(Updated August, 2023)
1. Your Information and How We Use It
In no event or circumstance will MediOrbis ever receive any personal information unless and until said individual authorizes MediOrbis to receive his/her personal information. MediOrbis will collect your electronic health information only in order to provide services, as well as to help diagnose and treat health conditions, or as part of one of the following areas outlined below:
- For the purposes of providing treatment, MediOrbis may require detailed medical information, and will only collect what is relevant and necessary for your treatment. This data is always held securely, and is not shared with anyone not involved in your treatment, although for data storage purposes it may be handled by pre-vetted staff who have all signed an integrity and confidentiality agreement.
- To be able to process your personal data it is a condition of any treatment that you give your explicit consent to allow MediOrbis to document and process your personal medical data. Contact details provided by you such as telephone numbers, email addresses, postal addresses may be used to remind you of future appointments and provide reports or other information concerning your treatment.
MediOrbis will only collect the information needed so that we can provide you with the services you require, the business does not sell or broker your data. To meet our contractual obligations obtained from explicit Patient Consent and legitimate interest to respond to enquiries concerning the services provided.
2. Non-Medical Information and its Use
From time to time, we may collect non-personally identifiable information from you through the standard operation of our servers. Such information can include the type of browsers being used, the operating system you are using, and the number of users that visit a specific page on the Website and the character and duration of such visits. This information may be used to help analyze Website traffic and improve our services. We may also aggregate such information to create statistical data and sell or otherwise share it with potential advertisers, partners, affiliates and other third parties. At no point, however, will the aggregated information personally identify you.
As a general policy, no Personal Information is automatically collected from your visit to the Website or use of the App. However, for optimal use, you should provide us with certain information about yourself.
Such information may include contact information (such as your name and e-mail address), and other information as may be required for the functions of the Website. The Personal Information you submit will be used to carry out your requests and respond to your inquiries.
Information automatically collected
Some information - such as IP address and/or browser and device characteristics - is collected automatically when you visit MediOrbis websites. This information is primarily utilized to maintain the security and operation of our sites and internal analytics and reporting purposes.
- MediOrbis will automatically collect certain information when you visit, use or navigate through our website or Patient Portal. This information does not reveal Patient specific identity (like Patient name or contact information) but may include device and usage information, such as Patient IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site and other technical information.
- It may also be used by us or shared with our affiliate and their respective partners, subsidiaries, affiliates, joint ventures, and sponsors, in order to provide you with additional products and/or services. Such information may also be used by us or shared with a third party associated in providing services to you upon your explicit consent.
- You may always direct us (by contacting via one of the addresses listed below) not to share your Personal Information with these parties or not to use your Personal Information to provide you with additional products and services.
- Except as provided herein, your Personal Information will not be provided to any third parties.
3. Information collected through our Apps
MediOrbis may collect information regarding Patient geo-location, mobile device, push notification permissions when you use our apps. If you use our Apps, MediOrbis may also collect the following information:
- Geo-Location Information. Including but not limited to tracking location-based information from Patient mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in the Patient's device settings.
- Mobile Device Access. Including but not limited to accessing certain features from Patient mobile device, including Patient mobile device's Bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, Patient Care Portal Application accounts, storage, and other features. If you wish to change our access or permissions, you may do so in Patient's device settings.
- Mobile Device Data. Including device information such as Patient mobile device ID, model and manufacturer, operating system, version and IP address.
- Push Notifications. Including but not limited to sending you push notifications regarding Patient account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in Patient's device settings.
4. Personal Information You Disclose to Us
MediOrbis will collect personal information that you provide to us such as name, address, contact information, passwords and security data, payment information, and application login data.
The MediOrbis team will collect personal information that you voluntarily provide to us, either when expressing an interest in obtaining information about us or our products and services, during registration, when participating in activities on the Sites (such as registering an account via our patient portal or requesting a physician consultation) or otherwise contacting us.
