Cookie Policy
Effective Date: 20-Jan-2024
Last Updated: 20-Dec-2024
1. Introduction and Scope
What are cookies?
Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser.
These cookies help us make the Site function properly, make it more secure, provide better user experience, understand how the website performs, and analyze what works and where it needs improvement.
Given the healthcare nature of our services, we take special care to ensure our cookie usage complies with all applicable healthcare privacy laws and regulations, including HIPAA.
2. Your Rights and Choices
2.1 General Rights
As a healthcare platform, we maintain additional protections for your protected health information (PHI) in accordance with HIPAA requirements.
2.1.1 Right to Opt-Out
- The sale or sharing of your personal information
- Non-essential cookies and tracking technologies
- Targeted advertising and profiling unrelated to healthcare services
- Automated decision-making with legal effects
- Cross-context behavioral advertising
- The processing of sensitive personal information for non-healthcare uses
2.1.2 Right to Know and Access
- Request details about the personal information and protected health information we collect through cookies and our Site
- Know the categories of information collected, including both general personal information and protected health information
- Understand how your information is used and shared, subject to HIPAA requirements and restrictions
- Access specific pieces of personal information collected about you (note that medical records access is handled through our separate Medical Records Request process)
- Know our retention periods, including our standard seven (7) year retention policy for healthcare records
- Receive information about any automated decision-making processes that may affect your healthcare services
- Learn about the sources of collected information, including both technical sources like cookies and healthcare-related sources
2.1.3 Right to Delete
- Deletion of personal information collected through cookies and the Site that is not part of your protected health information
- Removal of your non-medical information from our analytics databases
- Deletion of information shared with our third-party partners, except where required for healthcare operations
- Confirmation of deletion for eligible data
Please note that in accordance with healthcare regulations and state laws, we must maintain your protected health information and medical records for a minimum of seven (7) years. While we will honor deletion requests for non-medical data, certain information must be retained to comply with these requirements and to maintain the quality and continuity of your healthcare services.
2.1.4 Right to Correct
- Request correction of inaccurate personal information collected through the Site
- Submit correction requests for your protected health information through our dedicated medical records process
- Submit supplementary documentation to support correction requests
- Receive notification when corrections are made
For corrections to medical records or protected health information, please contact us at [email protected] or call (609) 201-0119. Our independent contracted healthcare providers will review all medical record correction requests to ensure accuracy while maintaining the integrity of your healthcare documentation.
2.1.5 Right to Data Portability
- Your personal information collected through the Site in a structured, commonly used format
- Electronic copies of your protected health information through our secure medical records request process
- Transfer of your medical records to other healthcare providers upon written authorization
- Technical data collected through cookies in a machine-readable format
- Direct transfer of your non-medical data to another service provider where technically feasible
For medical records transfers, please submit your request through our secure portal or contact us at [email protected]or call (609) 201-0119. Medical records will be transferred in accordance with HIPAA requirements and maintain all necessary security protocols.
Note that while general website data can be transferred immediately, medical record transfers require verification and processing by our independent contracted healthcare providers.
2.2 How to Exercise Your Rights
2.2.1 Submit Requests
You can exercise your rights through the following methods:
- For cookie and Site preferences: Use our Cookie Preferences Center
- For general privacy requests: Email [email protected]
- For medical records or protected health information: Call (609) 201-0119
- For 24/7 support: Contact our live support team at (609) 201-0119
2.2.2 Verification Process
To protect your privacy and comply with HIPAA requirements, we will verify your identity through:
- Multi-factor authentication for all protected health information requests
- Matching provided information with our medical records
- Requesting government-issued identification for medical record requests
- Additional verification steps as required by state and federal healthcare privacy laws
- Standard cookie-related requests may require basic email verification only
2.2.3 Response Timeline
We adhere to both HIPAA and state privacy law requirements:
- We will acknowledge all requests within 24 hours through our 24/7 support system
- For non-medical requests, we will provide a substantive response within 45 days
- For medical record requests, we will respond within 30 days as required by HIPAA
- Complex requests may require an additional 45 days (90 days total), and we will notify you if such an extension is needed
- Urgent medical record requests will be prioritized and handled expeditiously
2.3 Non-Discrimination
We will not discriminate against you for exercising your privacy rights or making requests regarding your information. As a healthcare platform committed to equitable access, we will not:
- Deny access to healthcare services or the Site
- Charge different prices or rates for medical consultations
- Provide a different level or quality of healthcare services
- Alter the availability of our independent contracted healthcare providers
- Modify the standard of care or healthcare delivery
- Suggest or imply any difference in service quality or availability
- Limit access to our 24/7 support services
This non-discrimination policy applies to all aspects of our services, including both technical website features and healthcare service delivery. We maintain consistent standards of care and service regardless of whether you exercise your privacy rights under this Cookie Policy, make medical records requests, or submit other privacy-related requests.
