Effective as of December 20, 2018
1. WHAT INFORMATION DO WE COLLECT AND FOR WHAT PURPOSE?
The categories of information we collect can include:
Information you provide to us directly. We may collect personal information, such as your name, email address, phone number, date of birth, gender, zip code and location, services and procedures about which you inquire, identification (e.g., a photo of your government-issued ID) or other authentication information, and payment information, when you register for or use our Service, build a profile on our Service, sign up for our mailing list, request an appointment with a medical service provider, or otherwise communicate with us. The supply of such information to Company is at your discretion. We may also collect any communications between you and Company and any other information you provide to Company.
Data collected through the use of the Service. We collect information about how you use the Service, your actions on the Service, and content you post to the Service, and any content you provide through the Service (“User Content”). Please remember that Company may, but has no obligation to, monitor, record, and store User Content in order to protect your safety or the safety of other users, to assist with regulatory or law enforcement efforts, or to protect and defend our rights and property. By using the Service, you consent to the recording, storage and disclosure of such communications you send or receive for these purposes.
Information we receive from third party sites you connect to our Service. We may receive personal information about you from third parties and combine that with information we collect through our Service. For example, we may obtain information when you login through a third party social network or authentication service, such as Facebook or Google. These services will authenticate your identity and provide you the option to share certain personal information with us, which could include your name, email address, address book and contacts, or other information. Similarly, when you interact with us through a social media site or third party service, such as when you like, follow or share Company content on Facebook, Twitter, Pinterest, Instagram or other sites, we may receive information from the social network including your profile information, picture, user ID associated with your social media account, and any other information you permit the social network to share with third parties. The data we receive from these third party sites is dependent upon that third party’s policies and your privacy settings on that third party site. You should always review, and if necessary, adjust your privacy settings on third party websites and services before linking or connecting them to our Service.
We use this information to operate, maintain, and provide to you the features and functionality of the Service; to process and complete transactions that you request on the Service; to verify your identity; to monitor and analyze Service usage and trends; as well as to request feedback or communicate directly with you, such as to send you email messages and push notifications, and permit you to communicate with others on the Service. We may also send you Service-related emails or messages (e.g., account verification, change or updates to features of the Service, technical and security notices). For more information about your communication preferences, see “Control Over Your Information” below.
We, and our third party partners, automatically collect certain types of usage information when you visit our Service, read our emails, or otherwise engage with us. We typically collect this information through a variety of tracking technologies, including cookies, web beacons, embedded scripts, location-identifying technologies, file information and similar technology (collectively, “tracking technologies”). For example, we collect information about your device and its software, such as your IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, a unique ID that allows us to uniquely identify your browser, mobile device or your account, and other such information. We also collect information about the way you use our Service, for example, the site from which you came and the site to which you are going when you leave our website, the pages you visit, the links you click, how frequently you access the Service, whether you open emails or click the links contained in emails, whether you access the Service from multiple devices, and other actions you take on the Service. When you access our Service from a mobile device, we may collect unique identification numbers associated with your device or our mobile application mobile carrier, device type, model and manufacturer, mobile device operating system brand and model, phone number, and depending on your mobile device settings, your geographical location data, including GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of your mobile device, or we may be able to approximate a device’s location by analyzing other information, like an IP address. We may collect analytics data, or use third-party analytics tools such as Google Analytics, to help us measure traffic and usage trends for the Service and to understand more about the demographics of our users. You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners, and view its currently available opt-out options at https://tools.google.com/dlpage/gaoptout. Although we do our best to honor the privacy preferences of our users, we are unable to respond to Do Not Track signals set by your browser at this time.
We use or may use the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the Service; (b) provide custom, personalized content and information; (c) provide and monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our Service; (e) diagnose or fix technology problems; and (f) otherwise to plan for and enhance our Service.
If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies. Please note that doing so may negatively impact your experience using the Service, as some features and services on our Service may not work properly. Depending on your mobile device and operating system, you may not be able to delete or block all cookies. You may also set your e-mail options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our e-mail and performed certain functions with it.
3. SHARING OF YOUR INFORMATION
We may share your personal information in the instances described below. For further information on your choices regarding your information, see the “Control Over Your Information” section below. Our Service is compliant with HIPAA, and as such we will never share protected health information without your explicit consent or request, unless otherwise required by law. Please refer to the HIPAA section, “Notice of Privacy Practices specific to HIPAA and PHI”, below for further information.
