Effective Date: August 10, 2021
I. Collection of Information
We may collect the following kinds of information when you use the DrChrono Services:
Information you provide directly to us. For certain activities, such as when you register, use our telemedicine services, subscribe to our alerts, or contact us directly, we may collect some or all of the following types of information:
We may combine such information with information we already have about you.
Information we collect automatically. We may collect certain information automatically when you use our DrChrono Services, such as your Internet protocol (IP) address, device and advertising identifiers, browser type, operating system, Internet service provider, pages that you visit before and after using the DrChrono Services, the date and time of your visit, information about the links you click and pages you view within the DrChrono Services, and other standard server log information. We may also collect certain location information when you use our DrChrono Services, such as your computer’s IP address, your mobile device’s GPS signal, or information about nearby WiFi access points and cell towers.
We may also collect technical data to address and fix technical problems and improve our DrChrono Services, including the memory state of your device when a system or app crash occurs while using our DrChrono Services. Your device or browser settings may permit you to control the collection of this technical data. This data may include parts of a document you were using when a problem occurred, or the contents of your communications. By using the DrChrono Services, you are consenting to the collection of this technical data.
Information we obtain from your health care providers and other sources. In connection with your treatment, we may collect medical records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records about phone calls and emails related to your illness.
Some of our users, including the Providers, are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the 21st Century Cures Act, the Health Insurance Portability and Accountability Act of 1996 (“ HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“ HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider who has entered a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, DrChrono is prohibited from using individually identifiable health information in a manner that the Provider itself may not. DrChrono is required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such Providers. DrChrono is subject to laws and regulations governing the use and information of certain personal and health information, including HIPAA, when it operates as a business associate of a healthcare provider.
We may also receive information about you from other sources, including through third-party services and organizations. We may combine our first-party data, such as your email address or name, with third-party data from other sources and use this to contact you (e.g. through direct mail). For example, if you access third-party services, such as Facebook, Google, or Twitter, through the DrChrono Services to login to the DrChrono Services or to share information about your experience on the DrChrono Services with others, we may collect information from these third-party services.
II. Use of Information
Targeting Cookies. These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Functional Cookies. These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.
Performance Cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Strictly Necessary Cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
We generally use the information we collect online to:
We may use the information collected through the DrChrono Services to investigate potential or suspected threats to the DrChrono Services or to the confidentiality, integrity or availability of the information DrChrono stores and maintains.
By using the DrChrono Services you agree to receive texts, phone calls, and/or emails from us at the phone numbers and email addresses you provided to us for informational and customer service-related purposes.
Additionally, we may send an email to the email address you provide us in order to verify your account and for informational and operational purposes, such as account management, customer service, or system maintenance. We may also send you marketing emails if you request more information about our products and services. Emails are often transactional or relationship messages, such as appointment requests, reminders and cancellations and other notifications. DrChrono may not offer you the option of opting out of receiving some of these messages although DrChrono may allow you to modify how often you receive such messages. If you opt-in to receiving marketing announcements from DrChrono, we will allow you to opt-out of receiving those announcements.
Electronic Notices. By using the DrChrono Services or providing personal information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the DrChrono Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on the DrChrono Services or sending a text or email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please contact us .
We may anonymize and aggregate any data collected through the DrChrono Services, and use it for business purposes. For example, we may use such data for evaluating and profiling the performance of the DrChrono Services, including analyzing usage trends and patterns and measuring the effectiveness of content, features, or services.
III. Sharing of Information
We are committed to maintaining your trust, and we want you to understand when and with whom we may share the information we collect.
If you access third-party services, such as Facebook, Google, or Twitter, through the DrChrono Services to login to the DrChrono Services or to share information about your experience on the DrChrono Services with others, these third-party services may be able to collect information about you, including information about your activity on the Site, and they may notify your connections on the third-party services about your use of the website, in accordance with their own privacy policies.
If you choose to engage in public activities on the website or third-party sites that we link to, you should be aware that any information you share there can be read, collected, or used by other users of these areas. You should use caution in disclosing personal information while participating in these areas. We are not responsible for the information you choose to submit in these public areas.
Please see our Security Policy here .
We use reasonable measures to help protect information from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. You should understand that no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we take steps to ensure security on our systems. Please note this is not a guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of such safeguards. Please note that information collected by third parties may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information.
If DrChrono learns of a security system’s breach, DrChrono maintains an incident response policy that includes notifications consistent with applicable law.
By using the DrChrono Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this website.
V. Your Choices
You may opt out of receiving general health and wellness or treatment options that may be relevant to you by emailing us at [email protected] . You may also request that we delete your personal information by sending us an email at [email protected] .
You may be able to refuse or disable cookies by adjusting your web browser settings. Because each web browser is different, please consult the instructions provided by your web browser (typically in the “help” section). Please note that you may need to take additional steps to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page . If you choose to refuse, disable, or delete these technologies, some of the functionality of the DrChrono Services may no longer be available to you.
California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes.
VI. Third-Party Advertising, Links and Content
Some third parties collect information about users of our DrChrono Services to provide interest-based advertising on our DrChrono Services and elsewhere, including across browsers and devices. These third parties may use the information they collect on our DrChrono Services to make predictions about your interests in order to provide you ads (from us and other companies) across the internet. Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on your online activities. Due to differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps. Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or your mobile device. For more information, please check your mobile settings. You also may uninstall our apps using the standard uninstall process available on your mobile device or app marketplace.
To opt out of interest-based advertising across browsers and devices from companies that participate in the Digital Advertising Alliance or Network Advertising Initiative opt-out programs, please visit their respective websites. You may also be able to opt out of interest-based advertising through the settings within the mobile app or your mobile device, but your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests, and your experience on our DrChrono Services may be degraded.
Do-Not-Track Signals and Similar Mechanisms. Some web browsers transmit “do-not-track” signals to websites. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they even are aware of them. We currently do not take action in response to these signals.
Third-Party Browser Extensions. Extensions are small software programs, developed by third parties, that can modify and enhance the functionality of your browser. Extensions may have privileges, including the ability to read, record and/or modify your private data, including PHI. These extensions are installed by individual users into the browser on their computers and are utilized at users’ own risk. Further, such extensions are not affiliated with DrChrono and DrChrono does not have visibility into which extensions any user may use. DrChrono assumes no risk of loss of data or breach of such data due to your use of browser extensions.
Prior to using the DrChrono Services, if you have one (or more) of these extensions enabled in your browsers, DrChrono recommends completely removing all of these extensions immediately as disabling the extensions may not be sufficient to protect your PHI. We recommend that you only access the DrChrono Services from supported browsers that have all plugins and extensions removed.
Further, installing any third-party software on your operating system may also subject you to the same risks as using browser extensions. DrChrono has no liability to you due to damages caused by any third-party software, including, without limitations, browser extensions.
VII. Intended For Use in United States Only
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
We do not knowingly allow individuals under the age of 18 to create accounts that allow access to our DrChrono Services.
Without limiting the above, the OnPatient.com website does allow persons above the age of 18 years—such as Providers, parents and guardians—to provide, share and store personal information about others, including minors and children. Any user providing, storing or submitting information on behalf of a child assumes full responsibility over the submission, use and transmission of such information.
X. Information Retention
DrChrono indefinitely stores non-personal information, as well as any feedback you provide us.