Privacy Policy

Effective: 9/17/2017

Revised: 2/29/2024

At MyEyeDr., we want you to look, see and be well.  We believe you have the right to know what information we collect from you and how we protect your privacy.  This Privacy Policy is the foundation for all interactions with us on this website or through the use of our applications.  By using our services, you are agreeing to the collection, use, disclosure, and procedures described in this Privacy Policy.  Please be aware that this Privacy Policy does not extend to third party websites and services, such as Facebook, Instagram, Twitter, Pinterest, Snapchat, and Linked-in, that we do not control, even if you access them through our websites or applications.

The entities conducting business under the name “MyEyeDr.” (“MyEyeDr.”, “we”, “our” or “us”) make available a website having a uniform resource locator of www.myeyedr.com (the “Site”) and a web-based patient portal having a uniform resource locator of https://secure.myeyedr.com/my-account/login (the “Patient Portal”).  By using the Site, the Patient Portal, or any other services provided by MyEyeDr. on the Site or Patient Portal (collectively, the “Services”), you consent to the privacy practices described in this Privacy Policy.

We may periodically make changes to this Privacy Policy and in such event will post a new version of this Privacy Policy on the Site and/or the Patient Portal.  It is your responsibility to review this Privacy Policy each time you visit the Site and/or the Patient Portal and remain informed about any changes to it.  Your continued use of the Site, the Patient Portal, or the Services after any changes are made to this Privacy Policy constitutes your agreement to the Privacy Policy as modified.

We understand the importance of your privacy and are committed to maintaining the confidentiality of your personal information, including your protected health information.  Additional privacy practices related to the protection of your protected health information can be found in our Notice of Privacy Practices, which is located below.

1. Privacy Practices Related to All Personal Information Collected by MyEyeDr.

COLLECTION OF INFORMATION

  • Using the Site, you can request an appointment with a MyEyeDr. doctor.  In order to request an appointment via the Site, you must provide to us certain information, such as the requested appointment date, the reason for your visit, your first and last name, email address, date of birth, address, phone number, and insurance information.
  • You may choose to register to use the Patient Portal.  When you register to use the Patient Portal, you will be required to provide certain information, including your first and last name, email address, phone number, and date of birth. In addition, during registration you will be assigned a username (usually your email address) and will be asked to create an account password (the username and password are collectively referred to herein as the “Credentials”) in order to access the Patient Portal.
  • Using the Patient Portal, you can provide MyEyeDr. with your medical history, insurance information, details regarding your lifestyle and hobbies, your current medications, etc.  You can also schedule an appointment with a MyEyeDr. doctor or submit a question to a MyEyeDr. doctor or other medical professional.  Further, you can view your current prescription information, upcoming appointments, recent orders, and other personal information that we maintain about you.
  • In addition to the information that you provide us via the Site, the Patient Portal, and the Services, MyEyeDr. automatically receives and stores certain types of information when you use the Services, such as your computer’s IP address, browser information, the domain and host from which you access the Internet, etc.

USE OF YOUR INFORMATION

  • If you provide information to us in order to schedule an appointment via the Site, we will use such information in order to schedule your appointment.  If you register to use the Patient Portal and use the Patient Portal to provide MyEyeDr. with your medical history, insurance information, etc., your information will be used by MyEyeDr. to provide you with optometry services and other services offered by MyEyeDr. to its patients.
  • We may use any of the information that you provide via the Site, the Patient Portal or the Services to provide you with the services that you have requested, to answer any questions you may have, and to assist you in using the Site, the Patient Portal, or the Services.
  • Information collected automatically by MyEyeDr. may also be used to improve the content and functionality of the Site, the Patient Portal, and the Services, to improve customer service, to process transactions, or to deliver new services.  Further, MyEyeDr. may use the anonymized, aggregated, and statistical data derived from the operation and use of the Site, the Patient Portal, and/or the Services (but not derived from your protected health information) (“Aggregated Data”) and may share this Aggregated Data with third parties.  For information about how we use your protected health information, please see our Notice of Privacy Practices.

