Notice of Privacy Practices
Allergychoices, Inc., knows you care about how information about you is shared and used. We appreciate your trust in our doing it responsibly. The following information outlines our privacy practices, and by visiting our sites, you are accepting the practices described below, and by providing your data, you warrant to us that you are over 16 years of age.
This privacy notice provides you with details of how we collect and process your personal data through your use of our site allergychoices.com and our pharmacy portals.
Allergychoices is the data controller and we are responsible for your personal data (referred to as “ACI”, “we”, “us” or “our” in this privacy notice).
Postal address: 2731 National Drive | Onalaska, WI 54650
WHAT DATA DO WE COLLECT ABOUT YOU, AND WHY
Personal data means any data used to identify an individual. We may collect the following data from you:
- Communication Data, which includes communication you send us via our website (forms, blog comments, etc.), texts, email, and social media. We collect this data to help us communicate with you and to keep records for legitimate legal purposes.
- User Data, which includes data about how you use our website and any online services together with any data that you submit for publication on our website or through other online services. We collect this data to ensure content is relevant to you, and to ensure site security. This enables us to administer our sites and business in a relevant manner.
- Technical Data. We may collect data about how you use our site and online services, including your IP address, login data where applicable, browser data, visit length and paths, and other data about use of the site from our analytics tracking system. This helps us ensure our site meets user needs and is up-to-date with how users access the site and use the information.
- We may use Visitor Data, User Data, Technical Data and Marketing Data to deliver relevant website content to you (including social media content) and to measure or understand the effectiveness of the content we serve you.
- Third Party Data sharing. We do NOT sell your data to third parties.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to share information about our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications if:
- You asked for information from us about our goods or services or
- You agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by emailing us at email@example.com at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as pharmacy orders.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services on our behalf.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Security measures are used to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as required by law.
We retain your data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining how long to keep data, we consider its nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, and if these can be achieved by other means and legal requirements.
We hold pharmacy data as required by law. We may anonymize your data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that includes the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. Inquiries and requests may be forwarded to: firstname.lastname@example.org.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Patient Privacy Protection Practices/HIPAA Disclosures
Allergychoices Inc. (ACI) is committed to protecting your privacy.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
In regulatory compliance relative to the Health Information Portability and Accountability Act (HIPAA) and The Health Information Technology for Economic and Clinical Health Act (HITECH).
Your (Patient) Health Care Information – Protecting Your Privacy
It is your right as a patient to be informed of ACI’s privacy practices as well as to be informed of your privacy rights with respect to your protected health information (PHI). This Notice of Privacy Practices is intended to provide you with this information.
It is your right as a patient to be informed of ACI’s legal duties with respect to protection of the privacy of your PHI as it pertains to the electronic medical records systems we use.
ACI is required to:
– Maintain the privacy of your health information;
– Provide you with a notice of the legal duties and privacy practices regarding PHI collected and maintained about you; and
– Abide by the terms of this notice.
ACI reserves the right to change the terms of the notice and make new notice provisions effective for all PHI that it maintains. ACI also reserves the right change the terms of its notice with respect to any applicable more limited uses and disclosures.
– ACI will promptly revise and distribute its notice whenever ACI makes a substantial change to any of its privacy practices.
– ACI will not use or disclose your PHI without your authorization, except as described in this notice.
Your Health Information Rights
You have the right to:
– Inspect and obtain a copy of your health record.
You have the right to inspect and obtain a copy of your health care record. This request for access to your health care record must be submitted in writing to the ACI Privacy Officer. ACI may charge you a reasonable fee for a copy of your health care record. For example, you may request a copy of your health care record for your family physician.
– Receive Confidential Communications.
You have the right to request that ACI communicate your health information to you by alternative means or at alternative locations. ACI shall accommodate reasonable requests. For example, you may request to be contacted at a phone number that is different from the phone number listed in your health care record. This policy also covers electronic correspondence.
– Obtain an accounting of disclosures of your health information.
You have the right to an accounting of disclosures of your health information that ACI has made in compliance with state and federal law after April 14, 2003. The accounting will describe the dates of each disclosure, a brief description of information disclosed and the reason for disclosure. You will receive one accounting per year at no charge and ACI may charge you a reasonable fee for each subsequent request. For example, you may request an accounting of disclosures made from your health record in the last year to the State for disease reporting.
– Be alerted in a timely fashion of any breach of information that may occur.
– Request a restriction on certain uses and disclosures of your health information.
You have the right to request restrictions on certain uses and disclosures of PHI, even if restrictions affect your treatment or ACI’s payment or health care operation activities. However, ACI is not required to agree to your requested restriction. The following require your authorization for release: most uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes, and disclosures that constitute the sale of PHI. Other uses and disclosures not described in this notice will be made only with the individual’s authorization.
– Amend your health record.
You have the right to request an amendment to your health care record if you believe your health information is incorrect or incomplete. You may be asked to make this request in writing and state the reason why your health record should be changed. If ACI did not create the health information you believe is incorrect or if ACI disagrees with you, ACI may deny your request. For example, if you believe that information in your medical history is incorrect, you may request that this information be amended.
– Opt out of receiving fundraising communications.
