www.onpatient.com Open in urlscan Pro
104.16.9.18  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Support | Log In Sign Up

OnPatient.com Privacy Policy

Effective Date: August 10, 2021

DrChrono Inc. (“ DrChrono,” “ we,” “ us,” or “ our”) recognizes the importance
of protecting the privacy of your personal information, and we have prepared
this Privacy Policy (this “ Privacy Policy”) to provide you with important
information about the privacy practices applicable to the DrChrono services, the
DrChrono telemedicine product and any website, product or service owned and
operated by DrChrono, including, without limitation, DrChrono.com,
OnPatient.com, and any other website, applications or online service that links
to or refers to this Privacy Policy (collectively, the “ DrChrono Services”).
 In addition, individually identifiable information that you provide to us for
purposes of obtaining medical care from the providers that have contracted with
us (the “ Providers”) (such information is also referred to as “ Protected
Health Information” or “ PHI”) will also be subject to each Provider’s Health
Insurance Portability and Accountability Act Notice of Privacy Practices (the “
HIPAA Notice”), which each Provider may make available to you.  The HIPAA Notice
describes how the Providers can use and share your PHI and also describes your
rights with respect to your PHI.

I. Collection of Information

We may collect the following kinds of information when you use the DrChrono
Services:

Information you provide directly to us. For certain activities, such as when you
register, use our telemedicine services, subscribe to our alerts, or contact us
directly, we may collect some or all of the following types of information:

 * Contact information, such as your full name, email address, mobile phone
   number, and address;
 * Username and password;
 * Payment information, such as your credit card number, expiration date, and
   credit card security code;
 * Personal health information, including information about your diagnosis,
   previous treatments, general health, health insurance and information which
   you have stored in Apple HealthKit (to the extent you choose to synch that
   data with our services); and
 * Any other information you provide to us.

We may combine such information with information we already have about you.

Information we collect automatically. We may collect certain information
automatically when you use our DrChrono Services, such as your Internet protocol
(IP) address, device and advertising identifiers, browser type, operating
system, Internet service provider, pages that you visit before and after using
the DrChrono Services, the date and time of your visit, information about the
links you click and pages you view within the DrChrono Services, and other
standard server log information.  We may also collect certain location
information when you use our DrChrono Services, such as your computer’s IP
address, your mobile device’s GPS signal, or information about nearby WiFi
access points and cell towers.

We may use cookies, pixel tags, Local Shared Objects, and similar technologies
to automatically collect this information. Cookies are small bits of information
that are stored by your computer’s web browser. Pixel tags are very small images
or small pieces of data embedded in images, also known as “web beacons” or
“clear GIFs,” that can recognize cookies, the time and date a page is viewed, a
description of the page where the pixel tag is placed, and similar information
from your computer or device. Local Shared Objects (sometimes referred to as
“Flash Cookies”) are similar to standard cookies except that they can be larger
and are downloaded to a computer or mobile device by the Adobe Flash media
player. By using the DrChrono Services, you consent to our use of cookies and
similar technologies.

We may also collect technical data to address and fix technical problems and
improve our DrChrono Services, including the memory state of your device when a
system or app crash occurs while using our DrChrono Services. Your device or
browser settings may permit you to control the collection of this technical
data. This data may include parts of a document you were using when a problem
occurred, or the contents of your communications. By using the DrChrono
Services, you are consenting to the collection of this technical data.

Information we obtain from your health care providers and other sources. In
connection with your treatment, we may collect medical records from your past,
current, and future health care providers.  This may include information about
your diagnosis, previous treatments, general health, laboratory and pathology
test results and reports, social histories, any family history of illness, and
records about phone calls and emails related to your illness.

This Privacy Policy does not reflect the privacy practices of the Providers and
DrChrono is not responsible for the Providers’ privacy policies or practices.
DrChrono does not review, comment upon, or monitor the Providers’ privacy
policies or their compliance with their respective privacy policies, nor does
DrChrono review the Providers’ instructions to determine whether they are in
compliance or conflict with the terms of a Provider’s published privacy policy
or applicable law.

