MedicareMD.com, a business unit of Henry Schein One, LLC (“MedicareMD.com”, “our”, “us” or “we”) operate websites, provide products and services through mobile and other applications, and develop software. We refer to these as “site(s),” “service(s),” or “our sites and services.”
1. Personal Information We Collect
Personal information is information that can be used to identify, locate, or contact an individual, and includes other information that may be associated with personal information. When you interact with our sites and services, depending on the site or service, we may ask for certain information directly from you, including, without limitation, some or all of the following personal information:
In each of the above instances, you will know what personal information we collect through our sites and services because you voluntarily and directly provide it.
Additionally, if you decide to use the services to apply for insurance offered by a third party (each a “Third Party Insurer”), we may collect additional information as necessary to submit your application to such Third Party Insurer for processing. This additional information may include gender, full address, birth date, government-issued identification number (such as a Driver’s License number, social security number or Medicare ID), credit/debit card number, financial account information, income and/or certain medical and health information.
2. How We Use Personal Information:
We may use information collected from you in one or more of the following ways:
In addition to the uses described above, we may use personal information that we collect for other purposes that are disclosed to you at the time we collect the information, or with your consent.
3. Sharing Personal Information
We may share personal information about you with third parties in the following circumstances:
IF YOU MAKE A REQUEST OR SUBMIT AN APPLICATION, YOU ACKNOWLEDGE, UNDERSTAND AND CONSENT TO OUR DISCLOSURE OF YOUR PERSONAL INFORMATION THE RELEVANT THIRD PARTY INSURER(S) WHO MAY CONTACT YOU DIRECTLY VIA TELEPHONE, FAX, AND/OR EMAIL; YOU MAY RECEIVE TELEPHONE CALLS AS A CONSEQUENCE OF SUBMITTING A REQUEST ON THIS SITE, EVEN IF YOU ARE ON THE NATIONAL DO NOT CALL REGISTRY OR ANY OTHER DO NOT CALL REGISTRY.
We, or our third party service providers, may also collect and store certain technical information when you use our sites and services. For example, our servers receive and automatically collect information about your computer and browser, including, for instance, your IP address, browser type, domain name from which you accessed the site or service, device size, and other software or hardware information. If you access our sites and services from a mobile or other device, we may collect a unique device identifier assigned to that device (UDID), type of device, general GPS location, or other transactional information for that device in order to serve content to it and to improve your experience in using the sites or services.
In addition, we, or our third party service providers, may collect other non-personal information about you and how you use our sites, including but not limited to, the date and time you visit the sites, the areas or pages of the sites that you visit, the amount of time you spend viewing the sites, the number of times you return to the sites, visits to sites outside our network, preferred language, and other click-stream data. We and our third party service providers may use non-personal information for any purpose, including, to make the sites and services more useful for users. Non-personal information may be shared with partners who referred you to our site(s), who may use the data for their business purposes, including to optimize for other users who they refer to our site(s). Non-personal information may also be shared with partners who help us deliver ads to you on websites not controlled by us, for instance, when we put a pixel on a conversion page on our site and a marketing partner uses that to optimize what traffic they send to us, or using another example, when we create a re-targeting list through DFP Small Business by Google or placing a partners’ pixel on our sites, and then delivering targeted ads across the Internet.
We do not currently actively respond to “Do Not Track” browser signals or mechanisms that indicate a request to disable online tracking of individual users who use our sites and services.
In general, we use these technologies to remember you when you return to our sites, to understand and analyze trends, to monitor usage and administer the sites, to learn about user behavior on the sites and gather demographic information about our user base as a whole, to customize content or offers on our sites and through our services, and to conduct research to improve our sites, content, and services.
5. User Generated Content, Online Communities and Forums, Profiles, Surveys, Reviews and Ratings
6. Accessing and Updating Personal Information
We encourage you to keep your personal information updated and accurate. We provide you reasonable access to your personal information and the ability to review, correct, or delete it. You have several choices; for instance:
Protecting your privacy and security is important and we also take reasonable steps to verify your identity before granting access to your data.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).
