logo

Privacy Policy

INTRODUCTION

We at PracticePal (McClain Investments, LLC (dba PracticePal))[referred to herein as “PracticePal,” “our,” “we,” or “us”] respect your privacy and are committed to protect the privacy of our users (“user” “you,” “your,” or “Your Organization,” as that term is defined in the Terms & Conditions and herein).

This Privacy Policy outlines our practices with respect to collecting, using and sharing your information, or the information (e.g., Personal Health Information) you authorized us, as a “Covered Entity”, to access and collect as a “Business Associate” (as those terms are defined by HIPAA) pursuant to our Terms & Conditions or otherwise, through the use of our software applications (“App”) and website (“Site”), including related services and information, and all updates, enhancements, and upgrades made available by us (collectively, the “Services”).

This Privacy Policy applies to all users, including representatives of Your Organization, of Service and covers what information we collect and why we collect it, how we use the information we collect, and the choices you have to access and update that information. Please familiarize yourself with our practices and let us know if you have any questions. By using our sites and services, you and the organization that your represent or own (“Your Organization”) expressly consent to our collection, use, disclosure, and retention of your personal information as described in this Privacy Policy. Each time you use our sites and services, the current version of this Privacy Policy will apply.

The Privacy Policy is a part of our Terms & Conditions and is incorporated therein by reference.

If you do not agree to this Privacy Policy or the Terms & Conditions, please do not use our sites or services.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HIPAA Privacy Notice: We are committed to protect the privacy of our users’ personal health information. Part of that commitment is complying with the privacy and security rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), which requires us to take additional measures to maintain the privacy and security of our users’ protected health information (“PHI”) and to inform our users about those measures. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your PHI. This Privacy Policy describes how we may use and share your PHI which is collected by our Site, App and by all of our Services and how our users can get access to this information. We must follow the duties and privacy practices described in this Privacy Policy and give you a copy of it. We will not use or share your PHI other than as described in this Privacy Policy, as amended and in effect from time to time, unless authorize us to do so in writing. For more information see:

www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html

GDPR Privacy Notice: As part of our commitment to protect the confidentiality, data privacy and security of our users, we have drafted this Privacy Policy to comply with the requirements of the EU General Data Protection Regulation ("GDPR"), including providing the contact information of our Data Protection Officer and an explanation on our users’ rights regarding their personal information. However, depending on your region of residency, different regulations may apply, and we are committed to protect your privacy in accordance with such applicable regulations.

For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the Data Controller McClain Investments, LLC (dba PracticePal) registered in the State of Indiana, United States of America with a registered address at 4474 E Turnberry Ct Gilbert, AZ 85298.

You can contact our data protection officer by sending an email to Privacy@PracticePal.io or by writing to: PRACTICEPAL, 4474 E Turnberry Ct Gilbert, AZ 85298.

INFORMATION YOU PROVIDE TO US

You provide or authorize access to and we collect several types of data and information from our users.

The first type of information is non-identifiable and un-identified information pertaining to a user(s), which may be made available or gathered via the user’s use of the Services (“Non-personal Information”). We are not aware of the identity of the user from which the Non-personal Information was collected. Non-personal Information which is being collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information (e.g. the type of browser and operating system your device uses, language preference, access time and the domain name of the website from which you linked to the Services; etc.), in order to enhance the functionality of our Services.

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Professional Information”). This includes:

  • Registration information: In order to use our Services, you will be required to register to the Services. As part of the registration process, we may collect your full name, gender, e-mail address, phone number and birth date.
  • VCP Account and Login Information: When you register to use our Services, you will be prompted to voluntarily provide login information (e.g., name and password) for your account(s) with certain Vision Certain Plan (“VCP”)[collectively “VCP Information”]. You are not obligated to provide VCP Information, however, we cannot provide Services to you without VCP Information.
  • Patient PHI: When you use our Services, you will be prompted to voluntarily enter certain PHI of your patient(s) or potential patient(s) or customer(s). For example, you will be prompted to voluntarily and manually enter the patient’s first and last name, and last four digits of patient’s social security number (SSN). You are not obligated to provide this or any PHI; however, we cannot provide Service to you or Your Organization without this information.

