Privacy Policy

Effective Date: 9/17/2017

At MyEyeDr., we want you to look, see and be well.  We believe you have the right to know what information we collect from you and how we protect your privacy.  This Privacy Policy is the foundation for all interactions with us on this website or through the use of our applications.  By using our services, you are agreeing to the collection, use, disclosure and procedures described in this Privacy Policy.  Please be aware that this Privacy Policy does not extend to third party websites and services, such as Facebook, Instagram, Twitter, Pinterest, Snapchat, and Linked-in, that we do not control, even if you access them through our websites or applications.   

The entities conducting business under the name “MyEyeDr.” (“MyEyeDr.”, “we”, “our” or “us”) make available a website having a uniform resource locator of www.myeyedr.com (the “Site”) and a web-based patient portal having a uniform resource locator of www.portal.myeyedr.com (the “Patient Portal”).  By using the Site, the Patient Portal, or any other services provided by MyEyeDr. on the Site or Patient Portal (collectively, the “Services”), you consent to the privacy practices described in this Privacy Policy.  

We may periodically make changes to this Privacy Policy and in such event will post a new version of this Privacy Policy on the Site and/or the Patient Portal. It is your responsibility to review this Privacy Policy each time you visit the Site and/or the Patient Portal and remain informed about any changes to it.  Your continued use of the Site, the Patient Portal, or the Services after any changes are made to this Privacy Policy constitutes your agreement to the Privacy Policy as modified.

We understand the importance of your privacy and are committed to maintaining the confidentiality of your personal information, including your protected health information.  Additional privacy practices related to the protection of your protected health information can be found in our Notice of Privacy Practices, which is located below.

 

1.         Privacy Practices Related to All Personal Information Collected by MyEyeDr.

Collection of Information 

  • ​Using the Site, you can request an appointment with a MyEyeDr. doctor.  In order to request an appointment via the Site, you must provide to us certain information, such as the requested appointment date, the reason for your visit, your first and last name, email address, date of birth, address, phone number and insurance information.    
  • You may choose to register to use the Patient Portal.  When you register to use the Patient Portal, you will be required to provide certain information, including your first and last name, email address, phone number and date of birth.  In addition, during registration you will be assigned a username (usually your email address) and will be asked to create an account password (the username and password are collectively referred to herein as the “Credentials”) in order to access the Patient Portal.   
  • Using the Patient Portal, you can provide MyEyeDr. with your medical history, insurance information, details regarding your lifestyle and hobbies, your current medications, etc.  You can also schedule an appointment with a MyEyeDr. doctor or submit a question to a MyEyeDr. doctor or other medical professional.  Further, you can view your current prescription information, upcoming appointments, recent orders and other personal information that we maintain about you.   
  • In addition to the information that you provide us via the Site, the Patient Portal and the Services, MyEyeDr. automatically receives and stores certain types of information when you use the Services, such as your computer’s IP address, browser information, the domain and host from which you access the Internet, etc.

Use of Your Information

  • ​If you provide information to us in order to schedule an appointment via the Site, we will use such information in order to schedule your appointment.  If you register to use the Patient Portal and use the Patient Portal to provide MyEyeDr. with your medical history, insurance information, etc., your information will be used by MyEyeDr. to provide you with optometry services and other services offered by MyEyeDr. to its patients.  
  • We may use any of the information that you provide via the Site, the Patient Portal or the Services to provide you with the services that you have requested, to answer any questions you may have, and to assist you in using the Site, the Patient Portal or the Services. 
  • Information collected automatically by MyEyeDr. may also be used to improve the content and functionality of the Site, the Patient Portal, and the Services, to improve customer service, to process transactions, or to deliver new services.  Further, MyEyeDr. may use the anonymized, aggregated and statistical data derived from the operation and use of the Site, the Patient Portal and/or the Services (but not derived from your protected health information) (“Aggregated Data”) and may share this Aggregated Data with third parties.  For information about how we use your protected health information, please see our Notice of Privacy Practices.