7. Email and Other Communications
Our sites and services may allow us or other parties to communicate with you or other users through our in-product instant messaging services, service-branded emails, SMS and other electronic communication channels.
Automatic Messages. If your healthcare provider has signed up for our text messaging services, you may automatically receive appointment reminder messages and other health care messages, as defined by the Health Insurance Portability and Accountability Act of 1996, which are exempt from the Telephone Consumer Protection Act and sent at the request of your healthcare provider. Your healthcare provider has represented and warranted to us that they have received your consent to the use of an automatic dialing system to the deliver appointment reminder messages and other informational health-related messages to the phone number you provided. The number of appointment reminders and other healthcare messages sent to you will depend on the number of messages sent from your healthcare provider. Please see more information about the Health Insurance Portability and Accountability Act of 1996 below. If you have questions about the health care messages sent on behalf of your healthcare provider, you should contact your healthcare provider directly.
Rates. Standard message and data rates may apply to any messages sent by us or you. Please contact your wireless provider with any questions regarding text messaging or data rates and plans.
Security. You acknowledge and agree that the text messages are provided via wireless systems which use radios (and other means) to transmit communications over complex networks. We do not guarantee that your use of the text messaging service will be private or secure, and we are not liable to you for any lack of privacy or security you may experience. You are fully responsible for taking precautions and providing security measures best suited for your situation and intended use of the text messaging service(s).
Help. You can reply “HELP” to any text message from us if you need assistance with the text messaging services.
Opting Out of Requested Communications
Requested communications include, for instance, email newsletters or software updates that may be expressly requested by you or which you consented to receive. After you request such communications, you may “opt out” of receiving them by using one of the following methods:
Opting Out of Transactional or Relationship Communications
Communications that are sent by or on behalf of a user are indicated as being “From” that user. Communications that are sent by us are indicated as being from us or one of our account or support specialists assigned to assist you. Either type of communication may be “real time” communications or communications triggered automatically upon the occurrence of certain events or dates, such as appointment reminders. Email communications received from users and our administrative announcements are often transactional or relationship messages, such as appointment requests, reminders and cancellations. You may not be able to opt out of receiving certain messages although our services may provide a means to modify the frequency of receiving them.
Opting Out of General or Promotional Communications
General communications provide information about products, services, and/or support and may include special offers, new product information, or invitations to participate in market research. You may opt out of receiving these general communications by using one of the following methods:
Please note that if you want to unsubscribe from a Third Party Insurer’s communication, you must contact such Third Party Insurer directly.
8. Protecting Personal and Protected Health Information
The security of our sites and services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Transport Layer Security (TLS), firewalls, system alerts, and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage, and processing practices. We seek to use reasonable and appropriate administrative, physical, technical, and data security procedures and controls to safeguard your personal and protected health information against unauthorized access, disclosure, loss, misuse, and alteration. Under applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our sites and services.
We use third-party service providers to manage credit card and payment processing. These service providers are not permitted to store, retain, or use billing information except for the sole purpose of credit card and payment processing on our behalf. When you enter payment information to be processed by our third party service providers, we encrypt the transmission of that information using transport layer security (TLS) technology and do not store it on our systems.
It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our services. We cannot assume responsibility or liability for unauthorized access to our servers and systems. When disclosing any personal or protected health information, you should remain mindful of the fact that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent. Accordingly, you should consider carefully if you want to submit sensitive information that you would not want disclosed to the public and should recognize that your use of the Internet and our sites and services is solely at your risk. You are ultimately responsible for maintaining the secrecy for all your personal information, including your protected health information. Except as provided in a Business Associate Agreement between us and a healthcare provider network, we have no responsibility or liability to anyone for the security of your personal or protected health information transmitted via the Internet.
Steps You Can Take
9. Linked Websites and Services
We may also provide social media features on our sites and services that enable you to share personal information with your social network(s) and to interact with our sites and services. Depending on the features, your use of these features may result in the collection or sharing of personal information about you. We encourage you to review the privacy policies and settings on the social media site(s) with which you interact.
