Last Modified: December 2, 2019
Our policy regarding the collection and use of your information via the Myelin Solutions, Inc (“Myelin”) online platform and other services (the “Services”) is set forth below (the “Policy”).
MYELIN MAY REVISE THIS POLICY REGARDING THE COLLECTION OF INFORMATION AT ANY TIME. SHOULD ANY NEW POLICY TAKE EFFECT, MYELIN WILL GIVE NOTICE TO YOU AND ALL USERS BY POSTING A NOTICE REGARDING THE NEW POLICY ON THE ONLINE PLATFORM, AND THE NEW POLICY WILL APPLY ONLY TO INFORMATION COLLECTED THEREAFTER.
BY ACCESSING OR USING THE SERVICES AFTER SUCH CHANGES ARE POSTED, YOU AGREE AND CONSENT TO ALL SUCH CHANGES.
Your use and disclosure of any identifiable health information is subject to the privacy practices as specified by your employer or institution. We cannot control any use of a patient's identifiable health information. Please contact your manager or employer for a copy of their privacy practices. Myelin provides the Services on behalf of your employer and therefore protects identifiable health information as required by the applicable agreement between Myelin and your employer and in accordance with applicable law. If you have any issues with the identifiable health information managed by your employer, please contact them directly, as we have no ability to change the information that has been provided to us through the platform.
Disclosure of Information Practices
If we collect information from or about you via the Services, we will tell you what information we are collecting. The amount and type of information that we receive depends on how you use the Services and the information you choose to submit to us, in addition to the information we receive from your electronic health record (EHR), the accountable care organization (ACO) associated with your employer, and payer data from insurers and physicians, all of which are subject to your employer’s privacy policies as noted above.
We may track use of your account and may also capture the paths taken as you move from page to page (i.e., your "click stream" activity) for purposes of studying or improving the Services. When you log in, your user name and encrypted password will be logged by our system in an audit log but will not be otherwise used by us.
As a user of the online platform and if available, you may also choose to use the secure messaging feature of the Services which will allows the exchange of communications between clinicians and which may contain identifiable health information. Communications sent via this feature are recorded and maintained by Myelin, but are not shared with any third party except in accordance with this Policy. Users have the ability to view the trail of messages received and sent via their online account. Myelin does not edit the content of the communications between clinicians, including to censor any personal information.
Identifiable Health Information
You are not required to provide identifiable health information to use the Services.
When you register for the Services of this platform, the registration process requires you to choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name and password, you understand that those individuals to whom you share that information will have access to identifiable health information and will be able to add to your identifiable activity as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password.
If you are a registered user of the Services, identifiable health information of your patients currently stored electronically in the electronic health record will become temporarily accessible to Myelin in order to provide you access to such information through the online platform. Myelin does not maintain permanent records of such identifiable health information, serving rather as an aggregator of data from sources where the records permanently reside, including insurers and electronic health records.
Non-Identifiable Health Information
Either Myelin or our third party web statistics vendor may also collect non-identifiable information, which is automatically collected as you browse or otherwise access the Services and the online platform. We may collect such information by tracking, or asking our third party vendor to track, your click-stream activity when such information is not tied to a user ID through the use of "cookie" technology or by tracking internet protocol (IP) addresses, as explained below.
Like many companies, we may use "cookie" technology on and off the Services and online platform. “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. They enhance your online experience by saving your preferences while you are visiting a particular website. The cookies do not contain any identifiable health information and cannot profile your system or collect information from your hard drive. If you visit our Services again after deleting a cookie, a new cookie may be activated.
When you use the Services we may place a cookie on your computer, which may be either temporary or permanent. Temporary cookies are used to complete transactions with the Services and for other purposes such as counting the number of visits to our certain web pages. These temporary cookies are eliminated when you exit your browser.
A permanent cookie may also be stored on your computer by your browser. When you log in, this type of cookie tells us whether you've visited us before or if you are a new visitor. The cookie doesn't obtain any identifiable health information about you or provide us with any way to contact you, and the cookie doesn't extract any information from your computer.
The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting certain types of cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Please note that disabling temporary cookies may prevent you from using and accessing the Services, and in particular will make you unable to see any personalization on the online platform.