2.4 Authorized Agents and Personal Representatives
You may designate an authorized agent or personal representative (including healthcare proxies and powers of attorney) to submit requests on your behalf. To protect your privacy and comply with healthcare regulations, authorized representatives must:
- Provide legally valid proof of authorization:
- For non-medical requests: Written authorization from you
- For medical requests: Valid medical power of attorney, healthcare proxy documentation, or other legally recognized medical authorization
- For deceased patients: Proof of executor status or next-of-kin documentation
- Complete our verification process:
- Verify their own identity through government-issued identification
- Provide contact information for our records
- Complete any additional verification steps required by state or federal law
- Submit requests through our secure designated methods:
- Medical records requests: Through our secure portal or by contacting (609) 201-0119
- General privacy requests: Email [email protected]
- Cookie preferences: Through our Cookie Preferences Center
All authorized agent arrangements will be documented and maintained in accordance with our seven (7) year retention policy and applicable healthcare regulations.
2.5 Exceptions and Limitations
Certain exceptions and limitations to these rights apply based on healthcare regulations and other legal requirements:
- Healthcare-Related Limitations:
- Medical record retention requirements (minimum seven (7) years)
- HIPAA compliance obligations
- State-specific medical record requirements
- Healthcare provider documentation requirements
- Public health reporting obligations
- Healthcare quality assurance needs
- Security and Technical Requirements:
- HIPAA Security Rule compliance
- Healthcare data security protocols
- Technical limitations of the Site
- Secure transmission requirements
- Authentication requirements for healthcare data access
- Legal and Regulatory Obligations:
- Federal and state healthcare laws
- Medical board requirements
- Professional liability documentation needs
- Healthcare fraud prevention requirements
- Legal proceedings involving medical care
- Legitimate healthcare operations as defined by HIPAA
We will clearly communicate any applicable limitations when responding to your requests. For questions about specific limitations, please contact our 24/7 support team at (609) 201-0119.
2.6 State-Specific Rights and Healthcare Privacy Protections
2.6.1 All States – Healthcare Privacy Rights
- Right to access your medical records
- Right to request amendments to your health information
- Protection of sensitive health information under HIPAA
- State-specific medical record retention requirements (we maintain all records for seven (7) years)
- Access to 24/7 support for privacy-related questions
2.6.2 California Residents (CPRA)
- Right to limit use and disclosure of sensitive personal information beyond healthcare purposes
- Right to understand any automated decision-making in healthcare services
- Right to access information about healthcare-related data processing
- Enhanced protections for minors’ health information
- Special protections for mental health and sensitive medical information
2.6.3 Virginia Residents (VCDPA)
- Right to appeal denied non-medical requests within 45 days
- Enhanced protections for health-related sensitive data
- Right to opt-out of non-healthcare profiling
- Additional safeguards for mental health information
2.6.4 Connecticut Residents (CTDPA)
- Right to appeal denied non-medical requests
- Additional protections for health-related sensitive data
- Enhanced healthcare privacy protections
- Special safeguards for mental health information
For state-specific healthcare privacy questions, please contact our 24/7 support team at (609) 201-0119. Our independent contracted healthcare providers comply with all applicable state medical board requirements and privacy regulations.
