Last Updated: December 1st, 2021
Information from all website browsers
MedMatchOpen, LLC owns and operates https://MedMatchnetwork.com (the “Site”). If you’re just browsing our Site and are not a registered User, we generally collect the same basic information that most other websites collect. We employ common internet technologies such as cookies and web server logs. We collect information about all visitors (whether they have an account with us or not) to our website including the visitor’s browser type, language preference, referring link, additional websites requested, and the date and time of each visitor request. We also collect potentially personally-identifying information like Internet Protocol (IP) addresses.
Why do we collect this information?
We collect this information to help us understand how our visitors use MedMatchOpen, for capacity planning, to troubleshoot website performance, to help us understand how we may better serve our visitors, and to monitor and protect the security of our Site.
Information from Users who have an account with us
When you create an account with us (as a User), we require some basic information at the time of the creation of the account. You will create your own password, and we will ask you for your name, your company’s name and address, Federal Employer Identification Number, telephone and fax numbers, job title and a valid email account. Additionally, for physicians, we will ask for your National Provider Identification number and license number to determine professional credibility. Finally, we collect certain bank accounts, credit cards and other payment information and other business information that you provide for transactional purposes such as, but not limited to, payment of subscription fees, payment of referral or exchange transaction fees, our payments to Users for referral fees, payment of dispute resolution fees, payment for employment postings and other similar transactions. Certain Site features may include the availability of employment postings, advertisements for the sale of practices, professional forums and occasional other similar areas and you are advised that use of information in these areas may be publicly viewable when using these functionalities. Physicians may post certain information regarding their clientele/patients that may be viewed by other Users/Physicians. Our site is
designed to disclose electronic protected health information (ePHI) from health care provider to healthcare provider with appropriate consent from the patient only. Disclosed ePHI on our site is governed by our Business Associate Agreement ( Appendix A) to be acknowledged by all covered entities and business associates under the Health Insurance Portability & Accountability Act of 1996 (HIPAA) privacy rules www.hhs.gov.
Why do we collect this information?
We need the requested personal information to create your account and to provide the requested services. We may use this personal information to contact you for market research purposes.
Additionally, we may reveal certain profile information (not including your taxpayer identification number, credit card or bank account information) to other Users who you voluntarily agree with on our Site for transactional purposes. We will use your email address to communicate with you and such information may include solicitations or advertisements from us or our third party business partners. We assign you a User ID and will use your User ID in our professional forum whenever you ask or answer a User question. We will also use your User ID to reveal certain requested transactional information.
Use of Information and Disclosure to Third Parties
We use collected information to build quality and useful services and user interactions by analyzing user trends and by measuring demographics and interests. Collected information is used to send promotional messages, product announcements, or other communications that may be of interest to you.
We share your information with third parties as permitted or required by law. Your personal information may also be used or shared in other ways that you either imply or expressly give consent to or instruct us to undertake. We use and maintain your information as determined by the company’s business needs, or as required or permitted by law.
Cookies and Tracking
In the course of serving advertisements to the Site, third party advertisers may place or recognize a unique cookie on your browser. Industry standards are currently evolving and we may not
separately respond to or take any action with respect to a “do not track” configuration set in your internet browser.
We use third party tracking services to collect information about how our Site performs and how our users navigate through our Site. This helps us evaluate our user’s experience on our Site, compile statistical reports on activity and improve our content and Site performance. These third-party tracking services generally gather information such as your IP address, browser type, internet service provider (ISP), referring and exit pages, time stamps, and other similar data about your use of our Site. We do not link this information to any of your personal information that you give to us.
The Site may provide links, in its sole discretion, to other websites for your convenience in locating related information, products, and services. These websites have not necessarily been reviewed by us and are maintained by third parties over which we exercise no control. Accordingly, we expressly disclaim any responsibility for the content, the materials, the security of these linked websites, the accuracy of the information, and/or quality of the products or services provided by or advertised on these third-party websites. Moreover, these links do not imply an endorsement with respect to any third party or any website or the products or services provided by any third party. You must take any necessary precautions to ensure that whatever link you select for your use is free of such items as viruses, worms, Trojan horses and other items of a destructive nature.
We encourage and permit text links to this Site. MedMatchOpen is an organization committed to the highest ethics and standards and therefore, any links to this Site should not suggest that the Company promotes or otherwise endorses any third-party products, services, causes, campaigns, websites, content, or information. Any website linking to us may not misrepresent its relationship with us and may not link to any page of the Site except for the home page. Moreover, no link may be used for commercial or fundraising purposes. We also remind you that a link may not use or include any MedMatchOpen logos, content, or designs without our express written consent.