When you register to our Services, we may have access to basic information about you or Your Organization, from such account, such as your name, email address, photo, as well as any other information you made publicly available on such account or agreed to share with us:

  • Voluntary information: We also collect information which you provide us voluntarily including Professional Information (e.g., Registration Information and VCP Account and Login Information). For example, when you respond to communications from us, contact our support, communicate with us via email or the Services or share additional information about yourself or about others through your use of the Services.
  • Device Information: We may also collect Professional Information from your device (e.g. geolocation data, IP address) and information on your activity on the Services (e.g. pages viewed, online browsing, clicks, actions, etc.).
  • Financial information: In order to use our Site or Services, you may be required to share with us relevant payment information, including your PayPal account, Credit card number, etc.
  • Third parties’ SDKs: Within our App, we may use Software Development Kits (SDK) provided by third parties. If you grant us your explicit consent to such use and integration (through the App), we may gather additional Professional Information about your activities, location and behavior, such as Wi-Fi, Bluetooth, accelerometer, gyroscope, GPS, etc. For additional information about SDKs we advise you to visit the third parties’ website(s) to learn more. In our App, we use an SDK from Facebook Inc. The Facebook SDK allows you to login to our App using your Facebook login.

The third type of information you provide, or authorize us to access, is information obtained via your VCP accounts using your VCP Information. This information that we will access and use via Services includes, but is not limited to, the PHI of your or Your Organization’s patient(s) or potential patient(s) or customer(s). Our access to and use of PHI is covered under the BAA, included herein and incorporated by reference.

By providing the foregoing sensitive information, including VCP Information and PHI, to us, you explicitly consent to the collection, use and sharing of in accordance with this Privacy Policy.

If we combine Professional Information with PHI or Non-personal Information, the combined information will be treated as Professional Information for as long as it remains combined.

We may anonymize, aggregate or de-identify the information collected by the Services or via other means so that the information cannot, on its own, personally identify you. Our use and sharing of such aggregated or de-identified information is not subject to any restrictions under this Privacy Policy, and we may share it with others without limitation and for any purpose. Generally, however, we and third parties may share aggregated or de-identified information with third parties (whether by sale or free of charge) for research and statistical analysis. Unless we de-identify PHI in accordance with HIPAA requirements, it will continue to be PHI subject to HIPAA’s privacy and security requirements, as described in this Privacy Policy.

You may refuse to disclose certain information, but please bear in mind this may result in preventing you from using the Site and Services to some extent, and in some cases may result in your inability to use the Site and Services.

INFORMATION SHARED THROUGH SERVICE

By using Service, you authorize and instruct us to obtain information via Vision Care Plan (VCP) and to access and collect information from those systems, for the purpose of improving the Services which we provide to you. If you grant our App access to any VCP, our App can add information, such as PHI, and other data to Site and use in our Service. PracticePal is in no way responsible for the protection of data and information stored within the VCPs or other third-party sites or databases. It is strongly recommended that you review the VCPs’ applicable policies and procedures before using Service.

You can remove access at any time from Service by emailing HELP@PracticePal.io.

We do not use or share with third parties any information gained through the access or use of your VCP account(s) for advertising or similar services, other than for purposes of improving health or for purposes of health or medical research and, with respect to PHI, only to the extent permitted under HIPAA.

We do not share any of your information with any third party without your express permission (other than in anonymized and/or aggregated format), and in the case of information gained through access to your VCP accounts, such sharing will only be for purposes of enabling the third party to provide health services or for medical research and, with respect to PHI, only to the extent permitted under HIPAA.

COOKIES

A cookie is a small data file that is sent to your device when you first visit a website. Cookies usually include an identification number that is unique to the device you are using. Such identifier can help us better understand our users and how they are using the Site and the Services. Cookies also enable recognition of a user when they re-visit the Site, keeping their settings and preferences and ability to offer customized features.

The Services may implement the following types of cookies: (i) cookies implemented by us for the purposes described above ("First Party Cookie"); and (ii) third party cookies which are set by other online services who run content on the page you are viewing, for example by third party analytics companies who monitor and analyze our web access or online advertisers on our Services. Ads appearing on our Site and/or through the Services may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. Among other things, this information allows ad networks to deliver targeted advertisements that they believe will be of most interest to you. This Privacy Policy covers the use of cookies by us alone, and does not cover the use of cookies by any advertisers.

You may remove the cookies by following the instructions of your device preferences; however, if you choose to disable cookies, some features of our Services may not operate properly and your online experience may be limited.

