Your privacy is of utmost importance to us. We are committed to protecting your privacy and we take great care with your personal information that we gather when you access or use secondconsult.com and related websites, applications, and services owned and operated by Second Consult. We are obligated to keeping your health information private, and we are required by law to respect your confidentiality. We strive to take reasonable care and protection of the information we receive from you.
Second Consult DOES NOT disclose personal information to non-authorized third parties, except where required by law. This includes selling, renting, trading, sharing, or giving information via any medium.
The health care applications of Second Consult collect patient’s personal health information and this data is provided to authorized medical practitioners. This is only done with the prior consent of the patient and this data is covered by HIPAA regulations.
The terms ‘You’ or ‘Your’ refer to you as the user (registered or unregistered) of the Website and the terms ‘We’, ‘Us” and ‘Our’ refer to Second Consult.
What Is Personal Information?
Personal information is that information which can be used to directly or indirectly identify you. It includes de-identified data that, when linked to other information available to us, would enable us to identify you. Personal data does not include data that has been irreversibly anonymized or aggregated so that we cannot identify you through it, even in conjugation conjunction with other information.
“Sensitive Personal Data or Information” means Personal Information of any individual relating to password; financial information such as bank account or credit card or debit card or other payment instrument details; physical, physiological, and mental health condition; sexual orientation; medical records and history; biometric information; any detail relating to the above as provided to or received by Second Consult for processing or storage. However, any data/ information relating to an individual that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law shall not qualify as Sensitive Personal Data or Information.
What Are The Personal Information Collected?
- We may collect the following kinds of information when you use a Service but are not limited to:
- Contact information, such as your Full Name, Email Id, Mobile Phone Number, Address and Contact Details;
- Demographic information such as your Age, Date of Birth, Gender, Marital Status, Nationality and other specific user details provided at the time of registration or thereafter.
- Username/Login Id and Password;
- Personal health information, including information about your diagnosis, previous treatments, general health, and health insurance;
- Physical, physiological and mental health condition, provided by You and/or your Health Care Professional,
- Personal medical records and history
- Payment information, such as your credit card number, expiration date, and credit card security code and other valid payment information pertaining to card payment, net banking or online payment
- Master and transaction data and other data stored in Your user account,
- Documents, files, images, medical reports, test results, radiology reports etc.
- Records of interaction with Second Consult representatives.
- Any other information that is willingly shared by You.
- We may collect certain information automatically when you use our Services, such as:
- Your computer’s Internet protocol (IP) address, device and advertising identifiers, browser type, browser language, referring URL, files accessed, errors generated, time zone, operating system, Internet service provider,
- Pages that you visit before and after using the Services, the date and time of your visit, information about the links you click and pages you view within the Services, and other standard server log information.
- We may also collect certain location information when you use our Services, such as your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
- We may also collect technical data to address and fix technical problems and improve our Services. Your device or browser settings may permit you to control the collection of this technical data. By using the Services, you are consenting to us or any party acting on our behalf collecting this technical data.
- Information from Third-Party Services. If you access the Services from an advertisement on a third-party website, application, or other service (a “Third-Party Service”) we may receive information from the owner of the Third-Party Service related to you or that advertisement.
- Information we obtain from your health care providers and other sources. In connection with Services that involve medical treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.
- We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the Services to login to the Services or to share information about your experience on the Services with others, we may collect information from these third-party services.
Where Do We Collect Your Personal Information From?
The methods by which we collect your Personal Information include but are not limited to the following:
- Any information that you voluntarily choose to provide to us through app, website, email, when you register with us or during interaction with us on call or chat and other modes of communication;
- When you provide your Personal Information to us or when we collect the information from healthcare service provider (HSPs) such as doctors, hospitals, diagnostic centres, chemists etc. in the Second Consult Group, to whom you have permitted the sharing of your personal information;
- Data you have provided to any group company of the Company, affiliates, associates, subsidiary, holding company of the Company, associates and subsidiaries of holding company of the Company, to whom you have given consent for sharing of such information.
- During the course of services provided to you by us, and/or when you use the features on Our Website,
How Do We Use Your Personal Information?
Your PHI may be used or disclosed for the following purposes based on your signing our Conditions of Admission Form which includes your acknowledgement of the Notice of Privacy Practices:
- Treatment Purposes: Your PHI may be used by and disclosed to other health care professionals for the purpose of providing you with health care services. This may also include the need for us to obtain PHI from your previous health care providers. For example, information obtained by a nurse, physician or other member of your healthcare team will be recorded in your medical record and used to determine the course of treatment that should work best for you.
