Privacy Policy

Cookie Policy

Effective Date: 1-Jan-2024
Last Updated:  20-Dec-2024

3.4.1 Types of Cookies We Use

Manage Your Cookie Preferences: Cookie Settings

3.5 Storage Duration and Healthcare Record Management

3.5.1 Session-Based Security Cookies

• Automatically deleted when browser closes
• No persistent storage of healthcare data
• Essential healthcare platform uses:
  • Secure session management
  • Temporary authentication tokens
  • Healthcare provider communication security
  • Form completion protection
  • No storage of protected health information

3.5.2 Persistent Platform Cookies

• Strictly controlled retention periods
• HIPAA-compliant storage durations:
  • Critical security cookies (24 hours maximum)
  • Platform preference cookies (30 days maximum)
  • Essential functionality cookies (90 days maximum)
  • Required compliance cookies (1 year maximum)

Note: While cookies have limited retention periods, actual medical records and protected health information are maintained securely for seven (7) years in accordance with healthcare regulations. This retention applies only to official medical records, not to temporary cookie data.

For questions about our data retention policies or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.

3.6 Healthcare Platform Security Measures

3.6.1 HIPAA-Compliant Security Controls

We implement rigorous security measures that meet or exceed HIPAA requirements:

1. Healthcare Data Transmission Security

• Mandatory HTTPS encryption for all communications
• Enhanced TLS protocols for healthcare data
• Multi-layer encryption for all sensitive information
• Real-time security monitoring
• Secure communication channels with independent contracted healthcare providers

2. Healthcare Platform Access Controls

• HIPAA-compliant session management
• Advanced cross-site scripting (XSS) prevention
• Strict authentication requirements
• Automatic session termination
• Healthcare-specific security protocols

3. Healthcare Domain Security

• Strict same-site policies for healthcare services
• Limited cross-origin resource sharing
• Enhanced cookie security attributes:
  • Strict: Required for all healthcare-related functions
  • Lax: Limited to non-healthcare platform features
  • None: Not permitted for any healthcare data

4. Platform Access Restrictions

• Strictly controlled domain access
• Limited subresource permissions
• Healthcare service isolation
• Continuous security monitoring
• 24/7 threat detection

All security measures are regularly audited for HIPAA compliance and updated to address emerging healthcare privacy threats. For security-related questions, contact our 24/7 support team at (609) 201-0119.

3.6.2 Healthcare Data Protection

We implement comprehensive protection measures for both Site data and protected health information:

1. Healthcare-Grade Encryption

• HIPAA-compliant encryption for all data
• Military-grade encryption protocols
• Separate encryption systems for:
  • Protected health information
  • Communication with independent contracted healthcare providers
  • Platform security data
• Monthly third-party security audits
• Continuous encryption key rotation

2. Healthcare Access Management

• Role-based access control aligned with HIPAA requirements
• Multi-factor authentication for all healthcare data access
• Strict separation of duties between:
  • Healthcare providers
  • Technical support staff
  • Administrative personnel
• Regular access privilege reviews
• Detailed access logging and monitoring

3. Healthcare Data Minimization

• Collection limited to essential healthcare delivery data
• Automatic purging of temporary platform data
• Seven (7) year retention of required medical records
• Regular data necessity reviews
• Strict controls on data collection scope

4. Continuous Security Enhancement

• Real-time security monitoring
• 24/7 incident response capability
• Immediate security patch deployment
• Regular penetration testing
• Ongoing HIPAA compliance verification
• Monthly security control assessments

For questions about our data protection measures, contact our 24/7 support team at (609) 201-0119.

3.7 Healthcare Privacy and Security Compliance Framework

3.7.1 HIPAA-Compliant Technical Controls

We maintain comprehensive technical controls that meet both HIPAA requirements and general privacy regulations:

1. Healthcare Consent Management

• Clear, HIPAA-compliant consent collection
• Separate consent tracking for:
  • Medical treatment and services
  • Healthcare communications
  • Platform cookies and technical features
  • Marketing communications (strictly separated from healthcare)
• Granular consent options with healthcare privacy defaults
• Easy access to consent management through secure portal
• Seven (7) year retention of all healthcare-related consents
• 24/7 access to consent modification

