DxCONNECT PRIVACY POLICY with HIPAA AUTHORIZATION

Effective: February 2018

You, the patient (“you”), you have indicated that you would like to receive information by text message sent from your health care provider to your mobile telephone which may include receiving messages about your appointment reminders, prescriptions including educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings, prescription refill reminders, as well as medication and patient compliance reminders (the “Text Messages”). Text messages are sent via Short Message Service (“SMS”) and via Multimedia Message Service (“MMS”). Text Messages as provided by NextGen Management, LLC d/b/a DxWeb Management LLC (“DxWeb”, “us” or “we”) is referred to herein as “Text Messaging”, “DxConnect” or “SMS/MMS”).

This DxConnect Privacy Policy with HIPAA Authorization describes the personal information that DxWeb collects from you, how we use that personal information, and to whom we disclose it.

Please Note: If you are registering for DxConnect not as a patient of a particular health care provider, but for general health management reasons, the term “Patient”, “you” or “your” means you as the registrant for DxConnect, and “health care provider” shall mean DxWeb which is providing you information about health care issues and/or products, but is not acting in conjunction with any medical professional nor is it providing medical advice of any kind. In some instances, depending on context, if you are a non-patient, the references to “health care provider” will not apply to you.

What Personal Information Do We Collect and How Do We Use It?

Identifiable Health Information

When you register for Text Messaging, we collect certain personal information that you submit to us for your registration, such as your name, date of birth, telephone number or email address. We may also access information located in your medical record in the DxWeb Patient Portal known as DxPortal relevant to the prescriptions I have been and will be prescribed. That information is known as Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), American Recovery and Reinvestment Act (“ARRA”), Health Information Technology for Economic and Clinical Health Act (“HITECH”) and in regulations promulgated there under and it may also be subject to regulation under state law.

By requesting Text Messaging, you have requested a service that requires you to provide PHI, such as your mobile telephone number so that you are able to receive Text Messages.

Some of the Text Messages such as third-party financial savings offers in the form of coupons and special offers for prescription cost savings (“Financial Savings Offers”) although related to your health care and treatment, may be considered as marketing under HIPAA since your health care provider is communicating about a product or service in a way that encourages you to purchase or use that product or service such as the name brand product that appears on a prescription coupon. The Financial Savings Offers may be considered as advertising.

We obtain the Financial Savings Offers from third parties and send them to you in Text Messages. None of your PHI is ever given to the any third party sponsoring the Financial Savings Offers and no third party contacts you about the Financial Savings Offers. Your PHI shall remain confidential and shall not be released unless you have agreed that it can be released. We abide by the regulations governing the disclosure and use of PHI that is required for us to provide you with Text Messaging. We do not sell, lease or rent your PHI to anyone.

Because we are using PHI such as your mobile telephone number to send you Text Messages with Financial Savings Offers which are considered marketing under HIPAA, a HIPAA authorization from you is required for us to provide Test Messaging to you. The HIPAA Authorization required that you must agree to is found at the end of this privacy policy.

De-Identified Anonymous Aggregate Data

We may aggregate and deidentify your PHI in accordance with HIPAA, either alone or with administrative data to create anonymous “aggregate data” regarding users of Text Messaging (“De-Identified Use Data” as defined under 45 C.F.R. § 165.514).  De-Identified Use Data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal patient identity. This data will not identify you, but will be used as statistical information to determine such things as user demographics and usage patterns concerning the products relating to Financial Savings Offers, such as prescription medication.

An example of our use of De-Identified Use Data would be a finding that, says, “81% of patients using DxConnect with a refill prescription for [Drug X] refilled the prescription.”

De-Identified Use Data may be provided or sold to third parties. Your physician does not receive any remuneration for this.

Non-Identifiable Health Information

We DO NOT collect certain technical data related to your use of the Text Messaging, such as your IP address, or your location, the operating system or carrier for your mobile telephone. We DO NOT use third parties such as Google Analytics, to analyze the operation of the Text Messaging. We do not collect cookies from you.

When Do We Disclose Your Personal Information?

We do not disclose PHI to any third party inconsistent with this Privacy Policy. We may disclose your telephone number to DxWeb service’s providers and affiliated companies to the extent reasonably necessary to provide the Text Messaging to you.

If the business of DxWeb is acquired by a third party, such as in a merger, asset sale or other corporate transaction, your PHI will be transferred to the buyer. The buyer will be required to comply with this Privacy Policy with respect to your personal information.

