Privacy Policy

INTRODUCTION

1. At ModMed, our mission is to transform how healthcare information is created, consumed, and utilized to increase practice efficiency and improve patient outcomes. As such, privacy is very important to us and we strive to be transparent in our collection and use of your information.
2. This Privacy Policy (“Privacy Policy”) explains what information we collect from or about you, how we collect it, how we use it, who we share it with, and your choices related to your information.
3. When we use terms like “ModMed”, “we”, “our”, or “us”, we are talking about Modernizing Medicine, Inc. and its affiliates (including Modernizing Medicine Gastroenterology, Inc., Modernizing Medicine Billing Services, LLC, Modernizing Medicine Data Services, Inc., Modernizing Medicine Podiatry Systems, Inc., Exscribe, Inc., and Modernizing Medicine Retail Solutions, Inc.). Also, when we talk about the “Services”, we are talking about all of our products and services, such as our websites (“Sites”), mobile applications (“Apps”), cloud-based or licensed on-premise electronic health records systems, including our Electronic Medical Assistant^® or EMA^® and gGastro^® systems and associated systems such as practice management systems (collectively, “Systems”), our reminder and other text messages services, self-service user portals, patient portals, etc.
4. For certain information provided to us through some Services (e.g., the Systems and related Services, such as Apps like our kiosks, PocketEMA, and APPatient, Sites like our patient portals and Communities, alert messages, etc.), we have entered into agreements with our clients (health care providers or their firms, “Providers”) that govern our use of such information (the “Transaction Documents”). This Privacy Policy supplements the Transaction Documents. To be clear, if you are a patient of a Provider, a visitor to one of our Sites, or otherwise accessing or interacting with any of the Services but are not doing so as a customer of ours under a Transaction Document, you are a user but not a customer of the Services (i.e., not a Provider), and some of the terms of this Privacy Policy won’t apply to you. Additionally, if you are a patient of a Provider, this Privacy Policy does not govern our use of Protected Health Information (as defined below) provided to us through the Services, including through your Provider’s patient portal and the APPatient App. Our use of such information is governed by the Transaction Documents with your Provider and applicable law, including without limitation HIPAA (as defined below). Your Provider’s collection, use, disclosure, and transfer of such information is governed, in turn, by your Provider’s terms and conditions and privacy practices between you and your Provider. Please submit all requests and questions related to your Protected Health Information directly to your Provider.
5. By using the Services, you are consenting to our collection, use, disclosure, and transfer of your information as described in this Privacy Policy. This Privacy Policy is not a contract and does not create any contractual rights or obligations. Your use of the Services is governed by our Terms of Use.

WHAT INFORMATION WE COLLECT

When you access and use the Services, we may collect the following types of information from you:

1. “Personal Information” is information that can be used to identify, contact, or locate you or that relates to you. Examples of Personal Information include your name, address, email address, telephone number, device information, employer, medical specialty, profession, biometric information such as your voice print and recordings, financial information, and practice and business information, including your communications history with us. Personal Information includes Location Information and may include Usage Data. In this Privacy Policy, we do not include Protected Health Information in the definition of “Personal Information” because, as mentioned above, Protected Health Information has different treatment under HIPAA and other applicable laws. Accordingly, it is handled differently under the Transaction Documents and, if you are a patient, your Protected Health Information is subject to your Provider’s terms of service and privacy practices.
2. “Location Information” is a type of Personal Information that can be used to locate the device you use to access the Services. Location Information includes (i) the location of the device derived from GPS or Wi-Fi use, (ii) the IP address of the device or internet service used to access the Services, and (iii) any other information you or others make available that indicates your current or prior location.
3. “Usage Data” is information that we automatically collect about your use of the Services and your device, such as your IP address; your device’s MAC address, web browser, operating system, device model and manufacturer; performance issues; or your activity on the Services. Usage Data is generally not Personal Information, but may be in some instances.
4. “Protected Health Information” is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”). See the definition of Personal Information above for more information on the treatment of Protected Health Information.

