Last Updated: March 8, 2022
AdvancedMD, Inc. (“AdvancedMD,” “us”, “we” or “our”) values your privacy, and is committed to protecting your personal information. We provide cloud based medical office software (our “Services”) to ambulatory medical practices to enable healthcare providers (our “Clients”) to manage the Services they offer to their clients (“End Users”).
In this Privacy Notice (“Notice”), we describe how we collect, use, and share personal information about our Clients and their End Users through our websites (“Sites”), and mobile applications (“Apps”) where this Notice is posted. Our Clients may also provide their own privacy notices on the Sites and Apps, as appropriate.
Please note that this Privacy Notice does not apply to the Patient Portal and that with regard to the protected health information we receive from our Clients for medical records processing, whether within the Patient Portal, or contained elsewhere, that as a business associate under the US health privacy law known as HIPAA, this Notice does not apply. Such information is governed by the AdvancedMD HIPAA Privacy Statement available online at: http://info.advancedmd.com/rs/332-PCG-555/images/AdvancedMD-HIPAA-Privacy-Statement.pdf.
This Notice provides an overview of the possible circumstances in which we interact with your personal information through our Sites and Apps as a service provider and processor on behalf of our Clients. If you have any questions about our processing of your personal information, please contact us at [email protected].
In this Notice, we provide information about:
- PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- HOW WE SHARE PERSONAL INFORMATION
- TRANSFERRING PERSONAL INFORMATION GLOBALLY
- HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
- COOKIES AND OTHER TRACKING TECHNOLOGIES
- CHILDREN UNDER 18
- YOUR LEGAL RIGHTS
- OTHER INFORMATION
- HOW TO CONTACT US
PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
AdvancedMD collects two different categories of personal information:
- The personal information of our Clients or potential Clients (“Client Information”), and
- The personal information of End Users who use Services provided at the direction of our Clients (“End User Information”).
AdvancedMD uses these categories of personal information differently because while we have a direct relationship with our Clients and therefore may determine why and how to handle Client Information, our relationship with End Users is indirect and based on our relationship with our Client. We only handle End User Information in accordance with our Client’s instructions.
If you are an End User who has a relationship with one of our Client’s, such as a doctor’s office or other healthcare provider, and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact the Client directly.
We will only collect, use, and share personal information where we are satisfied that we have an appropriate legal basis to do so. Subject to consent if required by law, we may collect the following categories and types of Client Information as relevant to the Services:
- Identifiers (including name and contact information including telephone number, email address, or postal address, or other specific identifiers related to your use of the Service),
- Information protected against security breaches (such as financial account information and username and password),
- Commercial information (such as your access and purchase history, the products and services we provide to you, your marketing preferences, or information you provide in any communication with us or when you participate in any blog, community or forum on our Sites),
- Internet/electronic activity (see “Cookies” for additional information), Professional or employment related information (such as your status
with the organization with which you are affiliated), and
- Inferences from the foregoing such as your preferences, characteristics or predispositions
We may also collect the following categories of End User Information on behalf of and as directed by our Customers:
- Identifiers (such as name, contact information including telephone number, email address, or postal address),
- Information protected against security breaches (such as your name and financial account, health/medical information, username and password),
- Commercial information (including records of activity and products or services purchased), and
- Internet/electronic activity (see “Cookies” for additional information)
How we use your personal information. We use your personal information to provide the Services. In providing the Services, we may use your personal information for the following business purposes:
- Create, maintain or provide service for your account,
- Process or fulfill requests from you,
- Respond to customer service requests from you,
- Verify your information,
- Process payments,
- Undertake activities to maintain the quality, safety or integrity of the Services,
- Market to our Clients subject to their consent if required by applicable law,
- Maintain data security including detecting and responding to security incidents and protecting you, and us, from fraud,
- Monitor our Sites including gathering usage data and other analytic information that enables us to maintain and improve the Services,
- Other uses that are required for us to meet our legal, contractual or regulatory requirements, and
- Other uses as directed by Clients and subject to their privacy notices.
Lawful basis for processing. As a data processor and service provider, we process End User personal information solely for the purpose of providing the Services consistent with our contractual obligations to our Clients.
Sources of personal information. We collect personal information from the following sources:
- Information that you provide: We collect personal information that you provide when you set up an account, use the Services, or communicate with us. For example, if you create an online account, then we may request your name, contact information and payment information.
- Information collected from third parties: We may collect information about you from third parties in the course of providing our Services to you. For example, we may collect personal information like your name, contact information from the Client with whom you are interacting directly.
- Information collected through technology: When you visit our Sites or Apps (or when you use any of our Services) we may collect certain information about your location, usage, computer or device through technology such as cookies (see below for more information on cookies).
