Last Updated: June 2018

Overview

Protecting the information you share with us is our highest priority. This Statement of Privacy ensures you know who we, TaqTik Health Inc. (“TaqTik”) are, and how we collect and treat your information, including:

  • What information we have, why we have it, and how long we will keep it
  • How we use your information and why it’s okay for us to use it
  • Who we are able to share your information with
  • Your rights, including how you can ask us to stop using your information

By using TaqTik (such as registering with our service or visiting our website), you accept the terms and conditions of this Statement of Privacy, so we ask that you read all of the terms.

Depending on how you use TaqTik, parts of this Statement of Privacy may or may not apply to you. This Statement of Privacy is crucial to our commitment to provide a secure, confidential network connecting other healthcare networks, providers, and patients.

As a part of our commitment to making it easy for you to understand how we use your data, we have used language we think is clear and simple, but if you have any questions at all, please contact TaqTik’s Privacy Official by email at privacy@taqtik.com or call +1 (408)-915-6436

1. General Definitions

Certain terms you see capitalized in this Statement of Privacy (and on the TaqTik website) have definitions we want to make sure you’re aware of from the beginning:

Authenticated Authorization –means providing authorization for the use (such as transmitting, processing, or releasing) of Information through a process that confirms your (or another relevant person’s) identity at the time of the authorization. This identification may be accomplished by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.

Express Consent – is the prior, knowing, voluntary Authenticated Authorization that you make for the release and disclosure of Information, including any Protected Health Information, for a specific purpose and to a specific entity or individual. The specific information to be released is explicitly identified as part of this process. You provide Express Consent when you use our website to share, transfer, or publish exams with other parties.

Information – means any combination of Medical Information, Non-Personal Information, Personal Information, and Protected Health Information, as applicable.

Medical Information – means any information including age, weight, height, gender, ethnicity, personal medical history, personal social history, medical images, and other personal health information which pertains to the health status of anyone, including health information collected in the course of providing medical or health care services to that person.

Non-Personal Information – Non-Personal Information includes any information that we gather as you navigate our website, such as your browser type, pages viewed, and the time spent on the web site.

Personal Information – is any information that uniquely identifies you or that you might consider highly confidential or sensitive and includes both Personal Account Information and all Protected Health Information concerning you and your family or your patient, including information such as your name, date of birth, and home address.

Protected Health Information – is any of your personally identifiable health information that is traceable to you or your family.

2. Protected Health Information Is Confidential

We consider all Protected Health Information, whether it was provided to TaqTik by you or anyone else, to be Protected Health Information under the law. This information is your property, and you have the right to control who is authorized to access it.

We will not disclose or release any Protected Health Information to anyone, even members of your own family, without your Express Consent except as expressly set forth in this policy or as required by law.

Whenever we are required by law to release any of your Personal Information, we will only release the minimum necessary information required to accomplish the business use for which the permitted release is allowed.

3. Information That We Collect

TaqTik collects Information about you both directly from you and through service providers and partners that use our website or our services. You are not allowed to enter any data into our system that you know is inaccurate, incomplete, or irrelevant (and we require our service providers and partners not to either).

Personal Information : Personal Information is any information that uniquely identifies you or your patient (if you are a health care provider) or that you might consider highly confidential or sensitive and includes your Personal Account Information and Protected Health Information. TaqTik treats all Personal Information as private and confidential. We collect two types of Personal Information:

Personal Account Information : We use Personal Information, such as your name, address, telephone number, email address, organization affiliation, address, user name and password, to uniquely identify you and your use of the website. We then require you to create a password to control access to restricted portions of our website.

Protected Health Information: Protected Health Information that we collect includes:

Medical Information : Medical Information includes any personal health information, including age, weight, height, gender, ethnicity, medical history, family history, social history, medical images and reports, and other personal health information

Non-Personal Information

Non-Personal Information includes any information that we gather as you navigate our website that could not identify you, such as your browser type, pages viewed, and the time spent on the web site. In some cases, this information is collected automatically through cookies and stored in our log files. If you are logged in to a TaqTik service on our website, this information may be associated with your Personal Account Information, in which case we will treat it as Personal Account Information. We use this information to monitor aggregate usage of our website and for internal analysis, quality control, and service improvement purposes. We explain more about how we gather that information in the section below that we call “Website Monitoring.”

