StratoScientific Privacy Policy
Privacy Policy
- OUR PLEDGE REGARDING YOUR MEDICAL INFORMATION
At StratoScientific, LLC. (“Steth IO/ SPOTCHECKUP”, “we”, or “us”), we take our responsibility to safeguard your personal information extremely seriously. SPOTCHECKUP is a reseller of telemedicine services contracted a national telehealth medical provider. This Privacy Policy explains how we acquire, use, and transmit your Personal Information (as defined below). We deliver our product (“Telemedicine Memberships”) through our website located at https://spotcheckup.com, our mobile application (“Application”), and our widgets (collectively, the “Site”) and online services, including the option to save your credit card information all collectively the (“Services”). We may update this Privacy Policy from time to time. We will notify you by posting a notification on the Site. We understand that medical information about you and your health is personal. We are dedicated to maintaining the privacy and integrity of your protected health information (“PHI”), which is information about you that may be used to identify you (such as your name, date of birth, address, email, or credit card/debit information, known as the “Records”). In providing membership services, we will receive and create records containing your PHI. We need these records in order for a medical provider, to provide you with quality telemedicine virtual healthcare and to comply with certain federal and state legal requirements.
We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. To the extent required by law, when using or disclosing your PHI or when requesting your PHI from medical provider, we will make reasonable efforts not to use, disclose, or request more than the minimum necessary set of your PHI or, if needed by us, no more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure, or request, taking into consideration practical and technological limitations.
This Notice of Privacy Practices applies to all of the records of your care generated by medical provider. When we use or disclose your PHI, we are required to abide by the terms of this Notice (or other Notice in effect at the time of the use or disclosure).
- DISCLOSE MEDICAL INFORMATION ABOUT YOU
For Treatment
This is the most important use and disclosure of your PHI. Medical provider will use or disclose your medical information to provide treatment and deliver the services you have requested, for example for purposes of a telemedicine consultation or in connection with the provision of follow-up treatment. Use and disclosure of your medical information may include, without limitation, creation of an electronic health record and appointment reminders, discussion with your treating health care practitioners to facilitate your health care oversight, investigation of research opportunities or treatment alternatives for your health care issues, identification of health-related benefits and services that may be of interest to you, and to communicate important health information with members of your family. Medical provider may also disclose PHI to other providers involved in your treatment.
For Payment
Your PHI will be used and disclosed, as needed, to obtain payment (Site) for your telemedicine health care services provided by medical providers. Medical provider may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Health Care Operations
Medical provider may also collect aggregate data about your health (in an anonymous manner) for statistical analysis, improvement of services, and customization of web design, content layout, and services. This includes internal administration and planning, as well as various activities that improve the quality and cost effectiveness of the care that we deliver to you. Medical provider may also combine medical information about medical provider patients to decide what additional services they should offer, what services are not needed, and if certain new treatments are effective. Medical provider may also disclose information to health care providers and other medical professionals for review and learning purposes. There are some services provided in provider’s organization through contracts with business associates, who may gain access to PHI. Examples of business associates include management consultants, quality assurance reviewers, shredding companies, and translation services. Medical provider may disclose your PHI to other business associates so that they can perform the job we have asked them to do in order to provide better healthcare services to you. To protect your PHI, the medical provider requires all business associates to sign an agreement stating that they will appropriately safeguard your PHI to in accordance with applicable federal and state laws (including HIPAA standards).
To Avert a Serious Threat to Health or Safety
Medical provider may use and disclose your PHI when necessary to prevent a serious threat to your health and safety, or to the health and safety of the public or another person. Any disclosure would only be to someone able to help prevent the threat or to the extent necessary to comply with state and federal laws to prevent or control disease, injury, or disability regarding public health.
OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES OF PHI THAT MAY BE MADE WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO AGREE OR OBJECT:
Required By Law
Medical provider may use or disclose your PHI to the extent that the use or disclosure is required by federal, state, or local laws or regulations. The use or disclosure will be made in compliance with the law or regulation and will be limited to the relevant requirements of the law or regulation. You will be notified, if required by law or regulation, of any such uses or disclosures.
Health Oversight Activities
Medical provider may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Victims of Abuse, Neglect, or Domestic Violence
Medical provider may disclose your PHI to a public health authority that is authorized by law to receive reports of child or elder abuse or neglect. In addition, the medical provider may disclose your PHI if your medical provider believes that you have been a victim of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Legal Proceedings
Medical provider may use and disclose PHI in responding to a court or administrative order, subpoena, or discovery request. Medical provider may also use and disclose your PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
Law Enforcement
Medical provider may disclose your PHI to the police or other law enforcement officials as required or permitted by law: (1) in response to a court order, subpoena, warrant, summons, or similar process; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) to notify them about the victim of a crime if, under certain limited circumstances, they are unable to obtain the person’s agreement; (4) to notify them about a death they believe may be the result of criminal conduct; (5) to notify them about criminal conduct or with one of the health care providers; and (6) in emergency circumstances, to report a crime, the location of a crime or the victims of a crime, or the identity, description, or location of the person who committed the crime.