We use reasonable measures to safeguard and secure any personally identifiable information we collect. Employees of MedMatchOpen are not allowed to access, remove or copy stored or transmittable ePHI. Stored or transmitted ePHI is implemented according to technology safeguards covered under the HIPAA privacy rules and Health Information Technology for Economic and Clinical Health Act (“HITECH”). End to end encryption as well as secured servers are used to transmit and secure ePHI. Protocols are in place for disposing of ePHI and for handling any suspected security breach.
Use of the Site, with respect to privacy, is covered by binding arbitration. Users of the Site are encouraged to report any suspected breach of privacy or Site security to our security team at support@MedMatchOpen.com
Retention and Deletion of Data Information
We generally retain your personal information for as long as you have an account with us or as needed to provide you services. We may retain certain personal information for a longer period of time in order to comply with User disputes and other legal requirements, including, but not limited to tax reporting issues. We do not automatically delete inactive user accounts as many inactive users choose to become active users at a later date. If you wish us to delete your information (other than information that we are legally required to keep), you must contact us at the email listed in the section covering Security.
Resolving Complaints and Limits of Liability
If you have any concerns about the way that MedMatchOpen is handling your personal information, please let us know immediately as we want to help resolve any potential user issues. You may email our security team at support@MedMatchOpen.com. We generally respond to such communication within five business days. In the unlikely event that a dispute arises between you and us regarding the handling of your personal information, we will do our best to resolve the issue. If we cannot resolve the issue internally, you agree with us to have the dispute handled through binding arbitration. You agree that we shall select the jurisdiction for arbitration and that we shall select a single, independent arbitrator. Costs of arbitration shall be borne equally unless one party substantially prevails against the other party, in which case the non-prevailing party shall bear all of the costs of arbitration.
MedMatchOpen operates in a fashion as to provide leading-edge technology to its Users and Providers. The technology industry is rapidly evolving, highly susceptible to security issues and very difficult to maintain current trends and safety concerns. For this and other reasons, you acknowledge the necessity for MedMatchOpen to disclaim all warranties and damages and to severely limit its liability to Users, Providers and all other interested parties. Any claims that you may bring against MedMatchOpen shall be solely against the company and not be enforceable against any other affiliated entity, any officer, any director or any employee of the company.
THE SITE, INCLUDING ALL SERVICES, PROFILES, RECORDKEEPING, TAX REPORTING, CONTENT, SOFTWARE, FUNCTIONS, MATERIALS AND INFORMATION MADE AVAILABLE ON OR ACCESSED THROUGH THE SITE, IS PROVIDED TO SITE VISITORS, USERS AND ANY OTHER THIRD PARTY ON AN “AS IS” AND “AS AVAILABLE” BASIS WITHOUT REPRESENTATIONS OR WARRANTIES OF ANY KIND WHATSOEVER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. MEDMATCHOPEN DOES NOT WARRANT THAT THE SERVICES, FUNCTIONS, FEATURES OR CONTENT CONTAINED IN THE SITE WILL BE UNINTERRUPTED OR ERROR FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT ANY SITE OR THE SERVER THAT MAKES IT AVAILABLE IS FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS; NOR DO THEY MAKE ANY WARRANTY OR REPRESENTATION AS TO THE ACCURACY, MEANINGFULNESS, OR RELIABILITY OF THE SITE, CONTENT, PROFILES, RECORDKEEPING, TAX REPORTING, MATERIALS, SERVICES, INFORMATION OR FUNCTIONS MADE ACCESSIBLE BY
THE SITE, ANY PRODUCTS OR SERVICES OF OR HYPERTEXT LINKS TO, THIRD PARTIES OR FOR ANY BREACH OF SECURITY ASSOCIATED WITH THE TRANSMISSION OF SENSITIVE INFORMATION THROUGH THE SITE OR ANY LINKED SITE. MEDMATCHOPEN MAKES NO WARRANTIES AND SHALL NOT BE LIABLE FOR THE USE OF THE SITE, INCLUDING WITHOUT LIMITATION, THE CONTENT AND ANY ERRORS CONTAINED THEREIN UNDER ANY DIRECT OR INDIRECT CIRCUMSTANCES, INCLUDING BUT NOT LIMITED TO THE COMPANY’S NEGLIGENCE. IF YOU ARE DISSATISFIED WITH THE SITE, SERVICES OR ANY MATERIALS ON THE SITE, YOUR SOLE REMEDY IS TO DISCONTINUE USING THE SITE. THE COMPANY ASSUMES NO LIABILITY FOR THE DELETION OR FAILURE TO STORE ANY MESSAGE.
