We are pleased that you are visiting our website at www.heedoc.com and thank you for your interest in DeckDo Inc trading as heeDoc (hereinafter "heeDoc", "we", "our" or "us"). In the following, we inform you about the handling of your personal information in accordance with Texas Privacy Act (TMRPA) when using our website.
For information on the processing of personal information in accordance with the General Data Protection Regulation 2016/679, please refer to our GDPR Compliance Statement. For further information on the processing of protected health information in accordance with the Health Insurance Portability and Accountability Act, please refer to our HIPPA Compliance Statement.
When using our services as a Patient of a Healthcare provider or Physician who has subscribed to our services, heeDoc acts as a data processor as such please refer to your selected Healthcare provider`s or Physician`s Privacy Policy for further information.
During the mere informational use of our website, i.e., if you do not submit content or otherwise transmit information to us, we only collect information that your browser transmits to our server (so-called "server log files"). The information is not passed on or used in any other way. However, we reserve the right to check the server log files retrospectively should concrete indications point to illegal use.
In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process certain user information such as browser and location information and IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. For more information on cookies, please refer to our Cookie Policy.
We may work together with advertising partners who help us to make our internet offer more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). Please note that if you do not accept cookies, the functionality of our website may be limited.
When contacting us, personal information is collected. This information is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. Your information will be deleted after final processing of your request, this is the case if it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.
Personal information will continue to be collected and processed if you provide it to us for the performance of a contract. Which information is collected can be seen from the respective input or online forms. We store and use the information provided by you for the purpose of processing the contract. After complete execution of the contract, your information will be blocked with regard to tax and commercial law retention periods and deleted after expiration of these periods, unless you have expressly consented to a further use of your information or a legally permitted further use of information was reserved by our side, about which we inform you accordingly below.
The legal basis for the processing of your personal information in the context of direct marketing measures is either your consent or our legitimate interest in marketing and promoting our courses and services. The purpose of processing your personal information in the context of direct marketing measures is to send information, offers and, if applicable, to promote sales.
We process information of our contractual and business partners, e.g., Health care providers and physicians in the context of contractual and comparable legal relationships as well as related measures and in the context of communication with contractual partners (or pre-contractual), e.g., to answer inquiries.
We process this information to fulfil our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information as well as for business organization. We only disclose the information of the contractual partners to third parties within the scope of the applicable law to the extent that this is necessary for the aforementioned purposes or for the fulfilment of legal obligations or with the consent of the contractual partners (e.g., to participating telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisers, payment service providers or tax authorities).
Unless otherwise specified the purposes of processing are Contractual performance and service, contact requests and communication, office and organizational procedures, administration, and response to requests, visit action evaluation, interest-based and behavioral marketing. And, the Legal bases are Contractual performance and pre-contractual inquiries, Legal obligation, and our Legitimate interests.
We process information in the context of administrative tasks as well as organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same information that we process in the course of providing our contractual services. The deletion of information with regard to contractual services and contractual communication corresponds to the information mentioned in these processing activities.
In this context, we disclose or transfer information to the tax authorities, consultants, such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information on suppliers, event organizers and other business partners, e.g., for the purpose of contacting them at a later date. This information, most of which is company-related, is generally stored permanently.
Where applicable, we provide our service providers with further information, which they use together with the information necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimization of our payment processes (e.g., invoicing, processing of contested payments, accounting support). This serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.
heeDoc is committed to keeping your personal information secure. We implement appropriate measures and take steps to protect personal information against loss and theft as well as unauthorized access, disclosure, copying, use, and modification using security safeguards, including physical, administrative, organizational and technological measures, appropriate for the sensitivity of your personal information.
We comply with industry standards that require safeguards for handling and securing customer information. These include using secure networks, encryption or other protection of cardholder information, physical and technical access controls, monitoring and testing of security systems, and implementation of the information security policies. heeDoc associates who have access to your personal information are made aware of the importance of keeping it confidential. When disposed of, the information is securely shredded, destroyed, erased, or otherwise made unreadable.
Please be aware that no security measures can guarantee complete security. You should also take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your login credentials private.
Individual(s) or companies that have been approved by us as a recipient of organizational Personal Information and from which heeDoc has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to heeDoc and include proposed Commercial Partners. No personal information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
All new hires entering heeDoc who may have access to Personal Information are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to Personal Information or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of Personal Information data and shall receive annual training regarding the security and protection of Personal Information data and company proprietary data.
heeDoc conducts audits of personal information maintained by heeDoc in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of personal information. Where the need no longer exists, personal information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, heeDoc will notify all affected individuals whose Personal Information data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
All company employees must maintain the confidentiality of Personal Information as well as company proprietary data to which they may have access and understand that such Information is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.
heeDoc views the protection of Personal Information data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under heeDoc’s discipline policy and may include suspension or termination in the case of severe or repeat violations. Personal Information violations and disciplinary actions are incorporated in heeDoc’s Personal Information onboarding and refresher training to reinforce heeDoc’s continuing commitment to ensuring that this data is protected by the highest standards.