3. Cookies and Similar Technologies
3.1 Cookies and Healthcare Platform Security
Cookies are small text files stored on your device when you visit the Site. Given the sensitive nature of healthcare services, we implement cookies with enhanced security measures to:
- Ensure secure access to healthcare services
- Maintain HIPAA-compliant browsing sessions
- Remember non-medical preferences while protecting medical privacy
- Analyze Site performance for healthcare service delivery
- Improve telehealth user experience
- Support secure communication with independent contracted healthcare providers
3.1.1 Technical Implementation and Security
Our healthcare-focused implementation includes:
- HIPAA-compliant HTTPS headers
- Secure JavaScript code execution
- Protected HTML meta tags
- Encrypted local storage APIs
- Additional healthcare security protocols
3.1.2 Cookie Properties and Healthcare Privacy
Each cookie is configured with healthcare privacy in mind:
- Name: HIPAA-compliant unique identifier
- Value: Encrypted data storage
- Domain: Limited to LifeRx.md Site
- Path: Restricted access controls
- Expiry: Automated security timeouts
- Size: Minimized data storage
- HTTP Flag: Enhanced security settings
- Secure Flag: Mandatory HTTPS encryption
- SameSite: Strict cross-origin controls
For questions about our enhanced security measures or cookie usage, contact our 24/7 support at (609) 201-0119.
3.2 Similar Technologies and Healthcare Data Security
3.2.1 Web Beacons and Healthcare Analytics
Secure tracking mechanisms (also known as “pixels” or “clear GIFs”) include:
- HIPAA-compliant page access monitoring
- Primary healthcare platform uses:
- Secure communication delivery confirmation
- Healthcare service quality monitoring
- Platform performance analytics for medical service delivery
- Non-medical marketing analytics (strictly separated from healthcare data)
3.2.2 Local Storage Security
HIPAA-compliant HTML5 storage implementation provides:
- Encrypted storage with enhanced healthcare privacy protections
- Healthcare platform use cases:
- Non-medical user preferences only
- Temporary session data with automatic expiration
- Essential Site functionality
- No storage of protected health information (PHI)
3.2.3 Session Storage and Medical Privacy
Temporary encrypted storage during active Site sessions includes:
- Automatic clearing when the browser closes for security
- Limited healthcare platform uses:
- Temporary form completion backup (excluding medical data)
- Session security maintenance
- Non-medical user preferences
- No storage of protected health information or medical records
3.2.4 Browser Fingerprinting and Healthcare Security
Limited collection of browser characteristics for security purposes includes:
- HIPAA-compliant device identification
- Restricted security attributes:
- Secure session validation
- Healthcare platform compatibility checking
- Time zone for appointment management
- Language settings for healthcare communications
- Essential security parameters
- No collection of unnecessary device information
3.2.5 ETags and Healthcare Platform Security
Secure HTTP response headers for platform integrity include:
- HIPAA-compliant cache management
- Secure validation headers
- Healthcare session integrity verification
All technologies implement additional security measures required for healthcare platforms. For questions about our security measures, contact our 24/7 support team at (609) 201-0119.
3.3 First-Party and Third-Party Technologies in Healthcare Services
3.3.1 First-Party Technologies (LifeRx.md)
Set directly by the Site to support healthcare service delivery, first-party technologies include:
- HIPAA-compliant user authentication
- Secure healthcare session management
- Essential telehealth service functionality
- Non-medical Site preferences
- Communication with independent contracted healthcare providers
3.3.2 Third-Party Technologies and Healthcare Privacy
Limited to essential service providers who have signed Business Associate Agreements (BAAs), third-party technologies include:
- HIPAA-compliant analytics services
- Secure payment processing
- Essential healthcare platform services
- Non-medical marketing (strictly separated from healthcare data)
3.3.3 Healthcare Data Protection
Additional healthcare data protection measures include:
- No sharing of protected health information with unauthorized third parties
- Regular security audits of all technology providers
- Strict data segregation between medical and non-medical information
- Seven (7) year retention policy for all healthcare-related data
- 24/7 monitoring of all technology systems
For questions about our technology providers or data protection measures, contact our 24/7 support team at (609) 201-0119.