HOW WE COLLECT YOUR INFORMATION

1. We collect the information you give to us, such as when you:
   1. Contact us (e.g., to request a demo or support),
   2. Register with, apply for, access, or use the Services, including when you submit information on the Services,
   3. Visit our offices,
   4. Apply for employment, or
   5. Register for or attend webinars, conferences, or other events.
2. We automatically collect some information when you use the Services, such as Usage Data and when you enable the location services on your device when using the Services. With your consent, we may also collect information from certain native applications on your device (such as your device’s camera and photo album) to facilitate your use of certain features of the Services. If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or, if you are using an App, delete the App. Please note that disabling the location setting on your device may affect certain features of the Services.
3. We may also obtain information about you from other sources, including the Internet and other publicly-available sources and databases, data aggregators, marketing companies, and other third parties. For example, if you are on a third-party website and request information from us, that website will send us your contact information. We may combine this information with the information you give us to help us tailor our communications or improve the Services.
4. You are not required to provide us with any Personal Information that we request from you. However, failure to provide such information may limit what we are able to do for you. For example, refusing to provide your email address may prevent us from providing you with important information about our Services.

HOW WE USE YOUR INFORMATION

1. We may use your information for the following purposes:
   1. Provide You the Services and Fulfill Your Requests. We may use your information to verify your identity, register you, underwrite you as part of your application for payment processing services, administer your account, consider you for employment, or provide you the information, products, and services that you request. For example, we provide demos of the Services when you request them, respond to your questions when you contact us, assist with problems you report about the Services, or, if you visit one of our locations, we collect your name and other identifying information for purposes of security and visitor management.
   2. Provide Services to Our Providers. If you are a patient of a Provider, we use your information when providing the Services to the Provider.
   3. Communicate with You. We may use your information to try to identify if you may be interested in any of the Services or our business partners’ products and services. If we think something may interest you, we may send you information and promotional materials. You may unsubscribe from receiving marketing emails from us by or using the unsubscribe link included in marketing emails or emailing us at cs-communications@modmed.com.
   4. Enhance Your Experience. We use your information to personalize and enhance your experience when you use the Services, such as tailoring content and advertising and remembering your preferences.
   5. Improve the Services. Your information helps us improve the content and functionality of the Services. For example, we may (i) use our users’ demographics, interests, or behaviors to create new features and content, (ii) recreate or replay a user session to improve the user experience and to support the Services, or (iii) use your information if there is a Service performance issue.
   6. In the Event of a Business Transaction: If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may use your information in connection with exploring or concluding such transaction.
   7. For Legal Purposes: We will use your information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant or similar legal process; or if necessary to assert or protect our rights or assets.
   8. Sharing of Information. We may share your information internally and with third parties as further described in the How We Share Your Information section of this Privacy Policy.
2. We may link Usage Data to the Personal Information we have collected about you. If we link this Usage Data to your Personal Information, we will treat such linked Usage Data as Personal Information.
3. We may also de-identify your information or aggregate your information with other users of the Services (“De-Identified Information”). This De-Identified Information is not Personal Information because it cannot be used to identify you, and may be used by us for any lawful purpose.
4. Additionally, we may use your information for any other reason we tell you (i) when we collect it, (ii) in a Transaction Document, or (iii) in an authorization or consent.