You may have the right to request, twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties. In addition, you have the right to request that we delete the personal information we have collected from you.
You have the right to opt out of the sale of your information. To opt out, please contact us.
To help protect your privacy and maintain security, we take steps to verify your identity before granting you access to your personal information or complying with your request. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
We will not deny, charge different prices for, or provide a different level or quality of goods or services if you choose to exercise these rights.
During the prior 12-month period, we may have:
Collected the following categories of personal information about you:
Collected personal information about you from the following categories of sources:
Collected personal information about you for the following business or commercial purposes:
Disclosed for a business purpose the following categories of personal information about you:
Shared your personal information for the business purposes described above with the following categories of third parties:
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the information processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, you can contact us.
This Cookie Policy sets out how DeckDo Inc trading as heeDoc uses cookies and other digital technologies on the www.heedoc.com platform (hereinafter "heeDoc", "we", "our" or "us").
This cookie policy sits in line with the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Directive (PECD) and should be read in line with our Privacy Policy and GDPR Compliance Statement. If you have questions or comments, please contact us.
Cookies are small (temporary) text files that we transfer to your device that enable the collection of data from your device ("Cookies"). When you visit our website (hereinafter "Platform"), these files are downloaded to the browser directory or hard drive of your computer, tablet or smartphone (hereinafter "Device"). Each time you visit our Platform, the cookie and the Platform communicate with each other and thus recognise your Device. This is useful for both you and us. For example, a cookie can be used to save your text entries in form fields on the website so that you do not have to enter the same information again the next time you visit the website. This improves the user-friendliness of our platforms. We manage the cookies using a small program called a tool or tag.
We use first-party and third-party cookies. First-party cookies come from our platform and send information only to us; third-party cookies are placed on our platform by third parties and send information about your device to other companies that recognise that cookie. In most cases, the information in a cookie is pseudonymized or anonymized because cookies generally do not identify you as an individual, but rather your device. In a few cases, certain cookies may be linked to personal data. We will only process such information if you give us your consent or if the processing is necessary to enable you to use a certain service.
Please see our privacy policy for information on how we process personal data collected on our platform.
heeDoc uses cookies on the Platform to operate the Platform, to measure visits to the Platform, to provide social media functionality and to enable advertising and targeted advertising. We use the following categories of cookies:
Essential cookies:
These cookies are essential for the platform to function and cannot be disabled in our systems. They are usually set in response to your actions when you request a service, such as changing your privacy settings, when you sign in or when you fill out a form. You can set your browser to notify you of these cookies or to block them. However, blocking them will cause parts of the platform to stop working. These cookies do not store personally identifiable information.
Functional cookies:
These cookies enable the platform to provide improved functionality and personalization. They are set either by us or by third parties whose services we have added to our pages. If you do not allow these cookies, these services may not function properly.
Analytics or performance cookies:
These cookies allow us to count visits and track traffic flows so that we can measure and improve the performance of our platform. They help us to know which pages are most and least popular and to see how visitors move around the site. All the information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our platform and will not be able to monitor its performance.
Social Network Interaction and Widgets:
Social network widgets, buttons and plug-ins on the Platform passively transmit data relating to social network members on the relevant social network. These technologies may allow a social network to personally identify its members and know the web sites its members have visited. This is always the case when social network buttons are embedded. If you are a member of a social network or use web services in these categories, you should check the privacy policies of these services to find out what data they collect and whether the respective service offers options on how the data is collected and used. If you disable advertising cookies, the passive tracking associated with these buttons will be blocked on our platform.
How can I make choices about cookies and my privacy?
You can manage your cookie settings using the setting options listed below or by configuring your browser settings. Most browsers are pre-set to accept cookies by default. However, you can configure your respective browser so that it only accepts certain cookies or not at all. You can also use your browser settings to delete cookies already stored in your browser or to have the storage period displayed. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various browsers can differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options. Below you will find general instructions on how to manage cookies for the most popular browsers: Google Chrome, Microsoft Internet Explorer and Edge, Mozilla Firefox, Apple Safari, Opera Web. You would like a comprehensive overview of all third-party accesses to your Internet browser, we recommend that you install specially developed plug-ins for this purpose.