- Health Care Operations: Your PHI may be used or disclosed for health care operations. Our staff members and independent contractors may have to access PHI for certain business operations and for quality improvement purposes. These uses and disclosures are necessary to operate secondconsult.com to help ensure that all of our patients receive quality care. For example, we may use PHI about your healthcare condition to review our treatment and services and to evaluate the performance of our staff in caring for you.
- Business Associates: There are some services in our organization that are provided through contract with business associates. Your health care information may be used by or disclosed to our business associate(s) to provide and bill for services. These business associates will sign an agreement that requires them to have procedures in place to protect the privacy of your PHI.
Your Personal Information may be used for various purposes including but not limited to the following:
- For your registration toward the purpose of receiving our Services, identification, communication, notification and for fulfilment of the Terms and Conditions [Insert link of terms and conditions];
- To Provide and improve Our Services, Website and Application;
- To perform studies, research and analysis for improving Our information, analysis, services and technologies; and ensuring that the content and advertising displayed are customized to Your interests and preferences, which may be subject to your separate written authorization;
- To contact You via phone, sms, whatsapp, email, etc. for appointments, technical issues, payment reminders and other security announcements;
- To address your requests, queries and complaints, in any, pertaining to our Services; other customer care related activities;
- To Send you information about additional clinical services or general wellness from us or on behalf of our affiliates;
- To Offer you personalized Services and targeted advertisements of various healthcare and wellness plans and offer you customised health insights;
- To share with our business partners for provision of specific services you have ordered so as to enable them to provide effective services to You;
- To send promotional mailings from Us or any of Our channel partners via sms, whatsapp, email or snail mail; To advertise Our products and Services;
- To transfer information about You if we are acquired by or merged with another company;
- To Fulfil your requests for products, services, and information;
- To administer or otherwise carry out Our obligations in relation to any agreement You have with us;
- To respond to subpoenas, court orders, or legal process, or to establish or exercise Our legal rights or defend against legal claims; and
- To aggregate Personal Information for research, statistical analysis and business intelligence purposes, and to sell or otherwise transfer such research, statistical or intelligence data in an aggregated or non-personally identifiable form to third parties and affiliates;
- For Technical administration and customization of Website, and other general administrative and business purposes; and
- For any other purposes disclosed to you at the time we collect your information or pursuant to your consent.
How Long Will We Retain Your Personal Information?
We store your personal information in accordance with applicable laws, which means we keep your data for as long as necessary to provide you with our Services or as may be required under any law. We shall store your personal information for lawful purposes only. We keep de-identified data for research and statistical purposes for a longer period.
If you close your account, we have no obligation to retain your data, and we may delete any or all of your data without liability. However, we may retain data related to you if we believe it may be necessary to prevent fraud or future abuse, or if required by law, or for other legitimate purposes. We may continue to store your data in anonymised form for analytical and research purposes.
Disclosure And Transfer Of Your Personal Information
We may disclose and in some cases transfer your personal information to such entities as required to provide services to you and to provide value added services or other third party products and services, to the extent permitted by applicable law. These entities may be located outside India, which you hereby consent to. We require such entities to protect your information through equivalent security measures as what we would adopt. We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
- Authorized third-party vendors and service providers. We may share your information with third-party vendors and service providers that help us with specialized services, including billing, payment processing, providing medical advice for telemedicine services, management and hosting of telemedicine services, customer service, email deployment, business analytics, marketing (including but not limited to advertising, attribution, deep-linking, direct mail, mobile marketing, optimization and retargeting) advertising, performance monitoring, hosting, and data processing. These third-party vendors and service providers may not use your information for purposes other than those related to the services they are providing to us.
- Corporate affiliates. We may share your information with our affiliates.
- Legal purposes. We may disclose information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims or government inquiries, and to protect and defend the rights, interests, health, safety, and security of Cleveland Clinic, our affiliates, patients, users, or the public.
- Business Transfers. HIPAA permits organizations to transfer PHI in certain circumstances. We can transfer your information as part of a transfer of the assets of the organization, merger, or consolidation or in the unlikely event of bankruptcy, if such transfer is permissible under HIPAA and the HIPAA Notice.
- Protected Health Information. We may transfer your PHI as described in the HIPAA Notice and permitted under HIPAA.
- With your consent or at your direction We may share information for any other purposes disclosed to you at the time we collect the information
If you choose to engage in public activities on the third party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these sites and forums. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in public areas.
