Privacy and Security
MedPilot (“Company” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes:
The types of information we may collect or that you may provide when you purchase, download, install, register with, or access MedPilot’s website or platform (the “Site”) or use the services provided in connection with the Site, which includes, among other things, financial management services in the healthcare field (the “Services”).
Our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies only to information we collect on the Site or in connection with providing the Services and through other electronic communications sent through or in connection with the Site.
This policy DOES NOT apply to information that:
We collect offline or on any other Company’s apps or websites, including websites you may access through this Site.
You provide to or is collected by any third party (see “Third-Party Information Collection”).
These other third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.
The Site is not intended for persons under 18 years of age, and we do not knowingly collect personal information from persons under 18. If we learn we have collected or received personal information from a person under 18 without their consent, we will delete that information. If you believe we might have any information from or about a person under 18, please contact us at firstname.lastname@example.org.
Information We Collect and How We Collect It
Information You Provide to Us
When you access the Site or use the Services, we may ask you to provide information by which you may be personally identified, such as name, postal address, email address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information”).
This information includes:
Information that you provide by filling in forms on the Site. This includes information provided at the time of registering to access the Site, or while using the Services.
Records and copies of your correspondence (including email addresses and phone numbers), if you contact us.
Your responses to surveys that we might ask you to complete for research purposes.
Details of transactions you carry out through the Site. You may be required to provide financial information before using all of the Services.
Your search queries on the Site and the links you click through on the Site.
You may also provide information for publication or display (“Posted”) on public areas of the Site (collectively, “User Contributions”). Your User Contributions are Posted and transmitted to others at your own risk. Although you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of third parties with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Automatic Information Collection and Tracking
When you access and use the Site, it may use technology to automatically collect:
Usage Details. When you access and use the Site, we may automatically collect certain details of your access to and use of the Site and the Services, including traffic data, the time spent on the Site, location data, logs, and other communication data and the resources that you access and use on or through the Site.
Device Information. We may collect information about your mobile device and internet connection, including the device's unique device identifier, IP address, operating system, browser type, mobile network information, and the device's telephone number.
Stored Information and Files. The Site also may access metadata and other information associated with other files stored on your device. This may include, for example, photographs, audio and video clips, personal contacts, and address book information.
Location Information. This Site collects real-time information about the location of your device.
Services Information. We collect information about you related to the Services, including your responses to our communications and the time it takes to pay your bills.
Information Collection and Tracking Technologies
The technologies we use for this automatic data collection may include:
Flash Cookies. Certain features of our Site may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Site. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
Web Beacons. Pages of our Site and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit MedPilot, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Ownership of Information
While you have certain rights to control what information is provided on the Site (see Your Choices About Our Collection, Use, and Disclosure of Your Information), to the extent permitted by law, all information collected on the Site or provided to us by you, including User Contributions, is owned solely by and is the exclusive property of MedPilot.
Third-Party Information Collection
We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information, to:
Provide you with the Site and its contents, and any other information, products or services that you request from us.
Fulfill any other purpose for which you provide it.
Give you notices about your account.
Carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
Notify you when Site updates are available, and of changes to any products or services we offer or provide though it.
Recognize you when you use the Site.
We may also use your information to contact you about our own and third parties' goods and services that may be of interest to you. If you do not want us to use your information in this way, please adjust your user preferences in your account profile.
We may use the information we collect to display advertisements to our advertisers' target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual or device, without restriction.
In addition, to the extent permitted by law, we may disclose personal information that we collect or you provide:
To our subsidiaries and affiliates.
To contractors, service providers, and other third parties we use to support our business.
To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of the Company's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Company about our Site users is among the assets transferred.
To third parties to market their products or services to you if you have not opted out of these disclosures. We require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. For more information, see “Your Choices About Our Collection, use, and Disclosure of Your Information.”
To fulfill the purpose for which you provide it.
For any other purpose disclosed by us when you provide the information.
With your consent.
To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
To enforce our rights arising from any contracts entered into between you and us.
If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Your Choices About Our Collection, Use, and Disclosure of Your Information
We strive to provide you with choices regarding the personal information you provide to us. This section describes mechanisms we provide for you to control certain uses and disclosures of your information. However, in no event will we use personal information in violation of any law. See “Compliance with Laws”.
Disclosure of Your Information for Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by logging into the Site and adjusting your user preferences in your account profile or by sending us an email with your request to email@example.com.
Promotional Offers from the Company. If you do not wish to have your email or contact information used by the Company to promote our own or third parties' products or services, you can opt-out by checking the relevant box located on the form on which we collect your data or by sending us an email stating your request to firstname.lastname@example.org. If we have sent you a promotional email, you may send us a return email asking to be omitted from future email distributions.
Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers' target-audience preferences, you can opt-out by sending us an email stating your request to email@example.com.
We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI's website.
Accessing and Correcting Your Personal Information
You can review and change your personal information by logging into the Site and visiting your account profile page.
If you delete your User Contributions from the Site, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Site users.
Compliance With Laws
MedPilot is committed to helping our clients and partners remain fully compliant with all laws. We ensure the highest standards of integrity and best practices to maintain confidentiality regarding patient data. Innovation in healthcare requires trust. Assuring the privacy and security of patient data is at the core of our mission.
We approach compliance, like security, as a continuous cycle. Our NIST SP 800-30 Rev 1 risk assessment drives our organizational policies and procedures, which in turn drive our training cycle. We use operational feedback to continuously refine and improve our risk posture.
All of our operational security metrics are monitored continuously by our deployment provider, Cloudticity. Our compliance status is available in real time, 24/7.
Attention to Detail
All traffic is encrypted in transit with SSL/TLS. All secondary volumes are encrypted at rest with full key/data segregation.
All data access is restricted to approved employees based on job function. All access is logged and stored for auditing and anomaly detection.
Our hosting provider is regularly audited against the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) specifications.
All services are hosted within a private sub-net, addressable only through a white-listed gateway.
Per our Security Policy, we continually review our code for OWASP, CVE, and NVD-reported vulnerabilities.
All data is stored exclusively on Amazon Web Services (AWS) in the us-east-1 Northern Virginia Region. EC2 images are automatically backed up to S3 and are therefore fault tolerant to 13 9's. RDS Databases are set to automatically backup once per day.
Fair Debt Collection Practices Act (FDCPA)
Nothing on the Site or in this Privacy Notice is intended to contradict your rights under the Fair Debt Collection Practices Act. MedPilot will not disclose any information to third parties that is otherwise prohibited by the FDCPA.
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.
However, the safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures we provide.