Information That You Give Us.
When you register for or subscribe to our Services (“Enroll”), we collect personal information that can identify you (“Personally Identifiable Information” or “PII”) such as your full name, email address, mailing address, telephone number, and credit card information for payment.
The information that we collect varies depending upon how you use our Services. When you Enroll, you will need to provide us with health-related information that OMBRE will need to determine whether the services it provides are appropriate for you. That information will be associated with your profile. Any PHI that you provide through the Website briefly describing your symptoms (or those of any minor for whom you request Services) will be sent to an OMBRE provider, if available, to be used for subscription and scheduling purposes.
OMBRE will not use any PHI for any other purpose without your written authorization, or unless otherwise permitted or required by law. You may revoke, in writing, any such authorization at any time, except to the extent OMBRE has taken action in reliance thereon. OMBRE will not have any independent access to an independent Medical Practice’s detailed health record, if any, created as a result of a Visit.
WE DO NOT KNOWINGLY ENROLL OR COLLECT INFORMATION DIRECTLY FROM CHILDREN UNDER THE AGE OF EIGHTEEN.
Please keep in mind that certain features on the Website give you an opportunity to interact with us and others. These may include forums, message boards, chats, creating community profiles, and rating, tagging and commenting on articles. When you use these features you should be aware that any information you submit, including your name, location, health issues, and email address, may be publicly available to others. We do not protect the privacy of and are not responsible for your disclosure of any information through these interactive features, including, but not limited to information that you might post related to a minor.
Also, whenever you voluntarily disclose anyone’s personal information on publicly-viewable web pages, that information can be collected and used by others. For example, if you post your email address, you may receive unsolicited messages. We cannot control who reads your posting or what other users may do with the information that you voluntarily post, so we encourage you to exercise discretion and caution with respect to information you choose to disclose through these interactive features. When an individual chooses to post information that will be publicly disclosed, he or she is responsible for all legal consequences. We are not responsible under any data protection laws for-information that you voluntarily post on a site that can be accessed by others.
If you believe that OMBRE has violated your privacy rights, you should contact us at the mailing address or e-mail address provided below. You may also file a complaint with the government.
See http://oag.ca.gov/contact/consumer-complaint-against-business-or-company for more information.
Other Information We Collect.
Protected Health Information. In connecting you with an OMBRE provider, the Website may collect PII and PHI from you and transmit it electronically. We will use administrative, physical, and technical safeguards to protect the security and privacy of information held in the Website. Our infrastructure is kept in a secured data center that protects from unauthorized access to the physical servers, backups and any element used to store and/or process personal data. Only authorized personnel can access the data center. Our systems and databases are backed up regularly to help protect the data in case of an incontrollable catastrophe. The data center that stores our servers has policies and procedures in place designed to safeguard the equipment that our data is stored on. We regularly upgrade our system software to include the latest security features. Our servers are protected by a firewall system, which is designed to keep unwanted traffic or access out of our computer network. We also employ an intrusion prevention service (IPS) provided by a secured data center operated by a professional company. We also use security methods to determine the identity of each registered user, so that appropriate rights and restrictions can be enforced for that user. Reliable verification of user identity is called “authentication.” All communication between our Web server and your browser is encrypted with SSL (Secure Sockets Layer) to guard against network eavesdroppers. Your password is internally encrypted in our system to prevent unauthorized access to the system. Validations are built throughout the application to capture the most reliable information. Only the last 4 digits of your credit card number is stored on our servers.
OMBRE will transmit any PHI describing your symptoms (or that of any minor for whom you are requesting Services) to any independent OMBRE provider in a secured electronic transaction. You have a right to a paper copy of any PHI that Heal transmits (including that of a minor for whom you are acting), and a right to amend PHI in accordance with applicable legal requirements. If you wish to communicate with your OMBRE provider directly by email or other electronic means, you may request that those communications be through a system that protects their confidentiality. OMBRE providers will accommodate reasonable requests in accordance with applicable law. Otherwise, your electronic communications may not be secure.
Tracking and/or Analytics Services. We may use analytics services. These services do not track your browsing habits across websites that do not use the same services. We are using the information collected by these services to understand user behavior and optimize site performance.
Web Beacons. We may also use web beacons (invisible images often referred to as pixel tags or clear GIFs) in order to recognize users and assess traffic patterns, and we may include web beacons and cookies in our email messages in order to count how many e-mail messages have been opened.
Non-Personally Identifiable Information. We also collect Non-Personally Identifiable Information that is not health information or medical information in the form of statistics and information regarding the Website user’s statistics and metrics obtained from third party devices, which may be combined with personal information you submit through the website and/or Services so that you can fully enjoy the benefits of the website’s tracking, monitoring, and diagnostic tools.
How We Use Your Information.
- For the purposes for which you specifically provided it including, without limitation, to enable us to process and fulfill your Membership, provide the Services or other requests.
- To communicate with an OMBRE provider.
- To send you information about your relationship or transactions with us.
