Privacy Policy
(Updated August, 2023)
This Privacy Policy explains our organizational also adherence to the DPF Principles, as well as the use of information collected through the operation of MediOrbis.com , its U.S. subsidiary the MSMD Network, any successor websites thereto (collectively, referred to as the "Website"), and the mobile application MediOrbis or MSMD (collectively, the "App").
MediOrbis ("we," "us," "our") respects your privacy and is committed to protecting your personally identifiable information. We have adopted this Privacy Policy to explain what information may be collected on the Website and the App and how such information may be used and/or shared with others.
This Privacy Policy is subject to the Terms of Use posted on the Website ("Website Terms of Use"). Please return to this Privacy Policy from time to time, as it may be amended without notice. Any changes to this Privacy Policy will be effective immediately upon the posting of the revised Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Website. Each time you use the Website, you should check the date of this Privacy Policy (which appears above) and review any changes that have been made since your last visit.
1. Your Information and How We Use It
In no event or circumstance will MediOrbis ever receive any personal information unless and until said individual authorizes MediOrbis to receive his/her personal information. MediOrbis will collect your electronic health information only in order to provide services, as well as to help diagnose and treat health conditions, or as part of one of the following areas outlined below:
- For the purposes of providing treatment, MediOrbis may require detailed medical information, and will only collect what is relevant and necessary for your treatment. This data is always held securely and is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement.
- To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow MediOrbis to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment.
MediOrbis will only collect the information needed so that we can provide you with the services you require, the business does not sell or broker your data. To meet our contractual obligations obtained from explicit Patient Consent and legitimate interest to respond to enquiries concerning the services provided.
2. Non-Medical Information and its Use
From time to time, we may collect non-personally identifiable information from you through the standard operation of our servers. Such information can include the type of browsers being used, the operating system you are using, and the number of users that visit a specific page on the Website and the character and duration of such visits. This information may be used to help analyze Website traffic and improve our services. We may also aggregate such information to create statistical data and sell or otherwise share it with potential advertisers, partners, affiliates and other third parties. At no point, however, will the aggregated information personally identify you.
As a general policy, no Personal Information is automatically collected from your visit to the Website or use of the App. However, for optimal use, you should provide us with certain information about yourself.
Such information may include contact information (such as your name and e-mail address), and other information as may be required for the functions of the Website. The Personal Information you submit will be used to carry out your requests and respond to your inquiries.
Information automatically collected
Some information - such as IP address and/or browser and device characteristics - is collected automatically when you visit MediOrbis websites. This information is primarily utilized to maintain the security and operation of our sites and internal analytics and reporting purposes.
- MediOrbis will automatically collect certain information when you visit, use or navigate through our website or Patient Portal. This information does not reveal Patient specific identity (like Patient name or contact information) but may include device and usage information, such as Patient IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information.
- It may also be used by us or shared with our affiliate and their respective partners, subsidiaries, affiliates, joint ventures, and sponsors, in order to provide you with additional products and/or services. Such information may also be used by us or shared with a third party associated in providing services to you upon your explicit consent.
- You may always direct us (by contacting via one of the addresses listed below) not to share your Personal Information with these parties or not to use your Personal Information to provide you with additional products and services.
- Except as provided herein, your Personal Information will not be provided to any third parties.
3. Information collected through our Apps
MediOrbis may collect information regarding Patient geo-location, mobile device, push notification permissions when you use our apps. If you use our Apps, MediOrbis may also collect the following information:
- Geo-Location Information. Including but not limited to tracking location-based information from Patient mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in the Patient's device settings.
- Mobile Device Access. Including but not limited to accessing certain features from Patient mobile device, including Patient mobile device's Bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, Patient Care Portal Application accounts, storage, and other features. If you wish to change our access or permissions, you may do so in Patient's device settings.
- Mobile Device Data. Including device information such as Patient mobile device ID, model and manufacturer, operating system, version and IP address.
- Push Notifications. Including but not limited to sending you push notifications regarding Patient account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in Patient's device settings.
4. Personal Information You Disclose to Us
MediOrbis will collect personal information that you provide to us such as name, address, contact information, passwords and security data, payment information, and application login data.
The MediOrbis team will collect personal information that you voluntarily provide to us, either when expressing an interest in obtaining information about us or our products and services, during registration, when participating in activities on the Sites (such as registering an account via our patient portal or requesting a physician consultation) or otherwise contacting us.