UNDER NO CIRCUMSTANCES SHALL MEDMATCHOPEN, ITS AFFILIATES, SUBSIDIARIES, INVESTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, REPRESENTATIVES, ATTORNEYS AND THEIR RESPECTIVE HEIRS, SUCCESSORS AND ASSIGNS BE LIABLE FOR ANY SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES THAT ARE DIRECTLY OR INDIRECTLY RELATED TO THE USE OF, OR THE INABILITY TO USE, THE SITE AND THE CONTENT, MATERIALS, SERVICES AND FUNCTIONS IN THE SITE, INCLUDING WITHOUT LIMITATION LOSS OF REVENUE OR ANTICIPATED PROFITS OR LOST BUSINESS, EVEN IF SUCH ENTITIES OR AN AUTHORIZED REPRESENTATIVE THEREOF HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. WHERE STATES DO NOT ALLOW THE EXCLUSION OF LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, THE DAMAGES SHALL BE LIMITED TO THE GREATEST EXTENT ALLOWABLE BY SUCH STATE. IN NO EVENT SHALL THE TOTAL LIABILITY OF MEDMATCHOPEN, ITS AFFILIATES, SUBSIDIARIES, INVESTORS, EMPLOYEES, OFFICERS, DIRECTORS, AGENTS, REPRESENTATIVES, ATTORNEYS AND THEIR RESPECTIVE HEIRS, SUCCESSORS AND ASSIGNS FOR ALL DAMAGES, LOSSES, AND CAUSES OF ACTION (WHETHER IN CONTRACT OR TORT, INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE OR OTHERWISE) ARISING FROM THESE TERMS AND CONDITIONS OF USE OR YOUR USE OF THE SITE OR SERVICES EXCEED, IN THE AGGREGATE, THE ANNUAL AMOUNT PAID BY YOU AS A USER OR PROVIDER SUBSCRIPTION FEE.
MedMatchOpen may disclose personally identifying information or other information we collect about you or from you to law enforcement in response to a valid subpoena, court order, warrant, or similar government order, or when we believe in good faith that such a disclosure is reasonably necessary to protect our proprietary rights or property, or those of third parties, or the public at large.
HIPAA BUSINESS ASSOCIATE AGREEMENT
This HIPAA Business Associate Agreement (“Agreement”) is made by and between MedMatchOpen,LLC of 8185 Via Ancho Road, Boca Raton, FL, its affiliate companies and medical providers (the “Providers”) using the MedMatch Network referral management platform (collectively, the “Parties”).
WHEREAS, Business Associate, in connection with its services, may maintain, transmit, create or receive data for or from Covered Entity that constitutes Protected Health Information (“PHI”);
WHEREAS, Covered Entity is or may be subject to the requirements of the Federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (“HITECH”), and related regulations;
WHEREAS, with respect to the foregoing, Business Associate is or may be subject to the requirements of HIPAA, HITECH and related regulations;
NOW, THEREFORE, in consideration of the mutual promises and covenants contained herein, the Parties hereby agree as follows:
a. General. The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated Record Set, Disclosure, Electronic Protected Health Information, Health Care Operations, Individual, Minimum Necessary, Notice of Privacy Practices, Protected Health Information, Required by Law, Secretary, Security Incident, Subcontractor, Unsecured Protected Health Information, and Use.
- Business Associate. “Business Associate” shall generally have the same meaning as the term “business associate” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean MedMatchOpen, LLC and affiliate companies [Business Associate].
- Covered Entity. “Covered Entity” shall generally have the same meaning as the term “covered entity” at 45 CFR 160.103, and in reference to the party to this Agreement, shall mean the Providers, herein defined as medical care and service providers, including but not limited to physicians, medical professionals, medical facilities, ancillary medical service providers and hospitals[Covered Entity].
- Electronic Health Record. “Electronic Health Record” shall have the same meaning as the term “electronic health record’ in the HITECH Act, Section 13400.
- HIPAA. “HIPAA” collectively refers to the HIPAA Statute, including the Privacy, Security, Breach Notification, and Enforcement Rules at 45 CFR Part 160 and Part 164, the HITECH Act, and any associated Regulations, as such may be amended from time to time.
