Revision June 23, 2021
By using the Services or providing Personal Information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of this Site.
We provide a fully-integrated Practice Management and Electronic Health Record application (“EHR”), specifically designed to support the needs of health and wellness practices (“Practitioners”) which are our clients. Practitioners purchase access to the cloud-based software as a service (“SAAS”) in order to record detailed medical charts and patient notes and streamline their medical practice management, including: scheduling; patient forms and notices; billing management; inventory management; medical reference data and materials; and writing herb and supplement scripts for their patients. We are a service provider and do not own or control the information that is submitted to us. The information that is submitted to us will be held subject to the requirements specified by our clients and applicable law, such as the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
Providers are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them are HIPAA and HITECH, and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of the Provider, we do so as its “business associate” (as also defined by HIPAA). We have reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of the individually identifiable information which we store and process on behalf of Providers.
Our Site is designed and intended for those who have reached the age of majority (18 years of age). By using our Site, you affirm that you are at least 18 years of age or older. We are not liable for any damages that may result from a user’s misrepresentation of age.
The following are the types of information we collect:
A “cookie” is a piece of text which asks permission to be placed on your computer’s hard drive. Once you agree, this cookie file is stored on the hard drive of your computer.
All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies, you may be unable to access particular parts of our Site.
The information that we collect and store relating to you is used to enable us to provide our Services to you in the best possible manner. In addition, we may use the information for the following purposes:
Our collection, use, and disclosure of information are generally governed by participation agreements with Providers. We keep your information for the period of time that you or your Provider has an account with us, and we are providing Services to you. Information maintained to provide these Services to you is retained only for as long as we have a valid business purpose or required by law. When it is no longer necessary to retain your personal information, we will delete or anonymize it.
Our Services are intended for use solely within the United States. Information may be held at our offices and those of our third-party agencies, service providers, and agents. Some of these third parties may be based outside the United States.
Where applicable, we may disclose your personal information to any affiliated business entities to provide Services to you or with service providers that assist with your Service (for example, hosting companies).
We may also disclose your personal information to third parties:
Our websites may contain links to third-party websites. While we endeavor to work with third parties that share our respect for user privacy, we are not responsible for the websites or privacy practices of such third parties. We may also use third-party advertisers, ad networks, and other advertising, marketing, and promotional companies, to serve advertisements on our websites. Such third parties may gather information about your visit to our websites or other websites, monitor your access to or market products or services to you, monitor the ads you view, click-on, or interact with, when they were delivered, and the screens and pages that they are on.
Our Calendar integration is used to sync appointment information from the UP system to your Google Calendar. When you choose to enable calendar sync we will take that as your permission for us to share with Google whatever information you have given us that is needed for that service. UP uses Google user data to view your calendar list, store the selected calendar identifier, and creating, editing, deleting events in the selected calendar. The Google Calendar integration is a one-way sync that only allows us to add, edit and delete events that were created by UP. Events you created outside of UP are not being viewed or accessed. When creating an event, we do not share PHI with Google, therefore you will not see your client’s name, email, or any other PII details about the appointments in your calendar. UP does not share Google user data with others. Our application does not share your health information with Google Calendar.
We follow generally accepted industry standards to protect the personally identifiable information as well as the financial data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.
If we learn of a breach of our security system or processes, we may attempt to notify you electronically so that you can take appropriate protective steps. By using our websites, or providing personally identifiable information to us through them, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our websites. In the event of a breach, we may post a notice on our websites and/or send you an email at the email address you provided.
You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please contact us using the contact information below.
By providing a telephone number to us, you agree that we can contact you at the number you provide, potentially using automated technology (including texts/SMS messaging) or a pre-recorded message.
We may send you, when necessary, service-related communications (example: temporary suspension of service for maintenance).
California Residents – Your Privacy Rights
California Information-Sharing Disclosure
(As provided by California Civil Code Section 1798.83)
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, if the business has made such a disclosure of personal information, upon receipt of a request by a California customer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.
California customers may request further information about our compliance with this law by e-mailing firstname.lastname@example.org. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through this e-mail address.
California Do Not Track Disclosure:
California Consumer Additional Information under California Consumer Privacy Act of 2018 (“CCPA”)
Please note that the CCPA does not apply to medical information governed by California’s medical privacy law (the Confidentiality of Medical Information Act), or to protected health information that is collected by a covered entity or business associate governed by the privacy, security, and breach notification rules under HIPAA or HITECH.
You will not receive discriminatory treatment by us for exercising your privacy rights conferred on you by the CCPA.
You have certain additional rights regarding your personal information, pursuant to California law. These include the rights to:
Please submit your request for information or deletion of information concerning you as noted below. In order to provide you with your requested information or to delete the information which we have concerning you, we must be able to verify that you are the person requesting the information or deletion. With your request please provide at least two items of information which you have previously provided to us for us to use for verification of your identity. If this is not sufficient, we will contact you for additional means of verification.
You may designate an authorized agent to make a request for you. If your agent has a power of attorney pursuant to California Probate Code sections 4000 to 4465, please provide proof to the same. If your agent does not have a power of attorney pursuant to California Probate Code sections 4000 to 4465, we will require you to provide the authorized agent written permission to make the request, verify your own identity directly with us and require your agent to submit proof that they are authorized by you to act on your behalf.
For information concerning you or for deletion of information concerning you, please email email@example.com or request by mail addressed to:
Fullsteam Operations LLC
Attn. Compliance CCPA
540 Devall Drive, Suite 301
Auburn, AL 36832
Fullsteam Operations LLC
540 Devall Drive, Suite 301
Auburn, AL 36832