The personal information that MediOrbis collects depends on the nature and context of the Patient interactions with us and our services. Patient Personal Health Information MediOrbis may include the following:
- Name and Contact Data. Including but not limited to Patient first and last name, email address, postal address, phone number, and other related contact data.
- Credentials. Including but not limited to passwords, log in details, and security information used for authentication and account access.
- Payment Data. Including but not limited to data necessary to process Patient payment such as Patient payment instrument number (such as a credit card number), account information, expiration date, and the security code associated with the relevant Patient payment instrument.
- Patient Care Portal Application Login Data. MediOrbis will provide you with the option to register using the Patient Care Portal Application. If you choose to register in this way, MediOrbis will collect the personal and demographic information related to your patient encounter, as well as information on your location and contact preferences.
- All personal information that you provide to us must be true, complete and accurate. It is the Patient's responsibility to inform MediOrbis of any changes to such personal information.
Information collected from other Sources
MediOrbis may collect limited data from public databases, marketing partners, Patient Care Portal Application platforms, and other outside sources.
MediOrbis may obtain information about you from other sources, such as public databases, joint marketing partners, Patient Care Portal Application platforms, public web sites and social media platforms (such as Facebook, Instagram, Twitter, etc.), as well as from other third parties as legally able. Examples of the information MediOrbis may receive from other sources include: Patient Care Portal Application profile information such as Patient name, gender, birthday, email, current city, state and country, user identification numbers for Patient contacts, profile picture URL and any other information that you choose to make public.
- We reserve the right to disclose any personally identifiable or non-personally identifiable information if we are required to do so by law or if we reasonably believe that such action is necessary in order to (a) fulfill a government request; (b) conform with the requirements of the law or to comply with legal process served on us; (c) to protect or defend the legal rights or property of MediOrbis, the Website, the App or users; or (d) in an emergency to protect the health and safety of users or the general public.
5. Our Privacy Policy Regarding Your Personal Health Information
When it comes to your Personal Health Information ("PHI"), you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
- You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
- We may say "no" to your request, but we'll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say "yes" to all reasonable requests.
Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say "no" if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say "yes" unless a law requires us to share that information.
Get a list of those with whom we've shared information
- You can ask for a list (accounting) of the times we've shared your health information for six years prior to the date you ask, who we shared it with, and why.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make).
Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
- You can complain if you feel we have violated your rights by contacting us using the information at the end of this Privacy Policy.
- You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/ .
- We will not retaliate against you for filing a complaint.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care
- Share information in a disaster relief situation
- Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
6. Treatment and Disclosure of ePHI
MediOrbis LLC. may use and disclose your PHI in the following ways:
The following categories describe the different ways in which we may use and disclose your PHI:
- Treatment. MediOrbis LLC. may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. Additionally, MediOrbis LLC. might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when ordering a prescription for you. Many of the people who work for MediOrbis LLC. - including, but not limited to, our doctors and nurses - may use or disclose your PHI in order to treat you or to assist others in your treatment.
- Additionally, MediOrbis LLC. may disclose your PHI to others who may assist in your care, such as your spouse, children or parents with your consent.
- Finally, MediOrbis LLC. may also disclose your PHI to other health care providers for purposes related to your treatment.
- Payment. MediOrbis LLC. may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment.
- MediOrbis LLC. may also use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members.
- Also, MediOrbis LLC. may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
- Health care operations. MediOrbis LLC. may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
- Disclosures required by law. MediOrbis LLC. will use and disclose your PHI when we are required to do so by federal, state or local law. The following categories describe unique scenarios in which we may use or disclose your identifiable health information:
- Public health risks. MediOrbis LLC. may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
- Maintaining vital records, such as births and deaths,
- Reporting child abuse or neglect,
- Preventing or controlling disease, injury or disability,
- Notifying a person regarding potential exposure to a communicable disease,
- Notifying a person regarding a potential risk for spreading or contracting a disease or condition,
- Reporting reactions to drugs or problems with products or devices,
- Notifying individuals if a product or device they may be using has been recalled,
- Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information,
- Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
- Health oversight activities. MediOrbis LLC. may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
- MediOrbis LLC. may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
- Law enforcement. MediOrbis LLC. may release PHI if asked to do so by a law enforcement official:
- Regarding a crime victim in certain situations, if we are unable to obtain the person's agreement,
- Concerning a death, we believe has resulted from criminal conduct,
- Regarding criminal conduct at our offices,
- In response to a warrant, summons, court order, subpoena or similar legal process,
- Serious threats to health or safety. MediOrbis LLC. may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
- Military. MediOrbis LLC. may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
- National security. MediOrbis LLC. may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
- Workers' compensation. MediOrbis LLC. may release your PHI for workers' compensation and similar programs.