DISCLOSURE AND SHARING OF INFORMATION

  • We will only sell or share your information with a third party as disclosed in this Privacy Policy and our Notice of Privacy Practices.
  • We will share your information with our employees who have a legitimate need to use such information in the performance of their duties.  We may also share your information with our affiliated companies, companies with which we have entered into a management agreement or other similar arrangements, and/or trusted third parties (such as agents and subcontractors) who assist MyEyeDr. in operating our Site and/or Patient Portal, providing the Services, or conducting business functions on our behalf.
  • We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of MyEyeDr., act in urgent circumstances to protect the personal safety of users of the Site, the Patient Portal or the Services, or protect against legal liability.
  • In the event MyEyeDr., or any of its office(s), is acquired by, or merges with or consolidates into, another entity, or if there is a sale of any of our assets, your information may be transferred to the entity acquiring us or our assets, or that survives the merger or consolidation.  Moreover, in the unlikely event that MyEyeDr. goes out of business or enters bankruptcy, information would be one of the assets that is transferred or acquired by a third party.  You acknowledge and agree that in the foregoing circumstances, your information may be disclosed to such third party (in whole or in part), and such third party may continue to use your information.
  • Except as set forth above or elsewhere in this Privacy Policy, or as required by law, you will be notified when your information may be shared with third parties and will be given the opportunity to object to, or if legally required, to authorize the sharing of this information.
  • Data obtained through MyEyeDr.’s promotional text messaging (SMS) program (“MyEyeDr. Promos”) will not be sold or shared with any third parties for third-party sales or marketing purposes. ​ ​

PROTECTION OF YOUR INFORMATION

  • MyEyeDr. uses a variety of security measures to make sure your information is reasonably safe.  We seek to secure your data through the programming of our Site, the Patient Portal, and the Services and the use of security measures that we deem appropriate for the type of data provided.
  • Notwithstanding the foregoing, we cannot completely guarantee that no part of our system will ever fail or be compromised.  If you ever suspect that the Site, the Patient Portal, or the Services have contributed to your information being compromised, please contact us immediately so that we can investigate and try to resolve the matter.

2. Information We Automatically Collect

We record certain information relating to your use of the Services, like the device and browser information, IP addresses, referring and exit pages, and search terms.  Like most websites, the Site, the Patient Portal, and the Services may incorporate technology such as pixel tags, web beacons, and cookies that allow us and our service providers to collect information about your actions using the Services.  Cookies are small text files stored by your browser on your computer when you use the Site, the Patient Portal, and the Services.  Cookies permit us to recognize users and avoid repetitive requests for the same information, understand your preferences for future visits, and compile data about site interaction to help us provide a better experience in the future.  You may be able to set your web browser to reject cookies entirely or require that it request permission from you before accepting each new cookie.  You may also delete cookies from your web browser once you leave a website.

3. Third Party Links

The Site, the Patient Portal, and the Services may contain links to other third party websites or applications (each, a “Third Party Site”).  Please be aware that we are not responsible for the privacy practices or policies of these Third Party Sites.  We therefore have no responsibility or liability for the content or actions of these Third Party Sites.  We encourage you to review the privacy policies and practices of each Third Party Site that you visit.

4. Minors

The Site, the Patient Portal, and the Services are not intended for use by, or directed to, persons under the age of 18.  Any individual who provides their information to MyEyeDr. represents to us that they are 18 years of age or older.

5. California Do Not Track Disclosure

At this time, MyEyeDr. does not respond to browser ‘Do Not Track’ signals.

6. California Shine the Light Law

California Civil Code Section 1798.83, known as the “Shine the Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.  We will never disclose your personal information to third parties for their direct marketing purposes without your authorization.  All other disclosures of personal information to third parties shall be in accordance with this Privacy Policy and our Notice of Privacy Practices.  However, if you would like to make a request for information under the “Shine the Light” law, please contact us by email at [email protected] or by mail at MyEyeDr., Attn: Compliance Department, 8614 Westwood Center Dr., Suite 900, Vienna, VA 22182. Requests may be made only once a year and are free of charge.