3.4 Cookie Usage in Healthcare Service Delivery
3.4.1 Types of Cookies We Use
Necessary
Cookie | Duration | Description |
---|---|---|
cookieyes-consent | 1 year | CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors. |
__cf_bm | 1 hour | This cookie, set by Cloudflare, is used to support Cloudflare Bot Management. |
datadome | 1 year | This is a security cookie set by Force24 to detect BOTS and malicious traffic. |
Analytics
Cookie | Duration | Description |
---|---|---|
_tpapp | 1 month | Trust Pulse sets this cookie and it is used for tracking a unique TrustPulse session. |
_gcl_au | 3 months | Google Tag Manager sets this cookie to experiment advertisement efficiency of websites using their services. |
_ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
_ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
_omappvp | 1 year 1 month 4 days | The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with the _omappvs cookie. |
_omappvs | 20 minutes | The _omappvs cookie, used in conjunction with the _omappvp cookie, is used to determine if the visitor has visited the website before, or if it is a new visitor. |
cebs | session | Crazyegg sets this cookie to trace the current user session internally. |
_fbp | 3 months | Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website. |
handl_ref_domain | 1 month | Handl UTM Grabber sets this cookie to contain an ID for referral partners. |
Performance
Cookie | Duration | Description |
---|---|---|
_uetsid | 1 day | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
_uetvid | 1 year 24 days | Bing Ads sets this cookie to engage with a user that has previously visited the website. |
handlID | 1 month | Handl utm grabber sets this cookie to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. |
Advertisement
Cookie | Duration | Description |
---|---|---|
guest_id_marketing | 1 year 1 month 4 days | Twitter sets this cookie to identify and track the website visitor. |
guest_id_ads | 1 year 1 month 4 days | Twitter sets this cookie to identify and track the website visitor. |
personalization_id | 1 year 1 month 4 days | Twitter sets this cookie to integrate and share features for social media and also store information about how the user uses the website, for tracking and targeting. |
guest_id | 1 year 1 month 4 days | Twitter sets this cookie to identify and track the website visitor. It registers if a user is signed in to the Twitter platform and collects information about ad preferences. |
muc_ads | 1 year 1 month 4 days | Twitter sets this cookie to collect user behaviour and interaction data to optimize the website. |
_rdt_uuid | 3 months | Reddit sets this cookie to build a profile of your interests and show you relevant ads. |
_pin_unauth | 1 year | Pinterest set this cookie to group actions for users who cannot be identified. |
MUID | 1 year 24 days | Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations. |
test_cookie | 15 minutes | doubleclick.net sets this cookie to determine if the user's browser supports cookies. |
_ttp | 3 months | TikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience. |
_tt_enable_cookie | 3 months | Tiktok set this cookie to collect data about behaviour and activities on the website and to measure the effectiveness of the advertising. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile. |
handl_landing_page | 1 month | HandL UTM Grabber plugin sets this cookie is used to record the very first page you visited on our site in your browser. |
handl_ip | 1 month | HandL UTM Grabber plugin sets this cookie to record the web browser's IP address. |
handl_url | 1 month | HandL UTM Grabber plugin sets this cookie to form the URL on which we placed the code that generates. |
handl_original_ref | 1 month | HandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site. |
handl_ref | 1 month | HandL UTM Grabber plugin sets this cookie to record the URL from which you came to our site. |
Uncategorized
Cookie | Duration | Description |
---|---|---|
_rm | 1 year 1 month 4 days | Description is currently not available. |
ar_debug | 1 year | Description is currently not available. |
_ce.s | 1 year | Description is currently not available. |
_ce.clock_data | 1 day | Description is currently not available. |
cebsp_ | session | Description is currently not available. |
cee | 3 months | Description is currently not available. |
is_eu | session | No description available. |
_omhnuser | past | Description is currently not available. |
_omlgdin | past | Description is currently not available. |
_omacct | past | Description is currently not available. |
_ommkact | past | Description is currently not available. |
_ommklvl | past | Description is currently not available. |
omSeen-qiw6guy4vjwdacfm21tx | 1 month | Description is currently not available. |
_ce.cch | session | Description is currently not available. |
MSPTC | 1 year 24 days | Description is currently not available. |
_dcid | 1 year 1 month 4 days | Description is currently not available. |
_gtmeec | session | Description is currently not available. |
