March 26, 2020
We value your right to privacy. This policy governs the collection of personal information through the Doctor.com website (“Website”), the related platform (the “Platform”) and Health Platforms Group Inc. and its subsidiaries’ (dba Doctor.com) services generally (collectively, the “Services”). This policy describes the types of information we may collect from visitors and how that information is used. Please read this policy carefully before providing us with any personal information. If you have questions about this policy, please contact us.
We may collect personal information from you under a variety of circumstances as allowed by applicable law, including to:
- Provide you services that you request;
- Analyze and develop products and services, and improve our business practices;
- Facilitate communications between patients and providers;
- Build and maintain a database of healthcare providers and related data, for use within our products and services and those of our business partners;
- Market to you through e-mail newsletters, targeted advertising, and other marketing activities;
- Conduct administrative tasks, including security improvement and fraud prevention.
Information we collect
Unregistered users/users who do not create an account
If you do not register with Doctor.com or create an account, then the information we collect from you is limited. We log your IP address in order to help diagnose problems with our server, administer the Website and track usage statistics. Your IP address may vary each time you visit, or it may be the same. We may also record inputs you make to our Services, including data entered and clicks made on your computer or device. If you reached our site by clicking on a link or advertisement on another site, we may log that information.
From time to time our Website also may run usability testing to help us improve the functions of the site for all users. This may include recording random tests that track users’ actions and movements on specific pages of the Website. Our usability tests do not record fields that have personally identifiable information entered by users in this Website. Our tests are also contained to our Website and we do not track users behavior on other websites.
Doctor.com may also use “Web Beacons” in our correspondence with you, for example via “tracking pixels.” The information collected by Web Beacons allows us to analyze how many people are using the Services, using selected publishers’ websites or opening e-mails, and for what purpose, and also allows us to enhance our interest-based advertising delivered to you.
Doctor.com may use third parties to help track activity or response to promotion or trends. In some cases, this may occur when you click on a link or an advertisement on the Website or in an e-mail or newsletter and your browser may be momentarily directed to the website of a third party and such redirection might occur fast enough that it is not apparent to you.
If you choose to register with us by creating an account or otherwise submitting information to us, in addition to information that we collect above you’ll be able to add content to certain areas of our Website and also participate with more of our site features. For example, you may enhance your listing or you may participate in additional community or posting features. You can provide your e-mail address to receive newsletters and other information. You can also request or book appointments and interact with healthcare providers. If you register with us, we will collect personal information from you in addition to the non-personal information described above.
Information that we may collect includes but is not limited to:
- Personal and professional information voluntarily shared by you. When you access our Website or Services, we may ask you to provide us with certain information that personally identifies you or could be used to personally identify you;
- Protected health information (“PHI”) which under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”) includes some demographic, health and/or health-related information that Doctor.com collects on behalf of its Provider and other health care related clients as part of providing the Services. (We treat protected information in accordance with the law and with commercially reasonable security best practices elaborated herein);
- Billing, collection and payment information;
- Information you provide to our employees and contractors, in-person, by phone, and electronically;
- Certain traffic data when you use the website or services, such as IP address, domain server, type of device being used, web browser, geolocation information, and other statistics and information associated with your use of the services.
The information we collect may vary, but we only collect the information that you manually enter into our forms or otherwise authorize us to collect. We may store all or some of that information on our servers or in a cookie file on your hard drive, so that our system will recognize you each time you visit our site. In that way, we can save your preferences from visit to visit and present you with a customized Website, without requiring you to log into our site every time you visit. The information that you provide will also be used to enhance your listing if you have one with our Services such that the public can better learn about you. To improve our Services and enhance personalization, we may periodically obtain information about you from other independent third-party sources and add it to your registration information. Additionally, authorized personnel may update your registration information to reflect any new information included in communications received from you.
If you reach our site through one of our partners and you choose to register with us, we may be required to give our partner your registration information.
If you conduct personalized provider searches, we will collect personal information from you regarding your personal health, medical concerns, health insurance, and preferences about service providers and treatments, which will be used to provide the Services. We may also collect personal information from you if you utilize our appointment or scheduling functionality on our Website or Platform.
How we use the personal information we collect
We may use information that is neither Personal Information nor Protected Health Information (PHI) including non-PHI Personal Information that has been de-identified and/or aggregated to better understand who uses Doctor.com and how we can deliver a better experience.
We use information, including Personal Information, to provide the Services and to help improve the Services and your experience. Such use may include:
- Providing you with the products, services and information you request, such as listing syndication for providers and appointment scheduling for patients;
- Responding to correspondence that we receive from you;
- Developing new Services or changes to our current Services;
- Contacting you when necessary or requested, including to remind you of an upcoming appointment;
- Providing, maintaining, administering or expanding the Services, performing business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
- Selling or licensing non-protected information and aggregated, de-identified information to third party business associates of Doctor.com to improve their databases and services;
- Customizing or tailoring your experience of the Services, which may include sending customized messages or showing you more relevant sponsored results on our communications;
- Notifying you about certain resources or services we think you may be interested in learning more about;
- Sending you information about Doctor.com or our products or Services;
- Sending e-mails and other communications that display content that we think will interest you and according to your preferences;
- Showing you advertisements, including interest-based or online behavioral advertising;
- Using statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
- Fulfilling our legally required obligations, such as preventing, detecting and investigating security incidents and potentially illegal or prohibited activities.
