HIPAA Compliance and Privacy Statement
As a leader in cloud-based physician referral and patient engagement applications, LeadingReach understands the need to treat patient information in a manner that protects the privacy and security of protected health information (PHI).
In order to protect PHI, LeadingReach has taken the following steps to handle and protect all PHI in the manner specified by the Health Insurance Portability and Accountability Act (“HIPAA”):
- LeadingReach does not use, access, or disclose PHI unless it’s necessary to provide services to its customers in a manner consistent with its contractual commitments or as required or allowed by law.
- LeadingReach has adopted corporate policies that protect the privacy and security of PHI. These policies detail, among other things, the appropriate access, handling, and security measures that LeadingReach has set for the protection of PHI stored in its cloud or accessed by its employees when delivering services to its customers.
- LeadingReach has implemented reasonable and appropriate safeguards intended to maintain the security and integrity of electronic PHI under its control. These safeguards at a minimum meet the required implementation specifications contained in the HIPAA Security Rule.
- LeadingReach encrypts PHI where encryption is a reasonable and appropriate safeguard, and in accordance with its contractual commitments. When encryption of PHI is not possible, such as in those circumstances where such encryption would materially affect the performance or use of the LeadingReach services, LeadingReach endeavors to have other reasonable and appropriate measures to safeguard the PHI.
- LeadingReach requires all subcontractors that may access PHI to provide written assurances that they will handle PHI in compliance with the HIPAA requirements applicable to subcontractors.
- LeadingReach does not sell PHI.
- LeadingReach has established processes to identify and respond to potential security incidents affecting PHI and a Breach of Unsecured PHI.
- LeadingReach policies and procedures are communicated to all employees that may handle or access PHI as part of LeadingReach’s HIPAA training program. LeadingReach requires all employees to sign confidentiality agreements. LeadingReach employees are subject to sanctions in the event they violate these policies, procedures, or confidentiality agreements.
- LeadingReach has adopted other policies and practices as necessary to meet its contractual commitments to customers and/or as required by law.
- LeadingReach is committed to maintaining it’s compliance with HIPAA and will adjust the policies and procedures listed above as laws affecting PHI evolve.
Personal Information Collected and Received
LeadingReach may collect or receive information about each person who visits or registers with the LeadingReach properties and LeadingReach including, but not limited to, user name, password, first and last name, email address, street address, gender, occupation, and interests. LeadingReach also collects information on the pages you access and other information you may volunteer, such as survey information. In addition, you may upload and/or provide information that you may deem as confidential.
We may collect personal information from you at various points, including but not limited to:
- when we correspond with you;
- when you visit the website and/or associated services;
- when you register as an end-user of our services and an account is created for you;
- when you provide information, such as user contributed content, survey information or join our mailing list;
- when you contact us for help;
- when the website and/or associated services send us error reports or collect certain analytics data;
- when engaged by a customer to perform services for them or on their behalf, which may include protected health information; and
- as otherwise described to you.
Some personal information may also be collected by a third-party as a service provider or other vendor. If you interact with some third party services, such as social media companies, particularly where you have an account with the third party, they may collect additional information separate from LeadingReach.
Use and Disclosure of Personal Information
LeadingReach may use and share personal information that we collect or receive about you to:
- deliver the products and services that you have requested;
- manage your customer relationship and provide you with customer support;
- perform analysis about your use of the website and/or services;
- communicate with you by e-mail, postal mail, telephone and/or mobile devices about products or services that may be of interest to you;
- enforce our terms and conditions and other agreements;
- perform services as a processor or business associate on behalf of our customer, which may include your protected health information;
- manage our business, including testing, development and other functions as part of improving and expanding the services offered;
- conduct a sale of all or substantially all of our business or assets, which includes the sale, assignment or other transfer of your personal information in connection with such transaction.
- respond to investigation, court orders, legal process, or to investigate, prevent or take action regarding illegal activities, suspected fraud, or situations involving potential threats to the physical safety of any person, or as otherwise required by law; and
- perform functions as otherwise described to you at the time of collection.
WE WILL NEVER SELL YOUR EMAIL ADDRESS, OR ANY OTHER PERSONAL INFORMATION, TO ANY THIRD PARTY. EVER.
From time to time, we may partner with companies based on the interests of our users. These partner companies will never see your email address or any other information that could identify you or be used to contact you directly.
Any exceptions to this policy of sharing your name, address or email address with a partner company will be done only with your permission.
LeadingReach reserves the right to disclose information when required by law.
LeadingReach may use your IP address to help diagnose problems with LeadingReach’s server and to administer LeadingReach’s web site. Your IP address may also be used to help identify you and your online profile and to gather broad demographic information.