_omacctw | past | Description is currently not available. |
_omacctwfn | past | Description is currently not available. |
_omacctrole | past | Description is currently not available. |
__spdt | 1 year | Description is currently not available. |
__pixelId | 6 days | Description is currently not available. |
am_sso_google_apps_login | session | Description is currently not available. |
random_id | 1 day | Description is currently not available. |
ttcsid_CTHEA7BC77UEE9N8HE3G | 3 months | Description is currently not available. |
ttcsid_CVGB1UJC77UCA5GK0RA0 | 3 months | Description is currently not available. |
ttcsid | 3 months | Description is currently not available. |
handl_url_base | 1 month | Description is currently not available. |
user_agent | 1 month | No description available. |
organic_source | 1 month | Description is currently not available. |
organic_source_str | 1 month | Description is currently not available. |
handl_landing_page_base | 1 month | Description is currently not available. |
traffic_source | 1 month | No description available. |
first_traffic_source | 1 month | Description is currently not available. |
nitroCachedPage | session | Description is currently not available. |
3.5 Storage Duration and Healthcare Record Management
3.5.1 Session-Based Security Cookies
- Automatically deleted when browser closes
- No persistent storage of healthcare data
- Essential healthcare platform uses:
- Secure session management
- Temporary authentication tokens
- Healthcare provider communication security
- Form completion protection
- No storage of protected health information
3.5.2 Persistent Platform Cookies
- Strictly controlled retention periods
- HIPAA-compliant storage durations:
- Critical security cookies (24 hours maximum)
- Platform preference cookies (30 days maximum)
- Essential functionality cookies (90 days maximum)
- Required compliance cookies (1 year maximum)
- Note: While cookies have limited retention periods, actual medical records and protected health information are maintained securely for seven (7) years in accordance with healthcare regulations. This retention applies only to official medical records, not to temporary cookie data.
- For questions about our data retention policies or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.
3.6 Healthcare Platform Security Measures
3.6.1 HIPAA-Compliant Security Controls
- Healthcare Data Transmission Security
- Mandatory HTTPS encryption for all communications
- Enhanced TLS protocols for healthcare data
- Multi-layer encryption for all sensitive information
- Real-time security monitoring
- Secure communication channels with independent contracted healthcare providers
- Healthcare Platform Access Controls
- HIPAA-compliant session management
- Advanced cross-site scripting (XSS) prevention
- Strict authentication requirements
- Automatic session termination
- Healthcare-specific security protocols
- Healthcare Domain Security
- Strict same-site policies for healthcare services
- Limited cross-origin resource sharing
- Enhanced cookie security attributes:
- Strict: Required for all healthcare-related functions
- Limited to non-healthcare platform features
- Not permitted for any healthcare data
- Platform Access Restrictions
- Strictly controlled domain access
- Limited subresource permissions
- Healthcare service isolation
- Continuous security monitoring
- 24/7 threat detection
All security measures are regularly audited for HIPAA compliance and updated to address emerging healthcare privacy threats. For security-related questions, contact our 24/7 support team at (609) 201-0119.
3.6.2 Healthcare Data Protection
We implement comprehensive protection measures for both Site data and protected health information:
- Healthcare-Grade Encryption
- HIPAA-compliant encryption for all data
- Military-grade encryption protocols
- Separate encryption systems for:
- Protected health information
- Communication with independent contracted healthcare providers
- Platform security data
- Monthly third-party security audits
- Continuous encryption key rotation
- Healthcare Access Management
- Role-based access control aligned with HIPAA requirements
- Multi-factor authentication for all healthcare data access
- Strict separation of duties between:
- Healthcare providers
- Technical support staff
- Administrative personnel
- Regular access privilege reviews
- Detailed access logging and monitoring
- Healthcare Data Minimization
- Collection limited to essential healthcare delivery data
- Automatic purging of temporary platform data
- Seven (7) year retention of required medical records
- Regular data necessity reviews
- Strict controls on data collection scope
- Continuous Security Enhancement
- Real-time security monitoring
- 24/7 incident response capability
- Immediate security patch deployment
- Regular penetration testing
- Ongoing HIPAA compliance verification
- Monthly security control assessments
For questions about our data protection measures, contact our 24/7 support team at (609) 201-0119.