DATA COLLECTION TECHNOLOGIES

1. We and our vendors use cookies, pixel tags, log files, and other technologies (collectively, “Data Collection Technologies”) to help us provide the Services, tailor our content, identify which Services may interest you and inform you about such Services, and enhance your online experience. The Data Collection Technologies include:
   1. Cookies. A cookie is a small file placed on your computer’s hard drive that collects and stores information about your equipment, preferences and browsing patterns. We use cookies to analyze web page traffic and usage patterns, and to tailor the Services to your individual interests. For more information about the cookies used on our Sites, please review our Cookie Notice.
   2. Web Beacons. A web beacon (also referred to as clear gif, pixel tag or single-pixel gif) is a transparent graphic image used in tandem with cookies that enables us, our vendors, and our other business partners to record a user’s actions. We use web beacons to count and track users who have visited those pages, verify system and server integrity, for advertising, and for other statistical measures.
   3. User Experience and Support Products. We use third-party products that track and recreate or replay user experiences using the Services. We use these products to improve the Services and to provide support for the Services.
   4. Google Analytics. We use Google Analytics to help us understand how users engage with the Services. Google Analytics uses cookies to track your interactions with the Services, then collects that information and reports it to us, without individually identifying users. This information helps us improve the Services so that we can better serve users like you. For more information on Google Analytics, visit support.google.com/analytics.
2. You can set your Internet browser settings to stop accepting new cookies, to receive notice when you receive a new cookie, to disable existing cookies, or to omit images (which will disable any pixel tags that may be included in them). Note that the opt-out will apply only to the browser that you are using when you elect to opt out of cookies. Please note, without cookies or pixel tags, you may not be able to take full advantage of all features of the Services.
3. Some web browsers incorporate a “Do Not Track” feature (“DNT”) that signals to the websites that you visit that you do not want to have your online activity tracked. Many websites and applications, including the Services, do not respond to web browser DNT signals. For more information about DNT signals, please visit allaboutdnt.com.

HOW WE SHARE YOUR INFORMATION

1. We may share your information (i) for the reasons we tell (a) you when we collect it, (b) in a Transaction Document, or (c) in an authorization or consent, or (ii) in the following ways:
   1. At Your Direction: We may share your information with third parties when you direct us to. For example, if you request that we share your information with one of our business partners to take advantage of a feature that partner offers, we will share your information with that business partner.
   2. Internally: We may share your information internally (e.g., with our affiliates) in order to provide you the Services, to provide the Services to the Providers, to offer you or the Providers other Services, and to improve our Services or develop new ones.
   3. With Our Customers: We may share your information with our customers when we provide the Services. For example, if you are a patient using the Services, we will provide your information to your Providers. If you post information to our “user forums” available on our Sites, any information you provide may be read, collected, and used by other customers or third parties that have access to the forum.
   4. With Our Service Providers or Contractors: We may share your information with our service providers or contractors (including third-party hosting providers) that we use to provide the Services or that provide services to us, such as for online account access, email marketing, advertising, promotions, newsletters, notices and other communications, or that assist us in monitoring, improving, and hosting the Services. Such service providers or contractors may contact you regarding their products and services.
   5. With Business Partners: We may share your information with our business partners in order to offer or provide you with the Services or our business partners’ products and services, to identify if you may be interested in any of the Services or our business partners’ products and services, or to improve or develop new Services or business partners’ products or services. Our business partners may contact you regarding their products or services.
   6. In the Event of a Business Transaction: If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may disclose your information to a party or parties in connection with exploring or concluding such transaction.
   7. For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others; when otherwise required by law, regulation, subpoena, court order, warrant or similar legal process; or if necessary to assert or protect our rights or assets.
2. We may share De-Identified Information in all legally permissible ways.

