The following describes the types of personal and other information that DocBuddy may collect about you, the organization you represent, and patients treated by you or by an affiliated organization, as well as how we may use and maintain that information, including, but not limited to:
Registration. Before you can use certain functionality offered through the Services, we will ask you, your employer, or a healthcare institution with whom you are affiliated toregister with DocBuddy and provide your email address, a password, your first and last name, your institutional affiliations, other contact information, and personal details. We request this information for identification purposes, to communicate with you regarding your account, in connection with security functions, and to facilitate the functioning of certain aspects of the Services. We may keep this information indefinitely.
Forms. To fully employ the Services, you may be required to fill out forms that collect contain personal information including but not limited to your name, address, telephone number, DEA number, account information, employment, and other personal information relevant to a patient’s diagnosis and treatment.
Correspondence. If you correspond with us via electronic transmission, we may gather in a file specific to you the information that you submit. We may keep this information indefinitely.
URL and IP addresses. Like many other websites, we collect information about the use and navigation of our Services. This information helps us to design our Services to better suit our users’ needs. For example, our Services will track the URL that you visited before you came to our website(s), the URL to which you next go and your Internet Protocol (IP) address. We may use your IP address to help diagnose problems with our server and to administer our Services. Your IP address also is used to help identify you and to gather broad demographic information.
We will not share, rent, sell or otherwise disclose any of the PII that we collect about you, your organization(s), or your patients, except when we have your permission or in any of the following situations:
If you use our Services or services outside of the United States, information that we collect about you may be transferred to servers inside the United States and maintained indefinitely, which may involve the transfer of information out of countries located in the European Economic Area. By allowing us to collect information about you, you consent to such transfer and processing of your data.
Our Services require users to give us unique identifiers in order to log into many areas of our Services. We utilize these unique identifiers to verify the user’s identity and eligibility, in order to protect our members from the release of sensitive or PII to unauthorized users. To help protect the privacy of data you transmit through our Services or through a mobile device, where PII is requested, we also use technology designed to encrypt the information that you input before it is sent to us using Secure Sockets Layer (SSL) technology or similar encryption technology. In addition, we take steps to protect the data we collect against unauthorized access. However, you should keep in mind that our Services are run on software, hardware, and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond our control.
You may correct or update information collected about you by managing your account profile or by contacting our Privacy Officer at the address noted below. We will use reasonable efforts to update our records. For our records, we may retain original and updated information for reasons such as technical constraints, dispute resolution, troubleshooting, and agreement enforcement.
We do not knowingly collect or maintain PII from persons under 13 years old, and no part of our Services are directed to persons under 13. IF YOU ARE UNDER 13 YEARS OF AGE, PLEASE DO NOT USE OR ACCESS OUR SERVICES AT ANY TIME OR IN ANY MANNER. If we learn that PII of persons less than 13 years old has been collected without verifiable parental consent, then we will take appropriate steps to delete this information.
Destruction or Modification of Medical Records in the Event of a Merger, Acquisition, or Dissolution of DocBuddy
To the extent DocBuddy is deemed to store PHI identifiable in medical records provided by or to you, upon merger, acquisition, or dissolution of DocBuddy, you may request that we restrict the use of or delete such records.
If we deny your request for restriction in the use or destruction of PHI, we will notify you in writing. You then have the right to submit to us a written statement of disagreement with our decision and we have the right to rebut that statement.
5860 S. Clayton Ct.
Greenwood Village, CO 80121
Google Analytics is a web analysis service provided by Google Inc. Google uses collected data to track and examine the use of our website(s), to prepare reports on its activities, and share them with other Google services. Google may use the data it collects to contextualize and personalize the ads of its own advertising network.
The use of Google Analytics in connection with our Services might use Google’s Interest-based advertising, 3rd-party audience data and information from the DoubleClick Cookie to extend analytics with demographics, interests and ads interaction data.
We use Google Firebase to send notifications to users of the Android version of our software. Firebase may collect data about you regarding engagement with our application, what kind of device you are using, your location, and other data regarding you and your use of our Services.