2. Obligations and Activities of Business Associate.
a. Business Associate agrees to not use or disclose PHI other than as permitted or required by the Agreement or as required by law.
b. Business Associate agrees to use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to Electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.
c. Business Associate agrees to report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware.
d. In accordance with 45 CFR 164.502(e)(1) and 164.308(b)(2), if applicable, Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information.
e. In accordance with 45 CFR 164.524, Business Associate agrees to make available PHI in a designated record set to the Covered Entity within 30 days of a request by Covered Entity for access to PHI about an individual. In the event that any individual requests access to PHI directly from Business Associate, Business Associate shall forward such request to Covered Entity within 30 days of receiving such request.
f. In accordance with 45 CFR 164.526, Business Associate agrees to make any amendment(s) to PHI in a designated record within 45 days of a request by Covered Entity. Business Associate shall provide such information to Covered Entity for amendment and incorporate any amendments in the PHI as required by 45 CFR 164.526. In the event a request for an amendment is delivered directly to Business Associate, Business Associate shall forward such request to Covered Entity within 30 days of receiving such request.
g. Except for disclosures of PHI by Business Associate that are excluded from the accounting obligation as set forth in 45 CFR 164.528 or regulations issued pursuant to HITECH, Business Associate shall record for each disclosure the information required to be recorded by Covered Entities pursuant to 45 CFR 164.528. Within 30 days of notice by Covered Entity to Business Associate that it has received a request for an account of disclosures of PHI, Business Associate shall make available to Covered Entity, or if requested by Covered Entity, to the individual, the information required to be maintained pursuant to this Agreement. In the event the request for an accounting is delivered directly to Business Associate, Business Associate shall forward such request to Covered Entity within 30 days of receiving such request.
h. To the extent the Business Associate is to carry out one or more of Covered Entity’s obligation(s) under Subpart E of 45 CFR Part 164, Business Associate agrees to comply with the requirements of Subpart E that apply to the Covered Entity in the performance of such obligation(s).
i. Business Associate agrees to make its internal practices, books, and records relating to the use and disclosure of PHI available to the Secretary for purposes of determining compliance with HIPAA.
3. Permitted Uses and Disclosures by Business Associate
a. Business Associate may use or disclose PHI for the following purposes: (Check one)
- As necessary to perform the services as agreed to between the Parties, notwithstanding the restrictions on such uses and disclosures as set forth in HIPAA and this Agreement.
☐ Other: ___________________________________________________________________________
b. Business Associate may only de-identify PHI if permitted by Covered Entity and in any event may only de-identify PHI in accordance with 45 CFR 164.514(a)-(c).
c. Business Associate may use or disclose PHI as required by law or where Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
d. Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity except for the specific uses and disclosures set forth herein.
4. Permissible Requests by Covered Entity
a. Except as otherwise permitted by this Agreement, Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity.
5. Term and Termination
b. Termination for Cause. Business Associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines Business Associate has violated a material term of the Agreement and Business Associate has not cured the breach or ended the violation within 30 days written notice. If it is determined by Covered Entity that cure is not possible, Covered Entity may immediately terminate this Agreement. The termination of this Agreement shall automatically terminate the business relationship and any services agreements between the Parties.
c. Obligations of Business Associate Upon Termination. Upon termination of this Agreement, Business Associate shall either return or destroy all PHI that Business Associate still maintains in any form. Business Associate shall not retain any copies of such PHI. In the event Business Associate determines that returning or destroying the PHI is infeasible, the terms of this Agreement shall survive termination with respect to such PHI and limit further uses and disclosures of such PHI for so long as Business Associate maintains such PHI. In addition, Business Associate shall
continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of the PHI for as long as business associate retains the PHI.
d. Survival. The obligations of Business Associate under this Section shall survive the termination of this Agreement.
6. General Provisions.
a. This agreement sets forth the entire understanding of the Parties. Any amendments must be in writing and signed by both Parties. This Agreement shall be construed under the laws of Delaware, without regard to conflict of law provisions. Any ambiguity in the terms of this Agreement shall be resolved to permit compliance with HIPAA. Any references in this Agreement to a section in HIPAA means the section as in effect or as may be amended. This Agreement may be modified or amended from time to time as is necessary for compliance with the requirements of HIPAA and other applicable law. Amendments must be made in writing and signed by the Parties. The failure of either Party to enforce any provision of this Agreement shall not be construed as a waiver or limitation of that Party’s right to subsequently enforce and compel strict compliance with every provision of this Agreement. The terms of this Agreement are hereby incorporated into any service or business agreement that may be entered into between the Parties with the intent to form a business relationship. In the event of a conflict of terms between this Agreement and any such service or business agreement the terms of this Agreement shall prevail.
IN WITNESS THEREOF, the parties agree to this HIPAA Business Associate Agreement as of the date of registration the Providers on the MedMatch Network platform https://medmatchnetwork.com.
Amos O. Dare, MD
Co-Founder & Director, Developing Team