Our Commitment To You
We are committed to maintaining the privacy, security, integrity and confidentiality of your personal health information that you entrust to us directly or from others, including your care providers. This policy statement explains what we do and don’t do with your information, and how we protect, assemble, manage and use it so you can access and manage it on your MedKaz and share it with your care providers.
What We Do and Don’t Do With Your Information
The only place your complete record is maintained is on your MedKaz. We do not store your records permanently on our Servers, so your complete health record is not accessible to us at any time.
Your information is yours and yours alone — that includes both your personal and medical information. We do not presume to own it and do not sell or rent it. The only parties with whom we share it are those described below who help us process it for your use (they are covered by the same HIPAA rules as we are), and those to whom you instruct and authorize us to send copies, such as your doctors, family members, care givers and researchers.
How Do We Handle Your Account Information?
We store your name, address, telephone number, customer ID, names and contact information for your health care providers, HIPAA authorization, license agreement, and other non-medical information, in our customer files so we can contact you as necessary, keep track of our business relationship with you, and maintain internal statistics about our user community. We maintain this information in our active files while you are an active MedKaz user and in our inactive user file if you discontinue using the MedKaz. We also maintain your credit card information if you are an active user to make it easier for you to pay your subscription fee.
We will use your account information to help you keep your software up to date and to inform you of important policy changes, serious events affecting your data, new features or developments in our company that affect your MedKaz service.
When we introduce improvements to our software, we will notify you when you log on to your MedKaz and by secure email. You download it to your MedKaz the next time you access our Server. Similarly, we will notify you by secure email any time we materially change our business operations, modify business practices that affect you or your information, or are otherwise required to provide a notification to you.
How Do We Assemble and Process Your Health Records?
When you initially activate your MedKaz and following each visit you instruct and authorize your care providers to send us copies of your records and information. You also may send us records your care providers have sent directly to you, as well as other health information you possess. We are not responsible for and have no way to verify the accuracy or completeness of the information we receive from you or your health care providers.
We process these records on our Servers so they can be searched and managed electronically, and downloaded to your MedKaz. The only times we read your health records are when we log them in and to ensure our computer has captured appropriate information. We do not track your health status or condition. This information is temporarily maintained on our Servers and erased within 30 days after you and your authorized recipients download it to your respective MedKaz devices. This allows you time to download a record a second time in case you inadvertently make a mistake or there is a transmission error the first time.
Who Controls and Uses The Information On Your MedKaz?
Your MedKaz contains your personal information, copies of all your records from all your providers, and our MedKaz application to electronically manage your information and records.
This information and your MedKaz are yours. You own it, control it, and are the only person who can grant access to it.
Anytime, anywhere you require care, you give your MedKaz to your care providers at the point of care. They log on, you enter your password, they read the time-saving information waiting for them and, as needed, search and read its contents to coordinate your care, avoid costly medical errors and unnecessary tests, procedures and visits. You can also password-protect sensitive individual records so only those providers you want to see the contents of these records can do so. You, too, can access and read your records to understand your issues, manage your care and correct mistakes if there are any.
In an emergency, if you are unconscious or otherwise unable to provide your password to an emergency care provider, select information is accessible. It includes: your name, age, height, weight, blood type, past illnesses and surgeries, chronic diseases, medical devices, medications, allergies and immunizations, as well as emergency contacts, insurance providers and advance directives.
How Can You Tell If Someone Opened Your MedKaz?
You can always determine when and if someone opened your MedKaz, and identify which records they accessed.
Your MedKaz maintains an audit trail so you can identify if and when it was opened, by whom, and which records were accessed. If you do not recognize the time or party who opened it, please notify us. If appropriate, you may wish to change your password, and/or we may decide to disable its ability to connect to our Server and send you a replacement.
Your records are encrypted to keep them secure when stored on your MedKaz, residing on our Server and during transmission between our Server and your MedKaz.