Data anonymization and aggregation. Subject to your consent if required by law, we may anonymize or aggregate your personal information in such a way as to ensure that you are not identified or identifiable from it, in order to use the anonymized or aggregated data. For example, we may use anonymized or aggregated data for statistical analysis including to analyze trends, for product development, and for risk assessments and cost analysis. We may share anonymized or aggregated data with our parents, subsidiaries, affiliates or with other third parties.
This Notice does not restrict our use or sharing of any non-personal, summarized, derived, anonymized or aggregated information.
HOW WE SHARE PERSONAL INFORMATION
Except as otherwise specified, we may share any of the categories of your personal information in the manner and for the purposes described below:
- With third-party service providers. For example, we share personal information with IT service providers who help manage our back office systems or administer our Sites and Apps. These third-party service providers have agreed to confidentiality restrictions and have agreed to use any personal information we share with them, or which they collect on our behalf, solely for the purpose of providing the contracted service to us.
- With banks and payment providers to authorize and complete card payments.
- With our Client with whom you are also engaging when you use the Services. For example, you may be using an AdvancedMD Service provided to you through one of our Client’s (for example, a doctor’s office) websites to schedule an appointment. AdvancedMD may share the personal information you provide with the doctor’s office in order to fulfill your request. You may also receive communications from the doctor’s office. Each such Client r operates independently from AdvancedMD and their collection and use of your personal information is not subject to this Notice but to their own privacy notices.
- We may share identifiers with logistics service providers to enable the delivery of packages to individuals
- On Client facing Sites only, we may share internet/electronic activity with advertising or social media networks for personalized marketing purposes (See “Cookies” for additional information”).
We do not sell your personal information to third parties.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
Your personal information may be transferred to and stored in the United States or in another country outside of the country in which you reside, which may be subject to different standards of data protection than your country of residence.
Consistent with the instruction provided to us from our Client, we will take appropriate steps to ensure that transfers of personal information are in accordance with applicable law, are carefully managed to protect your privacy rights and interests and limited to countries which are recognized as providing an adequate level of legal protection or where alternative adequate arrangements are in place to protect your privacy rights.
HOW WE PROTECT AND DISPOSE OF PERSONAL INFORMATION
We take seriously our responsibility to protect the security and privacy of your personal information. We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
Any suspected attempt to breach our notices, policies, or procedures, or to engage in any type of unauthorized action involving our information systems, is regarded as potential criminal activity. Suspected computer mischief may be reported to the appropriate authorities.
Please remember that communications over the internet such as emails are not secure. We seek to keep secure all confidential information and personal information submitted to us in accordance with our obligations under applicable laws and regulations. However, like all website operators, we cannot guarantee the security of any data transmitted through the internet.
When we no longer need your personal information to provide the Services, it will be securely deleted or de-identified in a manner that ensures you cannot be re-identified.
COOKIES AND OTHER TRACKING TECHNOLOGIES
A “cookie” is a text file that is stored to your browser when you visit a website. Unique device identifiers like IP address or UDID recognize a visitor’s computer or other device used to access the internet. Unique device identifiers are used alone and in conjunction with cookies and other tracking technologies for the purpose of “remembering” computers or other devices used to access the Sites and Apps.
Cookies can be classified by duration and by source:
- Duration. The Sites use both “session” and “persistent” cookies. Session cookies are temporary – they terminate when you close your browser or otherwise end your “active” browsing session. Persistent cookies remember you on subsequent visits. Persistent cookies are not deleted when you close your browser, and they will remain on your computer or other device unless you choose to delete them (see below for “How to Delete or Block Cookies”).
- Source. Cookies can be “first-party” or “third-party” cookies, which means that they are either issued by or on behalf of us or by a third-party operator of another website. The cookies that we may use on the Sites fall into the following categories:
- Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions taken by you such as logging in or filling in forms. You can set your browser to block or alert you about these cookies, but blocking them may impede the functionality of the Sites.
- Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
- Functionality Cookies. These cookies enable the Sites to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies then some of these services may not function properly.
How to Delete or Block Cookies
On some Sites, when technically feasible, we will enable tools to help you make choices about cookies. You may also delete or block cookies at any time by changing your browser settings. You can click “Help” in the toolbar of your browser for instruction or review the cookie management guide produced by the Interactive Advertising Bureau available at www.allaboutcookies.org. If you delete or block cookies, some features of the Sites may not function properly.
CHILDREN UNDER 18
The Sites and Apps are not intended to be used by children. We do not knowingly solicit business from Clients under the age of 18. Any Client use of the Service to collect personal information from persons under the age of 18 is subject to such Client’s own privacy notice.