2. Healthcare Privacy Controls

• Universal privacy protection mechanisms
• Separate controls for:
  • Healthcare data access
  • Medical record management
  • Platform preferences
  • Marketing preferences (no healthcare data)
• Recognition of state and federal privacy signals
• Immediate processing of privacy requests
• Verification of privacy choice implementation
• Strict separation between medical and non-medical data

3. Healthcare Data Access System

• Secure user data request portal
• HIPAA-compliant verification process
• Automated medical records request system
• Multi-factor authentication requirements
• Access request tracking and documentation
• Response within legally required timeframes
• Machine-readable data format options

4. Healthcare Platform Lifecycle Management

• Regular HIPAA compliance audits
• Automated security update deployment
• Regular testing of all platform components
• Documentation of security measures
• Continuous monitoring of system integrity
• Regular review of access controls
• Immediate security patch implementation

All technical controls are regularly audited for HIPAA compliance and updated based on:

• Changes in healthcare regulations
• Updates to state privacy laws
• Evolution of security standards
• Feedback from independent contracted healthcare providers

For assistance with privacy controls, contact our 24/7 support team at (609) 201-0119.

3.7.2 Healthcare Platform Documentation Requirements

We maintain comprehensive HIPAA-compliant documentation including:

1. Platform Technology Register

• Complete inventory of all platform technologies
• Healthcare purpose justification for each component
• HIPAA compliance documentation
• Data processing and retention periods
• Business Associate Agreements
• Healthcare security classifications
• Independent contractor agreements

2. Healthcare Compliance Records

• Patient consent documentation
• Medical records access requests
• Privacy choice implementations
• Platform security updates
• HIPAA compliance verifications
• Seven (7) year records retention
• State-specific compliance documentation

3. Technical Security Documentation

• HIPAA security implementations
• Healthcare platform architecture
• Security control specifications
• Integration security requirements
• Testing and validation procedures
• Incident response protocols
• Emergency operations procedures

4. Healthcare Platform Audit Trail

• HIPAA compliance assessments
• Security control testing
• Platform security updates
• Policy and procedure reviews
• Security incident investigations
• Resolution documentation
• Independent security audits
• Provider feedback integration

All documentation is maintained securely with role-based access controls. For documentation inquiries, contact our 24/7 support team at (609) 201-0119.

4. Legal Basis for Healthcare Data Processing

4.1 Healthcare Consent-Based Processing

As a healthcare platform, we take special care in processing your information. Our processing activities are based on both your explicit consent
and the requirements of healthcare regulations including HIPAA. We understand the sensitive nature of healthcare information and maintain strict separation between medical and non-medical data processing.

For healthcare analytics purposes, we carefully monitor our platform’s performance and service quality while maintaining HIPAA compliance.
This allows us to ensure reliable telehealth service delivery through our independent contracted healthcare providers while protecting your privacy.
Our analytics focus on system performance and healthcare delivery optimization, helping us maintain high standards of care.

When it comes to marketing activities, we maintain a strict separation between healthcare services and any optional marketing communications.
We never share your protected health information for marketing purposes, and you maintain complete control over what non-medical communications you receive.
All marketing preferences are stored separately from your healthcare data to ensure the highest level of privacy protection.

Your healthcare platform preferences help us deliver a more personalized telehealth experience. These preferences include your secure communication settings,
language choices for medical communications, and how you wish to interact with our independent contracted healthcare providers.
We store these preferences securely while maintaining compliance with healthcare privacy regulations.

Throughout all processing activities, we adhere to strict healthcare compliance requirements, including:

• HIPAA Privacy and Security Rules
• State-specific healthcare privacy laws
• Federal telehealth regulations
• Medical records requirements
• Our standard seven (7) year retention policy

Our 24/7 support team is always available at (609) 201-0119 to answer questions about how we process and protect your information.

4.2 Legitimate Interests in Healthcare Operations

Our platform processes certain information based on legitimate healthcare interests that are essential to providing safe and effective telehealth services.
We carefully balance these interests against privacy considerations, always maintaining HIPAA compliance and protecting patient confidentiality.

• For essential website operations, we maintain strict security measures that protect both our telehealth platform and your healthcare information.
• Security is paramount in healthcare operations. We implement comprehensive security measures to prevent fraud, detect potential security threats, and maintain system integrity.
• Platform improvements are carefully implemented to enhance healthcare service delivery while maintaining strict privacy protections.

