Privacy Policy
Introduction
FLI MD, LLC(“FLI MD”“we,” or “us”) owns and operates the FLI MD website located at www.FLIMD.com and FLI MD mobile application (collectively, the “Platform”). Your access and use of the Platform, any part thereof, or anything associated therewith, including its content (“Content”), any products or services provided through the Platform, and any affiliated website, software, or application owned or operated by FLI MD (collectively, including the Platform and the Content, the “Service”).
We are committed to respecting the privacy of users of the Service. We created this Privacy Policy (“Privacy Policy”) to inform you how FLI MD collects, uses, and discloses information in order to provide you with the Service. As with our Terms of Use for the Service (the “Terms of Use”), if we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the “Last Revised” date of the Privacy Policy.
By accessing or using the Service, you acknowledge the practices and policies outlined in this Privacy Policy. If you are using the Service on behalf of an individual other than yourself, you represent that you are authorized by such individual to act on such individual’s behalf and that such individual acknowledges the practices and policies outlined in this Privacy Policy.
Protected Health Information
FLI MD is not a “covered entity” under the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its related regulations and amendments from time to time (collectively, “HIPAA”), however, the Medical Group (as defined in our Terms of Use) may be a “covered entity” and, solely in its role providing administrative services to the Medical Group, FLI MD may be a “business associate” of the Medical Group. Therefore, the Medical Group and, solely in its role as a business associate, FLI MD, may be subject to certain provisions of HIPAA with respect to “protected health information,” as defined under HIPAA, that you provide to the Medical Group. PHI does not include information that has been de-identified in accordance with HIPAA (“De-Identified Health Information”), and does not include information that you submit to FLI MD for purposes other than connecting you with the Medical Group or Providers.
Under HIPAA, a “covered entity” is required to provide their patients a Notice of Privacy Practices that describes how the covered entity uses and discloses “protected health information” (“PHI”). As a result, if the Medical Group determines that it is a covered entity under HIPAA, the Medical Group will adopt and separately provide to you a HIPAA Notice of Privacy Practices that describes how the the Medical Group may use or disclose your PHI (the “Medical Group Notice of Privacy Practices”).
HIPAA also requires a covered entity to obtain a patient authorization that satisfies certain requirements in order for the covered entity or its business associates to use or disclose PHI in certain ways. In order to ensure that the Medical Group and FLI MD are able to effectively provide their respective services to you and that you are able to utilize the full functionality of the Service, the Medical Group and/or FLI MD may need to use or disclose your PHI in ways that would require the Medical Group to obtain an authorization under HIPAA. As a result, if the Medical Group determines that it is a covered entity under HIPAA, the Medical Group will obtain from you a patient authorization (a “Patient Authorization”) that authorizes the Medical Group and FLI MD to use and disclose your PHI in certain ways that are described in the Patient Authorization.
To the extent that FLI MD is in fact a “business associate” of the Medical Group, FLI MD’s use and disclosure of your PHI will comply with HIPAA and any Patient Authorization. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Privacy Policy.
Collection of Information
We collect any information you provide when you use the Service, including, but not limited to: (1) personally identifying information (“PII”) such as your name and contact data such as your e-mail address, phone number, and billing and physical addresses; (2) your login and password; (3) demographic data (such as your gender, date of birth and zip code); (4) your communications with your Providers; and (5) any information you provide when you contact or communicate with us. We may also collect information from you necessary to provide you with services from your Providers, which may include, but is not limited to: (a) payment information; (b) insurance information; and (c) health and medical data (such as previous doctors or other healthcare providers you visited, your reason for visiting a healthcare provider, date of visit, medical history and condition, medications, images or videos and other medical and health information and data you share with us).
In addition to the information we collect directly from you, we may also collect certain information from the Medical Group and/or Providers who provide treatment or other services to you in connection with our Service. This information may include, but is not limited to, diagnoses, treatment plans (including prescription details) and notes, and is accessible and visible through certain components of the Service.
We may also receive information from third parties that pay for your care or provide you with treatment, laboratory care or prescription medication, which may include, for example, your prescription history, insurance policy, insurance eligibility and coverage, and laboratory test results.
To the extent that FLI MD is in fact a “business associate” of the Medical Group, FLI MD’s use and disclosure of your PHI will comply with HIPAA and any Patient Authorization. Any information that does not constitute PHI may be used or disclosed in any manner permitted under this Privacy Policy.