Our sites and services may include collection, transmission, and storage of protected health information you submit for healthcare providers or that healthcare providers submit to us and is subject to special rules under the Health Insurance Portability and Accountability Act of 1996 or “HIPAA”. Our use and disclosure of your protected health information or a healthcare providers data that you or the healthcare provider submits with certain sites and services, is governed by HIPAA.
Use and Disclosure of Your Protected Health Information
When you use certain services (for example, appointment request) all protected health information that you submit is used and disclosed by us as a Business Associate (as defined by HIPAA) according to the terms of a Business Associate Agreement between us and that healthcare provider. This means that we may only use and disclose your protected health information on behalf of, or to provide services to, the healthcare provider according to the Business Associate Agreement. There are three exceptions to this use and disclosure rule. We may use and disclose your protected health information (i) for our internal management and administration; (ii) to carry out our legal responsibilities; and (iii) to perform certain data aggregation services for the healthcare provider and other healthcare providers; provided that, any disclosures for our internal management and administration or to carry out our legal responsibilities are either required by law or made after we obtain reasonable assurances from the person to whom the protected health information is disclosed that it will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to that person.
Some of the services for a particular healthcare provider may be provided by our subcontractors. The subcontractor must comply with the same terms and conditions for the protected health information that apply to us as a Business Associate of the healthcare provider.
How to Access, Change, or Remove Your Protected Health Information
To comply with HIPAA, your healthcare provider must provide you with rights in certain circumstances with respect to your protected health information. Very generally described, these rights are a right to restrict the uses and disclosures of, a right of access to, a right to amend, and a right to receive an accounting of, the disclosures of your protected health information. These limited rights will be described in detail in the healthcare provider’s notice of privacy practices. If you wish to restrict the uses and disclosures of your protected health information, amend, or receive an accounting of the disclosures of your protected health information, then you must do so through your healthcare provider.
Upon termination of our Business Associate Agreement with a particular healthcare provider, we generally must return or destroy all protected health information received on behalf of or created for that particular healthcare provider and then maintained in any form by us or a subcontractor. If you engaged in our sites and services with that healthcare provider, any protected health information that you submitted with our sites and services or otherwise maintained by us or a subcontractor in connection with our sites and services will be returned to the healthcare provider or destroyed by us or such subcontractor. This means that until the Business Associate Agreement is terminated with that healthcare provider, we or a subcontractor can use and disclose your protected health information as described in the “Use and Disclosure of Your Protected Health Information” section above.
11. Children’s and Minor’s Privacy
Our sites and services are intended for general audiences and are not targeted to children under 13. We do not knowingly collect personal information from children under the age of 13 or utilize plug-ins or ad networks that collect personal information through child-directed third party websites or online services. If you are under 13, please do not disclose or provide any information. If we learn that we have collected personal information from a child under 13, we will take steps to promptly delete the information. Should this policy change, we would comply with the Children’s Online Privacy Protection Act, which requires us to notify and obtain consent from a parent or guardian before we collect, use, and disclose the personal information of children who are under 13 years of age.
Unless our sites and services contain the "Privacy Rights for California Minors in the Digital World" supplemental terms, our sites and services do not collect age from users under 18. If you reside in California and are a minor (you are under 18 years of age) and you are using a site or service that collects your age as a registration requirement and you submit content, please follow the instructions on the supplemental terms to request removal of public content. If such supplemental terms are not available, you can request the removal of content or information you have posted by emailing [email protected] with “California Minor Content Removal Request” in the subject line and in the body of your message. Please specify in your request the site(s) or service(s) to which your request relates, including any URLs where the content or information is posted, and the specific content or information you posted for which you are requesting removal. Please note that this removal does not ensure complete or comprehensive removal of the content or information posted on our sites and services if the content you posted has been shared or reposted. We are only obligated to remove content that you post, where you posted it. There are certain circumstances in which we do not have to remove your content, including if any other state or federal law requires us to maintain the information, we anonymize the content by removing identifying characteristics, the content was stored, republished or reposted by a third party, you do not follow the instructions in this Section or we paid you or you were otherwise compensated for the content you posted. Without limiting the generality of the foregoing, our services may allow users above the age of 18 (such as healthcare providers, parents and guardians) to submit personal information about others, including minors. Such users assume full responsibility over their submission, use and transmission of such information.
