In addition to the HeyDoctor Privacy Policy and the Notice of Privacy Practices,
 the following privacy policy addendum also applies to California residents. In the event of a conflict between the HeyDoctor Privacy Policy and this privacy policy addendum, this privacy policy addendum shall control. In the event of a conflict between this privacy addendum and the Notice of Privacy Practices with regards to “Protected health information” or “PHI,” which includes demographic information, that may identify you and that relates to your past, present or future physical health or condition, treatment or payment for health care services, the Notice of Privacy Practices shall control.

As of January 1, 2020 verified California residents will have the right:

  • to request and receive disclosure of our personal information collection practices during the prior 12 months, including the categories of personal information we collect, the categories of sources of such information, our business purpose for collecting or sharing such information, and the categories of third parties with whom we share such information.
  • to request and receive a copy of the personal information we have collected about them during the prior 12 months.
  • to request and receive disclosure of our information sale practices during the prior 12 months, including a list of the categories of personal information sold and the category of third party recipients and a list of the categories of personal information that we disclosed for a business purpose and the categories of third party recipients.
  • to request that we not sell personal information about them and 
  • to request that we delete (and direct our service providers to delete) their personal information subject to certain exceptions.

In order to make a request for disclosure you may contact us by phone at the toll-free number, (855) 268-2822, or at https://www.heydoctor.com/datarequest. You can also have an authorized agent make a request via https://www.heydoctor.com/datarequest by following the instructions therein.We will ask you or your authorized agent for information that allows us to reasonably verify your identity (that you are the person about whom we collected personal information) and will use that information only for that purpose, and to verify that your authorized agent is making a request on your behalf. We cannot respond to your request (or your authorized agent’s request) or provide you with personal information if we cannot verify your identity (or your relationship with the authorized agent) and confirm that the personal information relates to you. To maintain the privacy of our users, we will produce personal information on a household level upon receipt of a verified consumer request from both the requester and each member of the household to which the personal information pertains. We will only produce prescription-specific data if you can provide us with the related BIN, PCN, group number and member ID, due to the sensitivity of that information.

You may make a request up to twice within a 12-month period.We will endeavor to respond within forty-five days of receipt of your request, but if we require more time (up to an additional forty-five days) we will notify you of our need for additional time.

For requests for a copy of the personal information we have collected during the 12 months prior to your request we will endeavor to provide the information in a format that is readily useable, including by mailing you a paper copy or providing an electronic copy to your registered account, if you have registered an account with us.

We will not discriminate against you as a result of your exercise of any of these rights.

For purposes of this Addendum “personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

Collection and use of your data.

The following chart shows the categories of personal information that we have collected during the past 12 months, the sources of the information, our purposes/uses of the information and whether we disclose the information for a business purpose.

As a summary, HeyDoctor generally uses data we collect for the following business purposes. 

Internal Business Operations and Analytics. First, we use data for our internal business operations and analytics. For instance, we may check the median wait times for patients before they begin a consult with a medical professional. This includes evaluating or engaging in a transaction where a third party may acquire all or substantially all of the assets or stock of HeyDoctor whether by merger, acquisition, reorganization or otherwise.

Provide, Change or Optimize Services. Second, we use data to provide, change or optimize our services and products. To continue the example provided in the paragraph above, if we see that median wait times for consults are increasing, we may recruit medical professionals to our platform to provide additional clinical capacity.

Communication and Marketing. Third, we use data to communicate and market to you. For instance, we may send you refill reminders for your prescription, follow up messages regarding your medical consult, an updated coupon with a better price or information about a service that we believe you may be interested in.

Audit Interactions with You. Fourth, we use data to audit our interactions with you, for instance counting ad impressions; to detect security incidents and protect against fraud or other malicious activity; and to identify and repair errors that may arise. This includes compliance with law, court orders, government regulations and responding to law enforcement requests.

Employee and Vendor Management. For those who have applied for employment or are employed by HeyDoctor, we also use data received in connection with hiring and employee retention, which we use for wage payment, taxes, accounting and benefits, vetting and communicating with service providers and vendors and financial accounting.

Protected Health Information. Your protected health information may be used and disclosed by HeyDoctor Medical Group (FL), P.A. and the members of its Affiliated Covered Entity (collectively “HeyDoctor Medical Group”) to HeyDoctor Medical Group health care providers, staff, and others outside of its office that are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, and any other use authorized or required by law.

Treatment and Healthcare Operations: HeyDoctor Medical Group will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, your protected health information may be provided to a health care provider to whom you have been referred to ensure the necessary information is accessible to diagnose or treat you.

Payment: Your protected health information may be used to bill or obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for your services, such as: making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity.

Health Care Operations: HeyDoctor Medical Group may use or disclose, as needed, your protected health information in order to support the business activities of its office. These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health-related benefits and services, development or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs, including fraud, waste and abuse investigations.