International compliance and Arbitration
MediOrbis is and will remain subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As a result of this commitment, MediOrbis extends to all individual participants the possibility, under certain conditions, for the individual to invoke binding arbitration.
European Commission's Standard Contractual Clauses: MediOrbis has taken measures to implement the European Commission's Standard Contractual Clauses for transfers of personal information by MediOrbis. Hence all such recipients are required to protect personal information processed from the EEA in accordance with European data protection laws. Standard Contractual Clauses for MediOrbis can be provided upon request.
In compliance with the EU-U.S. DPF, MediOrbis commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to International Centre for Dispute Resolution, an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, with respect to such requests, our third-party service provider for arbitration purposes: is hereby formally listed as the International Centre for Dispute Resolution, a subsidiary of the American Arbitration Association.
please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint.
The services of the International Centre for Dispute Resolution are provided at no cost to you.
MediOrbis complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. MediOrbis has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles , the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/
To learn more about the Data Privacy Framework (DPF) please visit the Program website at: (https://go.adr.org/dpf_irm.html)
In compliance with the EU-U.S. DPF, MediOrbis commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact MediOrbis via our direct address at:Admin@MediOrbis.com.
For additional information on policy coverage - see Privacy Policy FAQs
Accountability for Onward Transfers
MediOrbis will only transfer personal data to an Agent/Data Processor where they provide assurances that they provide at least the same level of privacy protection as is required by these privacy principles.
Where MediOrbis has knowledge that an Agent/Data Processor to whom it has provided personal information is processing that information in a manner contrary to this Policy or the EU-U.S. Data Privacy Framework Principles requirements, MediOrbis will take reasonable steps to prevent or stop the processing.
MediOrbis will only transfer personal data to a non-agent third party in a manner that is consistent with the written authorization provided by the individuals who are the subject of the data and any consent that those individuals have given. In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-U.S. Data Privacy Framework Principles, MediOrbis is potentially liable.
Choices for Limiting Use and Disclosure of Personal Data
1. Introduction at MediOrbis, we are committed to protecting the privacy and security of our patients' personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant laws. This section of our privacy policy outlines the choices you, as an individual, have regarding the use and disclosure of your personal data.
2. Personal Data Usage ChoicesMediOrbis provides the following options for you to control how we use your personal data:
- Consent Withdrawal: You may withdraw consent for the processing of your personal data at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
- Data Correction: You have the right to correct any personal data we hold about you that may be incorrect or incomplete.
- Data Deletion: You can request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you have withdrawn your consent.
- Data Restriction: You have the right to request that the use of your personal data be restricted. This means that your personal data will only be processed with your consent, for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.
- Object to Processing: You have the right to object to the processing of your personal data, on grounds relating to your particular situation, at any time.
3. Limiting Disclosure to Third Parties You can limit the disclosure of your personal data to third parties in the following ways:
- Third-Party Disclosure Restrictions: You may choose to restrict MediOrbis from sharing your personal data with third parties. This does not include third parties involved in the processing of your data for operational or legal reasons as mandated by GDPR.
- Marketing Opt-Out: You may opt out of receiving marketing communications at any time by using the unsubscribe link in the emails or contacting us directly.
- Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller without hindrance from us.
4. Exercising Your Rights To exercise any of these rights, please contact our Data Protection Officer (DPO) via email at dpo@mediOrbis.com or by mail at the following address:
MediOrbis Data Protection Officer
30575 Bainbridge Road, Suite 300 Cleveland Ohio 44139
Please include your contact information and a copy of your ID or other documents proving your identity. We may request additional information necessary to confirm your identity before processing your request.
7. Does MediOrbis Network Collect Cookies or Other Tracking Technologies?
Cookies and other tracking technologies may be used to collect and store Patient information.
