Version 3.0 (May 2019)
1. Client Controlled Data
IVNET has no direct relationship with the individuals whose personal data it processes on behalf of Clients. An individual who seeks access to their data, or who seeks to correct, amend, or delete inaccurate data should direct his or her inquiry to the Client, who controls such data. If an individual requests that the Client remove the individual’s data, it is the Client’s responsibility to respond to such requests.
We will retain personal data we process on behalf of our Clients for as long as needed to provide services to our Clients. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
2. Information Collection and Use
We collect the following information from you:
· Contact Information such as name, email address, mailing address, phone number
· Financial Information such as credit card number, and Tax ID
· Unique Identifiers such as user name and password
We also collect the following information from you:
· Information about your business/practice such as company name and license number
We use this information to
· Fulfill your order
· Send you an order confirmation
· Send you requested product or service information
· Send product updates
· Respond to customer service requests
· Administer your account
· Send you a newsletter and marketing communications
· Respond to your questions and concerns
· Improve our Website and marketing efforts
We do not ask you for, access, or track any location based information from your mobile device at any time while using our Sub-Domains or services. We do identify and track your location when actively collecting payments in a point-of-sale or back office scenario for auditing and PCI compliance purposes.
3. Information Sharing
We may provide your personal information to companies that provide services to help us with our business activities such as an email service provider to send emails on our behalf or for payment processing. These companies are authorized to use your personal information only as necessary to provide these services for us.
We may also disclose your personal information:
· as required by law, such as to comply with a subpoena, or similar legal process;
· when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;
· if IVNET is involved in a bankruptcy, merger, acquisition, reorganization, or sale of all or a portion of its assets, IVNET may sell or transfer user information (including personal information) as part of any such transaction; or
· to any other third-party with your prior consent to do so.
4. User Access and Choice
If your personal information changes, or if you no longer desire our service, you may correct, update, amend, or delete/remove it by logging into your IVNET account and making the changes in your account settings or by contacting IVNET customer support. We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Receiving emails from our site is part of our service. When you sign up for a IVNET account and/or use our service, we will use your name, email address and/or your mobile number to communicate with you about your account, including account information, account alerts, and product education.
We may also use your name and email address to send you marketing emails, including newsletters and promotions from IVNET and/or from our partners. If you no longer wish to receive these marketing emails, you may opt out of them by using the unsubscribe link contained in the email.
5. Tracking Technologies / Cookies
We use session ID cookies to allow you to access your account and to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited. We do not honor Do Not Track requests. The information from use of these tracking technologies may be combined with information that is personally identifiable so that we can make our website more interesting to you.
Do Not Track
Do Not Track (“DNT”) is an optional browser setting that allows you to express your preferences regarding tracking across websites. IVNET does not have a mechanism in place to respond to DNT signals. IVNET does track some activity across websites (including your search terms, the website you visited before you visited or used the Services, and other clickstream data) and we may continue to collect information in the manner described in this Privacy Notice from web browsers that have enabled DNT signals or similar mechanisms.
For California Users and California Privacy Rights
California law permits residents of California to request certain details about our disclosure of your personal information by us to third parties for direct marketing purposes during the immediately preceding calendar year. If you are a California resident and would like to request this information, please contact us at the address listed below. Please note that the Website is not presently configured to respond to DNT or “do not track” signals from web browsers or mobile devices.
Analytics / Log Files
As is true of most Websites, we gather certain information automatically and store it in log files on our site and within our platform. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyze trends, to administer the site and platform, to track users’ movements around the site and platform, and to gather demographic information about our user base as a whole. We may combine this information with personally identifiable information that you have provided to us and/or with other information that is publicly available or that we receive from other reputable sources in order to make our Website and communications more targeted to your interests.
We may collect statistics about the behavior of visitors to the Website, Clients, and Users, and IVNET may utilize third parties to analyze the usage of the Website and Service.
3rd Party Tracking
Our third-party partners may employ scripts that help them better manage content on our Website and within our platform. We may combine this information with personally identifiable information that you have provided to us and/or with other information that is publicly available or that we receive from other reputable sources in order to make our Website and communications more targeted to your interests.
Other Cookies used by our business partners may collect other non-personally identifying information, such as the computer’s IP address, type of operating system, type of internet browsing software, what web pages were viewed at what time, the geographic location of your internet service provider and demographic information, such as gender and age range. This information is used to provide us with more information about our users’ demographics and internet behaviors.
We may use your personally identifiable information to deliver the products and services that you request, enhance your experience on our Website, and for internal business analysis, and other business purposes consistent with this policy.
The security of your personal information is important to us. When you enter sensitive information (such as a credit card number and login credentials), we encrypt the transmission of that information using secure socket layer technology (SSL).
