This Privacy Policy covers any information that alone or when in combination with other information may be used to readily identify, contact, or locate an individual (“Personal Information”) that is collected by us from Providers, Patients (as defined below), third parties at the direction of users, and Provider systems as well as through the QSmartCare Services. “Personal Information” also includes identifiable health information collected about you. We do not consider Personal Information to include information that has been anonymized so that it does not allow a third party to easily identify a specific individual. This Privacy Policy describes how QSmartCare collects, uses, and discloses Personal Information.
In addition, individually identifiable information that you provide to us for purposes of providing medical care to your potential or existing patients (the “Patient” or the “Patients”) (such information is also referred to as “Protected Health Information” or “PHI”) will also be subject to each Provider’s Health Insurance Portability and Accountability Act Notice of Privacy Practices (the “HIPAA Notice”), which each Provider shall make available to Patients. The HIPAA Notice shall describe how the Providers can use and share the Patients’ PHI and also describes the Patients’ rights with respect to their PHI.
This Privacy Policy does not reflect the privacy practices of the Providers and QSmartCare is not responsible for our Providers’ privacy policies or practices. QSmartCare does not review, comment upon, or monitor a Provider’s HIPAA Notice or their compliance with their respective privacy policies, nor does QSmartCare review our client’s instructions to determine whether they are in compliance or conflict with the terms of a client’s published privacy policy or applicable law.
Information we obtain from health care providers and other sources. In connection with the Patient’s treatment, we may collect medical records from their past, current, and future health care providers. This may include information about their diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to their illness.
Some of our users, including the Providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the 21st Century Cures Act, HIPAA, the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider who has entered a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, QSmartCare is prohibited from using individually identifiable health information in a manner that the provider itself may not. QSmartCare is required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such providers. QSmartCare is subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when it operates as a business associate of a healthcare provider.
We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the QSmartCare Services to login to the QSmartCare Services or to share information about your experience on the QSmartCare Services with others, we may collect information from these third-party services.