We may capture and disclose data about you and your use of the Services in order to develop, test, and refine our offerings using tools and services developed by third parties. Such third-party tools include but are not limited to Bitrise, Bugsnag, Firebase, and Pusher, among others.
If enabled by you, the iOS version of our mobile application Services may use Apple iCloud for the storage and syncing of DocBuddy data. Similarly, if enabled by you, we may use data collected by Apple Analytics to help us better understand how our users use our Services.
We may store content that you disclose to us on virtual servers owned by third parties, including but not limited to Amazon Web Services (each, a Cloud Service Provider). A Cloud Service Provider may disclose, move, access, or use data disclosed by you in accordance with the agreements between DocBuddy and such Cloud Service Providers, as well as the terms of service or privacy policies of such Cloud Service Providers.
We may use, in limited instances, certain third-party services (each, an Integration Platform) to transfer PHI between our systems and electronic health records systems licensed or accessed by your affiliated healthcare organization. In connection with our use of an Integration Platform, if any, we may disclose and transmit PHI to the owner or licensee of such an Integration Platform, as well as information regarding software, devices, and network configurations used by you or your affiliated healthcare organization, for the purposes of providing services to you or your affiliated healthcare organization.
Certain aspects of our services require you to enter speech data in order to use and derive the benefits of our software applications. These applications collect and transmit the speech data you input into the software applications. One or more third parties acting under our direction, pursuant to confidentiality agreements, use the speech data to develop, tune, enhance, and improve their services and products. Neither DocBuddy nor its vendors will use the contents of any speech data provided to us through your use of DocBuddy services for any purpose except as set forth above. Speech Data means the audio files, associated text and transcriptions and log files provided by you hereunder or generated in connection with our applications and may include personal information or PHI.
Unless otherwise specified, all data requested is mandatory and your choice to not provide data may make it impossible to provide Services to you. In cases where we have made clear that some data is not mandatory, you are free not to communicate this data without any consequences on the availability or the functioning of the Service. If you are uncertain about which PII (Personal Data under the GDPR) is mandatory, then you are welcome to contact us at the e-mail address specified above.
Solely to the extent applicable to DocBuddy, if you are subject to the GDPR regime, then you have the right, at any time, to know whether your Personal Data has been stored. You and can consult DocBuddy to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Privacy Officer at the contact information set out above.
DocBuddy takes security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of data. The data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to DocBuddy, in some cases, the data may be accessible to certain types of persons in charge, involved with the operation of this website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as data processors by DocBuddy. If applicable, this list may be requested and by a GDPR-covered person from DocBuddy at any time.
DocBuddy may process Personal Data relating to users if one of the following applies:
In any case, DocBuddy will help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Personal Data is processed at DocBuddy’s operating offices, in data centers located in the United States, and in any other places where the parties involved in the processing are located. The United States has different (and often lesser) privacy protections than other jurisdictions. By providing data, using this website, using mobile applications provided by DocBuddy, or requesting services, you consent to the transfer of your data to the United States and the processing of such data in the United States.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
DocBuddy may be allowed to retain Personal Data for a longer period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, DocBuddy may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation (including but not limited to retention of records of healthcare services performed or recommended) or upon order of an authority.
The right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after information has been deleted.
Data about you is collected to allow us to provide services to you, as well as for the following purposes: analytics, managing contacts and sending messages, user database management, heat mapping and session recording, displaying content from other platforms, content performance and features testing (A/B testing), generation models of medical and clinical conditions, generation models of physician and clinical performance, infrastructure monitoring and contacting the user.
More details concerning the collection or processing of Personal Data may be requested from the Privacy Officer at any time. Please see the contact information at the beginning of this document.
The Data Protection Officer is the Privacy Officer.
This privacy statement has been prepared based on provisions of multiple legislations, including the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the U.S. Health Information Technology for Economic and Clinical Health Act (“HITECH”), and Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation or “GDPR”).