Effective Date: October 15, 2022
Health Care Remotely, LLC (“HC Remotely,” “we,” “us,” or “our”) operate the website https://hcremotely.com. The website does not track individually identifiable information (also known as “Protected Health Information” or “PHI”).
What personal data we collect
First-time users will be asked to provide personal health information and payment information to facilitate practice registration and support the initial clinical visit. The data are managed by a HIPAA-compliant technology partner and then transferred into our electronic medical record. Subsequently, HC Remotely patients may be asked to submit, within the practice’s patient portal:
- Personal health information within the for the purposes of reliably identifying you across clinical encounters (e.g., name, date of birth, user name, email address, contact information, health insurance carrier and plan, phone number(s), password),
- Health information about you prepared or obtained by our team who provide clinical services for you like medical and therapy records, treatment and examination notes, and other health-related information.
- Information related to family members and other individuals who are associated with your account.
- Payment information including your credit card number, expiration date, and credit card security code.
- If you agree to allow us to collect medical records from your past, current or future health providers, we may collect those medical records within your medical records within our instance of the Athenahealth electronic medical record.
- Athenahealth may collect information about your device is you access any of the company’ mobile applications or use the company’s services as part of your interactions with HC Remotely (e.g., device ID, browser type, language preferences, IP address, geolocation information, date/time stamps of when you accessed Athenahealth’s services or applications).
- Authenticate users
- Block malicious use of login credentials
- Shield unauthorized access to our Service
Registered patients can send comments to the practice or their specific treating physician or provider within the practice’s patient portal. These online messages are stored within the portal and will not be used for any purposes beyond addressing the message content.
Registered patients can send photographs or other media to the practice or their specific treating physician or provider within the practice’s patient portal. These images are stored within the portal and will not be used for any purposes beyond addressing the image for diagnostic or treatment purposes.
Embedded content from other websites
Our Site includes Social Media Features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the Feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing them.
Athenahealth’s patient portal may also include links to or information about websites, applications, products, services and solutions that are operated by third parties. We do not control and are not responsible for any information you wish to share with, or access from, these third parties.
How we use your information
The website does not collect any information about you. Once you log into the practice’s patient portal, your personal information (e.g., PHI, credit card information) will be used to:
- Run our practice, improve your care and contact you when necessary using your preferred contact method
- Share it with other professionals who are treating you
- Send you information from trusted third-party partners (e.g., Healthwise).
- To create summary information using de-identified data (in groups of no fewer than 100 patients) to share the practice’s performance
- Use and share your health information to bill and get payment from health plans or other entities
- Respond to organ and tissue donation requests
- Work with a medical examiner or funeral director
- Address workers’ compensation, law enforcement and other government requests
- Respond to lawsuits and legal actions
- Comply with state and federal laws
- Athenahealth may also share your health information
- To address public health or safety needs (e.g., preventing disease, helping with product recalls, reporting adverse reactions to medications, reporting suspected abuse, neglect or domestic violence, preventing or reducing a serious threat to anyone’s health or safety)
- In other ways that contribute to the public good. Athenahealth must meet specific conditions defined by law to share your information for these services (click here for more details)
- To perform health research
- To enable cross-device/cross-context tracking when you use your log in with athena account
- To plan and execute security and risk control measures, like fraud and abuse detection and prevention
With whom we share your data
We believe the basis of all health care interactions is trust. Here are a list of entities with whom we may share your personal health information that you enter through the practice’s patient portal:
- Healthcare providers, insurance companies, and other healthcare-related entities. We may share your information with other health care providers, laboratories, government agencies, insurance companies, organ procurement organizations, medical examiners or funeral directors, and other entities relevant to providing you with treatment options and support.
- Authorized third-party vendors and service providers. We may share your information with third-party vendors and service-providers that help us with specialized services, including billing, payment processing, customer service, email deployment, business analytics, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
- Business transfers. We may share your information in connection with a substantial corporate transaction, such as a merger, consolidation, asset sale, or bankruptcy.
- Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of HC Remotely, our affiliates, users, or the public. If we are legally compelled to disclose information about you to a third party, we will attempt to notify you by sending you a message through your preferred contact modality unless doing so would violate the law or unless you have not provided your email address to us.
In connection with your accounts created for HC Remotely, athenahealth may need to send business, informational, support and security related messages (whether texts, alerts or calls) to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your accounts. You agree such texts or calls may be pre-recorded messages or placed with an automatic telephone dialing system. In addition, you agree that athenahealth may send service or account related text messages to cellular phone numbers you provide to athenahealth, and you agree to accept and pay all carrier message and data rates that apply to such text messages.
If you choose to provide an e-mail or other electronic address on your account, you acknowledge and consent to receive business and informational messages relating to your account at the address, and you represent and warrant that such address is your correct address and is not accessible or viewable by any other person.
