PRIVACY POLICY
I am committed to safeguarding your privacy. This privacy policy and agreement (this "Privacy Policy") covers how I collect and use information in my electronic medical records and practice management software system (the "EMR") that can be used to identify you and that was created, used, or disclosed in the course of providing a health care service (your "Protected Information"), which includes information that you provide or access via the patient portal at www.cynthialimd.com (the "Patient Portal").
In this policy, "you" and "your" refer to a user of the Patient Portal, patient, or other person with Protected Information on file with Cynthia Li, MD, Inc.. "I," "my," and "me" refer to Cynthia Li, MD, Inc..
By law, you have a right to access and amend your medical records. I am the custodian of any records created by me or shared with me, which I maintain in accordance with federal and state law.
Please read this policy carefully. By checking the box, clicking on "I Agree", or otherwise signifying acceptance of this privacy policy, you are acknowledging that you have read it, understand it, and are agreeing to be legally bound by the terms provided here.
The Information I Collect
I collect protected information about you in order to provide you with medical services, operate the EMR and the Patient Portal, and respond to your requests.
I collect Protected Information in the form of (1) registration information that you provide in order to enroll as a patient or use the Patient Portal; (2) information that is created, used, or disclosed in the course of providing health care services to you, which I file in your medical record electronically and/or on paper (your "Protected Health Information"); and (3) financial records, such as billing or insurance information, records of payments, and balance statements, related to my provision of health care services to you (your "Billing Information").I do not collect any more Protected Information than reasonably necessary to provide medical services, operate the EMR and the Patient Portal, and respond to your requests.
I may ask you for Protected Information concerning family members or others for whom you are authorized to act as a personal representative. I use this information to create and gather medical records for these people, and will use and disclose this information in the same manner as I use and disclose your Protected Information.
I may use cookies, collect information about your computer and browser, and log usage information.
A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent from a website and stored on your computer's hard drive. Cookies can be used to provide you with a tailored user experience and to make it easier for you to use a website upon a future visit. I may include cookies on my website or the Patient Portal and use them to recognize you. While you may set your browser so that it does not accept cookies, cookies must be enabled if you wish to access certain personalized features.
I may collect or log information about your system, including your IP address, operating system, web browser, and referrer addresses, as well as the presence of any software that my website or the Patient Portal may require to operate with your computer. I may also record page views, and other general statistical information, which will be aggregated with that of other users and may be disclosed to as anonymous, aggregate information in order to understand how my website and the Patient Portal are being used.
My Use of Your Protected Information
I will not share your Protected Information with any third party, other than as expressly disclosed in this policy. In general, I will use your Protected Information as necessary to provide you with medical care, respond to your requests, and maintain the EMR and the Patient Portal. I will use your Billing Information to obtain payment for medical services that I provide to you.
I will use and disclose your Protected Information in accordance with the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its regulations, including the Standards for Privacy of Individually Identifiable Health Information (the "Privacy Rule"), the Security Standards for the Protection of Electronic Protected Health Information (the "Security Rule"), as well as the Health Information Technology for Economic and Clinical Health Act (the "HITECH Act"), and other applicable federal and state laws.
I may send you condition-specific content on an opt-out basis.
Periodically, I may send you news, bulletins, educational materials, marketing materials, or other information based on your Protected Health Information, e.g., targeted to your specific health condition(s). You will have the ability to opt-out of receiving unsolicited communications, but not formal notices concerning (i) operation of the EMR or the Patient Portal or (ii) legal and other related notices concerning your relationship to me.
I may disclose your protected information to staff, or in upon acquisition of my business, provided that safeguards are in place.
In the course of providing products or services to us, my staff and third-party service providers ("Vendors") may have access to your Protected Information. Access to your Protected Information by a Vendor is limited to the information reasonably necessary for the Vendor to perform his or her limited functions for me, and is granted only after the Vendor has contractually promised to protect the privacy of your information consistent with this Privacy Policy.
I may transfer to a third party information I collect, including any Protected Information, in connection with a sale or transfer (or potential sale or transfer) of the business entity responsible for the information under this Privacy Policy, provided the acquiring third party agrees to privacy safeguards that are equivalent to or stronger than those outlined in this Privacy Policy.
I may disclose your protected information as required by law or to prevent imminent harm.
I will reveal your Protected Information to the extent I reasonably believe I am required to do so by law. If I receive legal process calling for the disclosure of your Protected Information, I will attempt to notify you via the email address you supplied during registration before I respond to the request, unless such notification is prohibited or is not feasible.
As permitted by law, I may disclose your Protected Information if I reasonably believe that disclosure is necessary to eliminate or reduce significant risk of serious bodily harm or death.
I may disclose anonymous, aggregate information.
"Aggregate Information" is anonymous, aggregated information relating to a group of people, from which individuals’ identities or individually-identifiable characteristics have been removed. For example, Aggregate Information may include statistical information and analyses concerning: the use of my services, Patient Portal usage, website page views, or health statistics, treatments, or conditions.
I may disclose Aggregate Information to third parties, and may use or disclose Aggregate Information in order to undertake or commission statistical and other summary analyses. Aggregate Information provided to third parties will not allow anyone to identify you, or determine anything personal about you.
I will notify you if I become aware of any unauthorized access to your Protected Information.
If I detect or become aware of any unauthorized access to your Protected Information, I will notify you and/or the Secretary of Health and Human Services in accordance with HIPAA, the Privacy Rule, the Security Rule, the HITECH Act, and other applicable federal and state laws.
Access to Protected Information via the Patient Portal
I may provide you with access to your Protected Information via the Patient Portal at my discretion as a convenience to you. I reserve the right to suspend your Patient Portal account at any time.
My security systems are structured to prevent the loss or misuse of your Protected Information. However, regardless of my security measures, anyone with your password and account information can access your Patient Portal account. You are solely responsible for maintaining the secrecy of your password and account information.
You may disable Patient Portal access to all or some of your Protected Information by sending me a written request to that effect. Doing so does not affect my records, but only determines whether those records are accessible via the Patient Portal.
Changes to this Privacy Policy
I reserve the right to change this Privacy Policy at any time. If I make any changes to this Privacy Policy, you will be prompted to accept the revised Privacy Policy in order to continue using the Patient Portal. If I make any changes regarding disclosure of your Protected Information to third parties, I will attempt to contact you prior to the date that the modified policy is scheduled to take effect via your current email address on file.
Effective Date
The effective date of this Privacy Policy is November 21st, 2024.