Privacy and Security Policy

Notice of Privacy Practices

THIS DERMLINK PRIVACY AND SECURITY POLICY (THIS “PRIVACY POLICY”) DESCRIBES HOW PERSONALLY IDENTIFIABLE INFORMATION AND MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. By using this website (the “Website”) and/or providing DermLink your personal information, you signify your assent to this Privacy Policy. If you do not agree with any term in this Privacy Policy, please do not provide DermLink your personal information or use the Website.

In addition to this Privacy Policy, DermLink has established Terms of Use that set forth the general rules and policies governing your use of the Website. A copy of the Terms of Use can be found at www.dermlink.md/terms.html

DermLink’s Commitment to Your Privacy

DermLink, Inc. (“DermLink”) is dedicated to maintaining the privacy of your personally identifiable information, including your protected health information (collectively, “PII”). PII includes information about you that may be used to identify you (such as your name or address) and that relates to (a) your past, present or future physical or mental health or condition, (b) the provision of health care to you or (c) your past, present or future payment for the provision of health care. In conducting its business, DermLink may receive and create records containing your PII. DermLink is required by law to maintain the privacy of your PII and to provide you with notice of its legal duties and privacy practices with respect to your PII.

DermLink will abide by the terms of this Privacy Policy while it is in effect. This current Privacy Policy takes effect on the date specified above, and will remain in effect until DermLink replaces it. DermLink reserves the right to change the terms of this Privacy Policy at any time, as long as the changes are in compliance with applicable law. If DermLink changes the terms of this Privacy Policy, the new terms will apply to all PII that it maintains, including PII that was created or received before such changes were made. If DermLink changes this Privacy Policy, it will post the new Privacy Policy on the Website and will make the new Privacy Policy available to you upon request. You agree to accept electronic communications and/or postings of revised versions of this Privacy Policy on the Website and agree that such electronic communications or postings constitute notice to you of the revised version of this Privacy Policy.

Please note: The laws and regulations in different countries impose different (and even conflicting) requirements on the Internet and data protection. The servers that make the Website available worldwide are located in the United States. All matters relating to the Website are governed by the laws of the state of California, without reference to its conflicts of law rules that would result in the application of the laws of another jurisdiction. Please note that any information you provide will be transferred to the United States, and by using the Website or providing DermLink your PII, you authorize this transfer.

Security

When DermLink collects PII directly from you, it follows generally accepted industry standards to protect the submitted PII and meets privacy standards. DermLink uses firewall barriers, SSL 256-bit high grade encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect user accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure. If you have any questions about security on the Website, you can contact DermLink at www.dermlink.md/contact-us.html

Collection, Use and Disclosure of Personal Information

DermLink collects the following PII:

Contact information such as name, email address, mailing address, phone number Health or medical information

DermLink fully complies with the privacy provisions of the . DermLink’s staff, employees and agents receive training concerning DermLink’s confidentiality and privacy policies. DermLink and its employees will use PII only as necessary to provide care or for other authorized, legitimate reasons that are compliant with HIPAA.

The primary reason DermLink collects PII is in connection with dermatological treatment. Access to your PII will be limited to those employees and authorized agents of DermLink who need this information in order to provide safe tele-dermatology care. To provide safe treatment, you agree to supply DermLink’s employees and authorized agents with all necessary PII.

DermLink may use and disclose your PII in the following ways:

Treatment, Payment and Health Care Operations. DermLink is permitted to use and disclose your PII for purposes of treatment, payment and health care operations.
Authorization. DermLink is permitted to use and disclose your PII upon your written authorization, to the extent such use or disclosure is consistent with your authorization. You may revoke any such authorization at any time. As Required by Law. DermLink may use and disclose your PII to the extent required by law.

Additionally, DermLink may use and disclose your PII as follows:

When you visit the Website, DermLink may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited and average time spent on the Website. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve web design and functionality.

If DermLink or its assets are acquired by another company, or in the event of a merger, consolidation, change in control, transfer of substantial assets, reorganization or liquidation, DermLink may transfer, sell or assign to third parties information concerning your relationship with DermLink, including, without limitation, PII that you provide or that has been provided on your behalf (e.g., by your primary care physician) and other information concerning your relationship with DermLink. Such third parties will assume responsibility for the PII collected by DermLink in connection with DermLink’s business operations or through the Website and such third parties will assume the rights and obligations regarding such information as described in this Privacy Policy.

Rights to PII

You have a right to:

View your medical records. You can access your medical records that have been provided to DermLink within 30 days of your request to do so. You can view your medical records at any time by accessing your account online.
Inspect and copy your PII. You must submit your request to inspect or copy your PII online to DermLink. DermLink may impose a fee for the costs of copying, mailing, labor and supplies associated with your request. DermLink may deny your request to inspect and/or copy your PII in certain limited circumstances. If that occurs, DermLink will inform you of the reason for the denial, and you may request a review of the denial.

Amend your PII. If you believe your file is incomplete or incorrect, you can request that DermLink amend your PII. DermLink may, under certain circumstances, deny your request. If that occurs, you have the right to submit a statement of disagreement for inclusion in your records.

Accounting and disclosures. You always have the decision whether or not to give permission for your PII to be shared before it is used or shared. Your chosen health professionals, i.e., primary care physicians or dermatologists that use the Service are prohibited from using or sharing your personally identifiable medical records for any purposes that are not part of normal, routine health care processes. You have the right to receive an accounting of all disclosures DermLink has made of your PII. Accordingly, upon request, DermLink will provide you a notice that tells you how your PII has been used and shared. DermLink may charge you for the costs involved in fulfilling any request.

Complaint. You may complain to DermLink and to the Secretary of the Department of Health and Human Services if you believe that your privacy rights have been violated.