Biograph International, Inc. (“Biograph,”“we,” or “us”) owns and operates the Biograph website located at www.Biograph.com and Biograph mobile application (collectively, the “Platform”). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content (“Content”), any products or services provided through the Platform, and any affiliated website, software, or application owned or operated by Biograph (collectively, including the Platform and the Content, the “Service”).
Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses “protected health information” (“PHI”). As a result, if the Medical Group determines that it is a covered entity under HIPAA, the Medical Group will adopt and separately provide to you a HIPAA Notice of Privacy Practices that describes how the the Medical Group may use or disclose your PHI (the “Medical Group Notice of Privacy Practices”).
HIPAA also requires a covered entity to obtain a patient authorization that satisfies certain requirements in order for the covered entity or its business associates to use or disclose PHI in certain ways. In order to ensure that the Medical Group and Biograph are able to effectively provide their respective services to you and that you are able to utilize the full functionality of the Service, the Medical Group and/or Biograph may need to use or disclose your PHI in ways that would require the Medical Group to obtain an authorization under HIPAA. As a result, if the Medical Group determines that it is a covered entity under HIPAA, the Medical Group will obtain from you a patient authorization (a “Patient Authorization”) that authorizes the Medical Group and Biograph to use and disclose your PHI in certain ways that are described in the Patient Authorization.
We collect any information you provide when you use the Service, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us).
In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.
We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
We or our service providers may automatically collect certain information from the device through which you access the Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Service you are using, information regarding your browser and information that allows us to personalize our Service. We or our service providers may also collect information about how you interact with our Service and any of our websites to which our Service links, such as how many times you use a specific part of our Service, the amount of time you spend using our Service, how often you use our Service, actions you take in our Service and how you engage with our Service.
We and our service providers may obtain information regarding your location or the location of your device through which you access our Service. Information regarding your location may be obtained directly from you when you provide us with information as part of the registration process.
We may use information regarding your location or the location of your device through which you access the Service for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Service is offered.
We may de-identify your information and use, create and sell such de-identified information, including De-Identified Health Information, for any business or other purpose not prohibited by applicable law.
We may disclose your information to third parties in connection with the provision of our Service or your Provider’s provision of services or as otherwise permitted or required by law. For example, we may disclose your information to: (a) our third-party service providers that provide services such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services; (b) the Medical Group or its Providers to schedule and fulfill appointments and provide healthcare services; (c) the Medical Group or Providers to whom you send messages through our Service; (d) the Medical Group or its Providers for treatment, payment or healthcare operations purposes; (e) third parties as we believe necessary or appropriate to comply with applicable laws; and (f) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party. We may de-identify your information and disclose such de-identified information, including De-Identified Health Information, for any purpose not prohibited by applicable law.
Certain Submissions you make may contain health information, which may be subject to HIPAA or related state-specific privacy laws and regulations. With respect to any such PHI, Biograph’s rights with respect to the use or disclosure of such PHI may be limited as and to the extent required under HIPAA or an applicable Patient Authorization. Subject to the limitations described above, any information you transmit to Biograph via the Service, whether by direct entry, submission, email or otherwise, including data, questions, comments, forum communications, or suggestions (collectively, “Submissions”), will, to the extent permitted under applicable law, be treated as non-confidential and non-proprietary and will become the property of Biograph. You hereby irrevocably assign (and agree to assign) to Biograph, free and clear of any restriction or encumbrances, all of your rights, title and interest in and to the Submission, including, without limitation, all copyrights, rights in patents, rights in trade secrets, and all rights incidental, subsidiary, ancillary, or allied thereto (including, without limitation, all derivative rights) in and to the Submission. To the extent the assignment granted above fails for any reason, you hereby grant to Biograph an exclusive, perpetual, irrevocable, royalty-free, worldwide license under your intellectual property rights, with the right to sublicense to third parties the right, to make, access, practice, sell, offer for sale, export, import, copy, use, modify, prepare derivative works from, distribute, publicly display, publicly perform, and otherwise exploit in any manner those Submissions with respect to which the foregoing assignment shall have failed. You agree to execute any documents and take any other actions as may reasonably be necessary, or as Biograph may reasonably request, to evidence, perfect, maintain and enforce Biograph’s ownership of or license to any such Submissions. In addition to the foregoing, Biograph shall have the right, in its sole discretion, to edit, duplicate, or alter the Submission in any manner for any purpose that Biograph deems necessary or desirable, and you irrevocably waive any and all so-called moral rights you may have in the Submission. You further agree that you shall have no right of approval and no claim to compensation in connection with the Submission.
We strive to use reasonable physical, technical, and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.
Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to firstname.lastname@example.org with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.