We may from time to time contract with third parties for the purpose of analyzing user’s data, optimizing the Services and communications, etc. To do this, we may use web beacons, pixels etc. provided by such third parties. The information collected will also allow us to learn how to improve the Services for the benefit of our users.

HOW WE USE THE INFORMATION WE COLLECT

We use and share Professional Information, including PHI, in the manners described in this Privacy Policy. In addition to the purposes listed above, the Professional Information we collect is used for the following purposes:

  • To set up your account and to provide our Services;
  • To optimize our Services and your experience of Services;
  • To allow you to obtain relevant information about your patient’s or potential patient’s health and provide tools to manage it;
  • To work with third-parties to improve Services as permitted herein and applicable law or regulations, including HIPPA;
  • To personalize our recommendations for better management of your patients;
  • To send you reminders and details about VCP based on your location and activity (including through SDKs);
  • To carry out transactions which you request through Services;
  • To identify and authenticate your access to certain features of the Services;
  • To communicate with you in order to keep you informed of our latest updates and features;
  • To perform research or to conduct analytics in order to improve and customize our Services to our users’ needs and interests;
  • To market Services to you (to the extent permitted under HIPAA);
  • To detect and prevent illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services;
  • To support and troubleshoot our Services, to respond to your queries and communicate with you;
  • To comply with our obligations under HIPAA;
  • To investigate violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process or respond to a government request; and
  • To transfer or share, against payment or free of charge, aggregated information, un-identifiable Professional Information and/or anonymized information to or with third parties for their legitimate purposes.

If you are a registered user on our Services and have supplied your email address or phone number, we may occasionally send you an email or contact you via your phone number, including by SMS, telephone call or push notifications in order to provide you the Service (for example, for the purpose of sending you a verification code to confirm user login, tracking info on shipping a package, and a link to download the App). You hereby consent and authorize us to contact you in accordance with the above.

Notwithstanding any of the above, with respect to PHI, we typically use or share PHI for treatment. This includes providing our Services, allowing you to obtain relevant information about your health and providing tools to manage it, personalizing our recommendations for better management of your or Your Organization’s billing and scheduling processes, sending you reminders based on your location and activity (including through SDKs). We may also use or share PHI to run our organization. This includes setting up your account, identifying and authenticating your access to certain features of the Services, communicating with you in order to keep you informed of our latest updates and features and performing research or conducting analytics in order to improve and customize our Services to our users’ needs and interests.

WITH WHOM WE SHARE THE INFORMATION WE COLLECT

We do not rent, sell or share your Professional Information with third parties except as described in this Privacy Policy.

We may transfer or share Professional Information, including PHI, to our subsidiaries, affiliated companies, subcontractors, SDKs or such other trusted third parties and/or service providers or partners who are located in different jurisdictions across the world for the purpose of: (a) storing or processing such information on our behalf (e.g. on cloud computing services) or to assist us with our business operations, to authenticate your access and to provide and improve our Services; (b) performing research, technical diagnostics, analytics, research or statistical purposes; or (c) marketing, in accordance with our marketing policy and (with respect to PHI) to the extent you have given us written permission and in accordance with HIPAA.

In addition, under your specific acknowledgment and consent, we may share your Professional Information and PHI with third party service providers in the healthcare ecosystem, such as hospitals, physicians, insurance companies, coaching services providers and others to allow them to obtain a holistic view of your needs and interests. Please note that under such consent, we may disclose to third party service providers in the healthcare ecosystem all relevant Professional Information and PHI that you share with us on an ongoing basis through the Services.

Please note: When we share information with third parties, such information is either anonymized or encrypted (as required by applicable laws) in order to effectively protect personal and/or health related information of users. To the extent PHI is shared with third parties, the third parties must first agree to be bound by HIPAA privacy and security protections.

We may also share Professional Information, including PHI, or any information you submitted via the Services if we have a good faith belief that the sharing of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies (including our Agreement), including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our users, yourself or any third party; or (vi) collaborate with law enforcement agencies or in case we find it necessary in order to enforce intellectual property or other legal rights.