We or our service providers may automatically collect certain information from the device through which you access the Service. This information includes, but is not limited to, your language preferences, your phone number or other unique device identifier (the International Mobile Equipment Identity or the Mobile Equipment ID number), the IP address of your device, the manufacturer, model and operating system of your device, the name and version of our Service you are using, information regarding your browser and information that allows us to personalize our Service. We or our service providers may also collect information about how you interact with our Service and any of our websites to which our Service links, such as how many times you use a specific part of our Service, the amount of time you spend using our Service, how often you use our Service, actions you take in our Service and how you engage with our Service.
We and our service providers may obtain information regarding your location or the location of your device through which you access our Service. Information regarding your location may be obtained directly from you when you provide us with information as part of the registration process.
We may store cookies (e.g., locally stored objects) in your computer’s hard drive when you use the Service. These devices are used to help us speed up your future activities or to improve your experience by remembering the information that you have already provided to us. Some of our service providers may also use cookies to provide us with anonymous data and information regarding your use of the Service. At your option, you may block or delete devices from your hard drive. However, by disabling such tracking devices, you may not have access all features of the Service. For more about cookies, including links to web browser instructions for disabling and managing such tracking devices, visit www.usa.gov/optout-instructions.
In addition, we may use Google Analytics. Google Analytics is a web analytics tool that helps operators (like FLI MD) understand how users (like you) engage with their applications. Google Analytics uses cookies to track your interactions with our Service and to collect information about how you use the Service. We then use the information to compile reports that help us improve the Service. Google Analytics collects, processes and creates reports about website trends without identifying individual users. For more information regarding Google Analytics visit “How Google uses data when you use our partners' sites or apps” located at www.google.com/policies/privacy/partners.
Use of Information
In connection with providing the Service, we and our affiliates and service providers may use your information, subject to the limitations addressed in the Protected Health Information Section above, for a number of purposes, including, but not limited to: (a) verifying your identity and administering your user account (“Account”), including processing your payments and fulfilling your orders; (b) communicating with you about the Service or your use of the Service, and sending you communications on behalf of the Medical Group or its Providers; (c) providing you customer support and responding to your requests or concerns; (d) facilitating the provision of services to you by the Medical Group or its Providers; (e) making certain information in your medical records accessible and available to you; (f) sending you push notifications (notifications may be enabled or disabled through your device or app settings depending on your device type); (g) detecting, preventing, investigating and responding to fraud, intellectual property infringement, violations of our Terms of Use, or other misuse of our Service or the Medical Group’s services; (h) reviewing, monitoring, expanding or improving the Service; (i) reviewing and analyzing the efficacy of some or all of the Service; (j) identifying and creating new Content, software or tools offered through the Service; (k) developing, testing and offering other products and services, whether or not through the Service; (l) providing certain marketing communications or promotional materials relating to the Service that may be of interest to you; and (m) any other use permitted by applicable law.
We may use information regarding your location or the location of your device through which you access the Service for a number of purposes, including, but not limited to confirming you are located in a jurisdiction in which the Service is offered.
We may de-identify your information and use, create and sell such de-identified information, including De-Identified Health Information, for any business or other purpose not prohibited by applicable law.
Disclosure of Information
We may disclose your information to third parties in connection with the provision of our Service or your Provider’s provision of services or as otherwise permitted or required by law. For example, we may disclose your information to: (a) our third-party service providers that provide services such as the hosting of the Service, data analysis, IT services and infrastructure, customer service, e-mail delivery, auditing and other similar services; (b) the Medical Group or its Providers to schedule and fulfill appointments and provide healthcare services; (c) the Medical Group or Providers to whom you send messages through our Service; (d) the Medical Group or its Providers for treatment, payment or healthcare operations purposes; (e) third parties as we believe necessary or appropriate to comply with applicable laws; and (f) to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, liquidation or other disposition of all or any portion of our business, assets or stock with such third party. We may de-identify your information and disclose such de-identified information, including De-Identified Health Information, for any purpose not prohibited by applicable law.