You authorize us to exchange, transfer, share, part with all or any of Your Personal Information, across borders and from your country to any other countries across the world with our affiliates/agents / third party service providers/partners/banks and financial institutions for the purposes specified under this Policy or as may be required by applicable law.
No information provided by patients during medical consultations or requests for medical appointments is ever used for marketing purposes.
How Do We Protect Your Data?
- We use measures to protect Protected Health Information from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction in accordance with HIPAA.
- We have adopted reasonable security practices and procedures including role-based access, password protection, encryption etc. to ensure that the Personal Information collected is secure.
- While We will guarantee to take all reasonable and appropriate steps to keep secure any information which We hold about You and prevent unauthorized access, You acknowledge that the internet is not 100% secure and that We cannot provide any absolute assurance regarding the security of Your Personal Information. We will not be liable in any way in relation to any breach of security or unintended loss or disclosure of information caused by Us in relation to your Personal Information.
What Are Your Health Information Rights?
- Right to Request a Restriction of Uses and Disclosures: You have the right to request a restriction on our use and disclosure of your PHI. To request restrictions, you must make your request, in writing, to our Privacy Officer. In your request, you must tell us (1) what information you want to restrict; (2) whether you want to restrict our use, disclosure or both; and (3) to whom you want the restrictions to apply, for example, disclosures to your spouse. A Request form is available for you to complete to make this request or you can write our Privacy Officer directly. A member of our staff can provide the request form for you. By law, we are not required to grant your request. We will notify you, in writing, whether we will grant or deny your request. The restriction(s), if granted, would not apply if you need emergency treatment and the information is needed to provide that treatment. If your request is granted, we may choose, at a later date, to deny continuing the restriction and if so, we will notify you in writing of that decision.
- You may also request that we delete your personal information by sending us an email at firstname.lastname@example.org. We will delete such information unless we are required to maintain information in accordance with applicable law.
- Right to Request Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or at a certain location to protect the confidentiality of the information. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to our Privacy Officer. We cannot ask you the reason for such a request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. A Request form is available for you to complete to make this request or you can write our Privacy Officer directly. A member of our staff can provide the request form for you.
- You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.
- Right to File a Complaint: You have the right to file a complaint if you believe we are not in compliance with our Notice of Privacy Practices and the Healthcare Information Portability and Accountability Act (HIPAA) or if you believe your privacy rights have been violated. Your complaint can be submitted, in writing, to our Privacy Officer. Your complaint can be anonymous. We value your opinion and we will not retaliate against you in any manner for filing a complaint. You also have a right to file a complaint with the Secretary of the Department of Health and Human Services.
- We do not share Protected Health Information with third parties for their own direct marketing purposes.
If you are between age thirteen (13) and the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. If you are a parent or legal guardian of a minor child, you may, in compliance with the Agreement, use the Services on behalf of such minor child. Any information that you provide us while using the Services on behalf of your minor child will be treated as Personal Data as otherwise provided herein.
If you use the Services on behalf of another person, regardless of age, you agree that Second Consult may contact you for any communication made in connection with providing the Services or any legally required communications. You further agree to forward or share any such communication with any person for whom you are using the Services on behalf.
Third Party Links and Content
Limiting Data Collection and Do Not Track
Opt-Out: To opt-out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt-out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt-out, so you should opt-out on each of your browsers and devices if you want to disable interest-based advertising for those browsers and devices. If you are opt-out, you will still receive ads but they may not be as relevant to you and your interests, and your experience with our Services may be degraded.
Do-Not-Track Signals and Similar Mechanisms: Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
- You acknowledge that You are providing your Personal Information out of your free will.
- If you are providing Personal Information on behalf of a third party, then you hereby undertake and confirm that you have the legal authority to do so and to agree to this policy on behalf of such third party. If you are providing Personal Information on behalf of a minor, you hereby confirm that you are the parent or legal guardian of such minor.
- You have the option not to provide us the Personal Information sought to be collected. You will also have an option to withdraw Your consent at any point, provided such withdrawal of the consent is intimated to us in writing. (If you wish to withdraw your consent, please click here). If you do not provide us Your Personal Information or if You withdraw the consent to provide us Personal Information at any point in time, We shall have the option not to fulfill the purposes for which the said Personal Information was sought and We may restrict you from using the Website or Services.
Reach Out to Us if You have any Questions.
Any Other Concerns?
We have appointed a Grievance Officer to address any concerns or grievances that You may have regarding the processing of Your Personal Information. If you have any such grievances, please write to our Grievance Officer at ———- and our officer will attempt to resolve Your issues in a timely manner.