PROVIDER PRIVACY NOTICE

Last updated: April 14, 2023

This Privacy Notice (“Notice”) describes the Personal Information (defined below) collected by or on behalf of the following provider-owned businesses: Delaware Telehealth Medical Group, P.A., Kansas Telehealth Medical Group, P.A., Florida Telehealth Medical Group, P.A., New Jersey Telehealth Medical Group, P.A., and California Telehealth Medical Group, P.C. (each a “Provider” and collectively the “Providers”) during the provision of healthcare (the “Services”) and how Personal Information is used and shared. If you have questions or concerns about this Notice, please contact your Provider as set forth below.

This Privacy Notice only applies to Providers and their privacy practices.

Providers Collect Data You Provide

Providers will require information that personally identifies you (“Personal Information”) such as your name, email, mailing address, or phone number. Providers will collect, use, and share it pursuant to this Notice and applicable law.

Providers are not “covered entities” under the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) and Personal Information does not constitute “protected health information” under HIPAA. It is important to note that HIPAA does not necessarily apply to an entity or person simply because there is health information involved, and HIPAA does not apply to Services or communications with Providers. However, any medical or health information that you provide that is subject to specific protections under applicable state or federal laws will be used and disclosed in accordance with such applicable laws.

Personal Information will be collected from you during treatment as well as through one or more service providers and vendors engaged by Providers to provide technology and other platforms used during treatment. Specifically, Providers obtain data about individuals from BlueChew.com (“BlueChew”). This includes the information populated into a BlueChew account. Providers will use this data to provide you Services. Data from BlueChew does not constitute protected health information under HIPAA. Please visit BlueChew’s Privacy Policy for additional information on how BlueChew uses your Personal Information here.

How Providers Use & Share Personal Information

Beyond the uses and sharing described above, Providers may use and share Personal Information as described below. Providers do not sell or rent Personal Information except as stated in this Notice and as permitted by applicable law.

Purpose Collected & Communication with You. Providers use and share Personal Information for the purpose for which it was collected. For example, if you contact Providers for support or assistance, they may use Personal Information to contact you and assist you with your request. Providers may send you information via your email registered with BlueChew. Any correspondence with your Providers will be via that email address. You may request a copy of your medical record from your Providers at any time, but understand and acknowledge that such medical record may be provided to you via unencrypted email.

Vendors, & Other Partners. Providers may share Personal Information with their third- party vendors, service providers, suppliers, consultants, agents, sales representatives, and other partners (including technology management and hosting, marketing and public relations, identity verification, and email services, such as BlueChew) or otherwise process Personal Information for purposes described in this Notice or communicated to you when Providers collect such data. The parties described in this paragraph are authorized and may use and disclose Personal Information as needed to provide the applicable services to Providers, and in the case of BlueChew, as otherwise set forth in its Privacy Policy here.

Aggregated Data. Providers may use Personal Information to create anonymous aggregate data. Providers may use and share such aggregate data with their affiliates, vendors, and other third parties to: (a) analyze, develop, and improve the Services that Providers make available, (b) inform business strategies, (c) understand patient demographics and user preferences, (d) customize user experiences, and (e) for other lawful purposes.

Security & Protection of Rights. Providers may use Personal Information and share it with third parties if they believe it is needed to provide the Services or to protect their rights or the rights of others, including sharing data needed to identify, contact, or bring legal action if contracts, terms, or policies are violated or if required by law.

Business Transactions. If Providers undergo a change or contemplated change in control, acquisition, merger, reorganization, or asset sale, all Personal Information may be transferred, sold, shared, or otherwise shared with potential and actual successors, which will be bound by this Notice as it applies to Personal Information.

With Your Consent. With your consent, Providers may use or share Personal Information in ways not specifically described in this Notice.

Data Providers Do Not Intend to Collect

Special Information. Providers do not intend to collect any data that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that involves genetic or biometric data or data concerning sexual orientation. Providers do collect certain Personal Information consisting of health information used to provide treatment. Providers only use this Personal Information for treatment.

Minors. Providers are committed to protecting children’s privacy. Provider services are not directed at minors under 18 years of age. Providers do not knowingly collect, use, or share data from minors under 18. If a parent or legal guardian learns their child provided Providers with Personal Information without consent, please contact Providers as set forth below.

Data Security

Providers use commercially reasonable technical and organizational measures to help secure all Personal Information against loss, misuse, and alteration. While Providers cannot guarantee it, they use industry-standard protections to help safeguard against such occurrences.

YOU UNDERSTAND THAT NO DATA TRANSMISSION OVER THE INTERNET CAN BE GUARANTEED TO BE 100% SECURE. WHILE PROVIDERS STRIVE TO PROTECT YOUR PERSONAL INFORMATION, THEY DO NOT GUARANTEE THE SECURITY OF PERSONAL INFORMATION AND YOU PROVIDE PERSONAL INFORMATION AT YOUR OWN RISK.

Access from Outside the United States

Providers are only licensed to practice medicine within their particular state such that their telemedicine services are operated and maintained from the United States and are intended solely for a United States audience and patients within the states they reside. If you attempt to access Provider services from outside the United States, please be aware that Personal Information will be transferred to, stored in, and processed in the United States. U.S. data protection and related laws may not be as comprehensive as those from where you reside.

Third-Party Sites

The Providers may link to, or be linked to, websites not controlled by Providers. Providers are not responsible for third-parties’ privacy policies or practices. This Notice does not apply to any third-party websites or to any data that you provide to third parties. You should read the privacy policy for each website that you visit.

Access & Update Your Personal Information

To access or update your Personal Information as it exists in our records, please contact us using the information below.

Contact Us

If you have questions or concerns regarding this Notice, contact us at support@bluechew.com