Last Updated: September 29, 2020
We are committed to your privacy.
Introduction
Medchart Inc. dba Marble ("Marble") is an information technology service provider that enables you or your Designated Representatives to use electronic means to collect, access, maintain, and share (collectively, “Process”) your health information and medical records. Marble respects your privacy and is committed to keeping this information accurate, confidential, and secure. We Process your information that identifies you personally only with your consent. We always ask for your permission before we share or use your information for a purpose other than to what you have consented. This Privacy Policy is based on U.S. privacy law in general as well as the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”) promulgated by the US Department of Health and Human Services under the Health Insurance Portability and Accountability Act (“HIPAA”) as well as state laws governing the disclosure of Personal Health Information.
The Scope of This Privacy Policy
This Privacy Policy describes Marble's approach to protecting the privacy of Personal Information in its possession or control, in accordance with applicable law and Marble's policies. This Privacy Policy governs our service offerings in the United States.
Changes to this Privacy Policy
This Policy is effective as of the “last updated” data listed above. We reserve the right to change this Privacy Policy from time to time to ensure that it accurately reflects applicable law and Marble policies. Non-material changes will be effective immediately, but Marble will provide 30 days advance notice of material changes through, for example, website postings and/or Marble newsletters. Please check this page regularly to ensure that you understand how Marble Processes your Personal Information. By continuing to use Marble services after the effective date of a change, you automatically accept the change.
Definition of Terms Used in this Privacy Policy
Privacy
Privacy is an individual's right to retain control over the collection, use, and disclosure of her/his personal information.
Custodians
Custodians are health care plans, insurers, health care clearinghouses, health care providers, and other entities who transmit Personal Health Information to Marble with your consent. Personal Information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.
Personal Information
Personal Information is information that identifies, relates to, describes, or could reasonably be linked or associated, directly or indirectly, with a particular consumer or household.
Personal Health Information
Personal Health Information is Personal Information relating to the past, present, or future health status of an individual that is created, collected, transmitted, or maintained (collectively, “Processed”) by Custodians. This includes health information that can be tied to an individual through identifiers such as: name; address; email address; telephone and fax numbers; social security numbers or other government issued IDs; insurance, medical record, or other account numbers; biometric identifiers; photographs or images; device identifiers; or other persistent identifiers that can reasonably be used to identify an individual. Data from which all personal identifiers have been removed, such that the information cannot reasonably be used to identify the individual, is not considered Personal Information, nor is it Personal Health Information.
Capacity and Substitute Decision-Making
An individual is capable of consenting to Marble’s Processing of Personal Health Information if the individual is able to understand the relevant information and the consequences of giving or withholding consent. Marble presumes individual capacity unless it has reasonable grounds to believe that the individual is incapable of consenting.
An individual who is capable of consenting to Marble’s Processing of Personal Health Information may also authorize another person – including family members, advisors, lawyers, or other health care providers - as a Personal Representative to act on her or his behalf. If the individual is incapable of making and understanding health decisions, for example if the individual is unconscious, deceased, or otherwise incapacitated, substitute decision-makers authorized by state or federal law to act as Personal Representatives may consent on her or his behalf.
Substitute Decision-Maker or Personal Representative
A Personal Representative, in relation to an individual, means, unless the context requires otherwise, a person who is authorized by law as a substitute decision-maker to consent on behalf of the individual to the collection, use or disclosure of Personal Health Information about the individual.
Collection, Use, and Disclosure of Personal Information
Collection
Information that you affirmatively give us or ask us to collect:
When you register for a Marble account, we collect the Personal Information that you or your Personal Representative provide directly, including your full name, contact information (including physical and email addresses, phone and fax numbers, etc.). We also collect any other information that you provide including, without limitation, information about your health care providers, insurers, medical conditions.
At your direction and with your consent, Marble collects medical records and Personal Health Information from Custodians.
If you have designated a Personal Representative, including an attorney or family member, you may give them access to and the ability to add additional Personal Information to your Marble records.
Information that we collect passively when you visit our website:
Marble collects information about how and when you use our website and our service offerings, including information about the pages you visit, the content you view on our sites and in our portals, We collect information about the apps, browsers, and devices you use to access our services, which helps us provide features like automatic product updates. The information we collect includes unique identifiers, browser type and settings, device type and settings, operating system, mobile network information including carrier name and phone number, and application version number. We also collect information about the interaction of your apps, browsers, and devices with our services, including IP address, crash reports, system activity, and the date, time, and referrer URL of your request.