- To notify you about our products, services, and special offers, except that OMBRE will not use PHI for marketing purposes without your prior written consent for yourself or your minor child.
- To otherwise contact you with information that we believe will be of interest to you.
- To enhance or develop features, products and services.
- To allow us to personalize the content that you and others see on the Website.
- To provide advertisers and other third parties with aggregate information about Website users and Website usage patterns.
- To allow other select companies to send you promotional materials about their products and services, provided that no personally identifiable PHI will be used for this purpose without your prior written consent.
We use non-Personally Identifiable Information for purposes such as measuring the number of users of various features of the Website, making the Website more useful to users and delivering targeted advertising and non-advertising content. We may also use Non-Personally Identifiable Information (for example, statistics regarding use and metrics) for research purposes, for marketing and promotional purposes, and to develop new learning tools and solutions and we may share such information with third parties, including researchers and/or advertisers, on an aggregate and anonymous basis. We use IP addresses to analyze trends, administer the Website, track a visitor’s movement, and gather demographic information for aggregate, non-personally identifiable use.
Sharing Your Information.
We may share your information as follows:
- OMBRE Provider: We will share your information with the OMBRE provider to whom you are assigned when you schedule your first online session. Any PHI that we collect from you will be kept private and secure, as required by law.
- With Affiliates: We may share your PII with affiliated companies and businesses, provided that your PHI will not be shared for any marketing purposes without your prior written consent, in accordance with applicable law.
- With Service Providers: We may use other companies to perform services including, without limitation, facilitating some aspects of our Website such as processing credit card transactions sending emails, and fulfilling purchase requests. These other companies may be supplied with or have access to your PII solely for the purpose of providing these services to you on our behalf. Such service providers shall be bound by appropriate confidentiality and security obligations, which may include, as applicable, business associate contract obligations.
- With Business Partners: When you make purchases or engage in promotions offered through our Website, we may share PII, but not your PHI with the businesses with which we partner to offer you those products, services, and promotions. When you accept a particular business partner’s offer, you authorize us to provide your information to that business partner.
- With other Service Providers: We occasionally will share, on an anonymous basis, information and data on Website users with third party providers who provide targeted services, such as advertising or data analysis on our behalf. This sharing of information does NOT include any PII or PHI.
- Special Circumstances: We also may disclose your PII:
- In response to a subpoena or similar investigative demand, a court order, or other request from a law enforcement or government agency where required by applicable law.
- When disclosure is required or allowed by law in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Website’s terms and conditions or other agreements or policies.
- In connection with a corporate transaction, such as the sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, or in the event of bankruptcy, as required or allowed by law.
SPECIAL NOTICE FOR USERS OF THE WEBSITE: IF YOU ELECT TO MAKE YOUR PROFILE (OR THAT OF A MINOR OR FAMILY MEMBER) VIEWABLE BY OMBRE PROVIDERS, ALL INFORMATION (EXCLUDING PERSONAL CONTACT INFORMATION) THAT YOU INCLUDE IN THAT PROFILE MAY BE VIEWED BY OMBRE PROVIDERS. YOU SHOULD NOT ENTER ANY INFORMATION IN THE PROFILE THAT YOU (OR ANOTHER PERSON) WISHES TO REMAIN CONFIDENTIAL. AN OMBRE PROVIDER WILL NOT BE ABLE TO CONTACT YOU EXCEPT THROUGH THE PERSONAL CONTACT INFORMATION YOU PROVIDE THROUGH THE WEBSITE. WE ARE NOT RESPONSIBLE FOR THE RETENTION, USE OR PRIVACY PRACTICES OF OMBRE PROVIDERS AFTER THEY HAVE RECEIVED YOUR INFORMATION.
Confidentiality of Health Information.
Certain Allied Healthcare Practices may be subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of such a health care provider, we do so as its “business associate” (as also defined by HIPAA). We are prohibited from, among other things, using individually identifiable health information in a manner that the health care provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such health care providers.
We are also subject to laws and regulations governing the use and disclosure of certain personal and health information, including HIPAA, when we operate as a business associate of such a health care provider.
How to Access or Update Your Information.
How We Protect Your Information.
We use commercially reasonable administrative, technical, and physical measures to safeguard PII and PHI in our possession against loss, theft and unauthorized use, disclosure or modification. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. Therefore, while we strive to make all reasonable efforts to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. In the unlikely event of a data breach, you will be notified as soon as reasonably possible, in accordance with applicable law. Furthermore, we are not responsible for any breach of security or for any actions of any third parties that receive the information, including without limitation any breach of security or for any actions of an Allied Healthcare Practice.
Children’s Online Privacy Protection Act.
We support and comply with the Children’s Online Privacy Protection Act (COPPA) and we do not knowingly collect information from children under the age of 18, nor do we share such information with third parties. Children under the age of 18 may not use the Website without the supervision of a parent or guardian over the age of 18. If you seek pediatric Services for a minor, you will be responsible for providing information related to the minor and for paying for Services requested for the minor.
Links to Third Party Sites.
How to Contact Us.