The personal information that MediOrbis collects depends on the nature and context of the Patient interactions with us and our services. Patient Personal Health Information MediOrbis may include the following:
- Name and Contact Data. Including but not limited to Patient first and last name, email address, postal address, phone number, and other related contact data.
- Credentials. Including but not limited to passwords, log in details, and security information used for authentication and account access.
- Payment Data. Including but not limited to data necessary to process Patient payment such as Patient payment instrument number (such as a credit card number), account information, expiration date, and the security code associated with the relevant Patient payment instrument.
- Patient Care Portal Application Login Data. MediOrbis will provide you with the option to register using the Patient Care Portal Application. If you choose to register in this way, MediOrbis will collect the personal and demographic information related to your patient encounter, as well as information on your location and contact preferences.
- All personal information that you provide to us must be true, complete and accurate. It is the Patient's responsibility to inform MediOrbis of any changes to such personal information.
Complaints and Unresolved Issues
In compliance with the EU-U.S. DPF, MediOrbis commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF to the American Arbitration Association, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit this page for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.
Information collected from other Sources
MediOrbis may collect limited data from public databases, marketing partners, Patient Care Portal Application platforms, and other outside sources.
MediOrbis may obtain information about you from other sources, such as public databases, joint marketing partners, Patient Care Portal Application platforms, public web sites and social media platforms (such as Facebook, Instagram, Twitter, etc.), as well as from other third parties as legally able. Examples of the information MediOrbis may receive from other sources include: Patient Care Portal Application profile information such as Patient name, gender, birthday, email, current city, state and country, user identification numbers for Patient contacts, profile picture URL and any other information that you choose to make public.
- We reserve the right to disclose any personally identifiable or non-personally identifiable information if we are required to do so by law or if we reasonably believe that such action is necessary in order to (a) fulfill a government request; (b) conform with the requirements of the law or to comply with legal process served on us; (c) to protect or defend the legal rights or property of MediOrbis, the Website, the App or users; or (d) in an emergency to protect the health and safety of users or the general public.
When it comes to your Personal Health Information ("PHI"), you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
- You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
- We may say "no" to your request, but we'll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say "yes" to all reasonable requests.
Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say "no" if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say "yes" unless a law requires us to share that information.
Get a list of those with whom we've shared information
- You can ask for a list (accounting) of the times we've shared your health information for six years prior to the date you ask, who we shared it with, and why.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make).
Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
- You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
- We will not retaliate against you for filing a complaint.
Choices for Limiting the Use and Disclosure of Your Personal Data
At MediOrbis, we prioritize your privacy and are committed to protecting your personal data. Below are the choices and mechanisms we provide to help you limit the use and disclosure of your information:
- Email Marketing:You have the option to opt-out of receiving marketing emails from us. Each marketing email will include an "unsubscribe" link at the bottom, allowing you to discontinue future marketing communications.
- Third-Party Sharing:If you prefer that we not share your personal data with third-party partners for marketing purposes, you can notify us at any time by contacting our Privacy Officer at email@example.com.].
- Telemarketing:If you wish to be removed from our telemarketing list, please send an email to firstname.lastname@example.org.].
Access and Rectification
- Review and Edit: Through your user account, you can review and edit personal information that you have previously supplied.
- Data Portability:You have the right to request a copy of the personal data we hold about you, and we will provide it in a structured, commonly used, and machine-readable format.
- Two-Factor Authentication (2FA):We offer two-factor authentication for added security during login. This is an optional feature but highly recommended.
- Data Encryption:All data is encrypted both in transit and at rest to protect against unauthorized access.
Withdrawal of Consent
- Medical Records: You may withdraw consent for the sharing of your medical records at any time by notifying our Privacy Officer. However, please note that doing so may impact the quality of care that can be provided.
Data Retention and Deletion
- Account Deletion:If you wish to deactivate or delete your account and associated data, please contact us at email@example.com.].
How to Exercise Your Choices?
- Online Portal: Most choices can be exercised through your user account settings.
