Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU OBTAINED THROUGH THE ECOMMERCE SERVICES OR THE USE OF OUR WEBSITE MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We understand that your medical information is personal. We are committed to protecting your medical information. We (in this document we, us) and our affiliated companies are required by law to maintain the privacy of your protected health information (PHI), to follow the terms of this Notice, and to give you this Notice of our legal duties and privacy practices concerning your health information. We must follow the terms of the current Notice (Effective Date: February 23, 2022).
What data is collected
- We may collect the following Data, which includes PHI, from you:
- a. Name;
- b. Date of birth;
- c. Gender;
- d. Job title;
- e. Profession;
- Contact Information such as email addresses and telephone numbers;
- g. Demographic information such as zip code, preferences and interests;
- h. Financial information such as credit / debit card numbers;
- IP address (automatically collected);
- Web browser type and version (automatically collected);
- k. Operating system (automatically collected); and
- List of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected).
In each case, Data is collected in accordance with this Notice of Privacy Practices.
How we collect Data
We collect Data in the following ways:
a. Data is given to us by you; and
b. Data is collected automatically.
Data that is given to us by you
- We will collect your Data in a number of ways, for example:
a. If and when you contact us through the Website, by telephone, post, e-mail or through any other means;
b. If and when you register with us and set up an account to receive our products/services, including any eCommerce transaction (whether by Subscription or One-Time Order)
c. If and when you make payments to us, through the Website or otherwise;
d. If and when you elect to receive marketing communications from us.
In each case, Data is collected in accordance with this Notice of Privacy Practices.
Data that is collected automatically
- To the extent that you access the Website, we will collect your Data automatically, for example, we automatically collect some information about your visit to the Website. This information helps us to make improvements to Website content and navigation, and includes your IP address, the date, times and frequency with which you access the Website and the way you use and interact with its content.
How We May Use or Disclose Your Protected Health Information
1. For Treatment. We may use your PHI to dispense prescriptions, provide medical treatment/services, and/or provide medication therapy management services to you. We may disclose your PHI to treating physicians, providers, pharmacies, ophthalmic providers, and other persons who are involved in your healthcare treatment.
2. For Payment. We may use and disclose your PHI so that we can bill and collect payment from you, your insurance company, or a third party. This may include conducting insurance eligibility checks with state Medicaid, Medicare, or other health plans, determining enrolment status, and providing information to entities that help us submit bills and collect amounts owed.
3. For Health Care Operations. We may use and disclose your PHI for health care operations, which include activities necessary to provide health care services and ensure you receive quality customer service.
4. For Prescription Delivery, Reminders and Health-Related Products and Services. We may use or disclose your PHI to: (1) arrange delivery of your prescription to you in store or at home; (2) provide you with prescription reminders; (3) notify you of an expired prescription; (4) tell you about health-related products or services; (5) remind you about your annual eye or other exam; (6) recommend possible treatment alternatives that may be of interest to you; (7) tell you about other locations where you may order prescription products; (8) remind you about your clinic appointment; (9) provide you with information pertaining to your clinic appointment; and/or provide medication therapy management services to you.
5. Individuals Involved in Your Care or Payment for Your Care. We may disclose your PHI to a family member or friend who is involved in your medical care or payment for your care, provided you agree to this disclosure or we give you an opportunity to object to the disclosure. If you are unavailable or are unable to object, we will use our best judgment to decide whether this disclosure is in your best interest.
6. As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law.
7. To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. We may disclose your PHI for public health activities, such as those aimed at preventing or controlling disease, preventing injury, reporting reactions to medications or problems with products, recalling products, and reporting the abuse or neglect of children, elders and dependent adults. Any disclosure, however, would only be to someone able to help prevent the threat.
8. For Health Oversight Activities. We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities, which are necessary for the government to monitor the health care system, include audits, investigations, inspections and licensure.
9. For Lawsuits and Disputes. If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice) or to obtain an order protecting the information requested.
10. For Specialized Government Functions. We may disclose your PHI: (1) if you are a member of the armed forces, as required by military command authorities; (2) if you are an inmate or in custody, to a correctional institution or law enforcement official; (3) in response to a request from law enforcement, under certain conditions; (4) for national security reasons authorized by law; (5) to authorized federal officials to protect the President, other authorized persons or foreign heads of state
11. For Workers’ Compensation. We may disclose your PHI for workers’ compensation or similar programs.
12. For Organ and Tissue Donation. We may also disclose your PHI to organ procurement or similar organizations for purposes of donation or transplant.
13. For Coroners and Funeral Directors. Upon your death, we may release your PHI to a funeral home director, coroner, or medical examiner, consistent with applicable law to enable them to carry out their duties.
14. For Personal Representatives. We may disclose your PHI to a person legally authorized to act on your behalf, such as a parent, legal guardian, administrator or executor of your estate, or other individual authorized under applicable law.
15. For Marketing. With your authorization, we may use or disclose your PHI to our third-party agents, representatives, service providers and/or contractors to offer targeted marketing communications to you.