For each legitimate interest, we:

• Document our assessment process
• Evaluate potential privacy impacts
• Implement appropriate safeguards
• Provide opt-out options where feasible
• Regularly review necessity
• Maintain HIPAA compliance
• Consider feedback from our independent contracted healthcare providers

All legitimate interest processing adheres to our seven (7) year retention policy for healthcare records while maintaining appropriate security controls.
Our 24/7 support team is available at (609) 201-0119 to address any questions about our processing activities.

4.3 Contractual Necessity in Healthcare Service Delivery

Our telehealth platform processes certain information as necessary to fulfill our healthcare service obligations. This processing is essential for maintaining secure and effective communication between patients and our independent contracted healthcare providers.

• For healthcare account management, we maintain secure systems that handle:
  • Authentication for healthcare platform access
  • Secure session management for telehealth visits
  • Healthcare account security protocols
  • Patient communication preferences
  • Secure provider-patient messaging
• While we don’t operate as an e-commerce platform, we do process payment information when necessary for healthcare service delivery:
  • Secure payment processing for medical consultations
  • Healthcare service billing documentation
  • Insurance information management when applicable
  • Payment record maintenance
  • Required healthcare transaction records
• Our core healthcare service delivery requires processing to:
  • Facilitate secure telehealth consultations
  • Manage healthcare provider availability
  • Maintain continuity of care
  • Enable secure medical documentation
  • Support 24/7 healthcare platform access
  • Ensure compliance with state medical board requirements

All contractually necessary processing adheres to HIPAA requirements and our seven (7) year medical record retention policy. For questions about our healthcare service processing, our 24/7 support team is available at (609) 201-0119.

4.4 Legal Obligations in Healthcare Operations

As a healthcare platform, we process information to comply with a comprehensive framework of legal requirements.
Our obligations extend beyond standard privacy laws to encompass healthcare-specific regulations that govern telehealth service delivery.

• For regulatory compliance, we adhere to:
  • HIPAA Privacy and Security Rules
  • State-specific telehealth regulations
  • Medical board requirements
  • Healthcare privacy laws
  • Insurance reporting requirements
  • Professional practice standards
  • Required medical documentation rules
• Our record-keeping obligations include:
  • Seven (7) year medical record retention
  • Secure documentation of all healthcare encounters
  • Maintenance of required audit trails
  • Treatment documentation requirements
  • Healthcare transaction records
  • Provider-patient communication records
  • Compliance documentation

Our 24/7 support team is available at (609) 201-0119 to address any questions about our legal obligations and compliance measures.

4.5 Processing Limitations in Healthcare Operations

4.5.1 Duration of Processing

We carefully control data processing timeframes based on healthcare requirements and legal obligations:

• Medical records: Seven (7) year retention
• Platform preferences: Valid until consent withdrawal
• Technical session data: Deleted upon session close
• Security tokens: Limited to active use period
• Communication records: Maintained with medical records

4.5.2 Scope of Processing

We embrace healthcare-specific data minimization principles:

• Collect only information necessary for telehealth service delivery
• Maintain strict separation between medical and non-medical data
• Limit data sharing to required healthcare purposes
• Store only necessary technical data for platform operation

4.5.3 Special Category Data Protection

Healthcare data requires enhanced protection:

• Advanced encryption for all medical data
• Strict access controls for protected health information
• Regular security audits of all systems
• Immediate breach response capabilities

For questions about our processing limitations or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.

4.6 Documentation and Accountability for Transient Data Processing

Our telehealth platform acts as a secure interface, processing but not permanently storing most personal information. When you use our Site, any personal information submitted through our forms and interfaces is transmitted directly to the appropriate systems for healthcare service delivery. We maintain a strict policy of limiting data storage on our platform to only what is necessary for essential operations.

Documentation of Data Flow

We maintain clear documentation showing how information moves through our healthcare platform. Our architecture demonstrates that while protected health information and personal information pass through secure transmission channels, the platform itself serves primarily as a secure conduit rather than a data repository.