Uses and Disclosures for Treatment, Payment and Health Care Operations
Allergychoices protects the privacy of your health information. For some activities, we must have your written authorization to use or disclose your health information. However, the law permits Allergychoices to use or disclose your health information for the following purposes without your authorization:
For Treatment — We may use your PHI to dispense prescriptions to you. We may disclose your PHI to treating physicians, pharmacists and other persons who are involved in dispensing your prescription.
For Payment — We may use and disclose your PHI so that your pharmacy services may be billed to, and payment collected from you, your insurance company or a third party.
For Healthcare Operations —We may use and disclose your PHI for pharmacy operations, which include activities necessary to run the pharmacy, and to ensure you receive quality customer service.
For Prescription Refill Reminders and Health-Related Products and Services — We may use or disclose your PHI for prescription refill reminders, to tell you about health-related products or services, or to recommend possible treatment alternatives that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care — We may disclose your PHI to a family member or friend who is involved in your medical care or payment for your care, provided you agree to this disclosure. If you are unavailable or unable to provide permission, we will use our best judgment to determine whether disclosure is in your best interests.
As Required by Law — We will disclose your PHI when required to do so by federal, state or local law.
To Avert a Serious Threat to Health or Safety — We may use and disclose your PHI when necessary to prevent a serious threat to your or others’ health and safety, to public health or legal authorities charged with preventing or controlling the threat.
Public Health Risks —We may disclose your PHI for public health activities, such as those aimed at preventing or controlling disease, preventing injury, reporting reactions to medications or problems with products, and reporting the abuse or neglect of children, elders and dependent adults.
For Health Oversight Activities — We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities, which are necessary for the government to monitor the health care system, include audits, investigations, inspections and licensure.
Lawsuits and Disputes — If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice), or to obtain an order protecting the information requested.
Specialized Government Functions — We may disclose your PHI (1) if you are a member of the armed forces, as required by military command authorities; (2) if you are an inmate, or in custody, to a correctional institution or law enforcement official; (3) in response to a request from law enforcement, under certain conditions; (4) for national security reasons authorized by law; and (5) to authorized federal officials to protect the President, authorized persons, or foreign heads of state.
Workers’ Compensation — We may disclose your health information for workers’ compensation or similar programs.
Organ and Tissue Donation — We may also disclose your PHI to organ-procurement or similar organizations for purposes of donation or transplant.
Coroners and Funeral Directors — We may release your PHI to a coroner or medical examiner, for example, to determine a person’s cause of death. We may also disclose your PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Personal Representatives — We may disclose your PHI to a person legally authorized to act on your behalf, such as a parent, legal guardian, administrator or executor of your estate, or other individual authorized under applicable law.
ACI has attempted to explain with this notice the circumstances where state law may be more protective than the federal privacy rule and provides greater privacy protection. Except for the situations listed above and treatment, payment or health care operation purposes, the use or disclosure of your health information requires ACI to obtain your written authorization. You may withdraw your authorization in writing by submitting your written withdrawal to ACI’s Privacy Officer.
Electronic correspondence (online payment, email) policy
For all patients who now or may desire to communicate with ACI via email, whether initiated by the patient or through the ACI website, the patient must read, understand and agree to the following;
RISK ASSOCIATED WITH COMMUNICATING VIA THIS MEDIUM
ACI offers patients the opportunity to communicate by email. Transmitting patient information by email, however, has a number of risks that patients should consider before using email. These include, but are not limited to, the following risks:
– Email can be circulated, forwarded, and stored in numerous paper and electronic files.
– Email can be immediately broadcast worldwide and be received by many intended and unintended recipients.
– Email senders can easily misaddress an email.
– Email is easier to falsify than handwritten or signed documents.
– Back-up copies of email may exist even after the sender or the recipient has deleted their copy.
– Employers and online services have a right to archive and inspect emails transmitted through their systems.
– Email can be intercepted, altered, forwarded, or used without authorization or detection.
– Email can be used to introduce viruses into computer systems.
– Email can be used as evidence in court.
CONDITIONS FOR THE USE OF EMAIL
ACI will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined above, ACI cannot guarantee the security and confidentiality of email communication, and will not be liable for improper disclosure of confidential information that is not caused by ACI’s intentional misconduct.
1. If the patient’s email requires or invites a response from ACI, and the patient has not received a response within a reasonable time period, it is the patient’s responsibility to follow up to determine whether the intended recipient received the email and when the recipient will respond.
2. The patient should not use email for communication regarding sensitive medical information.
Patient Complaint Process
If you believe your privacy rights have been violated, you may file a complaint with ACI or with the Secretary of the Department of Health and Human Services. There will be no retaliation against you for filing a complaint. To file a complaint with ACI please contact the ACI’s Privacy Officer who will provide you with the necessary assistance.
Questions or Concerns
If you have any questions or concerns regarding your privacy rights or the information in this notice, please contact:
Privacy Officer, Allergychoices, Inc., 2731 National Drive, Onalaska, WI 54650
Changes to this Notice of Privacy Practices
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for PHI we already have about you and any information we receive in the future. We will post a copy of the current Notice on this site. If we change our Notice, you may obtain a copy of the revised Notice upon request.
Effective Date: This Notice of Privacy Practice is effective as of April 14, 2006, and revised 5/2018.
Last updated June 2018