7. Contact Us

If you have questions and would like additional information, you may contact our Associate General Counsel, Greg Mayers, at:

8614 Westwood Center Dr., Suite 900, Vienna, VA 22182

[email protected]

NOTICE OF PRIVACY PRACTICES

Notice Origination: 10/01/2001

Notice Effective: 09/23/2013

Notice Revised Effective: 11/01/2023

This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.

We understand the importance of your privacy and are committed to maintaining the confidentiality of your medical information. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. This notice describes how we may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information.

TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

The most common reason why we use or disclose your health information is for treatment, payment, or health care operations. Examples of how we use or disclose information for treatment purposes are: setting up an appointment for you; testing or examining your eyes; prescribing glasses, contact lenses, or eye medications and faxing them to be filled; referring you to another doctor or clinic for eye care or services; or getting copies of your health information from another professional that you may have seen before us. Examples of how we use or disclose your health information for payment purposes are: asking you about your health or vision care plans, or other sources of payment; preparing and sending bills or claims; and collecting unpaid amounts (either ourselves or through a collection agency or attorney). "Health care operations" mean those administrative and managerial functions that we must do in order to run our office. Examples of how we use or disclose your health information for health care operations are: financial or billing audits; internal quality assurance; personnel decisions; participation in managed care plans; defense of legal matters; business planning; and outside storage of our records.

USES AND DISCLOSURES FOR OTHER REASONS WITHOUT PERMISSION

In some limited situations, the law allows or requires us to use or disclose your health information without your permission. Not all of these situations will apply to us; some may never come up at our office at all. Such uses or disclosures are: when a state or federal law man dates that certain health information be reported for a specific purpose, for public health purposes, such as contagious disease reporting, investigation or surveillance; and notices to and from the federal Food and Drug Administration regarding drugs or medical devices, uses or disclosures for victims of suspected abuse, neglect or domestic violence, uses and disclosures for health oversight activities, such as for the licensing of doctors; for audits by Medicare or Medicaid; or for investigation of possible violations of health courts or administrative agencies, disclosures for law enforcement purposes, such as to provide information about someone who is or is suspected to be a victim of a crime; to provide information about a crime in our office; or to report a crime that happened somewhere else, disclosures relating to worker's compensation programs, disclosures of a "limited data set" for research, public health, or health care operations, incidental disclosures that are an unavoidable by-product of permitted uses or disclosures or disclosures to "business associates" who perform health care operations for us and who commit to respect the privacy of your health information. In the event that this medical practice is sold or merged with another organization, your health information/record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group. Unless you object, we will also share relevant information about your care with your family or friends who are helping you with your eye care.

In the case of a breach of unsecured protected health information, we will notify you as required by law. If you have provided us with a current e-mail address, we may use e-mail to communicate information related to the breach. In some circumstances, our business associate may provide the notification. We may also provide notification by other methods as appropriate.

APPOINTMENT REMINDERS AND IN OFFICE IDENTIFICATION

We may use and disclose information about you by having you sign in when you arrive at our office. We may also call out your name when we are ready to see you. We may communicate with you electronically, by phone or through the mail to remind you of scheduled appointments, to tell you that it is time to make a routine appointment or to communicate regarding the status of your eyeglass or contact lens order. We may also communicate with you electronically, by phone or through the mail to notify you of other treatments or services available at our office that might help you. Unless you tell us otherwise, we send you electronic communications, mail you an appointment reminder on a postcard, and/or leave you a reminder message on your answering machine or with someone who answers your phone if you are not available.

OTHER USES AND DISCLOSURES

We will not make any other uses or disclosures of your health information unless you sign a written "authorization form" with content mandated by federal law. We may initiate the authorization process if the use or disclosure is our idea, or you may initiate the process for us to send your information to someone else. Typically, in this situation you will give us a properly completed authorization form or you can use one of ours.