For technical platform elements like cookies, we document only those components necessary for:

• Basic telehealth platform functionality
• Secure provider-patient communications
• User preferences that enhance healthcare delivery
• Anonymous analytics that cannot identify individual patients

Limited Scope Accountability

Our accountability framework reflects our role as a healthcare platform facilitating connections between patients and independent contracted healthcare providers. Our documentation focuses primarily on:

• Security measures protecting data during transmission
• Technical specifications for platform operations
• Regular verification of data handling processes
• Consent management systems
• Data deletion and transmission verification

Security Documentation

While we maintain limited data storage on the platform itself, we keep comprehensive documentation of our security measures that protect information during transmission, including:

• Healthcare-grade encryption protocols
• Security certificates and credentials
• Transmission logging (without personal data)
• Regular security audit results
• HIPAA compliance verification
• Incident response procedures

Verification and Auditing

Our regular auditing process focuses on verifying that:

• Protected health information is properly handled
• All transmission channels remain secure
• Platform components function as documented
• Data deletion processes work effectively
• Security measures remain current
• Seven (7) year retention requirements are met

For questions about our documentation and accountability measures, our 24/7 support team is available at (609) 201-0119.

4.7 Geographic and Jurisdictional Compliance

Our telehealth platform operates nationwide, serving patients across all 50 U.S. states. This broad reach requires us to maintain compliance with both federal healthcare regulations and state-specific privacy requirements. While our platform primarily serves as a transmission interface, we ensure our data handling practices comply with all applicable regulations.

State-Specific Healthcare Requirements

For California residents, our healthcare platform ensures:

• Clear notice before any health information processing
• Immediate notifications for data transmission
• Easy opt-out mechanisms for non-essential features
• Transparency about automated processing
• Enhanced protection of sensitive health information
• Compliance with both HIPAA and state privacy laws

Virginia residents receive additional protections including:

• Enhanced consent requirements for health data
• Clear separation of healthcare and platform data
• Direct access to privacy controls
• Transparent information about data handling
• Special protection for sensitive health information

Connecticut residents are provided:

• Enhanced healthcare privacy controls
• Clear explanations of data processing
• Immediate access to privacy settings
• Additional health data safeguards
• Special protection for sensitive medical information

For residents of all other states, we maintain:

• Comprehensive privacy protections
• State-specific medical record compliance
• Healthcare-focused consent mechanisms
• Direct privacy control access
• Full telehealth compliance

Technical Implementation

Our compliance is built into our platform architecture:

• State-based compliance verification
• Dynamic privacy notice presentation
• Automated compliance controls
• State-specific consent collection
• HIPAA-compliant transmission protocols

Documentation Requirements

While maintaining our limited-storage policy, we document:

• State-by-state compliance measures
• Healthcare transmission protocols
• Consent mechanisms by jurisdiction
• Privacy implementation details
• Security measures by state

Our platform actively monitors regulatory changes across all 50 states to maintain current compliance with both healthcare and privacy requirements. This allows us to:

• Adapt quickly to new requirements
• Implement state-specific changes
• Maintain consistent care delivery
• Update security protocols as needed
• Support our independent contracted healthcare providers

For questions about state-specific requirements, our 24/7 support team is available at (609) 201-0119.

5. Manage Cookie Preferences and Settings

Understanding the sensitive nature of healthcare information, we provide multiple ways to manage your privacy and cookie preferences on our Site.

Cookie Settings Management

You can modify your cookie preferences at any time through our Cookie Preferences Center, accessible via the privacy settings in your account dashboard. This allows you to:

• Review current privacy settings
• Modify consent choices
• Update platform preferences
• Control non-essential features
• Manage communication preferences

While certain technical cookies are necessary for the secure operation of our telehealth platform, you maintain control over all non-essential cookies and features. Any changes to your preferences take effect immediately.

Browser-Level Controls

In addition to our platform controls, different browsers provide their own methods to manage cookies. You can adjust your browser settings to block or delete cookies using the following browser-specific guides:

• Chrome: https://support.google.com/accounts/answer/32050
• Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac
• Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
• Internet Explorer: https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc

Please note that blocking essential cookies may impact the functionality of our healthcare platform and your ability to access certain telehealth services.
Our 24/7 support team is available at (609) 201-0119 to assist with any questions about managing your privacy preferences.

If you are using any other web browser, please visit your browser’s official support documentation for guidance on cookie management.