We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction (including using the Secure Socket Layer [SSL] system for web page interactions and secure messaging through the Athenahealth electronic medical record). No data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
We are required by law to notify you if there has been a breach that compromises your health information.
How long we retain your data
We do not collect any data on the practice website. If you become a patient in the practice, here are the lengths of time we will retain your records:
- Arizona, Colorado, Delaware, Georgia, Illinois, Michigan and Washington: Six years
- California: 10 years
- Texas: Seven years
All patients of the practice will have access to all of the notes from the practice within the practice patient portal. You may request to have your medical records sent to you or a different practice at any time. You can make that request through the portal or you can send an email to email@example.com.
Your health information rights
You have a right:
- To access your health information at any time. Your records are always available to you through the practice’s patient portal. If you would like a copy of your medical records emailed to you, please email firstname.lastname@example.org.
- To request an amendment to certain portions of your medical record if you feel the health information is incorrect or incomplete. However, under certain circumstances, we may deny your request.
- To request that we contact you in a specific way (e.g., home or office phone) or send mail to a different address.
- To receive a list of instances when we have shared your health information with another person or organization. The only exception is when we share your information with a person or organization for treatment, payment or health care operations.
- To request that we restrict how we use or disclose your health information. You can update your health information sharing preferences at any time by logging into the practice’s patient portal. If any portion of your visit cost is covered by an insurance company, that insurance company may request your records as a component of payment or operations.
- To obtain a paper copy of this notice even if you receive it electronically.
- To have your medical power of attorney or your legal guardian exercise your rights and make choices about your health information.
- To file a complaint if you feel your rights have been violated. You can
- Email the practice at email@example.com.
- File a complaint with the U.S. Department of Health and Human Services Office of Civil Rights by
- sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201
- calling 1.877.696.6775
- visiting www.hhs.gov/ocr/privacy/hipaa/complaints
We will not retaliate against you for filing a complaint.
We prefer that you contact us though the practice’s patient portal as that method provides us with enough assurance that you are the person authorized to make the request about your health information. If you choose to email us at firstname.lastname@example.org, please include enough information for us to reliably determine that you are indeed someone who is authorized to make your request. Email requests for your medical records will be completed within 30 days. Email requests for an “accounting of disclosures” will be addressed within seven days.
- The categories of personal information we collect about you,
- The categories of the sources of personal information we collect about you,
- Our business or commercial purpose for collecting that information,
- The categories of personal information that were disclosed for a business purpose,
- The categories of third parties to whom we disclosed that personal information, and
- The specific pieces of personal information we collect about you.
You may also request that we delete your information. These rights are subject to certain exceptions and limitations permitted by CCPA. To submit an access or deletion request, you may email us at email@example.com stating your request with sufficient detail and providing information that allows us to reasonably verify you as the person whose data is the subject of such request. We will not respond to more than two requests from you in a 12-month period. We will not discriminate against you if you exercise your rights under CPPA. By exercising your rights you will not be (i) subject to denial of goods or services, (ii) charged a different price or rate, or (iii) provided different quality of service.
Although anyone can view the information on this website, we do not knowingly allow individuals outside the United States to register as patients with the practice. If we learn that we have collected the personal information of an individual outside the United States, we will take steps to delete the information as soon as possible, except where prohibited by applicable law.
Although anyone can view the information on this website, we do not knowingly allow individuals under the age of 18 to register as patients with the practice. If we learn that we have collected the personal information of a child under 18, we will take steps to delete the information as soon as possible, except where prohibited by applicable law.
If you are a parent or guardian and discover that your child under the age of 18, or equivalent minimum age depending on jurisdiction, has obtained a Health Care Remotely account, then you may email us at firstname.lastname@example.org and request that we delete that child’s personal information from our systems.
We have adopted the following policies
- Patient information will be kept confidential except as is necessary to provide services or to ensure that all administrative matters related to your care are handled appropriately. This specifically includes the sharing of information with other healthcare providers, laboratories, health insurance payers as is necessary and appropriate for your care.
- It is the policy of this office to remind patients of their appointments. We may do this by telephone, e-mail, U.S mail, or by any means convenient for the practice and/or as requested by you. We may send you other communications informing you of changes to office policy and new technology that you might find valuable or informative.
- You understand and agree to inspections of the office and review of documents which may include PHI by government agencies or insurance payers in normal performance of their duties.
- You agree to bring any concerns or complaints regarding privacy to the attention of the office manger or the doctor.
- Your confidential information will not be used for the purposes of marketing or advertising of products, goods or services.
- We agree to provide patients with access to their records in accordance with state and federal laws.
- You have the right to request restrictions in the use of your protected health information and to request change in certain policies used within the office concerning your PHI. However, we are not obligated to alter internal policies to conform to your request.
- Call Athenahealth at 888-807-2076
- Complete this online form
- Send a letter to:
Attn: Chief Compliance Officer
311 Arsenal Street
Watertown, MA 02474