- Email Support: For choices that can't be exercised online, you may contact us at firstname.lastname@example.org.].
- Customer Service: Our customer service line is also available for additional support on weekdays from 9 am to 5 pm.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care
- Share information in a disaster relief situation
- Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
6. Treatment and Disclosure of ePHI
MediOrbis LLC. may use and disclose your PHI in the following ways:
The following categories describe the different ways in which we may use and disclose your PHI:
- Treatment. MediOrbis LLC. may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. Additionally, MediOrbis LLC. might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when ordering a prescription for you. Many of the people who work for MediOrbis LLC. - including, but not limited to, our doctors and nurses - may use or disclose your PHI in order to treat you or to assist others in your treatment.
- Additionally, MediOrbis LLC. may disclose your PHI to others who may assist in your care, such as your spouse, children or parents with your consent.
- Finally, MediOrbis LLC. may also disclose your PHI to other health care providers for purposes related to your treatment.
- Payment. MediOrbis LLC. may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment.
- MediOrbis LLC. may also use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members.
- Also, MediOrbis LLC. may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
- Health care operations. MediOrbis LLC. may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
- Disclosures required by law. MediOrbis LLC. will use and disclose your PHI when we are required to do so by federal, state or local law. The following categories describe unique scenarios in which we may use or disclose your identifiable health information:
- Public health risks. MediOrbis LLC. may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
- Maintaining vital records, such as births and deaths,
- Reporting child abuse or neglect,
- Preventing or controlling disease, injury or disability,
- Notifying a person regarding potential exposure to a communicable disease,
- Notifying a person regarding a potential risk for spreading or contracting a disease or condition,
- Reporting reactions to drugs or problems with products or devices,
- Notifying individuals if a product or device they may be using has been recalled,
- Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information,
- Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
- Health oversight activities. MediOrbis LLC. may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
- MediOrbis LLC. may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
- Law enforcement. MediOrbis LLC. may release PHI if asked to do so by a law enforcement official:
- Regarding a crime victim in certain situations, if we are unable to obtain the person's agreement,
- Concerning a death, we believe has resulted from criminal conduct,
- Regarding criminal conduct at our offices,
- In response to a warrant, summons, court order, subpoena or similar legal process,
- Serious threats to health or safety. MediOrbis LLC. may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
- Military. MediOrbis LLC. may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
- National security. MediOrbis LLC. may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
- Workers' compensation. MediOrbis LLC. may release your PHI for workers' compensation and similar programs.
Notice of Liability for Onward Transfers to Third Parties
At MediORbis, we take the privacy and security of your personal data very seriously. This notice aims to inform you about our liability in instances where your personal data is transferred to third-party organizations.
Limitation of Liability
- Contractual Agreements: When we transfer your personal data to third parties, these entities are contractually obligated to protect your data in a manner compliant with our data protection and privacy obligations.
Remedies and Dispute Resolution
- Good-Faith Transfers:In the event of an onward transfer of your personal data to third parties, MediOrbis remains liable for the protection of that data, unless we can demonstrate that we were not responsible for the event giving rise to the unauthorized or improper use of your personal data.
- Exclusions:MediOrbis will not be held liable for unauthorized or improper use of personal data that occurs beyond our reasonable control or as a result of actions by the third party that contravene our contractual obligations.
If you have any concerns about how your personal data is being transferred or handled, please contact our Privacy Officer at email@example.com. We have also put in place dispute resolution mechanisms to resolve complaints efficiently.
Changes to this Notice
This notice may be amended from time to time to stay consistent with changes in laws and regulations or updates to our business practices.
EU-U.S. Data Privacy Framework Principles - International compliance and Arbitration
MediOrbis is and will remain subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). As a result of this commitment, MediOrbis extends to all individual participants the possibility, under certain conditions, for the individual to invoke binding arbitration.