With respect to PHI, you have both the right and choice to tell us to share information with your family, close friends or others involved in your care and to share information in a disaster relief situation. If you are unable to tell us your preference (for example, if you are unconscious), we may go ahead and share your PHI if we believe it is in your best interest. We may also share your PHI when needed to lessen a serious and imminent threat to health or safety. We will never share your PHI for marketing purposes or sell your PHI, unless you give us written permission. In the case of fundraising, we may contact you for fundraising efforts, but you can tell us not to contact you again. We do not create or maintain psychotherapy notes.

We are allowed or required to share your PHI in other ways that contribute to the public good (such as public health and research), provided we meet many conditions under HIPAA before doing so. These disclosures include those that help with public health and safety issues (such as preventing disease, helping with recalls, reporting adverse reactions, suspected abuse, neglect or domestic violence or preventing or reducing a serious threat to anyone‘s health or safety). We can also share your PHI for health research or if state or federal laws require it, to respond to court or administrative orders or to address workers’ compensation, law enforcement and other government requests. In addition, we may share your PHI to respond to organ and tissue donation requests or to work with a medical examiner, coroner or funeral director.

THIRD PARTY COLLECTION OF INFORMATION

Our policy only addresses the use and sharing of information we collect from you. To the extent that you share your information with other parties via our Services (e.g. by clicking on a link to any other website or location) or via other sites throughout the internet, different rules may apply to their use or sharing of the information that you disclose to them.

You agree that we shall have no liability whatsoever with respect to such third party sites and services and your usage of them.

USERS’ RIGHTS

HIPAA:

We respect your privacy rights and strive to comply in all aspects with HIPAA. For example, you have the right under HIPAA to inspect or get copies of your PHI contained in a designated record set. Generally, a “designated record set” contains medical records we may have about you. Therefore you may contact us at any time and request the following:

  • You can ask us to access, delete, change or update PHI relating to you (for example, if you believe that your PHI is incorrect, you may ask to have it corrected or deleted). We may say “no” to your request, but we will tell you why within 60 days.
  • You can ask us to contact you in a specific way or to send mail or email to a different address. We will approve all reasonable requests.
  • You can ask to inspect or copy your PHI in electronic or paper form. We will provide a copy or summary of your PHI, usually within 30 days of your request. We may charge a reasonable fee for the information.
  • You can ask that we cease any further use or sharing of your PHI for treatment, payment or our operations. We are not required to agree to your request and we may not agree if it would affect your care.
  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for purpose of payment or our operations with your health insurer or group health plan. We will agree unless a law requires us to share that information.
  • You may request a list (accounting) of disclosures of your PHI, including list of the times we have shared your PHI for six years prior to the date you ask, who we shared it with, and why. We reserve the right to charge a reasonable, cost-based fee if you ask for another list within 12 months of such request. We will include all disclosures except those about treatment, payment and health care operations, and certain other disclosures (such as those you asked us to make).
  • You can ask for a paper copy of this notice at any time, and will provide it to you promptly.

If you have given someone a medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure the person has this authority and can act for you before we take any action.

COMPLAINTS

If you wish to exercise any of the abovementioned rights or raise a complaint on how we have handled your Professional Information or PHI, please contact us directly at HELP@PracticePal.io.

If you are not satisfied with our response or believe we are collecting or processing your Professional Information not in accordance with the laws, you can complain to the applicable data protection authority. In addition, if you believe your privacy rights with respect to PHI have been violated, or if you are dissatisfied with our privacy practices or procedures regarding your PHI, you may file a complaint with the U.S. Department of Health and Human Services by sending a letter to U.S. Department of Health and Human Services Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775 or visiting:

www.hhs.gov/ocr/privacy/hipaa/complaints/ We will not retaliate against you for filing a complaint.

RETENTION OF INFORMATION

We will retain your personal information for the duration required to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time. Under applicable regulations, we will keep records containing client personal data, account opening documents, communications and anything else as required by applicable laws and regulations.

We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.

HOW DO WE SAFEGUARD AND TRANSFER YOUR INFORMATION?

We take great care in implementing and maintaining the security of the Services and your information in accordance with the requirements of all applicable laws (including with requirements under HIPAA). We employ industry standard procedures and policies to ensure the safety of our users’ information, and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse our Services, and we make no warranty, express, implied or otherwise, that we will prevent such access.

As an additional safeguard to your information, the Company employs a Data Protection Officer ("DPO"). The DPO has the power to insist on company resources for information protection matters and has a deep knowledge of information protection regulations and privacy law requirements. The DPO’s responsibility includes, among other things: providing privacy and security compliance advice, notifying users and applicable authorities of any data breach incident as required by law, conducting awareness and training programs, etc. The DPO serves as our HIPAA privacy official.