We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Services. By collecting your IP address, we may record the page that linked you to the Services, the web pages you visit, the ads you see or click on, and other information about the type of web browser, computer, platform and settings you are using, and any search terms you enter on the online portal or elsewhere in the Services.
We may combine non-identifiable information collected automatically (such as through IP addresses, cookies or click-stream monitoring) with any previously submitted personal information that we may have received from you.
We may collect your geographic location based on your IP address and other location-based data.
We may also use various third party internet vendors to collect, track and analyze track analytical data regarding Website usage and trends.
How Will Your Information Be Used And Disclosed?
Identifiable Health Information
We may use any identifiable health information we have collected or other information that you voluntarily provide us in order to provide you with information, products or services that you may request from Myelin.
If you are a patient or the legal representative of a patient, any identifiable health information created via the Services will be made accessible to your physician and will become a part of the records maintained by your physician, which records are subject to your physician's Notice of Privacy Practices. Myelin has no control over or responsibility for your physician's use or disclosure of information that may be provided via the Services.
To the extent permitted by applicable law, Myelin may use your participation in the Services to communicate to you special offers and featured items from third parties, Myelin, Myelin’s affiliates, and/or other suppliers and vendors. If you are receiving additional communications and special offers, you may revoke your authorization to receive such materials from Myelin via the online platform at any time by contacting us using the contact information below or as outlined in the applicable communication. We will implement your revocation as soon as is commercially reasonable. Myelin cannot control any communications and other materials that you may receive directly from third parties.
We will also use your information to customize your browsing experience and communicate with you and otherwise respond to your questions and suggestions regarding use of the Services as may be required or permitted by applicable law.
We may share your information only with our suppliers and vendors to the limited extent permitted by applicable law. We require those suppliers and vendors to comply with all applicable data privacy laws and regulations, including HIPAA. We do not sell, lease or rent your identifiable health information. We may also use your geographic location to provide you with specific content and direct you to your closest service providers to the extent permitted by applicable law.
Non-Identifiable Health Information
The non-identifiable, aggregated health information we collect may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze website usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.
We may aggregate and deidentify in accordance with HIPAA identifiable health information, either alone or with other data to create anonymous "aggregate data" regarding the users of our Services. Aggregate and deidentified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you but will be used as statistical information to determine such things as user demographics and usage patterns of our Services. Myelin may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties, including for the purpose of getting targeted content to you by third party vendors, suppliers, business partners and/or affiliates a picture of our community and services and/or participation in surveys or receipt of emails from third parties.
Other Use and Ownership
We also reserve the right to share your information collected via the Services with third parties to the extent permitted by applicable law including but not limited to the requirements under HIPAA, and, in the case of identifiable health information, pursuant to Myelin's business associate agreement with the applicable physician.
While no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Services as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers ("SSL") technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages or communications a person directs to Myelin or the clinician team) to create a protected connection between you and our website to ensure confidentiality.
Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Services.
In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.
In order to help maintain security, you should never share your user ID or password and should always sign out when you are finished using the online platform and other Services.
We will maintain your information and allow you to request updates at any time by logging into your online account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.
Third Party Websites
What if I am accessing this Portal from outside of the United States?
If you are using the Services from outside the United States, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. By using the Website or platform, you consent to the transfer of your information to our facilities and those third parties with whom we share it as described in this Policy.
Citizens of the EU
In May of 2018, the General Data Protection Regulation entered full force, governing the collection and use of data related to residents of the European Union. While we do not target residents of the EU in our data collection process, it is possible that we may collect personal information pertaining to such an individual in the ordinary course of business. If you are a resident of the European Union, you are entitled to certain rights pertaining to your personally-identifying information, including the right to have all of your information on our system deleted. While our Services do not maintain permanent records of patients or other users, we have put in place processes to cleanse the system of any information that may be used to personally identify you and have placed similar requirements on our contractors. We will not store information that can be used to identify you without your consent.
Transfer of Data
Important Note Regarding Children
The Services are not intended for use by children under 18 years of age, and any information submitted via the Services regarding a minor under the age of 18 requires prior consent by the minor’s legal representative. Myelin does not collect or otherwise use identifiable health information about minors except to the extent it may be pertinent to the health record of an adult user (for example, the birth dates of children in the medical records of a women in the care of an obstetrician). To the extent permitted by applicable state law, minors may access their identifiable health information through their physician.