We take reasonable measures, including administrative, technical, and physical safeguards, to protect your information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. Nevertheless, the internet is not a 100% secure environment, and we cannot guarantee absolute security of the transmission or storage of your information. We hold information about you both at our own premises and with the assistance of third-party service providers. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website, you can contact us at security@IVNET.com.
7. HIPAA and other Regulatory Matters
At IVNET, we continually invest in procedures and technology to support upholding HIPAA’s privacy and security rules. Our HealthPay24 platform was built specifically for healthcare providers and clinicians, and as a result has built-in support for data security and regulatory compliance requirements that apply to a healthcare practice. The following applies once you sign up for an IVNET account.
HIPAA and HITECH
There are two separate sets of regulations that govern the sharing of patient data: HIPAA (the Health Insurance Portability and Accountability Act of 1996), which establishes your practice as a “Covered Entity” and regulates how you use and disclose protected health information (PHI); and the HITECH Act (Health Information Technology for Economic and Clinical Health Act of 2009), which complements HIPAA and controls with whom you can share this information. Parties with whom you share such information are identified as “Business Associates,” and must comply with HIPAA Privacy and Security rules to the same degree as any covered entity. In this framework, IVNET acts as your Business Associate, and your office is the Covered Entity.
HIPAA and Marketing
The 2013 amendments to the HIPAA rules under the HITECH Act state a covered entity is required to obtain prior authorization from the patient to “market” to them, which is defined as “making a communication about a product or service that encourages recipients of the communication to purchase or use the product or service” [Title 45 of the Code of Federal Regulations, section 164.501].
However, HIPAA offers exemptions for communications about services you render or offer as their healthcare provider, as well as “healthcare operations” communications around treatment plans, alternatives to treatment, new services and care coordination. The only instance when such messages could be considered “marketing,” and would thus require permission from the recipient, would be if a Covered Entity or their Business Associate received third-party “financial remuneration” to send these messages. This isn’t common in a typical healthcare provider office – and IVNET as a business associate never accepts any form of third-party remuneration for content within the system.
Compliance and Patient Communications
Email: Healthcare providers are permitted to communicate with their patients electronically (including email), as long as reasonable precautions and safeguards are taken to limit unintentional disclosure [45 C.F.R § 164.530(c)]. Because IVNET may utilize patient contact information directly from our Client, it is your responsibility to ensure that you have each patient’s correct email address on file.
Phone Calls and Answering Machine Messages: A Covered Entity or a Business Associate may leave a message on an answering machine, with a family member, or with another person who answers the phone when the patient is not home, so long as a reasonable precaution is taken to limit the amount of information disclosed in such a non-personal interaction [45 C.F.R § 164.510(b)(3)]. IVNET’s phone calls (and answering machine messages) do not contain any treatment-specific information and hence comply with this requirement.
Physical and Technical Compliance
Data extracted from your HealthPay24 platform is sent over an encrypted Internet connection to IVNET’s secure, HIPAA, HITECH and PCI-compliant hosting facility, where all data operations are performed. Regular HIPAA audits and HIPAA compliance experts on staff ensure your data is closely managed and compliant. Your own access to the system is safeguarded using SSL and 128-bit encryption so you can safely log in from your office, home or mobile device.
TCPA and Consent
Telephone Consumer Protection Act rules are designed to protect consumers from telemarketing messages, and apply to text messaging, residential phone lines, and wireless lines. Treatment plan notifications, appointment confirmations and other types of messaging sent on your behalf via IVNET are deemed by the FCC to be “Healthcare messaging,” or “informational messaging,” and both have been exempted from the 2013 modification to the Act (known as the “new rules”).
In exempting this type of messaging, the FCC stated there is efficient and thorough oversight in HIPAA so as to “already safeguard consumer privacy” and that it did not “need to subject these calls to its consent, identification, opt-out, and abandoned call rules” (77 FR 34240).
THIS IS NOT LEGAL ADVICE
For questions about these regulations, always confer with your attorney. The information contained herein should not be construed as legal advice.
8. Additional Information
Social Media Widgets
Changes To This Policy
Links To Other Sites
This Website contains links to other sites that are not owned or controlled by IVNET. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every Website that collects personally identifiable information. This privacy statement applies only to information collected by this Website.
9. Contact Us
If you have any questions or concerns regarding our notice, or if you believe our notice or applicable laws relating to the protection of your personal information have not been respected, you may file a complaint with our Privacy Department listed above, and we will respond to let you know who will be handling your matter and when you can expect a further response. We may request additional details from you regarding your concerns and may need to engage or consult with other parties in order to investigate and address your issue. We may keep records of your request and any resolution.