Disclosure and Sharing of Information

  • We will only sell or share your information with a third party as disclosed in this Privacy Policy and our Notice of Privacy Practices.
  • We will share your information with our employees who have a legitimate need to use such information in the performance of their duties.  We may also share your information with our affiliated companies, companies with which we have entered into a management agreement or other similar arrangements, and trusted third parties (such as agents and subcontractors) who assist MyEyeDr. in operating our Site and/or Patient Portal, providing the Services, or conducting business functions on our behalf. 
  • We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of MyEyeDr., act in urgent circumstances to protect the personal safety of users of the Site, the Patient Portal or the Services, or protect against legal liability. 
  • In the event MyEyeDr., or any of its office(s), is acquired by, or merges with or consolidates into, another entity, or if there is a sale of any of our assets, your information may be transferred to the entity acquiring us or our assets, or that survives the merger or consolidation.  Moreover, in the unlikely event that MyEyeDr. goes out of business or enters bankruptcy, information would be one of the assets that is transferred or acquired by a third party.  You acknowledge and agree that in the foregoing circumstances, your information may be disclosed to such third party (in whole or in part), and such third party may continue to use your information.
  • Except as set forth above or elsewhere in this Privacy Policy or as required by law, you will be notified when your information may be shared with third parties, and will be given the opportunity to object to, or if legally required, to authorize the sharing of this information.

Protection of Your Information

  • MyEyeDr. uses a variety of security measures to make sure your information is reasonably safe.  We seek to secure your data through the programming of our Site, the Patient Portal, and the Services and the use of security measures that we deem appropriate for the type of data provided.  
  • Notwithstanding the foregoing, we cannot completely guarantee that no part of our system will ever fail or be compromised.  If you ever suspect that the Site, the Patient Portal or the Services have contributed to your information being compromised, please contact us immediately so that we can investigate and try to resolve the matter.

2.         Information We Automatically Collect

We record certain information relating to your use of the Services, like the device and browser information, IP addresses, referring and exit pages and search terms.  Like most websites, the Site, the Patient Portal and the Services may incorporate technology such as pixel tags, web beacons and cookies that allow us and our service providers to collect information about your actions using the Services.  Cookies are small text files stored by your browser on your computer when you use the Site, the Patient Portal and the Services. Cookies permit us to recognize users and avoid repetitive requests for the same information, understand your preferences for future visits, and compile data about site interaction to help us provide a better experience in the future. You may be able to set your web browser to reject cookies entirely or require that it request permission from you before accepting each new cookie.  You may also delete cookies from your web browser once you leave a website.  

 

3.         Third Party Links

The Site, the Patient Portal and the Services may contain links to other third party websites or applications (each, a “Third Party Site”). Please be aware that we are not responsible for the privacy practices or policies of these Third Party Sites. We therefore have no responsibility or liability for the content or actions of these Third Party Sites. We encourage you to review the privacy policies and practices of each Third Party Site that you visit. 

 

4.         Minors

The Site, the Patient Portal and the Services are not intended for use by, or directed to, persons under the age of 18.  Any individual who provides their information to MyEyeDr. represents to us that they are 18 years of age or older.

 

5.         California Do Not Track Disclosure

At this time, MyEyeDr. does not respond to browser ‘Do Not Track’ signals.

 

6.         California Shine the Light Law

California Civil Code Section 1798.83, known as the “Shine the Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties.  We will never disclose your personal information to third parties for their direct marketing purposes without your authorization.  All other disclosures of personal information to third parties shall be in accordance this Privacy Policy and our Notice of Privacy Practices. However, if you would like to make a request for information under the Shine The Light law, please contact us by email at info@myeyedr.com or by mail at 1950 Old Gallows Rd., Suite 520, Vienna, VA 22182. Requests may be made only once a year and are free of charge.

 

7.         Contact Us

If you have questions and would like additional information, you may contact our Compliance Officer, David Wolff, at

1950 Old Gallows Rd.

Suite 520

Vienna, VA 22182

(703) 847-8899 x 244

 

Notice of Privacy Practices

Notice Origination: 10/01/2001 

Notice Revised Effective: 09/23/2013

Notice Revised Effective: 09/17/2017

This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.

