Information you provide to us
When you create or modify a Medyear account, you will be asked to create a profile protected by a self-chosen unique username and password.
Profile information: In order to create this profile, we will ask you for personal information including but not limited to your name, address, email address, phone number, date of birth, last four digits of your social security number, and gender.
We also require the following information to verify your identify though a commercially available identity verification service. The information facilitates the accurate matching of your Medyear records with providers’ medical records.
- A photo of the front and back of your State issued photo identification
- A selfie, with your explicit consent to be reviewed against your photo identification card; and,
- Answers to three challenge questions
Identity verification is important so if you choose to share your health information with your providers, they can accurately match you to your records in their files/records.
Payment Method. When you add a credit card or payment method to your Medyear account, a third party that handles payments for us will receive your card information. To keep your financial data secure, we do not store full credit card information on our servers.
If you choose to share information with individuals, companies, or health care providers through Medyear, we will collect contact information about them from you. We will also only share the information you chose to share with them for your selected purpose and duration.
If you contact us, we will clearly have any information that you have provided to us in the communication. Medyear uses the information you have provided to assist you with any issue.
Information we collect when you use Medyear
Device Information: Medyear receives information from Users’ devices, including IP address, web browser type, mobile operating system version, phone carrier and manufacturer, device identifiers, and push notification tokens.
Usage Information: To help us understand how you use Medyear and to help us improve it, we automatically receive information about your interactions within the Medyear app, and the dates and times of your visits.
Your choices and information sharing
Some of Medyear’s products, services and features require that we share information with other users or at your request. We may also share your information with our affiliates, subsidiaries and business partners, or for legal reasons or in the event of a dispute.
Medyear gives you meaningful choices about controlling the information you have provided – whom you let see it, how much, and for how long. Your choices include:
- How much health information you want to create and store yourself (e.g. symptom logs, exercise records, blood pressure readings, blood glucose logs, etc.).
- How much health information about yourself provided by outside sources you decide to store in your account (e.g. medical lab results, data provided by applications, etc.).
- How much health information, if any, you want to share with friends and family.
- How much health information you want to share with your health care providers, if at all. If you do share information with your providers through Medyear, they may be able to respond to you through your Medyear account. They will also be required to use and disclose your health information only if required by federal and state law.
- Changing any of these preferences and choices at any time; and
- Closing your account at any time.
Please see our operational FAQs for more details.
Information use and sharing by Medyear
Uses and disclosures
- We will use the information you provide to provide you services and to take action on your choices about sharing information with individuals and entities.
- We will use your contact information to communicate with you via email about your account and our services. We will not disclose PHI in emails; instead, we may send an email asking you to log into your account.
- We will create aggregated and/or de-identified statistical, information about our users or their web usage and may disclose this statistical information when appropriate. These statistics will be aggregated and adhere to the Health Information Portability and Accountability Act (HIPAA) U.S. federal medical privacy law 45 CFR 160, 162, and 164.
Uses and disclosures we would make only with your consent
- As described above and in the FAQ, we will only share your personally identifiable information (PII) with individuals, applications, or health care providers at your direction.
- We will not use or disclose any of your PII for marketing purposes, or to serve you ads related to your health, unless you specifically and explicitly consent. You also may withdraw your consent to future offers or ads at any time.
- At your request, we may share your information with business partners.
For example, if you requested a service through a partnership or promotional offering made by a third party, Medyear may share your information with those third parties. This may include, for example, other apps or websites that integrate with our APIs or services, or those with an API or service with which we integrate, or business partners with whom Medyear may partner with to deliver a promotion, a contest or a specialized service.
As an example, we might want to offer diabetic users the opportunity to receive targeted offers or ads for diabetic supplies, but we will not do so unless you explicitly tell us you want the offers or ads.
Unusual disclosures we could make without your consent
- We may disclose information based upon a reasonable belief that the disclosures are required by law, including information requested via subpoenas and court orders. We reserve the right to report what appears to be illegal or fraudulent conduct to the proper authorities.
- We may disclose information if we reasonably believe the disclosure is needed to respond to a threat of physical harm, to defend or assert legal rights, or in response to an imminent health risk authenticated by a medical professional.
Access to your information
You can view the information you or others have submitted into your active Medyear account at any time. If you submitted information to us in any other way, we will make commercially reasonable efforts to give you access to your information upon request.
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request at Medyear Contact.
Deletion of your information
If you delete health information from your Medyear account, it becomes inaccessible by you and cannot be viewed by anyone else through the Medyear application. Similarly, if you close your account, all of your health and contact information will become inaccessible by you and cannot be viewed by anyone else through the Medyear application.
There is a limited amount of time after data deletion or account termination it takes to process deletion throughout our system. Backup copies of this data will be removed from our server based upon an automated schedule, which means it may persist in our archive for a short period.
Subject to the exceptions described below, Medyear deletes or anonymizes your information upon request.
Subject to applicable law, Medyear may retain information after account deletion:
- If there is an unresolved issue relating to your account, such as an unresolved claim or dispute or fraud, spam and abuse;
- If we are required to by applicable law; and/or in aggregated and/or anonymized form.
If you have already shared health information through Medyear with an individual, application, or health care provider, and that person or entity has already saved it, the information will persist in their records. As mentioned above, Medyear does not have access to or control over anything you choose to share with third parties. If you believe that you have shared incorrect information with your provider, you may need to contact them directly to have your information corrected or annotated.
We are committed to keeping personal information secure. We use appropriate technical, administrative, and physical controls to protect personal information from loss, misuse, or alteration. For example, we impose controls that limit internal access to your information. If we share personal information with subcontractors, we subject them to strict contractual and legal controls regarding the protection, use, and disclosure of the information as required by federal law. We use SSL (Secure Sockets Layer) encryption when we transmit personal information through the website.
There is always some risk unauthorized, wrongful, or illegal access to your information could occur or that encryption over the Internet could be intercepted. If a breach of the security of personal information ever occurred, we would provide you with all notifications required by federal and state law.
Because of the sensitivity of information held in Medyear accounts, we urge you to take strong precautions to protect your username and password.
At this time, children under the age of 13 cannot create Medyear accounts or use the Service. We do not knowingly collect or solicit PII from children under 13; if you are a child under 13, please do not attempt to use the Service or send any personal information about yourself to us. If we learn we have collected personal information from a child under 13, we will delete that information as quickly as possible. If you believe that a child under 13 may have provided us personal information, please contact us at Medyear Contact and report the issue.
Business and professional users
This Privacy Statement describes the way user PII is protected and handled. Our Site may contain links to other sites belonging to our business partners (who are not affiliated with us). The inclusion of a provider on our Site does not imply endorsement of the linked provider or service by us. While we try to link only to providers that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other providers. Information you disclose to other parties or through such sites is subject to the privacy and security practices and policies of those parties or sites. Businesses and professionals involved with Medyear should review the terms of any contractual or legal requirements applicable to them.