HIPAA Compliance

DocsTime is committed to protecting all protected health information (PHI) and any personal data shared with the website and/or application. DocsTime understands and has taken steps to comply with all applicable requirements as a business associate under the Health Insurance Portability and Accountability Act (HIPAA). Under HIPAA, a business associate is one who receives patient information on behalf of a physician or other health care provider. We have established policies and procedures in accordance with HIPAA privacy rules to ensure the security of the data of all users including patients, health care providers, and facilities.

 

As such, DocsTime attests that it has made and will continue to make the implement considerations to comply with HIPAA policies and ensure the security of patient and provider information. DocsTime does/will:

• Access, use, and/or disclose PHI only when it is absolutely necessary to furnish services to patients and/or providers in a way that is permitted by law.
• Implement policies and procedures to ensure the protection and adequate storage or PHI and other private data.
• Implement encryption systems across all information systems where possible.
• Require subcontractors’ written attestation of compliance with the same HIPAA and privacy laws.
• Attest that no PHI will be sold or otherwise disclosed to parties that are not necessary to patients’ care or provider use of DocsTime technology.
• Attest to effectively respond to any suspected or actual breaches of PHI or other personal data and make the necessary reports of a breach where applicable.
• Attest to educate all employees and subcontractors on our HIPAA and Privacy policies and procedures and require their written agreement to comply with these policies and procedures.

 

Data Collection

DocsTime may need to collect and process your personal data, including PHI to provide you with the services of locating providers, scheduling appointments, and participating in televisits. By accepting our Terms and Conditions, you are confirming that you have read and understood this Privacy Policy, which includes how we use and store your information "as per HIPAA compliance".

Our Terms and Conditions require that all users be 18 years of age or older. If a user is under the age of 18, they must only use DocsTime services with the informed consent and under the direct supervision of an adult user. You, the patient, will be responsible for any and all account activity that is conducted by a minor on your account.

 

User Information

DocsTime may request or receive information from you and any person who uses the DocsTime website or application. This information includes:

Upon termination of a client account and/or request, DocsTime will remove from its servers any relevant user information to ensure that DocsTime can no longer access such data.

 

Location Information

DocsTime may collect users’ location information only if expressly permitted by the user. DocsTime will only use user location information to improve search results and enhance user experience. DocsTime will not share or sell user location information with third parties. Users will always have the option to stop sharing their location information with DocsTime.

 

Use of Information

DocsTime will not sell to a third party user personal data, including but not limited to, users’ email or mailing address, phone number, location, communications, insurance information or other identifying information shared with DocsTime.

DocsTime may, however, disclose your personal information with contractors and third parties only when necessary to carry out services including, creating an account, scheduling an appointment, finding a provider, and/or participating in a televisit using the DocsTime website or application. If, for some reason, DocsTime were to disclose user information outside of this context, your express permission would be required before such a disclosure is made.

 

Electronic Security Measures

DocsTime has taken substantial measures to ensure the safety and privacy of users’ personal information. As such all patient, provider, and facility information is transmitted and stored by Amazon Web Services ("AWS"), which is a HIPAA compliant cloud data storage and management service. All of our safety measures align with guidance from the Department of Health and Human Services and the HIPAA Privacy Act. We have implemented electronic security measures including encryption of information, and secure services for the transfer and receipt of electronic personal data.

 

Data Encryption

All information transmitted to and from any user of the DocsTime website, application or any other DocsTime platform will always be encrypted to prevent any unwanted disclosure to unintended parties. In addition, any communications, including emails, notifications, chats, and televisits will be encrypted to protect from any unwanted disclosures to unintended parties. Finally, all data will be masked and stored in a secure database managed by AWS.

 

Use of Cookies

DocsTime, like most commercial website, may use "cookies," which are small pieces of information that are stored by your browser on your computer. DocsTimeuses cookies on its website to keep track of your session, account activity, and televisits, if applicable. DocsTime may also use cookies to deliver content specific to your interests and to store your password for your retrieval. In addition, DocsTime may use an outside service to display ads on DocsTime’s website, which may also contain cookies.

 

Amendments

DocsTime may amend this policy at any time. If we use PHI or personal data collected through our website and/or application in a method that differs from that stated in our policy at the time of collection, DocsTime will notify users via email and/or by DocsTime website of the change in policy. This Agreement may not otherwise be amended except in a writing that specifically refers to this Privacy Policy.