos) stored on your mobile device. Location data is not required for your use of the Application, and you have the option of declining collection of geolocation data. If you do not wish for your location data to be shared with FetchMD, please respond accordingly when prompted on your mobile device, or update the settings on your mobile device. Multimedia will only be collected from your device if you affirmatively select it to upload to the Application (i.e. you choose an image or video to store within the Application). Multimedia will not be shared with the exception of your profile photo, which will appear in your user profile and may be shared with Providers.
Web Beacons. We may also use web beacons (invisible images often referred to as pixel tags or clear GIFs) in order to recognize users and assess traffic patterns, and we may include web beacons and cookies in our email messages in order to count how many e-mail messages have been opened.
How We Use Your Information
(i) For the purposes for which you specifically provided the information including, without limitation, to enable us to process and fulfill your membership, provide you with the Services or information you request and respond to correspondence that we receive from you.
(ii) To schedule and provide services related to the scheduling of Appointments, for example, to send you an appointment confirmation, or Visits; communicate with you, the Medical Practice and Provider regarding your health status, appointments and related services provided by a Provider; obtain or facilitate payments for Appointments and related services provided by a Provider and send you payment receipts; and provide you with related customer service.
(iii) To confirm that services you request were performed for you by the Provider.
(iv) To provide, maintain, administer or expand the Services, perform business analyses, or for other internal purposes to support, develop features, improve or enhance our business, the Services, and other products and services we offer.
(v) To provide information regarding the Application, and changes to our terms, conditions and policies.
(vi) To notify you about our products, services, and special offers, except that we will not use PHI for marketing purposes without your prior written consent.
(vii) To provide marketing and other promotional materials.
(viii) To send you information about your relationship or transactions with us.
(ix) To allow us to personalize and tailor your experience the Application.
We use non-Personally Identifiable Information for purposes such as measuring the number of users of various features of the Application, making the Application more useful to users and delivering targeted advertising and non-advertising content. We may also use non-Personally Identifiable Information (for example, statistics regarding use and metrics) for research purposes, for marketing and promotional purposes, and to develop new learning tools and solutions. We use IP addresses to analyze trends, administer the Application, track a visitor’s movement, and gather demographic information for aggregate, non-personally identifiable use.
Sharing Your Information
We may share your information as follows:
(i) Medical Practices and Providers: We will share your information with the independent Medical Practice and Providers to schedule Appointments, provide the Services and process payments. The Provider may contact you via telephone prior to being dispatched to your location, to ensure that that they are equipped to handle your medical case. The Provider’s treatment of your information is subject to the Provider’s and Medical Practice’s own policies and procedures. Any PHI that we collect from you will be kept private and secure, as required by law.
(iii) With Third-Party Service Providers: We may use other companies to perform services including, without limitation, facilitating some aspects of our Application such as processing credit card transactions, data analysis, sending emails, and fulfilling purchase requests. These other companies may be supplied with or have access to your PII solely for the purpose of providing these services to you on our behalf. Such service providers shall be bound by appropriate confidentiality and security obligations, which may include, as applicable, business associate contract obligations.
(iv) Special Circumstances: We also may disclose your PII:
In response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency where required by applicable law
When disclosure is required or allowed by law in connection with efforts: (a) to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; (b) to protect and defend the rights, property or safety of our company, our users, our employees, or others; (c) to comply with applicable law or cooperate with law enforcement; (d) to notify emergency services or your family members, personal representative or other individuals involved in your care of your location and condition at our discretion under emergency circumstances; (e) to enforce our Application’s terms and conditions or other agreements or policies; or (f) to allow us to pursue available remedies or limit the damages that we may sustain.
In connection with a corporate transaction, such as the sale of all or a portion of our business, a divestiture, reorganization, merger, consolidation, or asset sale, or in the event of bankruptcy, as required or allowed by law.