4. Who Can Access My Protected Health Information

As a TaqTik user, you may access all Personal Information available to your account, including, but not limited to, your (or your patients’) Protected Health Information. Other than you, the only people who may access some parts of your Protected Health Information are:

Third Party – If you have an individual Personal Account, TaqTik will not release or disclose your Personal Information to any Third Party without your Express Consent that identifies the specific information to be released and to whom it is to be released. If you are a healthcare provider and have a user account, TaqTik will only release or disclose Personal Information of a patient to any Third Party with an appropriate patient Express Consent that contemplates further release by TaqTik. TaqTik assumes no responsibility or liability for the consequences of any such release on instructions and Express Consent.

Law Enforcement / Public Agency Official – Under certain circumstances, TaqTik may be compelled to disclose Personal Information to satisfy a Court order, a duly executed and validly issued subpoena,, or a government request by an agency with competent jurisdiction as part of a regulatory compliance review, in which case we will use reasonable and lawful efforts to limit the scope of any legally required disclosure. TaqTik will also make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.

5. The Limited Uses of Your Personal Information

TaqTik may use your Personal Information, and Protected Health Information only as we are specifically allowed to, such as:

  • Authenticate your use of our website and services
  • Provide requested services and process your transactions
  • Provide communications to you
  • Analyze de-identified data in aggregate

Depending on the situation, TaqTik may process your Personal Information for a number of lawful reasons, including if the you have explicitly consented to the processing (whether to TaqTik or a third party), to comply with applicable law, to protect your vital interests, or occasionally in our legitimate interest. If we process your Personal Information for our legitimate interest, we will always ensure that the processing does not seriously impact the rights or freedoms of the data subject.

As we mentioned, we may process Personal Information related to your health in order to assist in providing health care services to you by a third party. TaqTik will only do that if we have all necessary agreements in place with the third party providing the Personal Information to ensure that your rights are protected.

When we receive Personal Information from someone other than you, we will only process your Personal Information as we are instructed to by who gave us that data (or as required by law).

6. Security Protections For Your Personal Information

We take seriously the trust you place in us to protect the privacy of your or your patients’ Personal Information. We have implemented a series of physical, personnel, administrative, access control, system, third party and transmission safeguards to prevent unauthorized access, to maintain data integrity, and to ensure that only authorized persons who need to access your Personal Information can do so. A brief description of some of our security measures follows.

Physical Security measures include:

  • Physical access to servers is restricted to TaqTik information technology personnel who have been authorized for server access.
  • Disaster recovery plan.

Personnel Security measures include:

  • Background and criminal reference checks for employees, and
  • Annual HIPAA and general privacy and security training for employees

Administrative Security measures include:

  • Sanctions for employee violations of company policies and practices, and
  • Documentation of compliance training.

Access Control Security measures include:

  • Restricting access to data to approved personnel on need basis only
  • Identity Authentication by written signature, passwords, challenge questions, tokens, biometrics or a combination thereof.

System Security measures include:

  • Firewall, data protection systems, intrusion detection and monitoring devices to protect our network and databases
  • Encryption of Personal Information data in our databases and external system auditing with audit trails that monitor, record and document access to these databases

Third Party Security measures include:

  • Business associate agreements and/or other business agreements with all partners, third parties and vendors with whom we share information that requires them to implement all appropriate security procedures to maintain confidentiality.
  • Individual confidentiality agreements with all employees and consultants who are required to come into contact with your Personal Information.
  • Data protection agreements, including European Commission-approved Standard Contractual Clauses with business partners where Personal Information is to be processed from the European Economic Area.

Transmission Security measures include:

  • Encryption of all Medical Information and Protected Health Information transmitted to and from our website and stored in our systems.

While we cannot guarantee that loss, misuse or alteration of data will not occur, we are committed to using proven safeguards and security audit procedures designed to prevent any loss, misuse or alteration of data. You will be promptly notified of any security breach which may have allowed disclosure or compromised the security and privacy of any of your Protected Health Information.

7. Disclosures of Personal Information Required by Law

Under certain circumstances, we may be compelled to disclose your Personal Information to satisfy a Court order, duly executed subpoena, government request, law enforcement investigation, or regulatory compliance review. We will use reasonable and lawful efforts to limit the scope of any legally required disclosure. Under the law, required disclosures include:

  • When a law or duly executed Court Order requires disclosure of your Personal Information, in which case only the information expressly ordered to be disclosed shall be released with notice to you of both the Order and the information disclosed. We will make reasonable efforts to notify you in advance of that disclosure, unless doing so would violate the law or the court order.
  • When government officials investigating compliance with various Security and Privacy laws and regulations require disclosure of information relevant to their investigation.