We reserve the right to disclose your PHI if compelled to do so by court order or other law, or if DxWeb believes in good faith that such disclosure is necessary to comply with law or with legal process served on DxWeb, to protect the rights or property of DxWeb, or to act in urgent circumstances to protect the personal safety of Users or the public.

Grant of Right and License

You grant to us a non-exclusive, perpetual, irrevocable, royalty-free right and license to use De-Identified Use Data collected or provided through your use of the Portal or website for any lawful business purpose, provided that such data is not personally identifiable. We shall have the right to de-identify such patient and administrative data and then utilize the De-Identified Use Data for any lawful purpose, including but not limited to creating informational reports.

Do Not Track Disclosure

DxWeb does not track your behavior across third party applications or web pages that you may access before or after using Text Messaging, and so does not respond to a “Do Not Track” signal.

DxWeb’s Security Standards

DxWeb uses reasonable industry standard security practices designed to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. To the extent your personal information constitutes PHI protected under HIPAA, DxWeb protects PHI in accordance with the security standards required for business associates under HIPAA. Your information may be stored and processed in the United States or any other country where DxWeb, its subsidiaries, affiliates or agents are located.

Updating Your Personal Information

You may update and correct your telephone number or email address at any time through by contacting DxWeb at 5355 Town Center Road, Suite 203, Boca Raton, FL 33486, Email: Email: patientcare@dx-web.com.

Important Note Regarding Children

Text Messaging is not directed toward children under 18 years of age and DxWeb does not knowingly collect or use information from children under 18 with DxConnect. Text Messaging regarding a minor under the age of 18 must be done on a device owned and used by the minor’s legal representative.

Questions or concerns regarding this DxConnect Privacy Policy

If you have any questions about this Portal Privacy Policy or the use of your information by contacting DxWeb at 5355 Town Center Road, Suite 203, Boca Raton, FL 33486, Email: patientcare@dx-web.com.

I have indicated my signature and acceptance of this DxConnect Privacy Policy on the signature page click box or other format for my Text Messaging registration.

HIPAA PATIENT AUTHORIZATION

You as the patient have agreed that you would like to receive information electronically via SMS/MMS or Text Messaging), and you represent and agree as follows (“I” means you, the patient):

I have indicated to my health care provider and its business associate, NextGen Management, LLC d/b/a DxWeb Management LLC (“DxWeb”) that I would like to receive information from my health care provider which may include receiving messages about my your appointment reminders, prescriptions including educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings, prescription refill reminders, as well as medication and patient compliance reminders (the “Text Messages”).

I understand that in order to receive Text Messages, I must provide personal information to DxWeb, such as my name, date of birth, telephone number or email address, and that DxWeb may also access information located in my medical record in the DxWeb Patient Portal known as DxPortal relevant to the prescriptions I have been and will be prescribed. I understand that this information is known as Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

I also understand that some of the Text Messages such as third-party financial savings offers in the form of coupons and special offers for prescription cost savings (“Financial Savings Offers”) although related to my health care and treatment, may be considered as marketing under HIPAA since my health care provider is communicating about a product or service in a way that encourages me to purchase or use that product or service such as the name brand product that appears on a prescription coupon. I further understand that Financial Savings Offers may be considered as advertising.

I understand that DxWeb may aggregate and de-identify my PHI in accordance with HIPAA, either alone or with administrative data to create anonymous “aggregate data” regarding users of Text Messaging (“De-Identified Use Data” as defined under 45 C.F.R. § 165.514).   De-Identified Use Data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal patient identity. This data does not identify me, but will be used as statistical information to determine such things as user demographics and usage patterns concerning the products relating to Financial Savings Offers, such as prescription medication. I understand that this De-Identified Use Data may be provided by DxWeb to third parties including to the manufacturers of the products appearing on prescription coupons, but that my physician does not receive any remuneration for this.

I understand that this information is subject to the terms of DxWeb’s DxConnect Privacy Policy that restrict its use to the specific purposes described in the Privacy Policy and herein.

I therefore authorize my health care provider and DxWeb to use my personal information/PHI in the manner stated above.

I understand that this authorization is voluntary and I may refuse to sign. My refusal to sign will not affect my ability to obtain treatment or payment for my treatment. However, I may be ineligible to receive the above-requested communications.

I may receive a copy of this authorization by submitting a request to DxWeb’s contact information listed above.

I understand that I may revoke this authorization by notifying DxWeb in writing to DxWeb’s contact information listed above. However, I understand that this revocation will not apply to information that has already been released by DxWeb in reliance of this authorization. DxWeb will implement my revocation as soon as is commercially reasonable.