How We Collect and Store Your Information
To book an appointment via the Services, DocASAP requires you to create a user account and in doing so, you will need to provide us with your email address, first and last name, physical address, date of birth, gender, insurance information, and phone number. The Site also automatically collects your Public IP Address and browser type upon your visit.
In addition to the information collected for your user account and scheduling an appointment, DocASAP stores the following information:
- DocASAP stores your appointment history and contact information in order to facilitate future appointment requests.
- DocASAP stores server logs of user session activity in order to optimize site interface for faster and easier bookings.
- DocASAP stores cookies on your hard drive in order to save field entries (e.g., location, username, and password) in order to permit a more streamlined booking experience. You can set your browser to block cookies if you would not like your hard drive to save DocASAP cookies.
- DocASAP will only store user information specific to a DocASAP client for the duration of DocASAP’s contractual relationship with that client (e.g. your appointment with a primary care doctor, Dr. John Doe, is stored until we no longer have an active contract with Dr. John Doe). Information relating to a former DocASAP client will be promptly deleted once DocASAP’s relationship with the former client is officially ended.
- DocASAP will also save personal correspondence sent from you to DocASAP, including reviews/feedback regarding a particular appointment or doctor and “help” emails for the purpose of ensuring we provide the best possible Service.
- DocASAP stores your information for as long as your user account is active, and you may cancel your user account at any time.
HIPAA and PHI
Protected health information or “PHI,” as defined by the Health Insurance Portability and Accountability Act (HIPAA), is any individually identifiable health information that a healthcare provider or another “business associate” to your healthcare provider receives about you. The information you enter into the DocASAP Services that is medical information may be considered PHI. Furthermore, DocASAP may receive PHI from or on behalf of your healthcare provider. In this role, DocASAP is defined as a “business associate” in HIPAA and DocASAP only uses your PHI according to HIPAA and may only use such PHI in accordance with permissions and/or consents given by you or your healthcare provider.
How We Use Your Information
- DocASAP only uses your personal information to facilitate your appointments and to send you DocASAP reminders or promotions via the Services.
- DocASAP only uses your session activity server logs to optimize the DocASAP Site’s interface.
- DocASAP aggregates non-personally identifiable data so that healthcare providers can understand patient appointment demand habits and preferences.
When We Disclose Your Information
DocASAP will not sell any personally identifiable information or any PHI to any third party. DocASAP will only share your personally identifiable information or PHI to healthcare providers with whom you book appointments. DocASAP takes significant steps and has installed safeguards to protect your data on its secure servers and in internal communications. DocASAP does reserve the right to share non-personally identifiable information about your appointments. As a specific example, if you submit a review on a healthcare provider, DocASAP reserves the right to publish that review anonymously on the Site. Also, DocASAP reserves the right to provide non-personally identifiable and aggregated statistics on patient appointment demand preferences and habits to practices and third-parties in order to inform them how to optimize their scheduling practices.
DocASAP disclaims responsibility for potential disclosures of data by either healthcare providers that you have booked appointments with or other third parties. As required by law, DocASAP will comply with court-ordered requests to provide your contact information.
How We Secure Your Information
DocASAP uses secured infrastructure to store your data, and protects data transmissions using firewalls, company policies, and Secure Socket Layer (SSL) transactions. Despite these strong data security standards, DocASAP cannot always prevent data breaches, especially by third parties. DocASAP will do its best to protect private personal information, yet the sharing of such information with us is at your own risk.
Security for Reminders By registering with DocASAP and booking appointment(s) via the Services, you acknowledge and agree that your provider may send reminders and/or changes regarding your appointment via DocASAP. These reminders may be in the form of messages via SMS text, email and/or within the DocASAP platform. You have the ability to select or de-select these notification methods at any time in your DocASAP profile.
Despite DocASAP’s commitment to the protection and safety of your sensitive information, an appointment reminder sent to you via email might not be “end to end encrypted” depending on your personal email provider. Meaning, DocASAP cannot guarantee the delivery of an email to your personal email account will be encrypted and secure after the point that email is received by your personal email provider (e.g. Google, Yahoo!, etc.). If you select the option to be notified of appointments via email, such communications are subject to these encryption limitations.
How You Can Manage Your Information
If you wish to modify any of your account information or delete your account, you can do so by accessing the personal settings in your DocASAP account. At any time, you may also provide written request via email to [email protected] for us to erase any information we are storing on your behalf from your account unless there is a legal reason to not do so.
Revisions, Changes, and Updates To This Policy
Last Revision Date: April 25, 2019.