8. No Disclosure to Linked Websites

TaqTik provides certain links to third-party websites operated by organizations not affiliated with our service. These links may be found within our content or placed beside the names and logos of these persons.

We do not release any of your Personal Information to organizations operating these third-party web sites. We do not review or endorse the privacy policies of these third-party sites, and assume no responsibility for them. We encourage you to read the privacy policies and statements of each and every site before providing any Personal Information.

9. Individual Request for Voluntary Disclosure of Personal Information

You may choose to voluntarily disclose your Personal Information, including Protected Health Information, to third-party service providers, doctors or other health professionals, attorneys, and/or other individuals. We urge you to make such disclosure choices carefully. If you choose to use your Personal Account to voluntarily disclose your Personal Information to any individual or entity other than you or your healthcare professional, you must provide Express Consent that identifies the specific information to be released and to whom it is to be released. TaqTik will not release or disclose any portion of your Personal Information without your Express Consent and assumes no responsibility or liability for any such release as directed by your Express Consent. We encourage you to read the privacy policies and statements of any third-party service providers, or other entities, with whom you direct us to disclose your Personal Information

10. How You Can Help Protect Your Personal Information

Protecting your Information also requires your compliance with certain basic security practices. We cannot secure any Personal Information that you release on your own, that you request us to release or that is released through another third party to whom you give account access.

You must safeguard your user name, password and other authentication information that you use to access our services. Do not disclose this information to any individual, third party or entity. Please immediately notify TaqTik if you think there has been any unauthorized use of your user name, password or other authentication information.

11. Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Information/Account

You may access Information in your account at any time through the website. You may update your Personal Account Information at any time by accessing your Personal Account and making any necessary changes.

You may ask us to correct your Personal Information, including Protected Health Information that was provided by you. You may request a copy of information stored in your account, which we will provide to you in a common format, which is easy for you to use. You may also object to how we are using your Information and ask us to stop. As a reminder, we will comply with your request, but if there are other legitimate reasons for us to continue to process or use your Personal Information (and those reasons would not seriously impact your rights or freedoms), we may still be able to do so.Any written request for correction or access to data that is denied will result in an explanation in writing. Even if we deny your request, we will still restrict how we use your data (for example, if you object to how we are using your Personal Information, we will stop using it for that reason until we verify whether we are able to do so).

You may even request that we erase all of your Personal Information (this will inactivate your TaqTik account) by emailing Customer Support at privacy@taqtik.com. We will verify your identity before taking any action. When you request us to inactivate your account and your identity is verified, we will cease to display your Personal Information on our website and will stop processing it, but it may be stored for a period of time. Please be aware that while this information will no longer be accessible to someone using your account over the Internet, it will be retained for the period of time in backup media, but unless we need to retain information to comply with applicable laws, any backup retention is generally no longer than 60 days . If you request deletion of your Personal Information that we are required by applicable law to retain, we will inform you. This information shall be made available pursuant to a duly executed authenticated authorization to release medical records. In some cases, TaqTik may be allowed to apply a charge equal to the administrative, copying and communication costs for the retrieval, preparation and transmission of the information requested.

12. Use of Our Services

As we mentioned above, if you do not consent to our privacy practices, you cannot use our service. You may withdraw your consent by inactivating your TaqTik account as described in the section entitled “Your Rights, Including Accessing, Updating, Requesting Corrections and Deleting Your Account.”

13. Changes to this Privacy Statement

TaqTik may modify this Statement of Privacy at any time. Changes will always be in accordance with the law and will be posted on this website. We will update the effective date at the top of this Statement of Privacy so you can easily see that last time it was changed.

14. Website Monitoring

TaqTik gathers certain Non-Personal Information about your use of our website through log files and cookies. The techniques we use and their implications for your privacy are described below.

Log Files : When you access our site, our system automatically collects certain information about you for our logs. This data may include your browser type, your computer’s IP address, your Internet Service Provider, operating system, date and time you visited our site, and a list of the pages you visited. We use this information to analyze usage trends, administer the site, and gather demographic information about our members as a whole. It is not designed to identify you personally. However, under certain circumstances we may need to review this information in conjunction with specific Personal Account Information in order to identify and resolve certain issues for our members.