3.7 Healthcare Privacy and Security Compliance Framework
3.7.1 HIPAA-Compliant Technical Controls
- Healthcare Consent Management
- Clear, HIPAA-compliant consent collection
- Separate consent tracking for:
- Medical treatment and services
- Healthcare communications
- Platform cookies and technical features
- Marketing communications (strictly separated from healthcare)
- Granular consent options with healthcare privacy defaults
- Easy access to consent management through secure portal
- Seven (7) year retention of all healthcare-related consents
- 24/7 access to consent modification
- Healthcare Privacy Controls
- Universal privacy protection mechanisms
- Separate controls for:
- Healthcare data access
- Medical record management
- Platform preferences
- Marketing preferences (no healthcare data)
- Recognition of state and federal privacy signals
- Immediate processing of privacy requests
- Verification of privacy choice implementation
- Strict separation between medical and non-medical data
- Healthcare Data Access System
- Secure user data request portal
- HIPAA-compliant verification process
- Automated medical records request system
- Multi-factor authentication requirements
- Access request tracking and documentation
- Response within legally required timeframes
- Machine-readable data format options
- Healthcare Platform Lifecycle Management
- Regular HIPAA compliance audits
- Automated security update deployment
- Regular testing of all platform components
- Documentation of security measures
- Continuous monitoring of system integrity
- Regular review of access controls
- Immediate security patch implementation
All technical controls are regularly audited for HIPAA compliance and updated based on:
- Changes in healthcare regulations
- Updates to state privacy laws
- Evolution of security standards
- Feedback from independent contracted healthcare providers
For assistance with privacy controls, contact our 24/7 support team at (609) 201-0119.
3.7.2 Healthcare Platform Documentation Requirements
- Platform Technology Register
- Complete inventory of all platform technologies
- Healthcare purpose justification for each component
- HIPAA compliance documentation
- Data processing and retention periods
- Business Associate Agreements
- Healthcare security classifications
- Independent contractor agreements
- Healthcare Compliance Records
- Patient consent documentation
- Medical records access requests
- Privacy choice implementations
- Platform security updates
- HIPAA compliance verifications
- Seven (7) year records retention
- State-specific compliance documentation
- Technical Security Documentation
- HIPAA security implementations
- Healthcare platform architecture
- Security control specifications
- Integration security requirements
- Testing and validation procedures
- Incident response protocols
- Emergency operations procedures
- Healthcare Platform Audit Trail
- HIPAA compliance assessments
- Security control testing
- Platform security updates
- Policy and procedure reviews
- Security incident investigations
- Resolution documentation
- Independent security audits
- Provider feedback integration
All documentation is maintained securely with role-based access controls. For documentation inquiries, contact our 24/7 support team at (609) 201-0119.
4. Legal Basis for Healthcare Data Processing
4.1 Healthcare Consent-Based Processing
For healthcare analytics purposes, we carefully monitor our platform’s performance and service quality while maintaining HIPAA compliance. This allows us to ensure reliable telehealth service delivery through our independent contracted healthcare providers while protecting your privacy. Our analytics focus on system performance and healthcare delivery optimization, helping us maintain high standards of care.
When it comes to marketing activities, we maintain a strict separation between healthcare services and any optional marketing communications. We never share your protected health information for marketing purposes, and you maintain complete control over what non-medical communications you receive. All marketing preferences are stored separately from your healthcare data to ensure the highest level of privacy protection.
Your healthcare platform preferences help us deliver a more personalized telehealth experience. These preferences include your secure communication settings, language choices for medical communications, and how you wish to interact with our independent contracted healthcare providers. We store these preferences securely while maintaining compliance with healthcare privacy regulations.