YOUR CHOICES; INTEREST-BASED ADS

1. We encourage you to communicate your preferences to us about how we use your information.
2. You may opt-out of receiving marketing communications from us by following the instructions included in such a communication or by emailing us at cs-communications@modmed.com. Please allow us ten (10) business days from when the request was received to complete the removal. If you opt out, we may still send you non-marketing communications, such as those about your account or our ongoing business relationship.
3. We may use third-party service providers to serve advertisements on our behalf across the Internet. These advertising service providers may collect (through the use of Data Collection Technologies) information about your visits to and interactions with the Services. In addition to the information about your visits to our Site, our service providers may also use the information about your visits to other websites to target advertisements for products and services available from us. If you would like more information about this practice and to know your choices for not having this information used by third-party service providers, please visit the Network Advertising Initiative’s website here.
4. Some features of our Apps may require access to certain native applications on your mobile device, such as the camera and photo storage applications (e.g., to take and upload photos and videos). If you decide to use these features, we will ask you for your consent prior to accessing the applications and collecting information. Note that you can revoke your consent at any time by changing the settings on your device.
5. Depending on your device settings, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can deactivate these messages at any time by changing the notification settings on your mobile device or within our Apps.
6. Residents of certain states, such as California and Colorado, may have additional Personal Information rights and choices, as further described in the U.S. State Privacy Law Supplemental Notice.

BIOMETRIC DATA

1. If you are a medical provider and use your device microphone to record your voice in connection with the Systems, such as using the Speech-to-Text Module in EMA^®, your recording and voiceprint may be collected by ModMed’s dictation service provider or other third parties as described in the Transaction Documents. Your voiceprint may be used to transcribe text for a patient’s medical record, to improve the dictation feature, or for other purposes described in the Transaction Documents and the Services.
2. Your voiceprint is biometric data under certain laws governing the collection, use, storage, and disclosure of biometric data. By using the microphone or other recording feature, you acknowledge that you have been advised of, and understand that, your biometric data may be collected, used, stored, and disclosed for the purposes described in this Privacy Policy or as otherwise described in the Transaction Documents and Services. Use of your voice recording and biometric data by your medical practice and the dictation service provider is governed by the terms of service and privacy policies of those third parties.

CALIFORNIA AND COLORADO RESIDENTS

If you are an eligible California or Colorado resident, please see our U.S. State Privacy Law Supplemental Notice for more information on your rights. The U.S. State Privacy Law Supplemental Notice supplements, but doesn’t replace, this Privacy Policy.

CHILDREN’S INFORMATION

As described in our Terms of Use, we prohibit users under 13 from using the Services. As such, we do not expect to collect information, including personal information as defined by the Children’s Online Privacy Protection Act, from children under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personal information to us, you may contact us at privacy@modmed.com to request that we delete and stop use of that information. If we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child’s information.

LINKS TO OTHER SITES

The Services may contain links to other sites and other products and services that are not owned or controlled by us. This Privacy Policy does not apply to information collected by any third party, including through any application or content (including advertising) that may link to, be embedded on, or otherwise accessible from or on our other Services. We encourage you to be aware when you leave our Sites or other Services. We encourage you to review the privacy policies of each and every third-party website that collects Personal information as their privacy policy may differ from ours.

PROTECTION OF YOUR INFORMATION

The security of Personal Information is important to us. We use reasonable safeguards aimed to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. Although we strive to protect your Personal Information, we can’t guarantee the security of any information you transmit to or from the Services or that unauthorized use, disclosure, alteration, or destruction or some other data breach will not occur. Please keep in mind, however, that no data transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by parties other than the intended recipient.

NOTE TO INTERNATIONAL VISITORS

The Services are intended for use only in the United States of America. If you use the Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) by using the Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Privacy Policy.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time and for any reason, in our sole discretion. Unless we say otherwise, changes will be effective upon the last updated date at the top of this Privacy Policy. Please check this Privacy Policy regularly to ensure that you are aware of any changes. We may try to notify you of material changes to this Privacy Policy, which if we do so may be by means such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by other reasonable methods. In any event, your use of the Services after changes to this Privacy Policy means you have accepted the changes. If you do not agree with the changes, immediately stop using the Services.

CONTACTING US

If you have any questions or comments about this Privacy Policy, please contact us by either:

1. Calling us at 1-866-799-2146 and asking to speak with the Privacy Officer;
2. Emailing privacy@modmed.com; or
3. Writing us at:

Modernizing Medicine, Inc.
4850 T-Rex Avenue, Suite 200
Boca Raton, Florida 33431
Attention: Privacy Officer
1-866-799-2146