If we initiate the process and ask you to sign an authorization form, you do not have to sign it. If you do not sign the authorization, we cannot make the use or disclosure. If you do sign one, you may revoke it at any time unless we have already acted in reliance upon it. Revocations must be in writing to the Compliance Officer at our office.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

The law gives you many rights regarding your health information. You can:

  • Ask us to restrict our uses and disclosures for purposes of treatment (except emergency treatment), payment, or health care operations. You have the right to request restrictions on certain uses and disclosures of your health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning health care items or services for which you paid for in full out-of-pocket. We will abide by your request unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request and will notify you of our decision. To ask for a restriction, send a written request to the Compliance Officer at our office.
  • Ask us to communicate with you in a confidential way, such as by phoning you at work rather than at home. We will accommodate these requests if they are reasonable, and if you pay us for any extra cost involved. If you want to ask for confidential communications, send a written request to the Compliance Officer at our office.
  • Ask to see or get copies of your health information. By law, there are a few limited situations in which we can refuse to permit access or copying. However, for the most part, you will be able to review or have a copy of your health information within 15 days of asking us (or sixty days if the information is stored off-site). You may have to pay for photocopies in advance. If your records are contained within an EMR (electronic medical records) system, you have the right to receive your information electronically through a secured and mutually satisfactory method. Health information may be sent electronically over unsecured methods if you have been advised of and fully understand the risks of this transmission. If no mutually satisfactory electronic method is found, paper records may be provided. If receiving your health information electronically, you may be charged for supply costs for any portable media, such as USB Drive or CD. If we deny your request, we will send you a written explanation, and instructions about how to get an impartial review of our denial if one is legally available. By law, we can have one 30-day extension of the time for us to give you access or photocopies if we send you a written notice of the extension. If you want to review or get photocopies of your health information, send a written request to the Compliance Officer at our office. You may also request electronic copies of your health information; this must be provided in a secure method such as on a thumb drive or through a secure web portal. 
  • Ask us to amend your health information if you think that it is incorrect or incomplete. If we agree, we will amend the information within 60 days from when you ask us. We will send the corrected information to persons who we know got the wrong information, and others that you specify. If we do not agree, you can write a statement of your position, and we will include it with your health information along with any rebuttal statement that we may write. Once your statement of position and/or our rebuttal is included in your health information, we will send it along whenever we make a permitted disclosure of your health information. By law, we can have one 30-day extension of time to consider a request for amendment if we notify you in writing of the extension. If you want to ask us to amend your health information, send a written request. including your reasons for the amendment. to the Compliance Officer at our office.
  • Obtain a list of the disclosures that we have made of your health information within the past six years (or a shorter period if you want). By law, the list will not include disclosures for purposes of treatment, payment, or health care operations; disclosures with your authorization; incidental disclosures; disclosures required by law; and some other limited disclosures. You are entitled to one such list per year without charge. If you want more frequent lists, you will have to pay for them in advance. We will usually respond to your request within 60 days of receiving it. But by law, we can have one 30-day extension of time if we notify you of the extension in writing. If you want a list or additional paper copies of this Notice of Privacy Practices, send a written request to our Compliance Officer.
  • By law, we will retain all your health information for at least seven (7) years after the last date of your encounter with one of our doctors. After this time your health information may be shredded or disposed of in another confidential method.

OUR NOTICE OF PRIVACY PRACTICES

By law, we must abide by the terms of this Notice of Privacy Practice (NPP) until we revise it. We reserve the right to change this notice at any time as allowed by law. If we change the NPP, the new privacy practices will apply to your health information that we already have as well as to such information that we may generate in the future. If we change our NPP, we will post the new notice in our office, make copies available, and post it on our website.

FOR MORE INFORMATION

If you think that we have not properly respected the privacy of your health information, you are free to complain to our office or to the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you if you make a complaint. If you prefer to complain directly to us, please send a written complaint, attention MED Compliance Officer, to 8614 Westwood Center Dr., Suite 900, Vienna, VA 22182. If you prefer to communicate via email, or if you would like additional information, please contact our Compliance Officer at [email protected].