Effective as of June 27, 2022
WE VALUE YOUR PRIVACY
Medical Services, Inc. (“MSI” “we,” or “us”) is committed to bringing users, including, as applicable, patients and their families or friends, medical providers, or other health care professionals (“you” or “yours”) the highest quality website, products, services, and associated software, including, but not limited to, “MSI’s Patient Connect” service that seeks to facilitate and improve the delivery of medical services between patients and medical providers and health care professionals (collectively, the “Services”). MSI is not a health care provider and does not treat patients using the Services. By using these Services, you acknowledge that all clinical and medical treatment and diagnostic decisions are the responsibility of your professional healthcare providers. In any health emergency, please call 911 or contact health providers rather than communicating through the Services.
This Policy informs you of our practices when handling your personal information, health care information, PI, and PHI through the Services. In this Policy, “MSI” refers to MSI, Inc., a company registered in Delaware with a business address located at P.O. BOX 41081, San Jose, California 95160. Where MSI has a business or enterprise service agreement in place with a business or enterprise which is asking you to use our Services (for example, your medical facility or your individual medical provider), we obtain and maintain your personal information, health care information, PI or PHI on behalf of and at the instructions of that MSI customer. In that context, such business or enterprise customers may have control rights to your information, and their privacy policies will apply to such information. We encourage you to read their privacy policies, where applicable.
For this Policy, “PI” means any information relating to an identified or identifiable individual, particularly where combined with one or more of such individual’s confidential numbers (such as social security, driver’s license, or credit/debit card numbers). This includes PI that you provide or generate when you use any MSI-provided applications (the “App”) or dedicated MSI websites (the “Website”) or associated software, services, or products. “PHI” generally refers to information about medical services provided to a patient, as defined under the federal HIPAA/HITECH statute and regulations. When you use the Services, you accept and understand that we collect, use, and store your PI and any PHI as described in this Policy.
- INFORMATION WE COLLECT
We will collect and use the following information about you:
Information you provide to us:
- Registration Information. When you create an account on our Services, either as a patient or patient’s family member or friend, medical provider, or other health care professional, you will be asked to provide information such as your name, email address, and/or cell phone number, and a password, among other possible information (including basic medical background for medical providers). For any paid Services, we may collect information relevant to payment information or rely on a third-party payment processing partner, which may also collect your name, billing address, and payment information. Where we use a third-party payment processing partner, payment information is not shared with us and is maintained by our payment processing partner.
- App Information. When you use the Services, you may upload or provide us with word-based queries, responses, images, or audio or video recordings (“Audio/Video Recordings”) in the Services context.
- Communication Information. When you contact us or interact on the App, you provide us with your telephone or cell phone number and/or email address and any other information you choose to provide over such communication.
Information you provide us about others:
- Suppose you choose to collaborate on receiving our Services with family or friends or refer us to them. In that case, you provide us with the email address and/or cell phone number and a description of their relationship to the patient, among other information.
- If you provide an Audio/Video Recording, this may contain the PI of third parties. Before you do so, please make sure you have the necessary permissions from your family members, friends, co-workers, or other third parties before sharing PI or referring them to us.
Information we automatically collect or is generated about you when using the Services:
- Usage Information: When you use the Services, you general information about your use, including timestamps, such as access, record, share, edit and delete events, App or Website use information, interactions with our team, and transaction records.
- Device Information: We may assign a unique user identifier (“UUID”) to each mobile device that accesses the Services. When you use our Services, you provide information such as your IP address, UUIDs, device IDs, web beacons, and other device information (such as carrier type, whether you access our Services from a desktop or mobile platform, device model, brand, web browser and operating system).
Information received from third parties:
- Information we receive from third-party platforms: When you connect third-party platforms, apps, or providers (such as Google Calendar, iCal or other calendar programs, Google Contacts, or Zoom) to our Services, or when you register through a third-party account (such as Google or Microsoft), if applicable, we may receive personal information or PI that includes your username, profile picture, email address, time, location, calendar information, contact information from such third parties and any information you choose to upload to such third-party platforms (“Platform Information”).
- Information from platforms our Services rely on: Where applicable, we receive transaction information from our payment processor partner.
- Other third parties. We may receive additional information about you, such as demographic or interest attributes, from third parties such as data or marketing partners and combine it with other information we have about you.