 

1.         Privacy Practices Related to Protected Health Information 

In addition to the privacy practices described in our Privacy Policy (located at www.myeyedr.com/privacy-policy), we are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. This Notice of Privacy Practices (“Notice”) describes how we may use and disclose your protected health information.  It also describes your rights and our legal obligations with respect to your protected health information. 

For purposes of this Notice, “protected health information” is information that individually identifies you and that we create or get from you or from another health care provider, health plan, your employer, or a health care clearinghouse and that relates to (1) your past, present, or future physical or mental health or conditions; (2) the provision of health care to you; or (3) the past, present, or future payment for your health care.

  • Treatment, Payment & Health Care Operations

    • ​The most common reason why we use or disclose your protected health information is for treatment, payment, or health care operations. 

    • Examples of how we use or disclose information for treatment purposes include: 

      • Setting up an appointment for you;

      • Testing or examining your eyes;

      • Maintaining the Patient Portal;

      • Prescribing glasses, contact lenses, or eye medications and faxing them to be filled;

      • Referring you to another doctor or clinic for eye care or services; and

      • Getting copies of your protected health information from another professional that you may have seen before us. 

    • Examples of how we use or disclose your protected health information for payment purposes include: 

      • Asking you about your health or vision care plans, or other sources of payment;

      • reparing and sending bills or claims; and

      • Collecting unpaid amounts (either directly or through a collection agency or attorney). 

    • Examples of how we use or disclose your protected health information for health care operations include: 

      • Financial or billing audits;

      • Internal quality assurance;

      • Personnel decisions;

      • Participation in managed care plans;

      • Defense of legal matters;

      • Business planning; and

      • Outside storage of our records.  

  • Uses & Disclosures for Other Reasons Without Permission

    • ​In some limited situations, the law allows or requires us to use or disclose your protected health information without your permission. Not all of these situations will apply to us, and some may never come up at our office(s) at all. Such uses or disclosures include: 

      • When a state or federal law mandates that certain protected health information be reported for a specific purpose;

      • For public health purposes, such as contagious disease reporting, investigation or surveillance;

      • Notices to and from the federal Food and Drug Administration regarding drugs or medical devices;

      • Uses or disclosures of suspected abuse, neglect or domestic violence, if the patient agrees or if we are required or authorized by law to make the disclosure;

      • Uses and disclosures for health oversight activities, such as for the licensing of optometrists or audits by the Medicare or Medicaid programs;

      • Disclosures for law enforcement purposes, such as to provide information about someone who is or is suspected to be a victim of a crime;

      • To provide information about a crime in our office, or to report a crime that happened somewhere else;

      • Disclosures to avert a serious threat to health or safety;

      • Disclosures relating to worker's compensation programs; 

      • Disclosures or research under certain circumstances, or disclosures to “business associates” who perform services for us that involve the use or disclosure of your health information, such as billing or transcription services, and which commit to respect the privacy of your health information;

      • For organ and tissue donation;

      • For lawsuits and disputes;

      • For specialized government functions, such as military, veterans and national security functions;

      • To coroners, medical examiners and funeral directors so that they may carry out their duties; and

      • For inmates as permitted by law.  

    • Also, in the case of a breach of unsecured protected health information, we will use your protected health information to notify you of such breach as required by law.

  • Uses & Disclosures That Require Us to Give You an Opportunity to Object

    • ​Unless you object, we will also share relevant information about your care with your family or friends who are helping you with your eye care. 

    • We may also disclose your protected health information to disaster relief organizations to coordinate your care or notify family and friends of your location or conditions in a disaster. 

    • We will provide you with the opportunity to object or agree to such a disclosure whenever we practicably can do so.

  • Appointment Reminders & Treatment Alternatives & Services

    • ​We may use and disclose your protected health information to contact you to remind you that you have an appointment for medical care, to discuss the status of an order, or to contact you about possible treatment options, alternatives or services that may be of interest to you.

  • Other Uses & Disclosures

    • ​Uses and disclosures of your protected health information for marketing purposes and disclosures that constitute a sale of your protected health information will only be made with your written authorization. We will not make any other uses or disclosures of your protected health information unless you sign a written “authorization form” with content mandated by federal law. We may initiate the authorization process if the use or disclosure is our idea or you may initiate the process for us to send your information to someone else. Typically, in this situation you will give us a properly completed authorization form or you can use one that we provide.

