Privacy Policy
Effective as of October 11, 2023
Medaxion, Inc. (“Medaxion”) values your privacy. In this Privacy Policy (“Policy”), we describe how we collect, use, and disclose information that we obtain about visitors to our website (the “Site”), users of the Medaxion mobile applications (the “Applications”), and the services available through our Site (collectively, the “Services”), and how we use and disclose that information.
The Medaxion Services have been developed for hospitals and medical groups (“Providers”) who have subscribed to the Services and the patients under their care (“Patients”) to facilitate and coordinate patient medical care and the administration of medical services by Providers and personnel who are authorized to access and use the Services, including, without limitation, administrators, physicians, nurses, and other caregivers (“Authorized Caregiver”) about patient encounters and detailed medical data related thereto.
Medaxion understands the importance of a Provider’s and Authorized Caregiver’s privacy relationship with their Patients and the importance of keeping Personal Information private. Personal information identifies you as an individual, such as your name, postal address, email address, date of birth, and telephone number (“Personal Information”).
Health Information is a part of the Personal Information we collect from Patients. Health Information is generally described as information we collect, receive, or create about a Patient and their healthcare.
For example, we may collect Personal Information about Providers or an Authorized Caregiver who uses the Services to help a Patient. We may collect information about a Patient unrelated to their healthcare, such as medical and family history, basic registration, demographics, insurance data, and other information from third parties included within a Patient’s profile.
This Privacy Policy describes our practices in connection with information that we collect through use of the Services and the Site or Applications. You can visit the Site at any time without providing Personal Information; however, the Site may collect information about your visit automatically as described below “Information We Collect Automatically.” By using the Services or the Site, you agree to the terms and conditions of this Privacy Policy.
What Personal Information Do We Collect About You and Why?
Personal Information We Collect From Providers and Authorized Caregivers
If you are a Provider or Authorized Caregiver, we collect Personal Information about you when you register to use the Services. The Personal Information about Providers and Authorized Caregivers we collect includes, without limitation, the Provider’s and Authorized Caregiver’s name, position, specialty, email address, phone number, national provider number, credentials, OIDC details, and business postal address. We do not collect Health Information about Providers or Authorized Caregivers.
Personal Information We Collect About Patients
If you are a Patient, we collect Personal Information about you when you have registered with your Provider or Authorized Caregiver for care that involves using Medaxion’s Services when they schedule your care encounter.
Through this registration and scheduling action, we may collect information about you, including, for example, employment history, health care insurance information, demographic data, your personal medical history, and family medical history related to your care.
How We Use Your Personal Information
We may use your Personal Information as follows:
Patient Personal Information:
- To provide our Services to Providers and Authorized Caregivers, to communicate with them their use of our Services, to respond to inquiries, and for other customer service purposes.
- To service the needs of your care pathway, from registration to postoperative discharge and billing.
- To send you important information pursuant to your rights under HIPAA.
Provider and Authorized Caregiver Personal Information:
- For business purposes, such as data collection and analysis, audits, developing new products, and enhancing and improving our Site, Applications, and Services.
- To better understand how Providers and Authorized Caregivers access and use our Site, Applications, and Services, both on an aggregated and individualized basis
- To improve our Site, Applications, and Services, respond to user desires and preferences, and for other research and analytical purposes.
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
How We Share Your Personal Information
We may disclose your Personal Information, including Health Information (defined below) as follows:
If you are a Patient
- To your Provider or Authorized Caregivers, without further authorization, for treatment, payment, or operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures, such as your rights under HIPAA.
If you are an Authorized Caregiver
- To the Patient and their Provider and that Provider’s Authorized Personnel, as required for Patient care or Transfer of Care.
If you are a Provider
- To Patients as defined under the Patients Right to Information, to third-party service providers who provide services such as scheduling, assignment, data gathering, data analysis, payment processing, customer service, email delivery services, auditing services, and other similar services.
- To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
- As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
What is Health Information?
Health Information is a part of the Personal Information that we collect about Patients and falls into two categories:
“Protected Health Information” is individually identifiable health information created or received by or on behalf of a covered entity (for example, a health care provider or health plan) and which relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual. Protected Health Information is further defined by the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and is subject to the protections of HIPAA.
“Additional Health Information” is a subset of Health Information that does not fall within the category of Protected Health Information above. For example, this would encompass information related to past, present, or future physical or mental health or conditions, the provision of health care to an individual, or the past, present or future payment for the provision of health care to an individual but with the difference that such information was not created or received by us from or on behalf of a covered entity. We may collect Additional Health Information in connection with the Site or Applications.
How We Use and Share Protected Health Information and Additional Health Information
We may use and disclose Protected Health Information and Additional Health Information to provide the Services as described in this policy, except our use and disclosure of Protected Health Information is further limited by the main federal health privacy law known as the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Notice of Privacy Practices available from your Provider.