We encrypt stored and transmitted data to ensure your records are secure and confidential when stored on the MedKaz, enroute to or from us, or in our possession. Our web portal uses secure SSL communications. The only time your records are not encrypted while in our possession is the instant they are being processed on our Server.
You are solely responsible for the care of your MedKaz and for backing it up to protect against losing your records.
We provide you with backup/recover software and recommend you back up the contents of your MedKaz to your computer or a third party of your choice, such as a family member, physician, or a commercial data backup service. We do not maintain backup or archival copies of your health records. Your backed-up records are encrypted; they cannot be opened without your password.
What Should You Do If You Lose Your MedKaz Or It Is Corrupted?
Please notify us immediately. We will send you a replacement.
Since your MedKaz stores encrypted data, it is unlikely that someone finding your lost MedKaz can open it or access your records. However, if you notify us that you lost it, we will disable its ability to connect to our Server for any purpose. When you replace it, you can adopt a new password and recover your records by running the Recover procedure.
Do We Disclose Your Information To Others?
In the ordinary conduct of our business, we do not voluntarily share your personal information or health records with anyone, except as follows.
We make your health records available to you, your health care providers, others you specifically authorize, third parties we may engage to help process your records, and as necessary to our consultants and advisors, including technical support contractors, technical consultants, and legal advisors. Since we do not aggregate your medical information on our Servers, we are not in the position at any time to provide your complete medical record to anyone nor can they steal it from our Servers.
We may disclose the information we have about you if ordered to do so by a court or governmental authority. Your personal MedKaz account information (but not health records) may be transferred in connection with a proposed or completed sale, merger or other reorganization of HRC or the disposal of HRC’s assets. We may disclose your personal information to enforce our terms of service, to protect our property, rights and/or the safety of third parties. Since we do not maintain your complete health record, these disclosures will involve only MedKaz account information and the limited health data that we hold in our systems at the time of the disclosure.
Can You Access, Amend and Delete Information Maintained On Our Servers?
You may view, change or delete your MedKaz account information, such as your address and phone numbers by selecting the Add/Edit Information buttons on your MedKaz screens and entering the new information. These changes will be entered in the MedKaz account record that we maintain on our Servers and, with your permission, we will send them to your care providers so their records are also up-to-date.
Can You Access, Amend and Delete Information Maintained On Your MedKaz?
You may change or delete your personal information, such as your contact, insurance, employment, family history and advance directives, by selecting the Add/Edit Information buttons on your MedKaz screens, and entering the new information. This information is stored exclusively on your MedKaz, not on our Servers.
Neither you nor your health care providers can change a health record once it has been downloaded to your MedKaz. However, both you and your care providers can correct a mistake in your health record by creating an addendum to the incorrect health record, (simply click on Add Addendum on the Encounters>Providers window, or in your Document View).
If you wish to discontinue using your MedKaz, you can do so simply by not giving it to your care providers when they treat you.
We would appreciate your notifying us of your decision so we can correct our records and send you any refunds we owe you or a bill for charges you owe us. We will not change your account status to Inactive unless you advise us that you wish to discontinue using your MedKaz. We will retain your account information in our Inactive Accounts file.
If you wish to transfer the contents of your MedKaz to a personal health record system provided by another party, you should arrange for the other party to effect such a transfer from your MedKaz.
Can We Communicate Between Us?
From time to time, we may contact you for various purposes, such as to solicit your comments and suggestions about our service or to inform you of changes to it. We generally will do so via email but may also send you letters or materials by mail. You do not have to respond to general inquiries or surveys. We will not send you marketing materials from third parties.
You may opt out of communications from us that are not necessary for your MedKaz service by contacting us as indicated below and asking to be removed from these communications. You may not opt out of communications relating to your service or the status of your account.
Communications you send to us will be maintained on our Servers in your MedKaz account record.
What If You Have Questions Or Complaints?
Health Record Corporation
PO Box 638
Brownsville, VT 05037
Toll Free: 877 580-4500
Fax: 802 484-0247