If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse our Services or acted in an inappropriate manner, please contact us directly at Privacy@PracticePal.io.

AFFILIATES AND CORPORATE TRANSACTIONS

We may share your information, including your Professional Information and PHI, with any subsidiaries, joint ventures, or other companies under our common control (collectively, "Affiliated Companies"). We may share Information, including Professional Information and PHI, in the event of a corporate transaction (e.g. sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our Affiliated Companies or acquiring company will assume the rights and obligations as described in this Privacy Policy and, with respect to PHI, under HIPAA.

MINORS

The Services are not designed for the use of any children under 16 years of age. If you have reason to believe that a child under the age of 16 has provided Professional Information to us through the use of any of the Services without the consent of their parent or legal guardian, you should immediately contact us and we will endeavor to delete that information from our records.

Additionally, no information should be submitted to or posted to any of the Services by users under 18 years of age without the consent of their parent or legal guardian. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Professional Information and PHI on any of the Services without their permission.

MARKETING

We may use your Professional Information, such as your email address and mobile phone number, ourselves or by using our third party subcontractors for the purpose of providing you with promotional material, which we believe may interest you. If we or our third party subcontractors wish to use PHI for marketing purposes, we will request that you provide a written authorization for us to do so. You hereby consent and authorize us to contact you in accordance with the above.

Out of respect to your right to privacy, at any time, you may request to unsubscribe and discontinue receiving marketing offers by contacting us at support@myPracticePal.com, or by using the unsubscribe link provided within any such communication. If you unsubscribe we will remove your email address and phone number from our marketing distribution list. Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you Service-related updates and notifications.

CALIFORNIA PRIVACY RIGHTS

FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of your personal information with third parties. If you reside in California and you have provided us with your personal information, you may request information about our disclosures of certain categories of your personal information to third parties for direct marketing purposes. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line and allow 30 days for a response. We will not accept requests via the telephone, mail, or by facsimile, and we are not responsible for notices that are not labeled or sent properly, or that do not have complete information.

FOR RESIDENTS OF CALIFORNIA UNDER THE AGE OF 18. In accordance with Section 22581 of the California Business and Professions Code, you may request and obtain the removal of content or information you have publicly posted. To make such a request, please fill out our Privacy Contact Form with “California Privacy Rights” in the subject line. Please specify the site(s) or service(s) to which your removal request relates, including any URLs where the content or information is posted, and the specific content or information you posted for which you are requesting removal. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.

UPDATES OR AMENDMENTS TO THE PRIVACY POLICY

We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on our Site (as reflected in the “Last Revised” heading). Any changes will apply to all information we have about you and will be available upon request and on our Site. We encourage you to review this Privacy Policy regularly for any changes. In case of material changes we may notify you through our Services or by email. Should you object to any such modifications, you must cease using our Site and Services and request that we delete your account. Your continued use of the Services, following the notification of such amendments on our Site or the App, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

CHANGES TO THIS PRIVACY POLICY

We may revise this Privacy Policy from time to time and, if we do, we will update it on this page and modify the "Last Updated" date. If our information practices change in a significant way, you will be provided notice by means of notice on our sites or otherwise in writing. Because our Privacy Policy can change at any time, we encourage you to reread it periodically to see if there have been any changes that affect you. If you disagree with any changes to this Privacy Policy and do not wish your information to be subject to the revised Privacy Policy, you will need to deactivate your account or terminate your services. Your use of our sites and services following any such change constitutes your agreement that all information collected from or about you through our sites and services after the revised Privacy Policy is posted will be subject to the terms of the revised Privacy Policy.

SPECIAL NOTES

  • Nondiscrimination Statement: VCP complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex.
  • We do not collect genetic information and is prohibited from using or disclosing genetic information for underwriting purposes.
  • We do not collect substance abuse treatment records and will never share any substance abuse treatment records without your written permission.

CONTACTING US

If you have any questions or concerns about this Privacy Policy or our practices you can contact us or write to us at HELP@PracticePal.io. Please be sure to identify the specific website, software application, or service about which you have a question or concern and how we can contact you.

  • Home

  • Copyright © PracticePal 2023

  • Terms of Use

Copyright © PracticePal 2023