RxLive Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW YOUR MEDICAL AND OTHER INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS DOCUMENT CAREFULLY.
We believe that transparency about the use of your PHI is important. In this Policy, we provide you detailed information about our collection, use, maintenance, and disclosure of your Personal Information. This Policy explains what kind of information we collect, when and how we might use that information, how we protect the information, and your rights regarding your Personal Information.
RxLive is required by law to ensure the privacy of your information and to provide you with this Policy to notify you of our legal duties and privacy practices with respect to that information. RxLive is required to follow the terms of this Policy or any change to it that is in effect. It may be necessary for us to modify this Policy from time to time. We will notify all users by posting an amendment to the Policy on www.rxlive.com (the “Site”). Such modifications will become effective on the date they are posted. We encourage you to frequently review the Policy for any modifications.
What Types of Information Does RxLive Collect?
RxLive collects various types of information and treats each type with the utmost care. Whether that information is collected from users of our Site or from patients in the process of providing care, we take great pride in the efforts we take to ensure the security of that information in everything we do. We will never sell your information.
RxLive may collect Personally Identifiable Information (“PII”), which includes any information that can be used on its own or with other information to identify a single person or to identify an individual in context. If we can link particular information (directly or indirectly) to an individual, we consider this information PII, and we will protect it. This Policy applies to that information as it is collected by RxLive, its affiliates and agents, and its service providers from users of the RxLive website, RxLive’s Clinical Pharmacist Consultation Services, and RxLive’s line of technology programs and products.
RxLive may also collect Protected Health Information (“PHI”), also referred to as personal health information. This is information that may identify you and relates to your past, present, or future health or condition, treatment of your condition, or payment for your care. This information includes the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual and determine appropriate care. This Policy describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Policy also describes your rights with respect to your PHI.
We want you, whether a public user or restricted-access user, to understand what data we collect from you when you visit our Site, how we use such data, and whether and to whom we share such data with others. This Policy applies to activities we engage in on the Site and does not apply to activities that are “offline” or unrelated to the Site, including activities occurring on other websites or platforms that we operate. You should note that different privacy policies may apply to other parts of RxLive’s web presence.
Types of Information Collected. Several types of data may be collected from you when you visit our Site, including (as defined below) Non-Personal Information and Personally Identifiable Information. Certain types of data are specifically NOT collected, including financial information and personal information from children.
Non-Personal Information. RxLive automatically collects certain anonymous data regarding usage of the Site. The anonymous data we collect may include, without limitation, information such as:
- Your IP address and if applicable, the IP address of the website from which you linked to the Site;
- The language used to access and view the Site;
- The type of web browser and operating system you are using;
- The presence or absence of “flash” plug-ins;
- Your screen resolution; and
- The pages you visited and length of visit to the Site.
Personally Identifiable Information. RxLive may ask you to provide personally identifiable information (“PII“) on the Site (for example, when subscribing to mailing lists or registering for access). Information collected when subscribing to mailing lists may include, without limitation, your name, email address, or additional information you enter when subscribing. In all such cases you choose whether to provide us with PII; however, certain portions of the Site may not be available to you if you do not provide the information requested. By providing such information, you consent to our collection and use of it, as described in this Policy. By providing a phone number, including a cell phone number, you consent to our collection and use of the number, such as to make calls and send you information at the number provided.
No Personal Information from Children. We do not knowingly collect personal information from children under the age of 18. Children are not permitted to use the Site and we request that children under the age of 18 not submit any personal information to the website.
Other Information NOT Collected. Our services and your use of the Site do not require you to disclose, nor require us to request or collect, any credit card or other financial information, or any other personally identifiable information not described above. We do not request, solicit or intend to collect any such information and you should not disclose, enter or upload any such information on the Site. If we discover that such information was disclosed by you, we will exercise commercially reasonable efforts to delete such information; however, we are not liable for any consequences relating to such disclosures of information.
Use and Disclosure of Information Collected. Our use and disclosure of certain information varies with respect to the type of information collected, including Non-Personal Information and Personally Identifiable Information.
- Non-Personal Information. We use the Non-Personal Information collected through the Site for statistical purposes and for improving the functionality of the Site. In general, this information is used internally but we may, from time to time, engage a third party’s software or services to assist us with these analyses. In those limited cases, disclosure of this information to a third-party is necessary; however, the data remains anonymous at all times.