European Commission's Standard Contractual Clauses:MediOrbis has taken measures to implement the European Commission's Standard Contractual Clauses for transfers of personal information by MediOrbis. Hence all such recipients are required to protect personal information processed from the EEA in accordance with European data protection laws. Standard Contractual Clauses for MediOrbis can be provided upon request.
In compliance with the Privacy Shield Principles, MediOrbis commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact MediOrbis via our direct address at: Admin@MediOrbis.com.
MediOrbis has further committed to refer unresolved Privacy Shield complaints to the International Centre for Dispute Resolution, a subsidiary of the American Arbitration Association, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit here for more information or to file a complaint. The services of International Centre for Dispute Resolution are provided at no cost to you.
MediOrbis commits to cooperation with EU data protection authorities (DPAs) and further compliance with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship.
7. Does MediOrbis Network Collect Cookies or Other Tracking Technologies?
Cookies and other tracking technologies may be used to collect and store Patient information.
Cookies themselves do not contain any personally identifiable information. We may analyze the information derived from these cookies and match such information with data provided by you or another party.
8. Keeping Your Information Secure
MediOrbis has implemented a system of organizational and technical security measures aimed at protecting Patient personal information. To this end, we have implemented appropriate technical and organizational security measures designed to protect the security of any personal information our systems will process.
Although MediOrbis strive to provide the utmost level of protection when handling PPHI, transmission of personal information to and from our Sites is in the location and with the modality chosen by the patient, thereby putting the security of the information at risk. As such, we strongly advise all Patients to access the services only from within secure and compliant environments.
Our employees are trained to understand and comply with these standards and procedures. Please be advised, however, that while we strive to protect your Personal Information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information.
9. Keeping Your Information Accurate
If you have registered and desire to delete any of your registration information you have provided to us from our systems, please contact us using the Contact Us link on the Website or the App. Upon your request, we will delete your registration information from our active databases and where feasible from our back-up media. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to the Website or the App from our servers.
The Website and the App do not knowingly market or collect information from children under 13. If you are under 13, please do not provide any Personal Information to us. If we become aware that we have inadvertently collected any Personal Information for a child under 13 years of age, that info will be deleted immediately from our records upon discovery.
Does MediOrbis Collect Information from Minors?
The only time MediOrbis will knowingly collect data from or market to children under 18 years of age is if the respective minor's legal guardian has consented on his or her behalf.
MediOrbis will not knowingly solicit data from, or market services to, children under 18 years of age. Individuals who use the sites are inherently representing that they are at least 18 years of age, or that they are the parent or guardian of such a minor and consent to such minor dependent's use of the Site [and Patient App]. If MediOrbis becomes aware that personal information from users less than 18 years of age has been collected without consent, the organization will deactivate the account and take reasonable measures to promptly delete such data from our records.
11. Certain Business Changes
As we continue to develop our business, we may sell or purchase assets. If another entity acquires MediOrbis or all or substantially all of our assets, personally identifiable information, non-personally identifiable information, and any other information that we have collected about the users of the Website will be transferred to such entity as one of the transferred assets. Also, if any bankruptcy or reorganization proceeding is brought by or against MediOrbis, all such information may be considered an asset of MediOrbis and, as such, may be sold or transferred to third parties.
12. Other Sites
13. Our Responsibilities
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
14. California Residents
FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and have provided your Personal Information to us, you may request information about our disclosures of certain categories of Personal Information to third parties for direct marketing purposes in the preceding calendar year. You can submit such request by sending an email by using the Contact Us link on the Website or the App.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
In compliance with the EU-U.S. DPF, MediOrbis commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF should first contact MediOrbis at :firstname.lastname@example.org.
If you have questions or comments about our privacy practices, or if you wish to review or amend any Personal Information you have provided, you can contact us at the following e-mail address: email@example.com. Your e-mail address will be added to the personally identifiable information we maintain about you.
If you would like to contact us via mail, please write us at:
Attn: Privacy Officer MediOrbis, LLC, 30575 Bainbridge Road Suite 200, Cleveland, Ohio 44139