Throughout all processing activities, we adhere to strict healthcare compliance requirements, including:
- HIPAA Privacy and Security Rules
- State-specific healthcare privacy laws
- Federal telehealth regulations
- Medical records requirements
- Our standard seven (7) year retention policy
Our 24/7 support team is always available at (609) 201-0119 to answer questions about how we process and protect your information.
4.2 Legitimate Interests in Healthcare Operations
For essential website operations, we maintain strict security measures that protect both our telehealth platform and your healthcare information. Security is paramount in healthcare operations. We implement comprehensive security measures to prevent fraud, detect potential security threats, and maintain system integrity.
Platform improvements are carefully implemented to enhance healthcare service delivery while maintaining strict privacy protections.
For each legitimate interest, we:
- Document our assessment process
- Evaluate potential privacy impacts
- Implement appropriate safeguards
- Provide opt-out options where feasible
- Regularly review necessity
- Maintain HIPAA compliance
- Consider feedback from our independent contracted healthcare providers
All legitimate interest processing adheres to our seven (7) year retention policy for healthcare records while maintaining appropriate security controls.
Our 24/7 support team is available at (609) 201-0119 to address any questions about our processing activities.
4.3 Contractual Necessity in Healthcare Service Delivery
For healthcare account management, we maintain secure systems that handle:
- Authentication for healthcare platform access
- Secure session management for telehealth visits
- Healthcare account security protocols
- Patient communication preferences
- Secure provider-patient messaging
While we don’t operate as an e-commerce platform, we do process payment information when necessary for healthcare service delivery:
- Secure payment processing for medical consultations
- Healthcare service billing documentation
- Insurance information management when applicable
- Payment record maintenance
- Required healthcare transaction records
Our core healthcare service delivery requires processing to:
- Facilitate secure telehealth consultations
- Manage healthcare provider availability
- Maintain continuity of care
- Enable secure medical documentation
- Support 24/7 healthcare platform access
- Ensure compliance with state medical board requirements
All contractually necessary processing adheres to HIPAA requirements and our seven (7) year medical record retention policy. For questions about our healthcare service processing, our 24/7 support team is available at (609) 201-0119.
4.4 Legal Obligations in Healthcare Operations
For regulatory compliance, we adhere to:
- HIPAA Privacy and Security Rules
- State-specific telehealth regulations
- Medical board requirements
- Healthcare privacy laws
- Insurance reporting requirements
- Professional practice standards
- Required medical documentation rules
Our record-keeping obligations include:
- Seven (7) year medical record retention
- Secure documentation of all healthcare encounters
- Maintenance of required audit trails
- Treatment documentation requirements
- Healthcare transaction records
- Provider-patient communication records
- Compliance documentation
Our 24/7 support team is available at (609) 201-0119 to address any questions about our legal obligations and compliance measures.
4.5 Processing Limitations in Healthcare Operations
4.5.1 Duration of Processing
- Medical records: Seven (7) year retention
- Platform preferences: Valid until consent withdrawal
- Technical session data: Deleted upon session close
- Security tokens: Limited to active use period
- Communication records: Maintained with medical records
4.5.2 Scope of Processing
- Collect only information necessary for telehealth service delivery
- Maintain strict separation between medical and non-medical data
- Limit data sharing to required healthcare purposes
- Store only necessary technical data for platform operation
4.5.3 Special Category Data Protection
- Advanced encryption for all medical data
- Strict access controls for protected health information
- Regular security audits of all systems
- Immediate breach response capabilities
For questions about our processing limitations or to request access to your medical records, contact our 24/7 support team at (609) 201-0119.
4.6 Documentation and Accountability for Transient Data Processing
Documentation of Data Flow
We maintain clear documentation showing how information moves through our healthcare platform. Our architecture demonstrates that while protected health information and personal information pass through secure transmission channels, the platform itself serves primarily as a secure conduit rather than a data repository.