- Personally Identifiable Information. We use PII collected through the Site in conjunction with responding to your requests for information or services. In the event that you subscribe to a mailing list, we may use your email address or other contact information to send you messages, newsletters, special promotional offers, announcements, surveys and other commercial messages. If you no longer wish to receive such commercial messages, simply send an email including the details of the email address or other contact information you wish to have removed from our list to Compliance@RxLive.com.
Please note that you cannot unsubscribe from certain correspondence from us. We may use third party service providers and suppliers to facilitate our operation of the Site and/or to do mailings on our behalf, and they may have access to PII. Additionally, we may provide PII to third parties for marketing purposes or to third parties that we believe have products or services of interest to you.
You can choose the types of information we collect about you using cookies when you visit our Site. Most web browsers automatically accept cookies, but you can change your browser settings to prevent this. Refer to your web browser’s help menu for assistance in changing your web browser settings. If you disable cookies, your ability to use some features of the Site may be limited.
Security. We strive to maintain the security of your information by using appropriate measures designed to protect our systems. However, we cannot guarantee the security of any information that is disclosed online. The Site is encrypted with algorithms and methods currently deemed acceptable by National Institute of Standards and Technology based on the classification of data stored, processed or transmitted. We also employ secure technology, privacy protection controls, and restrictions on employee access, to safeguard sensitive information. Notwithstanding the foregoing, we do not insure or warrant the security of any information you transmit, and you do so at your own risk.
Privacy Practices with Respect to PHI
Your PHI is used solely in the context of our mission to connect pharmacists and patients to improve medication adherence and effectiveness, reduce medication costs where possible, and to help improve the quality of life of each member we touch.
How We May Use and Disclose Your PHI. The following categories describe different ways that we use and disclose your PHI. We have provided you with examples in certain categories; however, not every permissible use or disclosure will be listed in this Policy.
Note that some types of PHI, such as HIV information, genetic information, alcohol and/or substance abuse records, and mental health records, may be subject to special confidentiality protections under applicable state or federal law, and we will abide by these special protections. If you would like additional information about special state law protections, you may contact our Compliance and Privacy Office at firstname.lastname@example.org or visit www.rxlive.com.
Uses and Disclosures Of PHI That Do Not Require Your Prior Authorization. Except where prohibited by federal or state laws that require special privacy protections, we may use and disclose your PHI for treatment, payment and health care operations without your prior authorization as follows:
- Treatment. We may use and disclose your PHI to provide and coordinate the treatment, medications, and services you receive. For example, we may disclose PHI to pharmacists, doctors, nurses, technicians, and other personnel involved in your health care. We may also disclose your PHI with other third parties, such as hospitals, other pharmacies and other health care facilities and agencies to facilitate the provision of health care services, medications, equipment and supplies you may need. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs.
- Payment. We may use and disclose your PHI to obtain payment for the health care services that we provide to you and for other payment activities related to the services that we provide. For example, we may contact your insurer, pharmacy benefit manager, or other health care payor to determine whether it will pay for health care services you need and to determine the amount of your co-payment. We will bill you or a third-party payor, as appropriate, for the cost of health care services we provide to you. The information on or accompanying the bill may include information that identifies you, as well as information about the services that were provided to you or the medications you are taking. We may also disclose your PHI to other health care providers or HIPAA-covered entities who may need it for their payment activities.
- Health Care Operations. We may use and disclose your PHI for our health care operations. Health care operations are activities necessary for us to operate our health care businesses. For example, we may use your PHI to monitor the performance of the staff and pharmacists involved in providing treatment to you. We may use your PHI as part of our efforts to continually improve the quality and effectiveness of the products and health care services we provide. We may also analyze PHI to improve the quality and efficiency of health care, for example, to assess and improve outcomes for health care conditions. We may also disclose your PHI to other HIPAA-covered entities that have provided services to you so that they can improve the quality and effectiveness of the health care services that they provide. We may use your PHI to create de-identified data, which is stripped of your identifiable data and no longer identifies you.
- Business Associates. We may contract with third parties to perform certain services for us, such as billing services, copy services, or consulting services. These third party service providers, referred to as Business Associates, may need to access your PHI to perform services for us. They are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
- Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, other relative, close personal friend, or any other person you identify and permit PHI directly relevant to that person’s involvement in your care or payment related to your care. Additionally, we may disclose PHI to your “personal representative.” If a person has the authority by law (such as a Power of Attorney) to make healthcare decisions for you, we will generally regard that person as your “personal representative” and treat him or her the same way we would treat you with respect to your PHI.