We may share your personal information, excluding any PHI covered under HIPAA, with:
Third parties at your request. For example, you may have the option to share your activities on the Service with your friends through email, text or on various social media sites;
Third-party vendors and other service providers that perform services on our behalf, as needed to carry out their work for us, which may include processing payments, providing mailing services, providing tax and accounting services, web hosting, or providing analytic services;
The public when you provide feedback or User Content on our Service. For example, if you post User Content on our blog or comment on our social media sites, your information, such as your username and your comments, may be displayed on our website or on our social media pages;
Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings; and
Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our Service; and/or (c) to exercise or protect the rights, property, or personal safety of Company, our visitors, or others.
We may also share information with others in an aggregated or otherwise anonymized form that does not identify you as an individual as defined by HIPAA.
4. CONTROL OVER YOUR INFORMATION
Profile and Data Sharing Settings. You may update your profile information, such as your username, and may change some of your data sharing preferences by visiting “Edit Profile” in your account.
Access to your Device Information. You may control the Service’s access to your device information through your “Settings” app on your device. For instance, you can withdraw permission for the app to access your location, photo stream and camera.
How to control your communications preferences: You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in such communications. We make every effort to promptly process all unsubscribe requests. You may not opt out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Service, technical and security notices).
Modifying or deleting your information: If you have any questions about reviewing, modifying, or deleting your information, or if you want to remove your name or comments from our website or publicly displayed content, you can contact us directly at firstname.lastname@example.org. We may not be able to modify or delete your information in all circumstances.
5. HOW WE STORE AND PROTECT YOUR INFORMATION
Keeping your information safe: We care about the security of your information and employ physical, administrative, and technological safeguards designed to preserve the integrity and security of all information collected through our website. However, no security system is impenetrable and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
All storage of PHI is in compliance with HIPAA.
6. CHILDREN’S PRIVACY
Company does not knowingly collect or solicit any information from anyone under the age of 13 on this Service. In the event that we learn that we have inadvertently collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from a child under 13, please contact us at email@example.com.
7. LINKS TO OTHER WEB SITES AND SERVICES
The Service may contain links to and from third party websites of our business partners, advertisers, and social media sites and our users may post links to third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. We strongly recommend that you read their privacy policies and terms and conditions of use to understand how they collect, use, and share information. We are not responsible for the privacy practices or the content on the websites of third party sites.
8. HOW TO CONTACT US
10. Notice of Privacy Practices specific to HIPAA and PHI
As required by the privacy regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
A. Our commitment to your privacy:
The professional services offered directly to you or facilitated by the https://wlnss.co website and corresponding Wlnss smartphone application are provided by Yen Tun Wang Services Medical Corporation, (“Medical Group” or “we” or “our”). Our practice is dedicated to maintaining the privacy of your individually identifiable health information (also called protected health information, or PHI). In conducting our business, we will receive information and create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time. We realize that these laws are complicated, but we must provide you with the following important information:
How we may use and disclose your PHI
Your privacy rights in your PHI
Our obligations concerning the use and disclosure of your PHI
The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices (the “Notice”). Any revision or amendment to the Notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice on this website at all times, and you may request a copy of our most current Notice at any time. A hard copy of the Notice may be obtained by forwarding a written request to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068 or requesting one at the time of service.
B. Your personal information:
We keep records of the medical care we provide you, and we may receive similar records from others. We use this information so that we, or other health care providers, can render quality medical care, obtain payment for services and enable us to meet our professional and legal responsibilities to operate our medical practice. We may store this information in a chart and in our computers. This information makes up your medical record. The medical record is our property; however, this notice explains how we use information about you and when we are allowed to share that information with others.
C. Our privacy practices:
D. If you have questions about this Notice, please contact:
E. We may use and disclose your PHI in the following ways:
The following categories describe the different ways in which we may use and disclose your PHI.
Treatment. Our practice may use your PHI to treat you. For example, we may use your PHI in order to write an order to provide you with IV treatment. Many of the people who work for our practice – including, but not limited to, our doctors and nurses – may use or disclose your PHI in order to treat you or to assist others in your treatment.
Payment. Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. In addition, and by way of example of disclosures for payment purposes, we may disclose your PHI to our business associates to assist in billing and collection efforts.