Cookies : TaqTik uses a web technology, referred to as cookies, to make it easier for you to navigate our site, improve the security of your Personal Information, enhance the functionality of some features, and improve performance. These cookies are only applicable within the confines of our site. TaqTik uses both session cookies, which expire when you close your browser, and persistent cookies, which remain on your computer. These cookies act as a user identification card for our servers. Cookies are only read by our computers and are unable to execute any code or virus. You can remove persistent cookies by following the directions provided in your Internet browser’s help file. However, if you set your browser security setting to reject all cookies, you may not be able to access certain portions of our web site. When accessing our site using a public computer, we recommend that you delete all persistent cookies according to the directions in your browser’s help file before you close the browser. For more detailed information on how to control cookies you may wish to visit www.allaboutcookies.org.

15. Communications From Us

From time to time, we will contact you to ask about the services you have requested, to inquire about the quality of services you have received and to alert you about service updates.

If you have opted-in to receiving such promotional marketing communications, any such communications sent via email will be sent to the address provided in your Personal Account Information and will include a link for opting out of future marketing communications.

  1. G Suite HIPPA compliance

TaqTik Health Inc is using Google G Suite for email and storage. We are using a special version of G Suite which supports HIPAA compliance (US government’s the Health Insurance Portability and Accountability Act of 1996). Please see the following document for the implementation guide https://static.googleusercontent.com/media/gsuite.google.com/en//terms/2015/1/hipaaimplementationguide.pdf

On Google side, Google works to keep users’ data secure in the cloud in a reliable and compliant way. From TaqTik side, we are using Google Service with PHI (Protected Health Information). TaqTik Health Inc. (FKA DocOverseas Inc.) signed the G Suite HIPAA Business Associate Agreement (BAA) with Google Inc. in December 2015. Regarding Google Drive, we are setting Google Keep to comply with HIPAA requirement. We also go further beyond the HIPAA requirement by setting up 2-step verification and configuring enterprise sender identification technology. Any data including customers’ photos are also being scanned by Google Service before they can be upload to our G Drive storage to prevent viruses and malware.

In addition to supporting HIPAA compliance, the G Suite Core Services and TaqTik’s Marketplace Cloud Platform using G Suite Core are audited using industry standards such as ​ISO 27001​,​​ISO 27017​, ​ISO 27018​, and ​SOC 2 and SOC 3 Type II audits​, which are the most widely recognized, internationally accepted independent security compliance audits. To make it easier for everyone to verify our security, Google published its ISO 27001 certificate and a SOC3 audit ​report​ on its Google Enterprise ​security page​.

TaqTik also takes extra steps to comply with HIPAA (the US Health Insurance Portability and Accountability Act) and use CSPs (cloud service providers) to store ePHI (electronic protected health information):

a. Identify the people in our organization who handle PHI

b. Allow only our Client Service team to have access to customers’ data

c. Secure our devices. We require two-step authentication for account access, require a login on mobile devices, and configure our systems to remotely lock, locate, or erase devices.

2. SalesForce HIPAA Compliance

TaqTik Health Inc. (FKA DocOverseas) use a specific version of Salesforce Cloud and Salesforce Health Cloud that support HIPAA compliance. We signed HIPAA BAA agreement with Salesforce Inc. in January 2017. For Salesforce and TaqTik to comply with HIPAA:

a. Privacy, Integrity, and Availability

In additional for Salesforce.com’s HIPAA compliance, we carefully examine the data that we send to Salesforce and identify that every field containing ePHI (names, addresses, social security numbers, birth dates, information related to their payment for healthcare, etc.) are protected and encrypted.

b. Data Monitoring, Controlling and Implement

We lock ePHI data by crafting strict access policy for limiting access to data to only our employees and applications which truly need them.

c. Encryption and Tokenization

Salesforce supports secure gateway which acts as a gatekeeper of sensitive information ensuring its integrity no matter where the ePHI resides.

d. Salesforce Shield

Salesforce Health Cloud and Salesforce Cloud protect every element with its built-in HIPAA compliance features which comprises of Salesforce Shield, Field Audit Trail, Platform Encryption, Data Archive and Event Monitoring. It offers a new dimension in the provider-patient relationship along with many platform features and resources.

16. Contacting Us

If you have any questions or concerns regarding this Privacy Statement, please contact the TaqTik Privacy Official at 440 North Wolfe Road, Sunnyvale, California 94085, U.S.A. or call Monday thru Friday between 8:30 AM and 5:30 PM PST at +1 (408) 915-6436 or send mail to:

privacy@taqtik.com