Food and Drug Administration
Medical provider may disclose your PHI to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including to report adverse events, to report product defects or problems, to report biologic product deviations, to track products, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required.
Decedents, Coroners, Funeral Directors, and Organ Donation
Medical provider may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death, or for the coroner or medical examiner to perform other duties authorized by law. Medical provider may also disclose your PHI to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. Medical provider may also disclose such information in reasonable anticipation of your death. Your PHI may additionally be used and disclosed for cadaveric organ, eye, or tissue donation purposes.
Research that Does Not Involve Your Treatment
Medical provider may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. When a research study does not involve any treatment, the medical provider may disclose your PHI to researchers. To do this, medical provider will either ask your permission to use your PHI or they will use a special process that protects the privacy of your PHI. In addition, they may use information that cannot be identified as your PHI, but that includes certain limited information (such as your date of birth and dates of service). Medical provider will use this information for research, quality assurance activities, and other similar purposes and they will obtain special protections for the information disclosed.
Military Activity and National Security
Medical provider may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State, under certain circumstances. Medical provider may use and disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. Medical provider may use and disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations.
Criminal Activity
Consistent with applicable federal and state laws, we may disclose your PHI if the medical provider believes that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. Medical provider may also disclose your PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Inmates
If you are an inmate of a correctional institution or under custody of a law enforcement official, the medical provider may disclose your PHI to the correctional institution or the law enforcement official. This is necessary for the correctional institution to provide you with health care, to protect your health and safety and the health and safety of others, and to protect the safety and security of the correctional institution.
Public Health Risks
Medical provider may disclose your PHI for public health activities. These activities generally include the following: to prevent or control disease, injury, or disability; to report births and deaths; to report reactions to medications or problems with products; to notify people of recalls of products they may be using; and to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition. Medical provider will only make this disclosure when required or authorized by law or if you authorize such disclosure.
Workers’ Compensation
Medical provider may disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally-established programs.
USES AND DISCLOSURES OF PHI BASED UPON YOUR WRITTEN AUTHORIZATION:
Other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described in this Notice. You may revoke this authorization in writing at any time. If you revoke your authorization, Medical provider will no longer use or disclose your PHI for the reasons covered by your written authorization. Please understand that they are unable to take back any disclosures already made with your authorization, and they are required to retain their records of the care they provide to you. If you are not present or able to agree or object to the use or disclosure of the PHI, then your provider may, using professional judgment, determine whether the disclosure is in your best interest.
OTHER PERMITTED AND REQUIRED USES AND DISCLOSURES OF PHI THAT REQUIRE PROVIDING YOU THE OPPORTUNITY TO AGREE OR OBJECT:
Others Involved in Your Health Care or Payment for Your Care
Unless you object, you medical provider may disclose to a member of your family, a relative, a close friend, or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, you medical provider may disclose such information as necessary if medical provider determines that it is in your best interest based on their professional judgment. Medical provider may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death. Finally, Medical provider may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
Special Categories of Treatment Information
In most cases, federal and/or state law requires your written authorization or the written authorization of your representative for disclosures of drug and alcohol abuse treatment, Human Immunodeficiency Virus (HIV) and Acquired Immune Deficiency Syndrome (AIDS) test results, and mental health treatment.
Research Involving Your Treatment
When a research study involves your treatment, medical provider may disclose your PHI to researchers only after you have signed a specific written authorization. In addition, an Institutional Review Board (IRB) will already have reviewed the research proposal, established appropriate procedures to ensure the privacy of your PHI, and approved the research. You do not have to sign the authorization, but if you refuse you cannot be part of the research study and may be denied research-related treatment.
Fundraising Activities
Medical provider may use demographic information and your dates of service for our own fundraising purposes; otherwise we will obtain your authorization. If you do not want them to contact you for fundraising efforts, you must notify your medical provider in writing.
III. YOUR RIGHTS REGARDING YOUR PHI
You have the following rights with respect to your PHI. You may contact medical provider to obtain additional information and instructions for exercising the following rights.
You have the right to inspect and copy your PHI
You may request access to your medical and billing records maintained by medical provider. You may inspect and request copies of the records. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and laboratory results that are subject to law that prohibits access to PHI. Under such limited circumstances, your medical provider may deny you access to a portion of your records. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional will review your request and the denial. If you desire access to your records, you must submit your request in writing. If your medical information is maintained in an electronic health record, you may obtain an electronic copy of your medical information and, if you choose, instruct your medical provider to transmit such copy directly to an entity or person you designate in a clear, conspicuous, and specific manner. If you request copies, your medical provider may charge you for the costs of an electronic copying, mailing, labor, and supplies associated with your request. You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s PHI will not be accessible to you (for example, records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record, or where the health care provider determines, in good faith, that access to the records requested by the representative would have a detrimental effect on the provider’s professional relationship with the minor or on the minor’s physical safety or psychological well-being).