Registering allows you to personalize our Website and Services so that it is most useful to you. If you are a provider, it allows you to edit and enhance your profile. Registering also allows you to log in to the Website and the Platform to personalize your experience and gain access to information you may have stored during previous use of the Services. We may use your personal information to periodically contact you with news or important information, to provide you with other information or invitations related to your membership, and to request your feedback on our Website and Services. In addition to these periodic updates, we may e-mail you additional marketing materials that you have requested or that we believe would be of interest to you based upon information you’ve provided . These marketing materials might include opt-in newsletters and partner offers. If you receive a marketing e-mail or fax communication from us it will include an opt-out and you can opt-out at any time from marketing communications. If you do not want to receive a Service communication that is part of our Service delivery, then you must discontinue use of that Service.
Disclosure of your personal information
We may disclose your personal information in order to deliver the services you request from us, our business partners and our associates.
We may share your personal information with service providers, if you authorize us to do so by using our online appointment scheduling service, or if you use any other tool or feature of the Services that involves exchanging information with a healthcare provider. Service providers may be subject to certain obligations of patient confidentiality pursuant to HIPAA, and are solely responsible for meeting all applicable HIPAA obligations when the information is in their custody.
We also may share your personal information with third-parties engaged to provide services to us (such as market research firms, marketing services providers and advertising agencies). We will ensure those parties agree to use any such personally-identifiable data solely for the purpose of providing the specified services to us. We may also share personal information that is de-identified and aggregated with third parties who are not providing services to us, who may utilize such personal information for advertising, data analysis, and analytics purposes.
The company uses various third-party data solutions, such as Salesforce.com and Amazon Web Services, which may store data web collect on their servers (the “cloud”). We consider the security practices and reputation of third party services that we trust with your personal information.
We must cooperate with legal authorities, and may in some circumstances be required to disclose personally identifiable information in response to requests from law enforcement authorities, or in response to a subpoena or other legal process. We can turn over information about you if we believe we must in order to prevent a violation of the law, and by accepting this policy, you consent to our doing so, in our sole discretion. You also consent to our disclosing information about you in the course of legal proceedings if we are legally required to do so, if we reasonably believe that doing so may mitigate our liability, or if doing so will assist us in enforcing our legal rights. We also may share your information in connection with a corporate transaction, such as a divestiture, merger, consolidation, or asset sale, and in the unlikely event of bankruptcy.
Storage and Security of Information
We use commercially reasonable efforts to implement all generally accepted, industry-standard best practices for the protection of personal information. However, no website or platform is entirely secure, and we cannot guarantee that your personal information will not be intercepted or accessed by others. While we have taken commercially reasonable precautions to protect the personal information that you provide to us, you should exercise discretion in what you provide to us, as there is always a risk that our Services may be compromised via a malicious attack, a system failure, a human error, or another vulnerability, which could result in the disclosure of personal information to third parties.
Any third parties that we share personal information with have the same or more stringent policies for securing any personal information that they receive from us. All such personal information will be protected in accordance with such third parties’ security practices and procedures then in-effect.
SMS (Text) Messaging & e-mail
Financial information including credit card and bank account information, and other such billing information is not stored on Doctor.com servers or in any Doctor.com databases unless you provide your billing information to us outside of our normal online secure billing process on the Doctor.com Website. When you submit information during checkout on the Doctor.com Website, the information is encrypted and sent encrypted via a Secure Socket Layer (SSL) connection to be processed by a secure third-party payment processing service such as Stripe. Unless required by legal authorities, Doctor.com will never share or disclose this information with any third-party aside from Doctor.com’s payment processors, merchant accounts, and data security services.
Security of your personal information
Any information we collect from you will be collected pursuant to an SSL-secured connection. We use commercially reasonable efforts to implement all generally accepted, industry-standard best practices for the protection of personal information. However, no website or platform is entirely secure, and we cannot guarantee that your personal information will not be intercepted or accessed by others. While we have taken commercially reasonable precautions to protect the personal information that you provide to us, you should exercise discretion in what you provide to us, as there is always a risk that our Website or Platform may be compromised via a malicious attack, a system failure, a human error, or another vulnerability, which could result in the disclosure of personal information to third parties.
Any third parties that we share personal information with will be solely responsible for securing any personal information that they receive from us. All such personal information will be protected in accordance with such third parties’ security practices and procedures then in-effect.
Service providers may be subject to certain obligations of patient confidentiality pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and are responsible for meeting applicable HIPAA obligations.
Where Doctor.com is a Business Associate of a Covered Entity, Doctor.com’s conformity with HIPAA is as described at doctor.com/baa.
Controlling your Personal Information & Notifications
Many of our services and software allow you to configure what data is stored in our databases and the notifications you receive. Still, we may retain personal data about you even if it is not displayed in locations that you control through our user interfaces. You may request a deletion of your personal information from our databases. Please allow several weeks to process such requests.
Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including Doctor.com, do not proactively respond to DNT signals. For more information about DNT signals, visit allaboutdnt.com.
Newsletter e-mails, Faxes, and Postal Mail We Send to You
At registration and at various times as you use our Services, you will be given the option of receiving recurring informational/promotional newsletters via e-mail from Doctor.com and/or directly from carefully chosen third parties. At any time you may choose to Opt-In to receiving additional promotional e-mails from Doctor.com. In order to subscribe to Doctor.com newsletters via e-mail, you must provide us with your contact information, such as your name and e-mail address. You can unsubscribe from the newsletters at any time by clicking on the “unsubscribe” link at the bottom of any e-mail newsletter or by contacting us. Once you have submitted your unsubscribe request, please allow five business days for it to be processed and for your e-mail address to be removed from our list. Doctor.com may use third parties to help track activity or response to promotion or trends. In some cases, this may occur when you click on a link or an advertisement on the Website or in an e-mail or newsletter and your browser may be momentarily directed to the website of a third party and such redirection might occur fast enough that it is not apparent to you.
E-mails, Faxes, and Postal Mail You Send to Us
Service Visitors from outside the United States
Service Visitors from California
Please visit doctor.com/california-residents for more information on your rights under the California Consumer Privacy Act.