Collection of your personal information
When you create or modify a Medyear account, you will be asked to create a profile protected by a self-chosen unique username and password. This profile will ask you for personal information including but not limited to your name, address, email address, phone number, date of birth, and gender. It is important you provide an accurate statement so if you choose to share your health information with your providers, they can accurately match you to your records in their files/records. In later versions of Medyear, you may need to participate in commercially available identity verification systems to ensure accurate matching of your Medyear records with providers’ medical records.
If you choose to share information with individuals or health care providers through Medyear, we will collect contact information about them from you. We will also only share the information you chose to share with them for your selected purpose and duration.
Your choices and information sharing
Medyear gives you meaningful choices about controlling your information – whom you let see it, how much, and for how long. Your choices include:
- How much health information you want to create and store yourself (eg. symptom logs, exercise records, blood pressure readings, blood glucose logs, etc.).
- How much health information about yourself provided by outside sources you decide to store in your account (eg. medical lab results, data provided by applications, etc.).
- How much health information, if any, you want to share with friends and family.
- How much health information you want to share with your health care providers, if at all. If you do share information with your providers through Medyear, they may be able to respond to you through your Medyear account. They will also be required to use and disclose your health information only if required by federal and state law.
- Changing any of these preferences and choices at any time; and
- Closing your account at any time.
Please see our operational FAQs for more details.
Information use and sharing by Medyear
Uses and disclosures
- We will use the information you provide to provide you services and to take action on your choices about sharing information with individuals and entities.
- We will use your contact information to communicate with you via email about your account and our services. We will not disclose PHI in emails; instead, we may send an email asking you to log into your account.
- We will create aggregated and/or de-identified statistical, information about our users or their web usage and may disclose this statistical information when appropriate. These statistics will always be aggregated and adhere to the Health Information Portability and Accountability Act (HIPAA) U.S. federal medical privacy law 45 CFR 160, 162, and 164.
Uses and disclosures we would make only with your consent
- As described above and in the FAQ, we will only share your personally identifiable information (PII) with individuals, applications, or health care providers at your direction.
- We will not use or disclose any of your PII for marketing purposes, or to serve you ads related to your health, unless you specifically and explicitly consent. You also may withdraw your consent to future offers or ads at any time.
As an example, we might want to offer diabetic users the opportunity to receive targeted offers or ads for diabetic supplies, but we will not do so unless you explicitly tell us you want the offers or ads.
Unusual disclosures we could make without your consent
- We may disclose information based upon a reasonable belief that the disclosures are required by law, including information requested via subpoenas and court orders. We reserve the right to report what appears to be illegal or fraudulent conduct to the proper authorities.
- We may disclose information if we reasonably believe the disclosure is needed to respond to a threat of physical harm, to defend or assert legal rights, or in response to an imminent health risk authenticated by a medical professional.
Access to your information
You can view the information you or others have submitted into your active Medyear account at any time. If you submitted information to us in any other way, we will make commercially reasonable efforts to give you access to your information upon request.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request at Medyear Contact.
Deletion of your information
If you delete health information from your Medyear account, it becomes immediately inaccessible by you and cannot be viewed by anyone else through the Medyear application. Similarly, if you close your account, all of your health and contact information will become immediately inaccessible by you and cannot be viewed by anyone else through the Medyear application.
For a limited time after data deletion or account termination, backup systems at Medyear may still contain the data, although reconstructing it in an identifiable format may or may not be possible.
If you have already shared health information through Medyear with an individual, application, or health care provider, and that person or entity has already saved it, the information will persist in their records. As mentioned above, Medyear does not have access to or control over anything you choose to share with third parties. If you believe that you have shared incorrect information with your provider, you may need to contact them directly to have your information corrected or annotated.
We are committed to keeping personal information secure. We use appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. For example, we impose controls that limit internal access to your information. If we share personal information with subcontractors, we subject them to strict contractual and legal controls regarding the protection, use, and disclosure of the information as required by federal law. We use SSL (Secure Sockets Layer) encryption when we transmit personal information through the website.
There is always some risk unauthorized, wrongful, or illegal access to your information could occur or that encryption over the Internet could be intercepted. If a breach of the security of personal information ever occurred, we would provide you with all notifications required by federal and state law.
Because of the sensitivity of information held in Medyear accounts, we urge you to take strong precautions to protect your username and password.
At this time, children under the age of 13 cannot create Medyear accounts or use the Service. We do not knowingly collect or solicit PII from children under 13; if you are a child under 13, please do not attempt to use the Service or send any personal information about yourself to us. If we learn we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at Medyear Contact and report the issue.
Business and professional users
This Privacy Statement describes the way user PII is protected and handled. Businesses and professionals involved with Medyear should review the terms of any contractual or legal requirements applicable to them.