12. International Users
We are headquartered in the United States. Our sites and services are hosted and administrated in the United States or hosted with cloud service providers who are headquartered in the United States or in other countries and are intended for users in the United States. If you are located outside the United States, be aware that information you provide to us or that we obtain as a result of your use of our sites and services may be processed in, transferred to, and stored in the United States and in any other countries from where our cloud service providers operate. Please be aware that the privacy laws and standards in certain countries may differ from those that apply in the country in which you reside. By using our sites and services or providing us with your information, you consent to the transfer of your information for processing and storage to the United States and any other country from where our cloud service providers operate.
13. California Privacy Rights
This section is provided pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”) and other applicable California privacy laws. This section applies solely to our users who are California residents as defined under applicable California privacy laws.
13.1 Information We Collect
Within the last twelve (12) months, we have or may have collected the following categories of information from our users and/or consumers: identifiers; personal information listed under Cal. Civ. Code § 1798.80(e); commercial information; biometric information; internet or other similar network activity; geolocation data; and inferences drawn from any of the information identified in this section.
13.2 Categories of Sources from Which Information is Collected
We obtain the categories of personal information listed above from the following categories of sources:
13.3 Using and Sharing of Personal Information
The personal information described in the categories above may be used for the business purposes listed above under “How We Use Personal Information.”
We disclose your personal information for a business purpose to the following categories of third parties: (a) service providers and (b) third parties to whom you authorize or direct us to disclose your personal information in connection with our sites and services. In the preceding twelve (12) months, we have disclosed the personal information described in the categories above for the business purposes listed above under “Sharing Personal Information.” We may also share personal information about you for any other purpose(s) disclosed to you at the time we collect your information or with your consent.
13.4 Personal Information “Sold” to Third Parties
In the preceding twelve (12) months, we have made available to our third-party marketing partners personal information included in the following categories: identifiers; commercial information; internet or other similar network activity information; and inferences drawn from such information.
We do not sell the personal information of consumers that we know are minors under 16 years of age without affirmative authorization as required under the CCPA.
13.5 Your Rights under the CCPA
As of January 1, 2020, California residents, as defined under the CCPA, may take advantage of the following rights:
To opt-out of the sale of your personal information, please refer to the “Other Information We Automatically Collect And Cookies” section above.
To exercise the access and deletion rights described above, please submit a request to us by either sending an email to [email protected] or filling out ourPrivacy Contact Form, with “California Privacy Rights” in the subject line.
You will be asked to provide certain identifying information, such as your name, email, and residency. While processing your request, we may ask you to provide further verifying documentation. We will only use personal information provided in a request to verify the requestor’s identity or authority to make the request. Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. If you are making a request through an authorized agent acting on your behalf, such authorized agent must provide proof of written authorization to do so, and you must verify your identity directly with us, unless such authorized agent provides proof of a power of attorney pursuant to Probate Code sections 4000 to 4465.
We will not discriminate against you for exercising any of your rights under the CCPA. Accordingly, and unless permitted by the CCPA, we will not: deny you services; charge you different prices or rates for services; provide you a different level of service; or suggest that you may receive a different price or rate for services or a different level for services. We may charge a different price or rate or provide a different level of service if the difference is reasonably related to the value provided by your personal information.
13.7 Other Applicable California Privacy Laws
Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and you have provided us with your personal information, you may request information about our disclosures of certain categories of your personal information to third parties for direct marketing purposes. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line and allow 30 days for a response. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.
In accordance with Section 22581 of the California Business and Professions Code if you are a California resident under the age of 18, you may request and obtain the removal of content or information you have publicly posted. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line. Please specify the site(s) or service(s) to which your removal request relates, including any URLs where the content or information is posted, and the specific content or information you posted for which you are requesting removal. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
14. Contacting Us
Last Updated: March 11, 2020.