CirrusMD has developed and operates a mobile application and Internet-based healthcare communications software platform designed to offer secure patient-to-healthcare-provider messaging and video chat, scheduling, patient data capture/access and other related services and products (the "Platform").
CirrusMD takes the utmost care when it comes to patient data security and privacy. Only your health care plan, health care plan administrator, health care providers, their approved physician call groups, specifically approved members of a healthcare provider's staff (collectively "Providers"), any Business Associates (as such term is defined pursuant to the Health Insurance Portability and Accountability Act of 1996 – "HIPAA") of a Provider, and you will have access to your Protected Health Information ("PHI"). CirrusMD is HIPAA compliant, and we utilize industry best practices regarding data security. CirrusMD is in compliance with all pertinent laws and regulations associated with PHI and healthcare data security.
Because CirrusMD's service enables communications between patients and healthcare providers, we request that you provide similar information to what is required when you visit your doctor's office. At registration, you will be asked to provide specific information that falls under the category of PHI; this may include the collection of contact information, as well as certain health information, including health conditions, medications and allergies. This information may be checked and confirmed by Providers for accuracy. After initial registration is complete, both you and Providers may update your health profile within CirrusMD.
CirrusMD offers various forms of communication services, including messaging, phone and video chat, and the Platform contains an online personal health record. Your participation in these forms of communication is voluntary. Any information disclosed to any Provider via the Platform is at your sole discretion. Information provided via these communications may be used to update your personal health record.
CirrusMD may contact you by email or phone for a variety of reason, including to resolve service or billing issues, deliver information about our services, get your feedback on the Platform and our services, analyze site usage, provide you with administrative or system messages, or as otherwise described to you at the time of contact.
CirrusMD may request financial information from you. At registration, you may be required to provide credit card information to complete your registration for our service. This information is used for billing purposes. Please be sure to keep any such payment information up-to-date to guarantee continuity of service.
Use of Data
CirrusMD does maintain personal non-PHI information in an administrative account for record keeping purposes, including but not limited to name, address, email address and phone number. We may also maintain records dealing with site usage and activity, some of which are required for security purposes.
Providers may utilize medical or other information contained in your medical records or patient files to update or supplement your health profile or other information about you within the Platform. In addition, information about you (including but not limited to PHI) may be shared via electronic or other forms of integration between the Platform and various systems used by Providers or other healthcare organizations (for example, medical record-keeping/storage systems, Electronic Health Records, Electronic Medical Records, health information exchanges and billing systems)..
HIPAA & Data Security
CirrusMD is in compliance with HIPAA and with all pertinent laws and regulations associated with the storage and transmission of PHI. All data is encrypted both in transit and at rest, whether on our servers or your mobile device or computer.
CirrusMD may collect and store: (i) the IP address of the computer you are using; (ii) the domain and host name from which you access the Internet; (iii) your browser software and your operating system; (iv) the date and time you access the service; and (v) the Internet address of the Web site from which you directly linked to CirrusMD. CirrusMD uses this log file information to analyze trends, administer the Platform, monitor service traffic and usage patterns for internal security purposes, and to help make the Platform function in an optimal manner.
Third Party Services
Resale of Data
We will never resell or rent your contact information to third-parties.
CirrusMD may use non-identifiable anonymous data that is taken from your personal health profile and combine it with other anonymous data. In aggregate this data may be provided or sold to third parties. This data will not identify you but will be used as statistical information to determine things like user demographics and usage patterns. CirrusMD may also use aggregated data within Platform to better understand the needs of you and other users.
You should make sure to create and use a password to access the Platform that is both sufficiently complex and private to ensure security. Some of our mobile services may also require a pincode in addition to a password. Do not disclose your password or pincode to any third parties. A CirrusMD representative will never ask you for your password or pincode.
For convenience, CirrusMD may allow you to stay signed in to our service for short periods of time, after which you will be logged out. You may be required to periodically reset your password or pincode for security purposes.
CirrusMD advises that you periodically change your password and any pincodes for security purposes.