We disclose data to third parties and service providers to help us accomplish each of the business purposes described above. Categories of third-parties we use include those that provide storage of data, data analysis, security tools and communication tools.

Under the CCPA, a “sale” is essentially a disclosure of personal information to third parties for monetary or other valuable consideration. As of January 1, 2020 (the CCPA’s effective date), we do not “sell” your personal information to third parties. We have never sold your personal data to third parties for monetary consideration, but within the 12 months prior to the CCPA’s effective date we used third party pixel tags to disclose online identifiers (e.g., IP address, cookie IDs) for advertising, analytics, and security purposes, which may be considered a “sale” under the CCPA. 

If you are over the age of 16 and would like to opt out of having a “sale” of your personal information as defined under CCPA, please visit our opt out page here https://www.heydoctor.com/datarequest. We do not sell personal information of individuals we actually know are less than 16 years of age. Once we receive your opt-out request we will wait at least 12 months before asking you to reauthorize personal information sales.

The information described below includes the categories of personal information collected from our site visitors, registered users, employees, pharmacies, vendors, suppliers, and any other person that interacts with us either online or offline. Not all types of information are collected about all people interacting with us. For instance, we may collect different information from applicants for employment than we do from our customers.

Category: Identifiers (for example, name, mailing address, zip code, email address, phone number, IP address, online ID, mobile device ID, member ID, cookie)
Source: Individuals submitting information; Information automatically collected by us from site and mobile application visitors; Information we may receive from third party marketing and data partners; Information we may receive from pharmacies  
Purpose: Internal business operations and analytics, to provide; change or optimize our services and product; communication and marketing; auditing interactions with you; and in employee and vendor management
Disclosure:
Business Purposes: Yes (such as data storage, analytics, marketing, fulfillment, employee benefits partners, security/fraud protection)
Consideration
: Yes (services related to data storage, analytics, marketing, fulfillment, employee benefits partners, security/fraud protection)

Category: Protected classification information (for example, gender)
Source: Individuals submitting information; Information we may receive from third party marketing and data partners; Information we may receive from pharmacies
Purpose
: Internal business operations and analytics, medical treatment and healthcare operations (including payment), to provide, change or optimize our services and product, to communicate and market to you, to audit our interactions with you and in connection with hiring and employee retention
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)
Consideration
: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)

Category: Commercial information (for example, prescription prices, health and medical information, pharmacy)
Source: Individuals submitting information; Information automatically collected by us from site and mobile application visitors; Information we may receive from third party marketing and data partners;  Information we may receive from pharmacies  
Purpose: Internal business operations and analytics, to provide, change or optimize our services and product, to communicate and market to you, to audit our interactions with you and in connection with hiring and employee retention
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)
Consideration
: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)

Category: Internet/electronic activity (for example, interactions with our website, mobile application or advertisements)
Source: Information automatically collected by us from site and mobile application visitors; Information we may receive from third party marketing and data partners
Purpose
: Internal business operations and analytics, to provide, change or optimize our services and product, to communicate and market to you and to audit our interactions with you
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection, services consideration)
Consideration: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection, services consideration)  

Category: Geolocation data
Source: Information automatically collected by us from site and mobile application visitors  
Purpose: Internal business operations and analytics, medical treatment and healthcare operations (including payment), to provide, change or optimize our services and product, to communicate and market to you and to audit our interactions with you
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection, services consideration)
Consideration: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection, services consideration)


Category:
Audio, video data (for example, patient advocacy phone calls)
Source: Individuals submitting information
Purpose: Internal business operations and analytics, medical treatment and healthcare operations (including payment), to provide, change or optimize our services and product, to communicate and market to you and to audit our interactions with you
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)
Consideration: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)

Category: Professional/employment related information (for example, resumes, references, background checks)  
Source: Information submitted by individuals; Information we may receive from third party data partners
Purpose
: In connection with hiring and employee retention
Disclosure:
Business Purposes: Yes (data storage, analytics, benefit partners, taxing authorities)
Consideration:
Yes (data storage, analytics, benefit partners, taxing authorities)


Category: Education information
Source: Information submitted by individuals; Information we may receive from third party data partners
Purpose
: In connection with hiring and employee retention
Disclosure:
Business Purposes: Yes (data storage, analytics)
Consideration: Yes (data storage, analytics)

Category: Inferences from above to create a profile
Source: Internal analytics
Purpose
: Internal business operations and analytics, to provide, change or optimize our services and product, to communicate and market to you and to audit our interactions with you
Disclosure:
Business Purposes: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)
Consideration: Yes (data storage, analytics, marketing, fulfillment, security/fraud protection)

For questions about this privacy policy, please email legal@heydoctor.com.

Did this answer your question?