Some of our users, including the Providers, are subject to laws and regulations
governing the use and disclosure of health information they create or receive.
Included among them is the 21st Century Cures Act, the Health Insurance
Portability and Accountability Act of 1996 (“ HIPAA”), the Health Information
Technology for Economic and Clinical Health of 2009 (“ HITECH”), and the
regulations adopted thereunder. When we store, process or transmit “individually
identifiable health information” (as such term is defined by HIPAA) on behalf of
the Provider who has entered a Healthcare Provider User Agreement, we do so as
its “business associate” (as also defined by HIPAA). Under this agreement,
DrChrono is prohibited from using individually identifiable health information
in a manner that the Provider itself may not. DrChrono is required to, among
other things, apply reasonable and appropriate measures to safeguard the
confidentiality, integrity and availability of individually identifiable health
information we store and process on behalf of such Providers. DrChrono is
subject to laws and regulations governing the use and information of certain
personal and health information, including HIPAA, when it operates as a business
associate of a healthcare provider.

We may also receive information about you from other sources, including through
third-party services and organizations. We may combine our first-party data,
such as your email address or name, with third-party data from other sources and
use this to contact you (e.g. through direct mail). For example, if you access
third-party services, such as Facebook, Google, or Twitter, through the DrChrono
Services to login to the DrChrono Services or to share information about your
experience on the DrChrono Services with others, we may collect information from
these third-party services.

II. Use of Information

Targeting Cookies. These cookies may be set through our site by our advertising
partners. They may be used by those companies to build a profile of your
interests and show you relevant adverts on other sites. They do not store
directly personal information, but are based on uniquely identifying your
browser and internet device. If you do not allow these cookies, you will
experience less targeted advertising.

Functional Cookies. These cookies enable the website to provide enhanced
functionality and personalization. They may be set by us or by third party
providers whose services we have added to our pages. If you do not allow these
cookies then some or all of these services may not function properly.

Performance Cookies. These cookies allow us to count visits and traffic sources
so we can measure and improve the performance of our site. They help us to know
which pages are the most and least popular and see how visitors move around the
site. All information these cookies collect is aggregated and therefore
anonymous. If you do not allow these cookies we will not know when you have
visited our site, and will not be able to monitor its performance.

Strictly Necessary Cookies. These cookies are necessary for the website to
function and cannot be switched off in our systems. They are usually only set in
response to actions made by you which amount to a request for services, such as
setting your privacy preferences, logging in or filling in forms. You can set
your browser to block or alert you about these cookies, but some parts of the
site will not then work. These cookies do not store any personally identifiable
information.

We generally use the information we collect online to:

 * Provide and improve the DrChrono Services;
 * Contact you;
 * Fulfill your requests for products, services, and information;
 * Send you information about additional clinical services or general wellness
   from us or on behalf of our affiliates and trusted third-party partners;
 * Analyze the use of the DrChrono Services and user data to understand and
   improve the DrChrono Services;
 * Customize the content you see when you use the DrChrono Services;
 * Conduct research using your information, which may be subject to your
   separate written authorization;
 * Prevent potentially prohibited or illegal activities and otherwise in
   accordance with our Terms of Service (which can be found at
   https://www.onpatient.com/terms/); and
 * For any other purposes disclosed to you at the time we collect your
   information or pursuant to your consent.

From time to time, we may desire to use the information we collect online for
uses not previously listed in this Privacy Policy. If our practices change
regarding previously collected personal information in a way that would be
materially less restrictive than stated in the version of this Privacy Policy in
effect at the time we collected the information, we will make reasonable efforts
to provide notice and obtain consent to any such uses as may be required by law.

Any request to obtain your consent does not narrow the scope of this Privacy
Policy. By using the DrChrono Services, you accept and agree to DrChrono’s
information handling practices in the manner described in this Privacy Policy
and in our Terms of Use.