Cookies have a lifetime. Some cookies are deleted when you close your browser. Others (for example, those with login details) can remain on your computer for years if you do not delete them. You can delete cookies at any time. Click on one of the links below to go to your browser's user manual. After deleting cookies, you may need to log in again to some websites or specify your preferences.
You can also use cookie blockers such as "DoNotTrackMe". Please note that if you refuse cookies, some functions on the platform may be restricted or unavailable. We therefore recommend that you accept cookies from us and our partners in your browser settings.
First party and third-party cookies commonly used on the Sites are listed in the table below. We strive to keep this list current and will update it accordingly. In any case, you can always manage all cookies and other tracking technologies used on the Platform.
| Cookie | Type | Description | Lifespan |
|---|---|---|---|
| _ga | Analytics | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. | 2 years |
| _gid | Analytics | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. | 1 day |
| gat_gtag_UA_211472656_ | Analytics | Set by Google to distinguish users. | 1 minute |
We update our cookie policy from time to time. Check back regularly to stay aware of the latest version.
For more information about cookies, please contact us.If you would like to know more about how we use personal data in general, please read our privacy policy.
This GDPR Compliance Statement sits in line with our Privacy Policy, is supplemental and applies to all users within the European Union that are using our services. As such DeckDo Inc trading as heeDoc proceeds with all data processing procedures (e.g., collection, processing, and transmission) in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation). Nothing in this Statement is intended to contradict or limit the applicability of the information provided in our Privacy Policy.
The following provides you with an overview of the type of data collected and how it is used and passed on, the security measures we take to protect your data and how you can exercise your rights.
The responsible entity according to Art. 24 GDPR is:
DeckDo Inc trading as heeDoc
A company duly incorporated in Texas, USA
www.heedoc.com
heedocinfo@gmail.com
You may contact us
if you:
Please note that deletion of information essential to account management and services may result in termination of services provided to you.
We will make every effort to respond to your requests in the shortest possible time, and always in strict compliance with applicable law. In some cases, requests for deletion may not be honored immediately, due to a legal obligation.
First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Art. 15 - 22 GDPR. This includes:
To assert these rights, please contact us. The same applies if you have questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
The processing of your personal data may be based on the following legal grounds:
These are categories of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying a natural person; health data; and data about a natural person's sex life or sexual orientation. Depending on the services you are requesting the collection of such data may become necessary, if we do require Special Category Data, we will request those separately after your consent is obtained.
We process and store your personal data only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal data will be deleted or blocked.
In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.
The legal basis for this data processing is Article 6 (1) sentence 1 lit. b of the GDPR, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly.
In addition, the data serve us to optimize our website and to ensure the security of our IT systems and the processing is based in this respect on Art. 6 (1) lit. f GDPR. For this reason, the data is stored for a maximum of 7 days as a technical precaution.
We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under "Your rights").
In order to establish or implement the contractual relationship with our customers, it is regularly necessary to process the personal master, contract and payment data provided to us. The legal basis for this processing is Art. 6 (1) b) GDPR. We also process customer and prospect data for evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) lit. f GDPR and serves our interest in further developing our offer and informing you specifically about WRPSA offers. Further data processing may take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves the fulfilment of a legal obligation (Art. 6 para. 1 letter c) GDPR).
Based on Art. 6 para. 1 lit. c and f GDPR, we use and store your personal data and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems. This also takes place insofar as we are legally obliged to do so, for example due to official or court orders, and for the exercise of our rights and claims as well as for legal defense.
When contacting us, the personal data transmitted will be stored. This data is processed exclusively for the purpose of answering the enquiry. The legal basis for the processing is Art. 6 (1) lit. f.) GDPR or Art. 6 (1) lit. b) GDPR if the enquiry is aimed at concluding a contract. The data will be deleted when the purpose of the processing no longer applies, e.g., the enquiry has been conclusively answered. You can object to the processing of your personal data at any time by contacting us.
If you have provided us with your e-mail address when using our Services, we reserve the right to regularly send you e-mail offers for similar services. We do not need to obtain your separate consent for this. In this respect, the data processing is carried out solely on the basis of our legitimate interest Art. 6 (1) lit. f.) GDPR in personalized direct advertising. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails.
You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible person named at the beginning. After receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. If you wish to object to the data analysis for statistical evaluation purposes, you must unsubscribe from the marketing.
We use cookies on our web sites. Cookies are small text files that are stored on your device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person.
We use session cookies and permanent cookies on our web sites. The processing is carried out on the basis of Art. 6 (1) lit. f.) GDPR and in the interest of optimizing or enabling user guidance and adapting the presentation of our platform. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent the setting of new cookies. Please note that our web sites may then not be displayed optimally, and some functions may no longer be technically available.