Cookies themselves do not contain any personally identifiable information. We may analyze the information derived from these cookies and match such information with data provided by you or another party.
MediOrbis may provide our analysis and certain non-personally identifiable information to potential partners, advertisers (who may use this information to provide advertisements tailored to your interests) or other third parties, but we will not disclose any personally identifiable information, except as provided in this Privacy Policy.
8. Keeping Your Information Secure
MediOrbis has implemented a system of organizational and technical security measures aimed at protecting Patient personal information. To this end, we have implemented appropriate technical and organizational security measures designed to protect the security of any personal information our systems will process.
Although MediOrbis strive to provide the utmost level of protection when handling PPHI, transmission of personal information to and from our Sites is in the location and with the modality chosen by the patient, thereby putting the security of the information at risk. As such, we strongly advise all Patients to access the services only from within secure and compliant environments.
Keeping your Personal Information secure is one of our most important responsibilities. We value your trust and handle Personal Information with care. We will not rent, sell or otherwise disclose your Personal Information to unrelated third parties without your consent, except as stated in this Privacy Policy. We safeguard information according to established security standards and procedures, and we continually assess new technology for protecting information.
Our employees are trained to understand and comply with these standards and procedures. Please be advised, however, that while we strive to protect your Personal Information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information.
9. Keeping Your Information Accurate
Keeping Personal Information accurate and up-to-date is very important. If you ever find that information about you is incomplete, inaccurate or not current, we want to correct it. If you do not want your personal information used by us as provided in this Privacy Policy, you should not use the Website or the App. You can correct, update or review personal information you have previously submitted by going back to the specific Service, logging-in and making the desired change. You can also update any personal information you have submitted by contacting us using the contact information listed below or through the Contact Us link provided on the Website.
If you have registered and desire to delete any of your registration information you have provided to us from our systems, please contact us using the Contact Us link on the Website or the App. Upon your request, we will delete your registration information from our active databases and where feasible from our back-up media. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to the Website or the App from our servers.
10. Minor's Privacy Policy
The Website and the App do not knowingly market or collect information from children under 13. If you are under 13, please do not provide any Personal Information to us. If we become aware that we have inadvertently collected any Personal Information for a child under 13 years of age, that info will be deleted immediately from our records upon discovery.
Does MediOrbis Collect Information from Minors?
The only time MediOrbis will knowingly collect data from or market to children under 18 years of age is if the respective minor's legal guardian has consented on his or her behalf.
MediOrbis will not knowingly solicit data from, or market services to, children under 18 years of age. Individuals who use the sites are inherently representing that they are at least 18 years of age, or that they are the parent or guardian of such a minor and consent to such minor dependent's use of the Site [and Patient App]. If MediOrbis becomes aware that personal information from users less than 18 years of age has been collected without consent, the organization will deactivate the account and take reasonable measures to promptly delete such data from our records.
11. Certain Business Changes
As we continue to develop our business, we may sell or purchase assets. If another entity acquires MediOrbis or all or substantially all of our assets, personally identifiable information, non-personally identifiable information, and any other information that we have collected about the users of the Website will be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against MediOrbis, all such information may be considered an asset of MediOrbis and, as such, may be sold or transferred to third parties.
12. Other Sites
The Website and the App may contain links to other web sites or apps that are not controlled or maintained by MediOrbis; however, we are not responsible for the privacy practices employed by these other platforms. We encourage you to note when you leave the Website or the App and to read the privacy statements of such other platforms before submitting any personally identifiable information. This Privacy Policy applies solely to information collected through the Website or the App.
13. Our Responsibilities
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
14. California Residents
FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and have provided your Personal Information to us, you may request information about our disclosures of certain categories of Personal Information to third parties for direct marketing purposes in the preceding calendar year. You can submit such request by sending an email by using the Contact Us link on the Website or the App.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Contact Us
If you have questions or comments about our privacy practices, or if you wish to review or amend any Personal Information you have provided, you can contact us at the following e-mail address: support@mediorbis.com. Your e-mail address will be added to the personally identifiable information we maintain about you.
If you would like to contact us via mail, please write us at:
Attn: Privacy Officer MediOrbis, LLC, 30575 Bainbridge Road Suite 300, Cleveland, Ohio 44139