    • If we initiate the process and ask you to sign an authorization form, you do not have to sign it. If you do not sign the authorization, we cannot make the use or disclosure. If you do sign the authorization form, you may revoke it at any time unless we have already acted in reliance upon it.  Revocations must be in writing to the Compliance Officer at the address shown below in the Section entitled ‘Contact Us’.

  • Your Rights Regarding Your Health Information

    • The law gives you certain rights regarding your protected health information. You can:

    • Ask us to restrict our uses and disclosures of your protected health information for purposes of treatment, payment or health care operations.  You have the right to request restrictions on certain uses and disclosures of your protected health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed.  If you ask us not to disclose information to your health plan concerning health care items or services for which you paid for in full out-of-pocket, we will abide by your request.  We reserve the right to accept or reject any other request, and will notify you of our decision. To ask for a restriction, you must send a written request to the Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

    • Ask us to communicate with you in a confidential way, such as by phoning you at work rather than at home.  We will accommodate these requests if they are reasonable. If you want to ask for confidential communications, you must send a written request to the Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

    • Ask to see or get copies of your protected health information.  We generally have up to 30 days to make your protected health information available to you (although we may have one 30-day extension if we send you written notice of the extension). We may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request to the extent permitted by state and federal law. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review. If your records are contained within an electronic medical records system, you have the right to receive your information electronically. We will try to provide access to your protected health information in the form or format that you request, if it is readily producible in such form or format. If the protected health information is not readily producible in the form or format you request your record will be provided in either our standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record. If you want to review or get paper or electronic copies of your health information, you must send a written request to the Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

    • Ask us to amend your protected health information if you think that it is incorrect or incomplete.  If we do not agree with your request, you can write a statement of your position, and we will include it with your health information along with any rebuttal statement that we may write. Once your statement of position and/or our rebuttal is included in your protected health information, we will send it along whenever we make a permitted disclosure of your health information. If you want to ask us to amend your protected health information, you must send a written request that includes your reasons for the amendment, to the Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

    • Obtain a list (called an "accounting") of certain disclosures that we have made of your protected health information within the past six years (or a shorter period if you want).  By law, the list will not include: (1) disclosures for purposes of treatment, payment or health care operations; (2) disclosures with your authorization; (3) incidental disclosures; (4) disclosures required by law; and (5) some other limited disclosures. The first accounting you request within any 12-month period will be free. If you want more frequent lists, you will have to pay for them in advance. We will tell you the costs in advance and you may choose to withdraw or modify your request before the costs are incurred. If you want a list of the disclosures, you must send a written request to the Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

    • Receive a paper copy of this Notice at any time.  If you want a paper copy of this Notice, you must send a written request to our Compliance Officer at the address shown below in the section entitled ‘Contact Us’.

  • Retention of Protected Health Information

    • By law, we will retain all of your protected health information for at least seven (7) years after the last date of your encounter with one of our doctors. After this time your health information may be shredded or disposed of in another confidential method

  • Additional Rights Under State Law & Other Federal Laws

    • ​If another state or federal law requires us to give more protection to your protected health information than stated in this Notice, we will comply with that law.

  • Changes to this Notice

    • By law, we must abide by the terms of this Notice until we revise it. We reserve the right to change this Notice at any time as allowed by law.  If we change the Notice, the new privacy practices will apply to your protected health information that we already have as well as to such information that we may generate in the future. If we change our Notice, we will post the new Notice in our office, make copies available and post it on our Website.

2.         Contact Us

If you have questions and would like additional information, you may contact our Compliance Officer, Alyssa Voorhies, at

1950 Old Gallows Rd.

Suite 520

Vienna, VA 22182

(703) 847-8899 x 244

If you believe your privacy rights have been violated, you can file a complaint with us by contacting our Compliance Officer. You may also report a complaint with the Office for Civil Rights of the U.S. Department of Health and Human Services (OCR). There will be no retaliation for filing a complaint with either our practice or the OCR.