16. For Sale of PHI. We may not disclose your PHI to any other person in exchange for direct or indirect remuneration unless such disclosure is made to another covered entity for purposes of treatment or payment, or as otherwise authorized or required by state or federal law. In such instances, the remuneration we can receive for such disclosures may not exceed our reasonable costs for preparing or transmitting the PHI.
17. For Business Associates. We may share your PHI with certain business associates that perform services for us, including those involved in the delivery of your prescription to you whether in store or at home including under a Subscription or One-Time Order. We may disclose your PHI to a business associate so that the business associate can perform the job we have asked it to do and bill you or your third-party payer for services rendered. Federal law requires us to enter into business associate contracts to safeguard your PHI as required by law.
18. For Research Purposes. We may share your PHI for research purposes where the only remuneration received by the covered entity or business associate is a reasonable cost-based fee to cover the cost to prepare and transmit the PHI for such purposes.
19. For Proof of Immunization: We may disclose immunization records to a school about a child who is a student or prospective student of the school, as required by state or other law, if authorized by the parent/guardian, emancipated minor or other individual as applicable.
20. Limitations on Uses and Disclosures of Your Health Information. Except as described in this Notice, we will not use or disclose your PHI without your authorization. If you do give us authorization to use or disclose your PHI, you may cancel your authorization in writing at any time. If you cancel your authorization, this will stop any further use or disclosure for the purposes covered by your authorization, except where we have already acted on your permission. We must also follow any state law that is stricter than federal HIPAA (The Health Insurance Portability and Accountability Act of 1996) regulations. In the event of a security breach involving your PHI, a notice will be provided to you.
You Have the Following Rights with Respect to Your Protected Health Information that is Maintained in Our Records
- You may request restrictions on the use or disclosure of your PHI for treatment, payment or health care operations, or when using or disclosing your PHI to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request. If we agree, we will comply with your request except in certain emergency situations or as required by law.
- You may request restrictions on certain disclosure of your PHI to your health plan for purposes of carrying out payment or health care operations regarding services paid for in full (out of pocket).
- You may inspect and receive a paper or electronic copy of your medical records, if readily producible. Usually, this includes prescription and billing records. We may charge you for the costs of responding to your request. We may deny your request, in which case, you may request that the denial be reviewed.
- You may request we amend your PHI if it is incorrect or incomplete. You must provide a reason that supports your request. We may deny your request if the PHI is accurate and complete or is not part of the PHI kept by or for your eye doctor. If we deny your request, you have the right to submit a statement of disagreement regarding any item in your record you believe is incomplete or incorrect. Your request will become part of your medical record. We will attach it to your records and include it when we make a disclosure of the item or statement you believe to be incomplete or incorrect.
- You may request an accounting of disclosures of your PHI. This is a list of the disclosures made of your health information, other than for treatment, payment or health care operations, and other exceptions allowed by law. Your request must specify a time period, which may not be longer than six years.
- You may request we contact you in a certain way or at a certain location. For example, you may request we contact you only at work or at a different residence or post office box. Your written request must state how or where you wish to be contacted. We will grant reasonable requests. If you would like to exercise any of these rights, contact us at the location that provided your services or submit a written request to us. A link to this Notice may be found on the Portal.
Keeping Data secure
1. We will use technical and organizational measures to safeguard your Data, for example:
a. Access to your account is controlled by a password and a username that is unique to you.
b. We store your Data on secure servers, which may be cloud based.
c. Payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology.
2. Technical and organizational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorized access to your Data, please let us know immediately by contacting us via this e-mail address: firstname.lastname@example.org
- Unless a longer retention period is required or permitted by law, we will only hold your Data on our systems for the period necessary to fulfil the purposes outlined in this Notice of Privacy Practices or until you request that the Data be deleted.
- Even if we delete your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.
Links to other websites
- You may not transfer any of your rights under this Notice of Privacy Practices to any other person. We may transfer our rights under this Notice where we reasonably believe your rights will not be affected.
- If any court or competent authority finds that any provision of this Notice of Privacy Practices (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Notice of Privacy Practices will not be affected.
- Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
- This Notice of Privacy Practices will be governed by and interpreted according to the law of the state in which we are incorporated and registered and shall be interpreted, construed, enforced and governed in all aspects in accordance with the exclusive jurisdiction and laws of that state. Any suit, cause of action, or legal proceeding arising under or relating to the use of the Website or this Notice of Privacy Practices shall be in the exclusive jurisdiction and venue of the state courts of such state or the federal courts situated in the relevant district of that state applicable to us.
Changes to this Notice of Privacy Practices
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective in respect of all PHI we already have about you at the time of change as well as any information we receive in the future. We will post electronically a copy of the current Notice. If we change our Notice, you may obtain a copy of the revised Notice by visiting the Portal.
For More Information or to Report a Problem
If you have questions about this Notice, contact us or the principal of your home practice, who is our Designated Person. If you believe your privacy rights have been violated, you may file a written complaint, and there will be no retaliation, with the principal of your practice at your usual practice address, or with the Secretary of the Dept. of Health and Human Services, Office for Civil Rights.
This Notice of Privacy Practices was last updated on February 23, 2022.