Use of Cookies
The Site uses "cookies" to help personalize and maximize your online experience. Cookies are small amounts of data that often include unique identifiers that enable the Site to recognize you and to keep track of your preferences. These identifiers are usually alpha-numeric strings, which cannot be used to identify you without additional information.
Two types of cookies may be employed during your visit to the Site:
- "Session" cookies, which are not permanently stored on your hard drive and are permanently deleted from your computer after two hours of inactivity or when you end your session, are used to help you to navigate around the site; and
- "Persistent" cookies, which remain on your computer so that the Site can recognize you when you return. These cookies, which are used primarily to personalize your site experience and save you time, will remain on your computer after you have left our Site and will expire when you log out of the Site, or 60 days after your last visit for security cookies, or two years after your last visit for advertisement and information notice cookies.
The Site uses cookies for the following:
- When you return to the Site, cookies enable us to retrieve the information you previously provided, so you can easily use the features that you customized. Because of our use of cookies, we can deliver faster and more accurate results and a more personalized site experience. For example, if you personalize Marble pages, or register for services, a cookie helps us to recall your specific information (such as user name, password and preferences). When you watch a video clip or listen to an audio clip on or through the Marble Site, a cookie may take note of which media player and which type of clip (high or low bandwidth) you prefer to use on your computer. Note, however, that you can change your video and audio preferences at any time or choose a player each time you view or listen to a clip.
- Some parts of the Site use cookies to track user traffic patterns. We do this in order to determine the usefulness of the Site’s information to our users and to see how effective our navigational structure is in helping users reach that information.
- We also use cookies to identify users who have been banned from using our forums for behavior that violates these General Terms and Conditions and to track click streams, for load balancing and to enable you to navigate through the site using redirection pages.
Please note that you have the ability to disable cookies if you wish, generally through changing your internet browser settings. It may also be possible to change your browser settings to enable acceptance of specific cookies. For more information on enabling and disabling cookies, please refer to the help section on your browser. If cookies are disabled it may mean that not all the services of this Site might be available. If you do not agree with Marble's use of cookies, please discontinue the use of this website.
Use
Marble uses Personal Information about you for the exclusive purposes of collecting, maintaining, and disclosing that information, including Personal Health Information, at your direction and on your behalf. If we want to use your information for any other purpose, we will seek your explicit consent to do so.
Disclosure
Marble discloses Personal Information about you, including Personal Health Information, in order to provide the service, including to collect Personal Health Records from Custodians and to facilitate the disclosure of that information to third parties on your behalf and at your direction. Marble may also disclose Personal Information about you to third parties as required by applicable law and/or as necessary to protect our rights and the rights of third parties. Unless prohibited by law, we will notify you of any such disclosures.
Retention
Marble will retain Personal Information associated with your Marble account for so long as it is necessary to provide our services to you. Subject to certain limitations necessary to provide our services, operate our business, and comply with applicable law, you may delete your Personal Information at any time.
Privacy Principles
Marble Processes your Personal Information in accordance with globally recognized fair information practice principles described below:
Accountability
Marble is an information technology service provider that allows users to access, consolidate, and control their Personal Health Information collected from Custodians using electronic means. Marble has established policies and procedures to protect patient privacy and safeguard Personal Information, including Personal Health Information. Our Chief Privacy Officer (CPO), identified at the end of this document, is Marble's designated contact person and is accountable for our compliance with this Privacy Policy and applicable law.
Consent
Marble will normally obtain consent from you or your properly designated Personal Representative before Processing Personal Information about you. An individual can provide consent to the collection, use and disclosure of Personal Information about them expressly, implicitly, or through an authorized Personal Representative. When you sign up for Marble services, whether as an individual or an individual’s personal representative, we will ask for your express consent during the account creation process. You have the right to withdraw consent at any time, with certain exceptions.
Purpose Specification
Marble will identify the purposes for which Personal Information is Processed at or before the time the information is collected. We will not use your Personal Information for any other purpose without your express consent.