- HOW WE USE YOUR PERSONAL INFORMATION
We use your PI to:
- Set up your account. We use your registration, device, and any information received from third parties to set up an account for you to use our Services. We do so by our contractual and pre-contractual obligations to provide you with an account to use the Services.
- Provide you with the Services. We use your audio/video recordings, usage information, platform information, queries, responses, and other information to provide you with the Services. In addition, we may use your communication information to facilitate support (e.g., retrieval of a forgotten password). We do so by our contractual obligations to you to provide you with the Services.
- Improve and monitor the Services. We use personal information or PI we automatically collect or generate about you when you use the Services, as well as non-PI about your devices such as device manufacturer, model, and operating system, and the amount of free space on your device, to analyze the use of and improve our Services. We train our proprietary artificial intelligence technology on aggregated, de-identified audio/video recordings. Only with your explicit permission will we manually review specific audio/video recordings to further refine our model training data.
- Communicate with you. If you contact us, we will use your contact information to communicate with you and, if applicable, review your usage information to support your use of the Services.
- Send you newsletters about product news or updates that may interest you. We may send you emails with news or updates about our Services. When doing so, we process your name and email address and may process your user information. Your consent can be withdrawn at any time by contacting MSI at email@example.com.
- Prevent fraud, defend MSI against legal claims or disputes, enforce our terms, and comply with our legal obligations. It is in our legitimate interest to protect our interests by (1) monitoring the use of the Services to detect fraud or any other user behavior which prejudices the integrity of our Services, (2) taking steps to remedy the fraud above and behavior, (3) defending ourselves against legal claims or disputes, and (4) enforcing our terms and policies. When doing so, we will use the personal information, health information, PI, or PHI relevant in such a case, including information you provide us, information we automatically collect about you, and information provided by third parties.
- Use data in aggregated form. We also may collect and use aggregated data such as statistical or demographic data for our purposes. Aggregated data may be derived from your personal information, health information, PI, or PHI but is not PI or PHI as this data will not directly or indirectly reveal your identity. However, suppose we combine or connect aggregated data with your PI or PHI so that it can directly or indirectly identify you. In that case, we will treat the combined data as PI or PHI (as applicable), which will be used by this Policy.
- HOW WE USE YOUR PERSONAL HEALTH INFORMATION; ACKNOWLEDGEMENT OF NO MEDICAL DIAGNOSIS AND TREATMENT BY MSI
We use your health information and PHI to improve and monitor the Services and, where applicable, to prevent fraud, defend MSI against legal claims or disputes, enforce our terms and comply with our legal obligations. By using these Services, you acknowledge that all clinical and medical treatment and diagnostic decisions are the responsibility of professional healthcare providers, including the medical and healthcare professionals using the App and Website. You also acknowledge that MSI is not responsible for determining the type and quality of the diagnostic tests and/or clinical guidelines necessary for you and your providers to make medical and diagnostic decisions, as well as for complying with all laws, regulations, and licensing requirements applicable to the delivery of healthcare services. You indemnify and hold MSI harmless concerning all such decisions. MSI does not make any medical or diagnostic decisions or determinations, otherwise, act upon the patient data in any professional capacity or determine the type of procedures you need to make such determinations or decisions. The Services may provide information that can be helpful in the diagnostic decisions or judgments. In an emergency situation, please seek help directly from medical professionals rather than seeking to use the Services.
Cookies are small files of letters and numbers that we store on your browser or your device. They contain information that is transferred to your device.
We use the following types of cookies and similar technologies:
- Strictly Necessary Cookies: Some Cookies are strictly required to make our Services available to you; for example, to provide login functionality, user authentication, and security. We cannot provide you with the Services without this type of Cookie.
- Functional Cookies: These are used to recognize when you use them and return them to our Website. This enables us to personalize our content for you and remember your preferences.
You can block cookies by setting your internet browser to block some or all Cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to use our Services. Except for necessary cookies, all cookies will expire after a maximum of two years.
- WITH WHOM WE SHARE YOUR PERSONAL INFORMATION
We may share your PI with selected third parties, including:
- Other users or your family members, friends, or authorized third parties see your personal information, health information, PI and PHI, and any additional information you share with them through the Services.