Insofar as you have given your consent to this in accordance with Art. 6 (1) lit. f.) GDPR, we use the following cookies and other technologies from third-party providers on our web site. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future.
Your personal data will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.
We pass on your personal data for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact a store or our customer hotline with questions, complaints or returns as well as other complaints, they will also receive access to your order data in order to be able to process your request.
For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the delivery of services or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).
Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.
We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offences or for the exercise and enforcement of our rights and claims.
As a service provider based globally, we take additional measures to ensure an adequate level of data protection for the transfer of personal data in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country including Nepal, Australia and the USA are met (e.g., by concluding EU standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).
We have taken a variety of security measures to protect personal information to an appropriate extent and adequately. All information held by us is protected by physical, technical, and procedural measures that limit access to the information to specifically authorised persons in accordance with our Privacy Policy and this Statement.
Our website is behind a software firewall to prevent access from other networks connected to the Internet. In addition, only employees who need the information to perform a specific job are granted access to personally identifiable information. These employees are trained in security and privacy practices and treat your information confidentially.
The transmission of your personal information during an order transaction in the online shop is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3).
Our web site uses Google Analytics to design and improve the web site according to your needs. Google Analytics uses so-called cookies, which are stored on your terminal device, and which enable an analysis of your use of the website. The information generated by the cookie is usually transferred to a Google server in the USA and stored there. We use the extension of IP anonymization (so-called IP masking) on this website, i.e., your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.
The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR.
You can object to the collection or analysis of your data by Google Analytics by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
The data sent by us and linked to cookies, user IDs (e.g., user ID) or advertising IDs are automatically deleted after 14 months.
For more information on the terms of use of Google Analytics, please visithttps://www.google.com/analytics/terms/.
We maintain online presences on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g., write articles on our online presences or send us messages.
This Policy Statement and our commitment to protecting the privacy of your personal data can result in changes to this Policy Statement. Please regularly review this policy to keep up to date with any changes.
Any comments or queries on this Policy Statement should be directed to us. If you believe that we have not complied with this Policy Statement or acted otherwise than in accordance with data protection law, then you should contact us.
At DeckDo Inc trading as heeDoc (hereinafter "heeDoc", "we", "our" or "us"),we take all necessary measures to comply with the most stringent privacy and security regulations,including HIPAA guidelines. The heeDoc platform is designed to enable our customers to comply with such requirements under applicable patient privacy laws.
In addition, heeDoc takes all reasonable steps to keep the use or disclosure of protected health information to an absolute minimum in order to provide the promised services to its customers. heeDoc works hard so that its products and services meet or exceed industry standards with respect to the U.S. Health Insurance Portability and Accountability Act ("HIPAA") of 1996.
The Health Insurance Portability and Accountability Act (HIPAA) establishes two important rules for your practice in connection with the use of heeDoc: the security provision and the privacy provision, which are established under a general HIPAA category called the Administrative Simplification Act. Both provisions affect the transmission, storage, and management of patient information.
In the security provision: the HIPAA security provision became effective on April 21, 2003. Its purpose is to protect confidential medical information. The security provision establishes guidelines to facilitate the storage, maintenance, and transmission of protected health information in a "secure electronic environment" for a medical practice. This includes administrative procedures and physical safeguards, as well as technical measures to control and monitor access to protected health information and prevent unauthorized access to data during transmission.
Privacy Rule: HIPAA's privacy rule addresses the use and disclosure of protected health information and became effective April 14, 2001. It required all practices to comply with the Privacy Rule as of April 14, 2003.
The Privacy Rule requires practices to make reasonable efforts to limit the use and disclosure of such protected health information by staff to the "minimum necessary" to perform their jobs. Practices are further expected to limit the likelihood of "inadvertent disclosure" to individuals for whom there is no reasonable need to know as a matter of law. In addition, practices must maintain a log of disclosures of certain protected health information that is not directly related to the patient's care.
heeDoc’s platform and services are designed with specific features to help our customers comply with HIPAA regulations. heeDoc uses a relational database that employs a secured username and password login process. This means users must have specific access rights, such as to edit or add data, or are denied access to certain data. When a user adds or changes data in the database, a record is created indicating the change. The revision log created in this way can be reviewed by authorized administrators.
heeDoc's support staff assists customers in using heeDoc’s platform in a HIPAA-compliant environment. All remote access by heeDoc support staff to patient data at the customer site is via a fully encrypted protocol.