Collection, Use, Disclosure, and Retention Limitations
With your consent, Marble helps you consolidate and access your Personal Health Information on a secure online account. Specifically, we: collect copies of your official medical records from Custodians; if necessary, convert your paper records into an electronic format, and promptly and securely dispose of the paper copy; upload the electronic copy of your records onto a secure, encrypted online database; allow you to access these records on your personal password-protected Portal on our website; and allow you to authorize other users (such as your healthcare provider, family members, or lawyers) to securely access, use, and disclose your records.
Marble collects Personal Information about you only by fair and lawful means, either from you directly or from Custodians. This information may include your name, date of birth, address, contact information, health history, records of your visits to medical service providers, and details of the care that you received. Upon enrolling in Marble's services you agree and understand that the collection of Personal Information is for your personal record keeping purposes, including disclosure to third parties at your direction or at the direction of your Personal Representative.
Marble will use your Personal Information only for the reasons it was collected, unless you expressly consent to our use or disclosure of that information for another reason. We will retain your Personal Information only for so long as necessary to provide the services you have requested. Marble may share your Personal Information with our affiliates and service providers who may be involved in delivering Marble's services, providing customer support, and conducting customer research or satisfaction surveys. These service providers are obligated by contract to protect your Personal Information, they are not permitted to use this information for any purpose except providing the service, and they are only given the information necessary to perform their designated functions. Marble does not authorize any service providers to use or disclose your Personal Information for their own marketing or other purposes. We may also share your Personal Information with our financial, insurance, legal, accounting or other advisors that provide such professional services to us.
Your Personal Information may be processed and/or stored outside of the United States as necessary or appropriate to provide our services. No matter where your data is stored, we undertake reasonable measures to protect your Personal Information. When it is stored and/or Processed in other jurisdiction, our Processing of that data may be subject to the laws of such countries and made available to third parties under applicable law. By providing us with your information, you allow your Personal Information to be transferred outside of United States.
Accuracy
Marble will keep the Personal Information in its possession or control accurate, complete, current and relevant, based on the most recent information available to Marble. Please be aware that we cannot modify Personal Information provided by Custodians. However, if you believe that any other Personal Information is inaccurate or incomplete, please notify us [via email or your account.
Data Security
The safety and privacy of your information is our top priority, and Marble has deployed appropriate physical, administrative, and technical measures designed to safeguard your Personal Information against theft, loss, unauthorized access, copying, modification, use, disclosure and disposal. These measures include appropriate security policies, employee training, the use of nondisclosure agreements, audits and compliance monitoring, and access controls (facility and workstation).
Marble uses strong encryption technologies to secure your information, and monitors and upgrades our systems to reflect new technology and other developments. Access to your online profile and medical records is protected by your personal login details. We strongly encourage you to take advantage of our optional 2-factor authentication system (a verification code sent to your registered cell phone or email at time of login) to minimize the likelihood of unauthorized access in case your login details have been lost or stolen.
Transparency
This Privacy Policy is designed to provide a comprehensive description of Marbles privacy practices, including information about the Personal Information we collect, how we use that information, and to whom we disclose it.
- Marble may disclose Personal Information to our service providers who help us provide the service or to third parties (such as family members, lawyers, or health care providers) at your direction.
- Marble does not sell Personal Information to anyone for any purpose.
- Marble does not knowingly collect Personal Information about minors without the express consent of their parent, guardian, or duly appointed Personal Representative.
If you would like to know more about Marble’s policies and practices related to the management of personal information, please contact our Chief Privacy Officer via email sent to privacy@medchart.com.
Access to Personal Information
Except as restricted by law, Marble will inform you or your Personal Representative about the existence, use and disclosure of any personal information about you in our possession or control, and will provide access to that information. You may also have the right to challenge the accuracy and completeness of the information and to ask that it be amended or deleted. To ask if we are processing Personal Information about you, to learn what personal information about you that we have, and to whom we may have disclosed that information, please send an email to privacy@medchart.com.
Please be sure to include your full name, address, telephone number, and email address. We may need to ask for additional information to verify your identity.
Complaints and Questions
For more information about our privacy protection practices, or to raise a concern you may have about our practices, please contact:
Juliana Doxey
Chief Privacy Officer, Medchart, Inc.
215 S. Denton Tap Rd., Suite 290
Coppell, TX, 75019
USA
Email: privacy@medchart.com
Toll-free: 1-833-603-0407
Fax: 1-888-929-2687