- Personnel affiliated with our business or enterprise partners (such as medical providers and health care professionals)
- Vendors and service providers we rely on for the provision of the Services, including:
- Cloud service providers whom we rely on for computer and data storage.
- Platform support providers who help us manage and monitor the Services.
- Analytics providers provide analytics, segmentation, and mobile measurement services and help us understand our user base.
- Payment processors., Where applicable, payment processors are responsible for the processing of your PI and may use your PI for their purposes by their privacy policies.
- Law enforcement agencies, public authorities, or other judicial bodies and organizations. We disclose PI or PHI if we are legally required to do so or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request; enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof; detect, prevent or otherwise address security, fraud or technical issues; or protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for fraud protection).
- Change of corporate ownership. If we are involved in a merger, acquisition, bankruptcy, reorganization, partnership, asset sale, or other transaction, we may disclose your PI or PHI as part of that transaction.
- HOW LONG DO WE STORE YOUR INFORMATION
MSI stores all personal information, health care information, PI, and PHI for as long as necessary to fulfill the purposes set out in this Policy or for as long as we are required to do so by law or to comply with a regulatory obligation. When deleting PI or PHI, we will take measures to render such PI or PHI irrecoverable or irreproducible, and the electronic files which contain PI or PHI will be permanently deleted.
- RIGHTS OF CALIFORNIA RESIDENTS
We do not knowingly solicit data from or market to children under 16 years of age. By using the Services, you represent that you are at least 16 or the parent or guardian of such a minor, and you consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 16 years of age has been collected, we will deactivate the account and take reasonable measures to delete such data from our records promptly. If you become aware of any data we may have collected from children under the age of 16, please get in touch with us at firstname.lastname@example.org.
- CONTACT AND COMPLAINTS
For inquiries or complaints regarding this Policy, please contact us at email@example.com, and we will endeavor to deal with your complaint as soon as possible. This is without prejudice to any right to raise claims or bring legal actions with applicable legal authorities.
- DATA SECURITY
We use certain physical, managerial, and technical safeguards designed to improve the integrity and security of personal information, health information, PI, and/or PHI that we collect and maintain. However, the transfer of personal information, health information, PI, or PHI through the internet will carry its inherent risks, and we do not guarantee the security of your data transmitted through the internet. You make any such transfer at your own risk.
The App, Website, and Services may provide features or links to websites and services provided by third parties. Any information you provide on an App or third-party websites or services is provided directly to the operators of such websites or services and is subject to their policies governing privacy and security, even if accessed via our Website or in connection with our Services.
Where required, we will update this Policy from time to time. When we do so, we will make it available on this page and indicate the date of the latest revision on the first page of this Policy. Please check this page frequently for any updates or changes to this Policy.
- ABOUT US
P.O. BOX 41081
San Jose, CA 95160
Attn: Privacy Officer
EXHIBIT A – Your California Privacy Rights
If you are a California resident, you may exercise the following rights.
Right to Know and Access. You may submit a verifiable request for information regarding the: (1) categories of Personal Information collected, sold, or disclosed by us; (2) purposes for which categories of Personal Information are collected or disclosed by us; (3) categories of sources from which we collect Personal Information; (4) categories of third parties with whom we disclosed Personal Information; and (5) specific pieces of Personal Information we have collected about you during the past twelve months. In sending such a request, please use the Contact Information in the About Us section of this Policy.
Right to Delete. Subject to certain exceptions, you may submit a verifiable request that we delete Personal Information about you that we have collected from you.
Verification and Submit Requests. Requests for access to or deletion of Personal Information are subject to our ability to reasonably verify your identity in light of the information requested and under relevant California Consumer Privacy Act (“CCPA”) requirements, limitations, and regulations. To verify your access or deletion request, we reserve the right to have you authenticate your account by any reasonable means, including, but not limited to, logging into your account and submitting a support request from the App or Website.
Shine the Light. We do not rent, sell, or share Personal Information with non-affiliated companies for their direct marketing uses as contemplated by California’s “Shine the Light” law (Civil Code § 1798.83) unless we have your permission.
You are authorizing an Agent. To authorize an agent to request to know or delete on your behalf, please send a written authorization signed by you and the authorized agent via the Contact Information in the About Us section of this Policy.