We may use the information collected through the DrChrono Services to
investigate potential or suspected threats to the DrChrono Services or to the
confidentiality, integrity or availability of the information DrChrono stores
and maintains.

By using the DrChrono Services you agree to receive texts, phone calls, and/or
emails from us at the phone numbers and email addresses you provided to us for
informational and customer service-related purposes.

Additionally, we may send an email to the email address you provide us in order
to verify your account and for informational and operational purposes, such as
account management, customer service, or system maintenance. We may also send
you marketing emails if you request more information about our products and
services. Emails are often transactional or relationship messages, such as
appointment requests, reminders and cancellations and other notifications.
DrChrono may not offer you the option of opting out of receiving some of these
messages although DrChrono may allow you to modify how often you receive such
messages. If you opt-in to receiving marketing announcements from DrChrono, we
will allow you to opt-out of receiving those announcements.

Electronic Notices. By using the DrChrono Services or providing personal
information to us, you agree that we may communicate with you electronically
regarding security, privacy, and administrative issues relating to your use of
the DrChrono Services. If we learn of a security system’s breach, we may attempt
to notify you electronically by posting a notice on the DrChrono Services or
sending a text or email to you. You may have a legal right to receive this
notice in writing. To receive free written notice of a security breach (or to
withdraw your consent from receiving electronic notice), please contact us .

We may anonymize and aggregate any data collected through the DrChrono Services,
and use it for business purposes. For example, we may use such data for
evaluating and profiling the performance of the DrChrono Services, including
analyzing usage trends and patterns and measuring the effectiveness of content,
features, or services.

III. Sharing of Information

We are committed to maintaining your trust, and we want you to understand when
and with whom we may share the information we collect.

 * Healthcare providers, insurance companies, and other healthcare-related
   entities. We may share your information with other health care providers,
   laboratories, government agencies, insurance companies, organ procurement
   organizations, medical examiners or funeral directors, and other entities
   relevant to providing you with treatment options and support.
 * Authorized third-party vendors and service providers. We may share your
   information with third-party vendors and service providers that help us with
   specialized services, including billing, payment processing, customer
   service, email deployment, business analytics, marketing (including but not
   limited to advertising, attribution, deep-linking, direct-mail, mobile
   marketing, optimization and retargeting), performance monitoring, hosting,
   and data processing. These third-party vendors and service providers may not
   use your information for purposes other than those related to the services
   they are providing to us.
 * HealthKit. If you ask us to, we will share your synched HealthKit information
   with your medical provider.  We do not use or disclose HealthKit information
   for any marketing or advertising purposes or sell this information to any
   third-party.
 * Research partners. We may share your information with our research partners
   to conduct health-related research; such sharing may be subject to your
   separate written authorization.
 * Corporate affiliates. We may share your information with our corporate
   affiliates that are subject to this policy.
 * Business transfers. We may share your information in connection with a
   substantial corporate transaction, such as the sale of a website, a merger,
   consolidation, asset sale, or in the unlikely event of bankruptcy.
 * Legal purposes. We may disclose information to respond to subpoenas,
   warrants, court orders, legal process, law enforcement requests, legal claims
   or government inquiries, and to protect and defend the rights, interests,
   health, safety, and security of DrChrono, our affiliates, users, or the
   public. If we are legally compelled to disclose information about you to a
   third-party, we will attempt to notify you by sending an email to the email
   address in our records unless doing so would violate the law or unless you
   have not provided your email address to us.
 * With your consent or at your direction. We may share information for any
   other purposes disclosed to you at the time we collect the information or
   pursuant to your consent or direction.

If you access third-party services, such as Facebook, Google, or Twitter,
through the DrChrono Services to login to the DrChrono Services or to share
information about your experience on the DrChrono Services with others, these
third-party services may be able to collect information about you, including
information about your activity on the Site, and they may notify your
connections on the third-party services about your use of the website, in
accordance with their own privacy policies.