You have the right to request a restriction of your PHI
You may ask your medical provider not to use or disclose any part of your PHI for the purposes of treatment, payment, or health care operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes, such as assisting in the notification of such individuals regarding your location and general condition. While medical provider will consider all requests for additional restrictions carefully, they are not required to agree to a requested restriction, unless the disclosure is to a health plan for a payment or health care operation purpose and the medical information relates solely to a health care item or service for which we have been paid out-of-pocket in full. Your request must state the specific restriction requested and to whom you want the restriction to apply. This request must be in writing.
You have the right to request to receive confidential communications
You may request to receive your PHI by alternative means of communication or at alternative locations. For example, you can request that a medical provider only contact you at work or by mail. To request confidential communications, you must make your request in writing. Medical provider will not ask you for the reason for your request. Medical provider will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
You have the right to amend your records
You have the right to request that the medical provider amend PHI maintained in your medical or billing records generated by medical provider or their providers. If you desire to amend your records, your request must be in writing. Medical provider will comply with your request unless they believe that the information that would be amended is accurate and complete or other special circumstances apply. If Medical provider denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
You have the right to receive an accounting of disclosures
Upon written request, you may obtain an accounting of certain disclosures of your PHI made by medical provider during a certain period. Your written request should indicate in what form you want the list (for example, on paper or electronically). If you request an accounting more than once during a twelve month period, medical provider may charge you for the costs involved in fulfilling your additional request. Medical provider will inform you of such costs in advance, so that you may modify or withdraw your request to save costs. In addition, they will notify you as required by law if there has been a breach of the security of your PHI.
Social media
In order to maintain a professional relationship consistent with professional standards, providers are not permitted to have interactions and communications with patients outside of the normal practices necessary for treatment. Interactions and communications between patients and providers must adhere to applicable federal and state laws and be supported by the provider’s code of ethics. Patients and providers are required to respect the privacy of each other’s presence on social media and to maintain strict professional boundaries and an overall professional relationship focused on treatment.
Protocol for communications
All communications between patients and providers must occur via phone or the use of the medical providers secure platform. In the event a patient needs to reach a provider prior to the next scheduled session to communicate information that is of importance to the scheduling of the next session, treatment, or for another pertinent reason, the patient should contact its medical provider during normal business hours.
- OUR PLEDGE REGARDING YOUR FINANCIAL INFORMATION
This Notice applies to all of the financial records generated by SPOTCHECKUP. All financial records created will be held confidentially by SPOTCHECKUP, unless we are required by law to disclose the information.
- HOW WE MAY USE AND DISCLOSE FINANCIAL INFORMATION ABOUT YOU
SPOTCHECKUP will only use your financial information to transact business with you and for everyday business purposes of the company. We will not share this information with any unauthorized affiliates or non-affiliates. SPOTCHECKUP will not collect any medical information. All medical information will be collected by your medical provider.
- OUR PLEDGE REGARDING OUR WEBSITE
No data transmission over the Internet can be guaranteed to be 100% secure. But, we strive to protect your personal information from unauthorized access, use, or disclosure. When you interact on our web site, all of your information is transmitted through the Internet using Secure Socket Layers (SSL) technology. SSL technology causes your browser to encrypt your information before transmitting it to our secure server. SSL technology, an industry standard, is designed to prevent someone other than operators of our web site from capturing and viewing your personal information. Once your information leaves our Secure Site, SPOTCHECKUP is no longer able to control further disclosure of your information. If you choose to share your PHI over email, you acknowledge the risk of unsecured communication. Additionally, you should be aware of the information collected through cookies. Cookies are text information files that your web browser places on your computer when you visit a website. Cookies assist in providing non-personal information from you as an online visitor. It can be used in the customization of your preferences when visiting our website. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. We use a third-party tracking service which uses cookies to track non-personally identifiable information about our visitors to our main site in the aggregate to capture usage and volume statistics. We have no access to or control over these cookies. This Notice covers the use of cookies by our company only and does not cover the use of cookies by any third-party.
VII. CHANGES TO THIS STATEMENT
SPOTCHECKUP will occasionally update this Notice of Privacy Practices to reflect company and customer feedback, or as regulated by federal and/or state law. This Notice is effective for personal information we already have about you as well as any information we receive in the future. SPOTCHECKUP encourages you to periodically review this Notice to be informed about how SPOTCHECKUP is protecting your information. In addition, at any time you may request a copy of the most current Notice in effect.
VIII. CONTACT
If you have any questions about this Notice of Privacy Practice or would like a paper copy, please contact us via mail or e-mail: StratoScientific, LLC. 19125 North Creek Pkwy #120, Bothell, WA 98011, Info@stethio.com.
(EFFECTIVE AND REVISED 10/01/2024)