We will use and disclose Protected Health Information only to provide Services to the Provider or the Authorized Caregivers and for disclosures permitted by HIPAA under our agreement with your Provider. If there is a conflict or inconsistency about handling Protected Health Information between (i) this Privacy Policy and (ii) our compliance obligations with HIPAA and contractual commitments with Providers, then the latter will govern.
Non-Personal Information We Collect Automatically
We may automatically collect the following information about use of our Site or Services through cookies, web beacons, and other technologies: domain name; browser type and operating system; web pages viewed; links clicked; IP addresses; the length of time of a visit to our Site or use of our Services; any referring URL, or the webpage that led you to our Site. We also may collect the following information about your use of the Application: mobile device ID, location and language information, device name and model, operating system type, name, and version, activities within the Application, and the length of time that a user is logged into our Application. We may combine this information with other information that we have collected, including, where applicable, user names, names, and other personal information. For more information, please see the section “Our Use of Cookies and Other Tracking Mechanisms” below.
Our Use of Cookies and Other Tracking Mechanisms
We and our third-party service providers use cookies and other tracking mechanisms to track information about the use of our Site or Services. We may combine this information with other personal information we collect (and our third-party service providers may do so on our behalf).
Currently, our systems do not recognize browser “do-not-track” requests. However, you may disable certain tracking as discussed in this section (e.g., by disabling cookies); you may opt out of targeted advertising by following the instructions located in such advertising.
Cookies: Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Site and Service. There are two types of cookies: session and persistent cookies.
- Session Cookies: Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Site. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Site.
- Persistent Cookies: Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We do not currently use persistent cookies on the Site.
Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Site who disable cookies can browse certain areas of the Site, but some features may not function.
Third Party Analytics: We use automated devices and applications, such as Google Analytics, to evaluate usage of our Site. We also may use other analytic means to evaluate our Services. We use these tools to help us improve our Services, performance, and user experiences. These entities may use cookies and other tracking technologies to perform their services. We do not share your personal information with these third parties.
With respect to Google Analytics specifically, we may collect some or all of the following information about your use of our Site and Applications, and we may be able to connect this information to other information we have about you:
- Pages visited, time of visit, and time spent on each page of the Site
- Type of web browser
- Type of operating system (OS)
- Screen resolution
- IP address
Third-Party Links
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Policy but by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.
Security of Personal Information
We use reasonable administrative, technical, and physical measures to protect Personal Information under our control; and Protected Health Information specifically per HIPAA rules. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at support@medaxion.com
You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. We are not responsible for any lost, stolen, or compromised passwords or for any activity on your account via unauthorized password activity.
Access to My Personal Information
You may modify Personal Information submitted by logging into your account and updating your profile information. Please note that copies of information that you have updated, modified, or deleted may remain viewable in cached and archived pages of the Site or Application for a period of time.
You may also contact us directly if you would like to review, correct, update, delete or otherwise limit our use of your Personal Information that has been previously provided to us by sending us an email at support@medaxion.com. Please be aware that some contracts designate your Provider organization as the primary support interface, and our reponse to your request may redirect you to contact that team. In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit use of your Personal Information we may need to terminate your account with us and your ability to access and use the Services, and you agree that we will not be liable to you for such termination. Although we will use reasonable efforts to do so, you understand that it may not be legally or technologically possible to remove every record of your Personal Information from our systems. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.
We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law or prevailing contract.
What Choices Do I Have Regarding Use of My Personal Information?
We may send periodic promotional or informational emails to Providers, provided such messages are not based on Protected Health Information. You may opt out of such communications by following the opt-out instructions contained in the e-mail. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt out of receiving emails about recommendations or other information that may interest you, we may still send you e-mails about your account or any Services you have requested or received from us.
Children Under 18
The Services are not permitted for use by individuals under the age of eighteen (18) unless they have provided the written consent of their parents or legal guardians, and we request that these individuals do not provide Personal Information to us. This is not true for Patient information used to provide care.
Special Information for California Consumers
California residents may request a list of certain third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per calendar year. In your request, please attest that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us at: support@medaxion.com. Please allow up to thirty (30) days for a response.
Changes to this Policy
This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Site, at www.medaxion.com/privacy-policy. If we make any changes to this Policy that materially affect our practices concerning the Personal Information we have previously collected from you, we will endeavor to provide you with notice in advance of such change by highlighting the change on our Site or otherwise notify you at the email address provided by you at the time you registered for the Services, whichever occurs earlier. Any change to this Privacy Policy will be effective for all information we maintain, even information in existence before the change. Following these changes, your use of the Site, Application, or Services means accepting the revised Privacy Policy.
Contacting Medaxion
If you have questions about the privacy aspects of our Services or would like to make a complaint about our compliance with this Privacy Policy, you may contact us at support@medaxion.com.