If you choose to engage in public activities on the website or third-party sites
that we link to, you should be aware that any information you share there can be
read, collected, or used by other users of these areas.  You should use caution
in disclosing personal information while participating in these areas. We are
not responsible for the information you choose to submit in these public areas.

IV. Security

Please see our Security Policy here .

We use reasonable measures to help protect information from loss, theft, misuse
and unauthorized access, disclosure, alteration and destruction.  You should
understand that no data storage system or transmission of data over the Internet
or any other public network can be guaranteed to be 100% secure. Consequently,
we cannot ensure or warrant the security of any information you transmit to us
and you do so at your own risk. Once we receive your transmission, we take steps
to ensure security on our systems. Please note this is not a guarantee that such
information may not be accessed, disclosed, altered, or destroyed by breach of
such safeguards. Please note that information collected by third parties may not
have the same security protections as information you submit to us, and we are
not responsible for protecting the security of such information.

If DrChrono learns of a security system’s breach, DrChrono maintains an incident
response policy that includes notifications consistent with applicable law.

By using the DrChrono Services or providing personal information to us, you
agree that we can communicate with you electronically regarding security,
privacy, and administrative issues relating to your use of this website.

V. Your Choices

You may opt out of receiving general health and wellness or treatment options
that may be relevant to you by emailing us at privacy@drchrono.com . You may
also request that we delete your personal information by sending us an email at
privacy@drchrono.com .

You may be able to refuse or disable cookies by adjusting your web browser
settings.  Because each web browser is different, please consult the
instructions provided by your web browser (typically in the “help” section).
Please note that you may need to take additional steps to refuse or disable
Local Shared Objects and similar technologies. For example, Local Shared Objects
can be controlled through the instructions on Adobe’s Setting Manager page . If
you choose to refuse, disable, or delete these technologies, some of the
functionality of the DrChrono Services may no longer be available to you.

California residents are entitled once a year, free of charge, to request and
obtain certain information regarding our disclosure, if any, of certain
categories of personal information to third parties for their direct marketing
purposes in the preceding calendar year. We do not share personal information
with third parties for their own direct marketing purposes.

VI. Third-Party Advertising, Links and Content

Some of the DrChrono Services may contain links to content maintained by third
parties that we do not control. We allow third parties, including business
partners, advertising networks, and other advertising service providers, to
collect information about your online activities through cookies, pixels, local
storage, and other technologies. These third parties may use this information to
display advertisements on our DrChrono Services and elsewhere online tailored to
your interests, preferences, and characteristics.  We are not responsible for
the privacy practices of these third parties, and the information practices of
these third parties are not covered by this Privacy Policy.

Some third parties collect information about users of our DrChrono Services to
provide interest-based advertising on our DrChrono Services and elsewhere,
including across browsers and devices. These third parties may use the
information they collect on our DrChrono Services to make predictions about your
interests in order to provide you ads (from us and other companies) across the
internet. Some of these third parties may participate in an industry
organization that gives users the opportunity to opt out of receiving ads that
are tailored based on your online activities. Due to differences between using
apps and websites on mobile devices, you may need to take additional steps to
disable targeted ad technologies in mobile apps.  Many mobile devices allow you
to opt out of targeted advertising for mobile apps using the settings within the
mobile app or your mobile device.  For more information, please check your
mobile settings. You also may uninstall our apps using the standard uninstall
process available on your mobile device or app marketplace.

To opt out of interest-based advertising across browsers and devices from
companies that participate in the Digital Advertising Alliance or Network
Advertising Initiative opt-out programs, please visit their respective websites.
You may also be able to opt out of interest-based advertising through the
settings within the mobile app or your mobile device, but your opt-out choice
may apply only to the browser or device you are using when you opt out, so you
should opt out on each of your browsers and devices if you want to disable all
cross-device linking for interest-based advertising.  If you opt out, you will
still receive ads but they may not be as relevant to you and your interests, and
your experience on our DrChrono Services may be degraded.

Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit
“do-not-track” signals to websites. Because of differences in how web browsers
incorporate and activate this feature, it is not always clear whether users
intend for these signals to be transmitted, or whether they even are aware of
them. We currently do not take action in response to these signals.

Third-Party Browser Extensions. Extensions are small software programs,
developed by third parties, that can modify and enhance the functionality of
your browser. Extensions may have privileges, including the ability to read,
record and/or modify your private data, including PHI. These extensions are
installed by individual users into the browser on their computers and are
utilized at users’ own risk. Further, such extensions are not affiliated with
DrChrono and DrChrono does not have visibility into which extensions any user
may use. DrChrono assumes no risk of loss of data or breach of such data due to
your use of browser extensions.

Prior to using the DrChrono Services, if you have one (or more) of these
extensions enabled in your browsers, DrChrono recommends completely removing all
of these extensions immediately as disabling the extensions may not be
sufficient to protect your PHI.  We recommend that you only access the DrChrono
Services from supported browsers that have all plugins and extensions removed.

Further, installing any third-party software on your operating system may also
subject you to the same risks as using browser extensions. DrChrono has no
liability to you due to damages caused by any third-party software, including,
without limitations, browser extensions.

VII. Intended For Use in United States Only

The DrChrono Services are intended to be used only from and within the United
States. As such, DrChrono makes no representations and warranties that the
DrChrono Services comply with applicable law outside the United States and
DrChrono shall not be responsible for your use of the DrChrono Services outside
of the United States. DrChrono maintains information in the United States and in
accordance with the laws of the United States, which may not provide the same
level of protection as the laws in your jurisdiction.  By using the website and
providing us with information, you understand and agree that your information
may be transferred to and stored on servers located outside your resident
jurisdiction and, to the extent you are a resident of a country other than the
United States, that you consent to the transfer of such data to the United
States for processing by us in accordance with this Privacy Policy. In the event
that you use the DrChrono Services outside of the United States, you acknowledge
and understand that you are solely responsible for any and all legal
consequences for violating applicable laws within your jurisdiction and that you
shall have no right of recourse against DrChrono.

In certain situations, we may be required to disclose personal data in response
to lawful requests by public authorities, including to meet national security or
law enforcement requirements.

VIII. Children

We do not knowingly allow individuals under the age of 18 to create accounts
that allow access to our DrChrono Services.

Without limiting the above, the OnPatient.com website does allow persons above
the age of 18 years—such as Providers, parents and guardians—to provide, share
and store personal information about others, including minors and children. Any
user providing, storing or submitting information on behalf of a child assumes
full responsibility over the submission, use and transmission of such
information.

IX. Changes to the Privacy Policy

We may update this Privacy Policy from time to time and the revised version will
be effective as of the date it is posted. When we update the Privacy Policy, we
will revise the “ Effective Date” date above and post the new Privacy Policy. We
recommend that you review the Privacy Policy each time you visit the DrChrono
Services to stay informed of our privacy practices. Your use of our websites,
including the continued storage of your information on OnPatient.com or
DrChrono.com systems, following any such change constitutes your agreement that
all information collected from or about you through the OnPatient.com website
will be subject to the terms of the revised Privacy Policy.

X. Information Retention

DrChrono’s collection, use, and disclosure of information are generally governed
by service agreements with Providers. Information maintained to provide these
services to you is retained only for as long as we have a valid business purpose
and in accordance with applicable law. DrChrono may retain archived information
for a period of seven years (or longer if required by law) as necessary to
comply with legal obligations, resolve disputes and enforce our agreements and
other authorized uses under this Privacy Policy.

DrChrono indefinitely stores non-personal information, as well as any feedback
you provide us.

XI. Questions

If you have any questions about this Privacy Policy or our practices, please
email us at privacy@drchrono.com .




FHIR API Documentation Terms of Service Privacy Policy Support © 2022 DrChrono
Inc.