Health care operations. Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice.
Appointment reminders. Our practice may use and disclose your PHI to contact you and remind you of an appointment.
Treatment options. Our practice may use and disclose your PHI to inform you of potential treatment alternatives or other health-related benefits and services that may be of interest to you.
Health-related benefits and services. Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.
Release of information to family/friends. Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. However, any such disclosure will be subject to legal requirements and our HIPAA Policy.
Disclosures required by law. Our practice will use and disclose your PHI when we are required to do so by federal, state or local law.
F. Use and disclosure of your PHI in certain special circumstances:
The following categories describe unique scenarios in which we may use or disclose your identifiable health information:
Public health risks. Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
Maintaining vital records, such as births and deaths;
Reporting child abuse or neglect;
Preventing or controlling disease, injury or disability;
Notifying a person regarding potential exposure to a communicable disease;
Notifying a person regarding a potential risk for spreading or contracting a disease or condition;
Reporting reactions to drugs or problems with products or devices;
Notifying individuals if a product or device they may be using has been recalled;
Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information; or
Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
Health oversight activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
Lawsuits and similar proceedings. Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
Law enforcement. We may release PHI if asked to do so by a law enforcement official:
Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement;
Concerning a death we believe has resulted from criminal conduct;
Regarding criminal conduct while we provide services;
In response to a warrant, summons, court order, subpoena or similar legal process;
To identify/locate a suspect, material witness, fugitive or missing person; or
In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
Deceased patients. Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.
Organ and tissue donation. Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.
Research. Our practice may use and disclose your PHI for research purposes in certain limited circumstances.
Serious threats to health or safety. Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
Military. Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
National security. Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
Inmates. Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
Workers’ compensation. Our practice may release your PHI for workers’ compensation and similar programs.
Change of Ownership. In the event that our practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
De-Identified Data. We may use or share your PHI once it has been “de-identified.” PHI is considered de-identified when it has been processed in such a way that it can no longer personally identify you.
Limited Data Sets. We may also use a “limited data set” that does not contain any information that can directly identify you. This limited data set may only be used for the purposes of research, public health matters or health care operations. For example, a limited data set may include your city, county and zip code, but not your name or street address.
G. Receiving PHI from providers, insurance entities and their business associates:
We want to make you aware that, just as the Medical Group uses and discloses certain PHI in your treatment, our operations and management and certain payment practices, it is possible the Medical Group will receive PHI from other healthcare entities.
H. Your written permission:
Except as described in this Notice, or as otherwise permitted by law, we must obtain your written permission – called an authorization – prior to using or sharing health information that identifies you as an individual. If you provide an authorization and then change your mind, you may revoke your authorization in writing at any time. Once an authorization has been revoked, we will no longer use or share your health information as outlined in the authorization form; however you should be aware that we won’t be able to retract a use or disclosure that was previously made in good faith based on what was then a valid authorization from you.
We will also comply with state law which may have requirements beyond those contained in this notice.
J. Your rights regarding your PHI:
You have the following rights regarding the PHI that we maintain about you:
Confidential communications. You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. In order to request a type of confidential communication, you must make a written request to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068 and inform us of the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.
Requesting restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068.
Your request must describe in a clear and concise fashion:
The information you wish restricted;
Whether you are requesting to limit our practice’s use, disclosure or both; and/or
To whom you want the limits to apply.
Inspection and copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, unless excluded by law. You must submit your request in writing to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068 in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.
Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068.
You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.
Accounting of disclosures. All of our patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine patient care in our practice is not required to be documented – for example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068.
All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
Right to a paper copy of this notice. You are entitled to receive a paper copy of our Notice. You may ask us to give you a copy of this Notice at any time. To obtain a paper copy of this Notice, contact the Medical Group at firstname.lastname@example.org.
Right to file a complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, or calling 1-877-696-6775. To file a complaint with our practice, contact Yen Tun Wang Services Medical Corporation, 3810 Multiview Drive, Los Angeles, CA 90068. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
Right to provide an authorization for other uses and disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: we are required to retain records of your care.
Again, if you have any questions regarding this Notice or our health information privacy policies, please contact the Medical Group at email@example.com.
I acknowledge that I have received the Notice of Privacy Practices for the Medical Group, and have been provided an opportunity to review it. If you have any questions or would like a hard copy of this Notice, please contact the Medical Group at firstname.lastname@example.org.