LeadingReach’s site’s registration form requires users to give LeadingReach contact information (such as your name and email address) and demographic information (such as your zip code or age). LeadingReach may use customer contact information from the registration form to send the user information about LeadingReach and promotional material from some of LeadingReach’s partners. The customer’s contact information is also used to contact the user when necessary. LeadingReach may use demographic and/or profile data to tailor the visitor’s experience on LeadingReach’s site, show the visitor content that LeadingReach thinks you may be interested in, and display content according to your preferences.
We may also disclose, on an anonymous basis, statements made by our customers about LeadingReach. With your consent, we may also post your name along with your testimonial.
Rights in Access, Correction and Deletion
Upon request, LeadingReach will provide you with access to information (e.g., name, address, phone number) that LeadingReach collects and maintains about you. This site gives you the following options for changing and modifying information previously provided: (i) email: [email protected]; or (ii) visit www.leadingreach.com. There you can also log into your account to update your contact information. You also may have the right under the law to request the deletion of your personal data.
For assistance with these rights, please utilize the contract information below. If we are operating as a business associate or processor for our customer with respect to your personal data, we will redirect your inquiry to the customer as appropriate.
We do not knowingly collect any information through this website from anyone online who we know to be under the age of 13. If you are under the age of 18, you should use this website only with the involvement of a parent or guardian and should not submit any personal information to us. If we discover that a person under the age of 13 has provided us with any personal information through this website, we will use commercially reasonable efforts to delete such person’s personal information from all LeadingReach systems.
LeadingReach uses industry-standard technologies when transferring and receiving consumer data exchanged between LeadingReach and other companies to help ensure its security. This site has security measures in place to protect the loss, misuse and alteration of the information under LeadingReach’s control. LeadingReach’s servers are backed up regularly and protected by security systems. However, there is no guarantee that your personal information in any system is completely secure, and you should take appropriate measures with respect to your data after considering the foregoing.
We may use standard Internet technology, such as web beacons and other similar technologies, to track your use on our sites and LeadingReach. We also may include web beacons in promotional e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer our visitors/customers to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming or other activities.
We may allow third-parties, including our authorized service providers, advertising companies, and ad networks, to display advertisements on our site and/or LeadingReach. LeadingReach and these companies may use tracking technologies, such as cookies, to collect information about users who view or interact with these advertisements and connect to the LeadingReach properties and/or LeadingReach. This information allows LeadingReach and these companies to deliver targeted advertisements and gauge their effectiveness.
Do Not Track Requests
Your web browser may have a setting that allows you to automatically send a “Do Not Track” message to the websites you visit. LeadingReach does not currently have technology to respond to such requests.
International Transfer of Your Personal Information
The website and/or services is hosted and operated in the United States and is subject to United States law. Any personal information that we collect from you is currently stored and processed in the United States. If you are accessing the website and/or associated services outside of the U.S., you need to understand that by accessing our website and/or associated services, you consent to the transfer of your personal information to the United States. Please be advised that United States law may not offer the same privacy protections as the law in your jurisdiction.
Your California Privacy Rights
In addition to rights that may be described elsewhere:
If you are a California resident, California Civil Code Section 1798.83 permits you to request certain information regarding our disclosure of personal information to third parties for the third parties’ direct marketing purposes. To make such a request, please contact us by sending an e-mail to [email protected].
Our website and/or application are not intended to appeal to minors. However, if you are a California resident under the age of 18, and a registered user of our website and/or application, California Business and Professions Code Section 22581 permits you to request and obtain removal of content or information you have publicly posted. To make such a request, please send an e-mail with a detailed description of the specific content or information to [email protected]. Please be aware that such a request does not ensure complete or comprehensive removal of the content or information you have posted and that there may be circumstances in which the law does not require or allow removal even if requested.
Under California law, California residents who have an established business relationship with us may opt-out of our disclosing personal information about them to third parties for their marketing purposes.
LeadingReach may collect and use information from your use of the website and/or services, provided such information is not subject to contractual commitments to the contrary, and it does not individually identify you or otherwise qualify as personal information, personal data, or similar, under an applicable law. LeadingReach shall have the right to retain records of all data pertaining to use of the website and applications including, but not limited to, usage, activity logs, and click-throughs. LeadingReach may deidentify data in accordance with applicable laws and contractual commitments. LeadingReach may disclose such data, whether collected or deidentified, to third parties provided it is grouped with other LeadingReach users’ data and is presented in an aggregate and deidentified form.
LeadingReach may create links to other websites. LeadingReach will make a reasonable effort to link only to sites that meet similar standards for maintaining each individual’s right to privacy. However, many other sites that are not associated or authorized by LeadingReach may have links leading to LeadingReach’s site. LeadingReach cannot control these links and LeadingReach is not responsible for any content appearing on these sites.
Successors and Assigns
LeadingReach’s site provides users the opportunity to opt-out of receiving certain communications from LeadingReach. To opt-out of receiving such communications, you can (i) send email to [email protected]; or (ii) send postal mail to: 3721 Executive Center Dr., Suite 102, Austin, TX 78731.