SPECIAL NOTICE FOR USERS OF THE APPLICATION: IF YOU ELECT TO MAKE YOUR PROFILE (OR THAT OF A MINOR OR FAMILY MEMBER) VIEWABLE BY PROVIDERS, ALL INFORMATION (EXCLUDING PERSONAL CONTACT INFORMATION) THAT YOU INCLUDE IN THAT PROFILE MAY BE VIEWED BY PROVIDERS. YOU SHOULD NOT ENTER ANY INFORMATION IN THE PROFILE THAT YOU (OR ANOTHER PERSON) WISHES TO REMAIN CONFIDENTIAL. A PROVIDER WILL NOT BE ABLE TO CONTACT YOU EXCEPT THROUGH THE PERSONAL CONTACT INFORMATION YOU PROVIDE THROUGH THE APPLICATION. WE ARE NOT RESPONSIBLE FOR THE RETENTION, USE OR PRIVACY PRACTICES OF PROVDERS AFTER THEY HAVE RECEIVED YOUR INFORMATION.
Confidentiality of Health Information
Certain Medical Practices and Providers may be subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of such a health care provider, we do so as its “business associate” (as also defined by HIPAA). We are prohibited from, among other things, using individually identifiable health information in a manner that the health care provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such health care providers.
We are also subject to laws and regulations governing the use and disclosure of certain personal and health information, including HIPAA, when we operate as a business associate of such a health care provider.
How We Protect Your Information
We use commercially reasonable administrative, technical, and physical measures to safeguard PII and PHI in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. No method of transmission over mobile applications or data storage system is 100% secure. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information, including without limitation any breach of security or for any actions of a Medical Practice or Provider.
Our safeguards to protect the security and privacy of your PII and PHI include, with limitation, the following measures:
(i) Our infrastructure is kept in a secured data center that protects from unauthorized access to the physical servers, backups and any element used to store and/or process personal data. Only authorized personnel subject to contractual obligations on use and confidentiality of your information can access the data center.
(ii) Our systems and databases are backed up regularly to help protect the data in case of an incontrollable catastrophe. The data center that stores our servers has policies and procedures in place designed to safeguard the equipment that our data is stored on.
(iii) We regularly upgrade our system software to include the latest security features.
(iv) Our servers are protected by a firewall system, which is designed to keep unwanted traffic or access out of our computer network. We also use security methods to determine and verify the identity of each registered user, so that appropriate rights and restrictions can be enforced for that user.
(v) All communication between our Web server, your browser and our Application is encrypted with SSL (Secure Sockets Layer) to guard against network eavesdroppers. Your password is internally encrypted in our system to prevent unauthorized access to the system.
How to Access or Update Your Information
You may have additional rights to access, correct or modify the health information that is held by your Provider. Please consult your Provider’s Notice of Privacy Practices for a description of those rights and how to exercise them.
Your Choices Regarding Our Use of Your Personal Information
We give you choices regarding our use of your PII for marketing purposes. Specifically, you may opt-out from receiving marketing-related e-mails from us based upon your PII. If you no longer want to receive marketing-related e-mails from us on a going-forward basis, you may opt-out of receiving such marketing-related e-mails by sending an email to email@example.com.
We will try to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related messages from us, we may still send administrative messages to you; you cannot opt-out from receiving administrative messages.
Use of the Application by Minors
The Application and/or Services are not intended for use by, or directed to, children under the age of 13, and we do not knowingly collect information from users under the age of 13. Children under the age of 13 may not use the Application and/or Services.
By accessing, using and/or submitting information to or through the Application, you represent that you are not younger than age 13. If we learn that we have received any information directly from a child under age 13, we will use that information only to respond directly to that child (or his/her parent or legal guardian) to inform the child that he/she cannot use the Application and/or Services and subsequently we will delete that information.
Links to Third Party Sites
Notice of Violations
If you believe that FetchMD has violated your privacy rights, you should contact us at the mailing address or e-mail address provided below. If you believe that an independent Medical Practice or Provider has violated your privacy rights regarding PHI, you should contact the Medical Practice directly.
How to Contact Us
Please note that e-mail communications are not always secure; so please do not include health information, credit card information or other sensitive information in your e-mail messages to us.
Last Revised: August 19, 2016