MedActionPlan.com, LLC recognizes that a fundamental part of our relationship with our customers is their trust in our respect for their privacy. We are committed to keeping any information you share with us secure and confidential. To that end, MedActionPlan.com, LLC has established the following privacy policies.
I. Information Collected When You Visit this Website
MedActionPlan automatically collects and stores the following information about visitors to this web site:
- User client hostname. The hostname or Internet Protocol address of the user requesting access to the website.
- HTTP header, "user agent." The user agent information includes the type of browser, its version, and the operating system on which that the browser is running.
- HTTP header, "referrer." The referrer specifies the web page from which the user accessed the current web page.
- System date. The date and time of the user’s request.
- Full request. The exact request the user made.
- Status. The status code the server returned to the user.
- Content length. The content length, in bytes, of any document sent to the user.
- Method. The request method used.
- Universal Resource Identifier (URI). The location of a resource on the server.
- Query string of the URI. Anything after the question mark in a URI.
- Protocol. The transport protocol and the version used.
The information that is collected automatically is used to improve this website's content and to help us to understand how users are interacting with the website. This information is collected for statistical analysis, to determine what information is of most and least interest to our users, and to improve the utility of the material available on the website. The information is not collected for commercial marketing purposes.
III. Personal Information About Authorized Users
When you register as an authorized user, we will collect some personal information about you, such as your name, address, telephone number, and email address. We do not knowingly collect personal information from children. MedActionPlan.com, LLC is dedicated to maintaining accurate customer records and shall strive to correct any inaccurate information in a timely manner. Users should contact us to correct any information.
MedActionPlan.com, LLC will not sell lists of its customers, authorized users, or personal information about individuals to third parties.
MedActionPlan.com, LLC will only use or disclose personal information as described in section V.
IV. Protected Health Information
Organizations that use MedActionPlan™ systems offered by MedActionPlan.com are usually covered entities that are required to comply with the HIPAA law and regulations (Title II of the Health Insurance Portability and Accountability Act of 1996 (PL 104-91) and 45 CFR Parts 160-164). MedActionPlan.com, LLC is committed to working with its customers to help them comply with HIPAA and other laws governing privacy and security of health information. MedActionPlan.com will only use or disclose protected health information as permitted by its Business Associate Agreement, and as described in section V, below.
V. Use and Disclosure of Confidential Information
Confidential Information includes non-public information about MedActionPlan.com, LLC customers, personal information about authorized users and protected health information received from or created for HIPAA covered entities.
MedActionPlan.com, LLC will only use Confidential Information:
- As necessary to enable MedActionPlan.com to perform services to or on behalf of its customers;
- As needed for the proper management and administration of the business of MedActionPlan.com, LLC;
- As required to carry out the legal responsibilities of MedActionPlan.com, LLC.
MedActionPlan.com, LLC will not disclose Confidential Information to third parties, except:
- As required by law;
- To subcontractors who require access to Confidential Information to perform services to enable MedActionPlan.com, LLC to serve its customers;
- When required for the proper management and administration of MedActionPlan.com, LLC, to persons or organizations that must have access to Confidential Information to provide service to MedActionPlan.com.
MedActionPlan.com provides data aggregation services to its customers as permitted by 45 CFR 164.504(e)(2)(i)(B).
As permitted by and in accordance with the requirements of 45 CFR 164.514(e), MedActionPlan may create and retain one or more “limited data sets” derived from customer data. A limited data set excludes direct identifiers of individuals, their relatives, employers, or household members. MedActionPlan.com, LLC may use or disclose limited data sets for purposes of ongoing research about pharmacological treatment and delivery of medical services and continuing development and improvement of services to support of the health care operations of health benefit plans and healthcare providers.
MedActionPlan may use customer data to create de-identified sets of data about use of pharmacological treatments and delivery of medical services. De-identified data will not include identifying information about individual patients or health care facilities. De-identified data may be shared with third parties.
VI. Data Security
MedActionPlan.com, LLC follows the HIPAA standards for administrative, technical and physical safeguards of the confidentiality, integrity and availability of protected health information. It requires subcontractors and third parties who have access to Confidential Information to agree to safeguard Confidential Information in accordance with HIPAA and generally accepted system security principles.
VIII. Contact Information
87 Main Street, POB 430
Peapack NJ 07977
Last reviewed August 25, 2009