Privacy Policy for MD Connect 24/7
Last Updated:2025-04-27
Compliance: This policy complies with HIPAA (US), PIPEDA (Canada), GDPR (EU), and other applicable privacy laws.
This Privacy Policy describes how TekFuse ("we," "us," or "our") collects, uses, discloses, and protects your personal and health information in compliance with applicable privacy laws when you use our telehealth application ("App"). By using the App, you agree to the terms outlined in this policy.
1. Information We Collect
a. Personal and Protected Health Information (PHI)
We may collect the following information when you use our App:
- Contact Information: Name, email address, phone number, mailing address.
- Demographic Information: Age, gender, date of birth, ethnicity (where required).
- Health Information (PHI): Medical history, symptoms, diagnoses, prescriptions, treatment plans, lab results, immunization records.
- Insurance Information: Policy numbers, provider details (if applicable).
- Payment Information: Credit card details (processed securely via PCI-compliant services).
- Device & Usage Data: IP address, device type, operating system, app usage logs, cookies.
b. Sensitive Data Handling
We adhere to strict standards for handling sensitive data:
- All PHI is protected under HIPAA (Health Insurance Portability and Accountability Act) in the US
- Personal health information in Canada is protected under PIPEDA (Personal Information Protection and Electronic Documents Act)
- EU user data is processed in accordance with GDPR (General Data Protection Regulation)
2. How We Use Your Information
We use your data for the following purposes, in compliance with applicable laws:
- To provide telehealth consultations and medical services (HIPAA Treatment purpose)
- To process payments and insurance claims (HIPAA Payment purpose)
- For healthcare operations including quality improvement (HIPAA Operations purpose)
- To comply with legal obligations (e.g., mandatory reporting laws)
- For security and fraud prevention
- With your consent for other specific purposes where required by law
3. Legal Basis for Processing (GDPR Compliance)
For users in the European Union, we process your data based on:
- Contractual necessity: To provide the services you request
- Legal obligation: To comply with healthcare regulations
- Consent: For specific processing activities where required
- Vital interests: When necessary to protect your health
4. Sharing Your Information
We may share your information only as permitted or required by law:
a. Healthcare Operations
- With healthcare providers involved in your treatment (HIPAA permitted)
- With other covered entities for coordination of care
b. Business Associates
- With third-party service providers under Business Associate Agreements (BAAs) as required by HIPAA
- With cloud storage providers using HIPAA-compliant platforms
c. Legal Disclosures
- When required by law (e.g., court orders, public health reporting)
- To prevent serious threat to health or safety
- For workers' compensation claims
d. With Your Authorization
We will not share your PHI for marketing purposes or with third parties not involved in your care without your explicit written authorization, as required by HIPAA and other privacy laws.
5. Data Security Measures
We implement comprehensive security measures including:
- End-to-end encryption for all data transmissions (TLS 1.2+)
- HIPAA-compliant cloud storage with access controls
- Regular security risk assessments as required by HIPAA Security Rule
- Secure authentication including multi-factor authentication
- Audit logs of all access to PHI
- Business Associate Agreements with all third-party vendors
- Data minimization principles
6. Your Rights Under Privacy Laws
a. HIPAA Rights (US Patients)
- Right to access and obtain a copy of your health records
- Right to request amendments to your health information
- Right to an accounting of disclosures
- Right to request restrictions on certain uses/disclosures
- Right to request confidential communications
b. GDPR Rights (EU Users)
- Right to access, rectification, and erasure
- Right to data portability
- Right to restrict or object to processing
- Right to withdraw consent
- Right to lodge a complaint with a supervisory authority
c. PIPEDA Rights (Canada)
- Right to access personal information
- Right to challenge compliance
- Right to request corrections
7. Data Retention
We retain your information as required by law:
- Medical records: Minimum 6-10 years as required by state laws (US) or provincial regulations (Canada)
- Financial records: 7 years for tax purposes
- EU data: Retained only as long as necessary for the purposes collected
8. International Data Transfers
For international users:
- EU-US transfers comply with EU-US Data Privacy Framework
- Other transfers use Standard Contractual Clauses or other approved mechanisms
- Data is stored in [specify locations] with appropriate safeguards
9. Breach Notification
In the event of a data breach involving PHI:
- We will notify affected individuals as required by HIPAA (within 60 days) and GDPR (within 72 hours where applicable)
- We will report to appropriate authorities as required by law
- We will take immediate steps to mitigate any harm
10. Changes to This Policy
We may update this policy to comply with changing regulations. Material changes will be:
- Posted in the App with advance notice where required
- Available with version history upon request
11. Contact Us