- Notification. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition, as permissible by law.
- Food and Drug Administration (“FDA”). We may disclose to persons under the jurisdiction of the FDA any PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
- Worker’s Compensation. To the extent necessary to comply with law, we may disclose your PHI to worker’s compensation or other similar programs established by law.
- Public Health. We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA or Health and Human Services (HHS).
- Law Enforcement. We may disclose your PHI for law enforcement purposes as required or permitted by law. For example, we may disclose your PHI in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.
- Correctional Institution. If you are or become an inmate of a correctional institution, we may disclose to the institution, or its agents, PHI necessary for your health and the health and safety of other individuals.
- Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
- Victims of Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
- As Required by Law. We will disclose your PHI when required to do so by federal, state or local law.
- Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Research. We may use your PHI to conduct research, and we may disclose your PHI to researchers as authorized by law. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an Institutional Review Board or Privacy Board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
- Coroners, Medical Examiners and Funeral Directors. We may release your PHI to coroners or medical examiners so that they can carry out their duties. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
- Organ or Tissue Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
- Disaster Relief. We may use and disclose your PHI to organizations for purposes of disaster relief efforts.
- To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- Fundraising and Charitable Undertakings. As permitted by applicable law, we may contact you to provide you with information about our fundraising programs. You have the right to “opt out” of receiving these communications and such fundraising materials will explain how you may request to opt out of future communications if you do not want us to contact you further for fundraising efforts.
- Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
- National Security, Intelligence Activities, and Protective Services for the President and Others. We may release PHI about you to federal officials for intelligence, counterintelligence, protection of the President, and other national security activities authorized by law. Uses and Disclosures of PHI that Require Your Prior Authorization. There are certain circumstances that require your prior authorization prior to our using or disclosing your PHI. We will obtain your written authorization for the use or disclosure of psychotherapy notes, use or disclosure of PHI for marketing, and for the sale of PHI, except in limited circumstances where applicable law allows such uses or disclosure without your authorization. Further, we will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Policy or otherwise permitted by law. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization. Your Health Information Rights. You have certain undeniable rights with regard to your health information, as listed below.
- Obtain a paper copy of the Policy upon request. You may request a copy of our current Policy at any time. Even if you have agreed to receive the Policy electronically, you are still entitled to a paper copy. You may obtain a paper copy at the site where you obtain health care services from us or by contacting us at Compliance@RxLive.com.
- Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to us at Compliance@RxLive.com. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
- Inspect and obtain a copy of PHI. With a few exceptions, you have the right to access and obtain a copy of the PHI that we maintain about you. If we maintain an electronic health record containing your PHI, you have the right to request to obtain the PHI in an electronic format. To inspect or obtain a copy of your PHI, you must send a written request to the Privacy Office. You may ask us to send a copy of your PHI to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed.
- Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Privacy Office. You must include a reason that supports your request. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it.
- Receive an accounting of disclosures of PHI. With the exception of certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request, to entities or individuals other than you. To request an accounting, you must submit a request in writing to the Privacy Office. Your request must specify a time period.
- Request communications of PHI by alternative means or at alternative locations. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For instance, you may request that we contact you at a different residence or post office box, or via e-mail or other electronic means. Please note if you choose to receive communications from us via e-mail or other electronic means, those may not be a secure means of communication and your PHI that may be contained in our e-mails to you will not be encrypted. This means that there is a risk that your PHI in the e-mails may be intercepted and read by, or disclosed to, unauthorized third parties. To request confidential communication of your PHI, you must submit a request in writing to the Privacy Office. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested, we may contact you using the information we have.
- Notification of a Breach. You have a right to be notified following a breach of your unsecured PHI, and we will notify you in accordance with applicable law.
Where to obtain forms for submitting written requests. You may obtain forms for submitting written requests by contacting the Privacy Officer at RxLive, 1211 1st Ave N., St. Petersburg, FL 33705 or toll-free by telephone at (877) 924-4472.
For More Information or to Report a Problem. If you have any questions or concerns about this Policy or the use of your information, or to modify or update any information we have received, please contact us through the Site, by email at Compliance@RxLive.com, or by mail at the following address:
1211 1st Avenue N.
St. Petersburg, FL 33705
Effective: January 21, 2022