- Basic telehealth platform functionality
- Secure provider-patient communications
- User preferences that enhance healthcare delivery
- Anonymous analytics that cannot identify individual patients
Limited Scope Accountability
Our accountability framework reflects our role as a healthcare platform facilitating connections between patients and independent contracted healthcare providers. Our documentation focuses primarily on:
- Security measures protecting data during transmission
- Technical specifications for platform operations
- Regular verification of data handling processes
- Consent management systems
- Data deletion and transmission verification
Security Documentation
While we maintain limited data storage on the platform itself, we keep comprehensive documentation of our security measures that protect information during transmission, including:
- Healthcare-grade encryption protocols
- Security certificates and credentials
- Transmission logging (without personal data)
- Regular security audit results
- HIPAA compliance verification
- Incident response procedures
Verification and Auditing
Our regular auditing process focuses on verifying that:
- Protected health information is properly handled
- All transmission channels remain secure
- Platform components function as documented
- Data deletion processes work effectively
- Security measures remain current
- Seven (7) year retention requirements are met
For questions about our documentation and accountability measures, contact our 24/7 support team at (609) 201-0119.
4.7 Geographic and Jurisdictional Compliance
State-Specific Healthcare Requirements
For California residents, our healthcare platform ensures:
- Clear notice before any health information processing
- Immediate notifications for data transmission
- Easy opt-out mechanisms for non-essential features
- Transparency about automated processing
- Enhanced protection of sensitive health information
- Compliance with both HIPAA and state privacy laws
Virginia residents receive additional protections including:
- Enhanced consent requirements for health data
- Clear separation of healthcare and platform data
- Direct access to privacy controls
- Transparent information about data handling
- Special protection for sensitive health information
Connecticut residents are provided:
- Enhanced healthcare privacy controls
- Clear explanations of data processing
- Immediate access to privacy settings
- Additional health data safeguards
- Special protection for sensitive medical information
For residents of all other states, we maintain:
- Comprehensive privacy protections
- State-specific medical record compliance
- Healthcare-focused consent mechanisms
- Direct privacy control access
- Full telehealth compliance
Technical Implementation
Our compliance is built into our platform architecture:
- State-based compliance verification
- Dynamic privacy notice presentation
- Automated compliance controls
- State-specific consent collection
- HIPAA-compliant transmission protocols
Documentation Requirements
While maintaining our limited-storage policy, we document:
- State-by-state compliance measures
- Healthcare transmission protocols
- Consent mechanisms by jurisdiction
- Privacy implementation details
- Security measures by state
Our platform actively monitors regulatory changes across all 50 states to maintain current compliance with both healthcare and privacy requirements. This allows us to:
- Adapt quickly to new requirements
- Implement state-specific changes
- Maintain consistent care delivery
- Update security protocols as needed
- Support our independent contracted healthcare providers
For questions about state-specific requirements, contact our 24/7 support team at (609) 201-0119.
5. Manage Cookie Preferences and Settings
Cookie Settings Management
You can modify your cookie preferences at any time through our Cookie Preferences Center, accessible via the privacy settings in your account dashboard. This allows you to:
- Review current privacy settings
- Modify consent choices
- Update platform preferences
- Control non-essential features
- Manage communication preferences
While certain technical cookies are necessary for the secure operation of our telehealth platform, you maintain control over all non-essential cookies and features. Any changes to your preferences take effect immediately.
Browser-Level Controls
In addition to our platform controls, different browsers provide their own methods to manage cookies. You can adjust your browser settings to block or delete cookies using the following browser-specific guides:
- Chrome : https://support.google.com/accounts/answer/32050
- Safari : https://support.apple.com/en-in/guide/safari/sfri11471/mac
- Firefox : https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Internet Explorer : https://support.microsoft.com/en-us/topic/how-to-delete-cookie-files-in-internet-explorer-bca9446f-d873-78de-77ba-d42645fa52fc
Please note that blocking essential cookies may impact the functionality of our healthcare platform and your ability to access certain telehealth services.
Our 24/7 support team is available at (609) 201-0119 to assist with any questions about managing your privacy preferences.
If you are using any other web browser, please visit your browser’s official support documentation for guidance on cookie management.