HIPAA requires healthcare providers to enter into specific "business associate" contracts with certain entities to which they disclose patient health information. These business associate contracts generally require the recipients of such information to take appropriate precautions to protect the patient health information they receive. To perform certain service and support tasks, heeDoc employees may need access to patient health information maintained by heeDoc customers. As a result, heeDoc may be considered a business associate ("Business Associate") of the customers who receive these services. heeDoc is providing a new Business Associate standard contract for its customers that meets HIPAA requirements.
heeDoc's new Business Associate Agreement provides general assurances to customers that the company will use the patient data they submit only to provide services and support and will protect that data against misuse.
To implement these requirements for business associates and to protect the confidentiality and integrity of patient data received, the HIPPA Policy sets forth the following:
heeDoc has put together some suggestions to help ensure that your patients' data are managed by your practice in a responsible and HIPAA-compliant manner when using heeDoc:
In addition to complying with HIPAA security recommendations, heeDoc adheres to the FTC's Security by Design Guidelines:
heeDoc servers and supporting systems are protected from hackers and network intrusion by firewalls and other leading security measures.
Certain heeDoc staff and system administrators may need to access the heeDoc platform to provide operational / administrative support. Access rights are strictly controlled, and access is granted only to those who need it to support the heeDoc platform and its users. All heeDoc employees and subcontractors are required to sign confidentiality agreements. Access to the system is granted only after validation of the user's identification data, assigned role and system permissions.
Users must enter their username and password to gain access to the heeDoc platform. These credentials are created by users during registration. To reset a password, the information is sent to the user's email on file. If two-factor authentication is enabled, a unique passcode is sent via SMS after the account password is entered. Administrators do not have access to user passwords and passwords can only be reset by following a link sent via email User Request.
Encryption provides users with a secure way to exchange information with websites through their web browsers by (scrambling) the information as it is transmitted. This makes it unusable for anyone who does not have a protected decryption key to (decrypt) the information. heeDoc provides encryption for user interactions through Secure Socket Layer (SSL) technology with a robust 256-bit encryption key. heeDoc also uses industry-proven encryption standards, TLS) when health information is transmitted into or out of heeDoc.
The heeDoc server and supporting systems are physically secured and protected in world-class data centers. Access to the physical systems is carefully controlled through security measures at multiple levels. of authentication requirements (e.g., user keys, biometrics), security guard and registration check-in requirements, and state-of-the-art security monitoring and alert systems.
In accordance with HIPAA standards, heeDoc logs relevant details each time health information is viewed, edited, or exported to ensure system integrity.
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should contact us.
Welcome to heeDoc Platform (our “Platform”). Our Platform is a digital platform for booking medical services from anywhere in the world.
These General Terms and Conditions (the “Terms”) constitute a legal agreement between you and DeckDo Inc trading as heeDoc (hereinafter "heeDoc", "we", "our" or "us") governing the use of our Platform and our Services. We license use of our Platform to you on the basis of these Terms. We do not sell our Platform to you and we remain the owner of our Platform at all times.
“Applicable Data Protection Law” means the Personal Data Protection Law as relevant the Texas, Privacy Act, the Health Insurance Portability and Accountability Act and the General Data Protection Act, as relevant.
“Personal Data” has the meaning given under the Applicable Data Protection Law.
“Privacy Policy” means as applicable our Privacy Policy, HIPPA Compliance Statement and GDPR Compliance Statement.
“Related Content” means information, content, materials, products and other services included on or otherwise made available to you through the Services.
“Services”: means our services offered via our Platform or otherwise by us and any other software provided by us in connection with any of the foregoing.
“User”: means an individual who accesses and uses an Account.
You agree to indemnify and hold us, our related corporations and our respective directors, officers, employees, agents and representatives, independent contractors, licensees, successors and assigns harmless from and against all claims, losses, expenses, damages and costs (including but not limited to direct, incidental, consequential, exemplary and indirect damages), and reasonable legal fees, resulting from or arising out of your act, default or omission, whether in your use of our Platform, Services, and/or any websites or software in relation thereto or otherwise, and whether in respect of your breach of these Terms or any laws or regulations or otherwise.
The parties agree that (i) no arbitration proceeding hereunder whether a consumer dispute or a business dispute shall be certified as a class action or proceed as a class action, or on a basis involving claims brought in a purported representative capacity on behalf of the general public, other customers or potential customers or persons similarly situated, and (ii) no arbitration proceeding hereunder shall be consolidated with, or joined in any way with, any other arbitration proceeding. The parties agree to arbitrate a consumer dispute or business dispute on an individual basis, and each waives the right to participate in a class action.
Each of the parties hereto hereby irrevocably waives any and all right to trial by jury in any legal proceeding arising out of or related to this agreement or the transactions contemplated hereby.