YOUR LEGAL RIGHTS
If you are an End User who uses AdvancedMD for the purpose of engaging with our Clients and have questions about legal rights you may have with respect to your personal information collected by our Client, please consult the Client with which you have a relationship. For example, if you are a patient of a doctor’s office that uses AdvancedMD, you should consult your doctor’s office. Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, some of our Clients, including residents of the state of California, may have certain rights in relation to their personal information.
These rights may include:
|CA Resident Rights||What does this mean?|
|Right to know about personal information collected, disclosed, and sold||You have the right to request that we disclose to you what categories of personal information we have collected, used, disclosed, or sold over the past 12 months. We have provided information about the categories of personal information we have collected, the sources from which we collected it, the purposes for which it was collected, and the third parties with whom we may share it with above.|
|Right to opt-out of the sale of personal information||You may request that we do not sell your personal information to third parties.|
|Right to request deletion||In some circumstances, you have the right to have your personal information erased or deleted.|
|Right to equal service and prices (“non-discrimination”)||Your choice to exercise your privacy rights will not be used as a basis to discriminate against you in services offered or pricing.|
Changes and Updates. We reserve the right, in our sole discretion, to modify, update, add to, discontinue, remove or otherwise change any portion of this Notice, in whole or in part, at any time. When we amend this Notice, we will revise the “last updated” date located at the top of the document. We will also take reasonable steps to ensure you are made aware of any material updates including providing you direct communication about such changes or providing a notification through the Services, as appropriate. The most current version of this Notice will be available on the Sites and Apps and will supersede all previous versions of this Notice.
Choice of Law. Except where prohibited by law, this Notice, including all revisions and amendments thereto, is governed by the laws of the Georgia, without regard toits conflict or choice of law principles which would require application of the laws of another jurisdiction.
Arbitration. Except where prohibited by law, by using the Services in any way, you unconditionally consent and agree that: (1) any claim, dispute, or controversy (whether in contract, tort, or otherwise) you may have against AdvancedMD and/or its parent, subsidiaries, affiliates and each of their respective members, officers, directors and employees (all such individuals and entities collectively referred to herein as the “AdvancedMD Entities”) arising out of, relating to, or connected in any way with the Services or the determination of the scope or applicability of this agreement to arbitrate, will be resolved exclusively by final and binding arbitration administered by JAMS and conducted before a sole arbitrator in accordance with the rules of JAMS; (2) this arbitration agreement is made pursuant to a transaction involving interstate commerce, and shall be governed by the Federal Arbitration Act (“FAA”), 9 U.S.C. §§ 1-16; (3) the arbitration shall be held in Atlanta, Georgia; (4) the arbitrator’s decision shall be controlled by the terms and conditions of this Notice and any of the other agreements referenced herein that the applicable user may have entered into in connection with the Services; (5) the arbitrator shall apply Georgia law consistent with the FAA and applicable statutes of limitations, and shall honor claims of privilege recognized at law; (6) there shall be no authority for any claims to be arbitrated on a class or representative basis, arbitration can decide only your and/or the applicable AdvancedMD Entity’s individual claims; the arbitrator may not consolidate or join the claims of other persons or parties who may be similarly situated; (7) the arbitrator shall not have the power to award punitive damages against you or any AdvancedMD Entity; (8) in the event that the administrative fees and deposits that must be paid to initiate arbitration against any Global Entity exceed $125 USD, and you are unable (or not required under the rules of JAMS) to pay any fees and deposits that exceed this amount, AdvancedMD agrees to pay them and/or forward them on your behalf, subject to ultimate allocation by the arbitrator. In addition, if you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, AdvancedMD will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive; and (9) with the exception of subpart (6) above, if any part of this arbitration provision is deemed to be invalid, unenforceable or illegal, or otherwise conflicts with the rules of JAMS, then the balance of this arbitration provision shall remain in effect and shall be construed in accordance with its terms as if the invalid, unenforceable, illegal or conflicting provision were not contained herein. If, however, subpart (6) is found to be invalid, unenforceable or illegal, then the entirety of this Arbitration Provision shall be null and void, and neither you nor AdvancedMD shall be entitled to arbitrate their dispute.
For more information on JAMS and/or the rules of JAMS, visit their website at www.jamsadr.com.
If you are an End User who has a relationship with one of our Clients and have a question about how your personal information is collected, used, or shared, or would like to exercise any rights you may have with respect to your personal information, please contact the Client directly. For other questions about this Notice, or if you are a Client and want to exercise your rights as described in this Notice, you may contact us as follows:
698 West 10000 South
South Jordan, Utah 84095
Finally, if you designate an authorized agent to make a rights request on your behalf, we request that you notify us of such designation by contacting us using the methods listed above.