Ownership of Information Submitted via the Service
Certain Submissions you make may contain health information, which may be subject to HIPAA or related state-specific privacy laws and regulations. With respect to any such PHI, FLI MD’s rights with respect to the use or disclosure of such PHI may be limited as and to the extent required under HIPAA or an applicable Patient Authorization. Subject to the limitations described above, any information you transmit to FLI MD via the Service, whether by direct entry, submission, email or otherwise, including data, questions, comments, forum communications, or suggestions (collectively, “Submissions”), will, to the extent permitted under applicable law, be treated as non-confidential and non-proprietary and will become the property of FLI MD. You hereby irrevocably assign (and agree to assign) to FLI MD, free and clear of any restriction or encumbrances, all of your rights, title and interest in and to the Submission, including, without limitation, all copyrights, rights in patents, rights in trade secrets, and all rights incidental, subsidiary, ancillary, or allied thereto (including, without limitation, all derivative rights) in and to the Submission. To the extent the assignment granted above fails for any reason, you hereby grant to FLI MD an exclusive, perpetual, irrevocable, royalty-free, worldwide license under your intellectual property rights, with the right to sublicense to third parties the right, to make, access, practice, sell, offer for sale, export, import, copy, use, modify, prepare derivative works from, distribute, publicly display, publicly perform, and otherwise exploit in any manner those Submissions with respect to which the foregoing assignment shall have failed. You agree to execute any documents and take any other actions as may reasonably be necessary, or as FLI MD may reasonably request, to evidence, perfect, maintain and enforce FLI MD’s ownership of or license to any such Submissions. In addition to the foregoing, FLI MD shall have the right, in its sole discretion, to edit, duplicate, or alter the Submission in any manner for any purpose that FLI MD deems necessary or desirable, and you irrevocably waive any and all so-called moral rights you may have in the Submission. You further agree that you shall have no right of approval and no claim to compensation in connection with the Submission.
Use by Minors
Our Service is intended for use by individuals who are at least 18 years of age or such older age as may be required by applicable state laws in the jurisdiction in which an individual utilizes the Service. However, if you are a parent or legal guardian of a minor child, you may, in compliance with the Terms of Use, consent to use of our Service by such minor child provided that such minor child is at least 13 years old, or, if such minor child is under the age of 13, you may, in compliance with the Terms of Use, use our Service on behalf of such minor child. Any information you provide us on behalf of your minor child will be treated in accordance with this Privacy Policy. We do not knowingly collect information from individuals under the age of 13. If we learn that we have received any information from an individual under the age of 13 instead of from such individual’s parent or legal guardian, we will only use that information to respond directly to that child (or a parent a parent or legal guardian) to inform him or her that he or she cannot use the Service directly and must have a parent or legal guardian use the Service on his or her behalf, and subsequently we will delete such information from our own servers.
Jurisdictional Issues
The Service may only be used within the State of California as set forth in the Terms of Use. Accordingly, this Privacy Policy, and our collection, use, and disclosure of your information, is governed by U.S. and California law.
Third Parties
This Privacy Policy does not address or apply to, and we are not responsible for, the privacy, information, or other practices of any third parties, including, without limitation, the Medical Group or its Providers, the manufacturer of your mobile device, and any other third party mobile application or website to which our Service may contain a link. These third parties may at times gather information from or about you. We do not control and are not responsible for the privacy practices of these third parties. We encourage you to review the Medical Group’s Notice of Privacy Practices and the privacy policies of each website and application you visit and use.
Miscellaneous
We strive to use reasonable physical, technical, and administrative measures to protect information under our control. However, you must keep your Account password secure and your Account confidential, and you are responsible for any and all use of your Account. If you have reason to believe that the security of your Account has been compromised, please notify us immediately in accordance with the “Contacting Us” section below.
When using the Service, you may choose not to provide us with certain information, but this may limit the features you are able to use or may prevent you from using the Service all together. You may also choose to opt out of receiving certain communications (e.g., newsletters, promotions) by emailing us your preference. Please note that even if you opt out, we may still send you Service-related communications. We do not currently respond to web browser “do not track” signals or other mechanisms that provide a method to opt out of the collection of information across the networks of websites and online services in which we participate. If we do so in the future, we will describe how we do so in this Privacy Policy. You may request that we provide you the information we hold about you, update your information, or ask us to remove your information, or to correct any inaccuracies in such personal data by sending an email to [email protected] with the subject heading “personal information request.” We will use reasonable efforts to deal with your request within a reasonable time.
Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to [email protected] with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
Contacting Us
If you have any questions about this Privacy Policy, please contact us by email at [email protected] or by regular mail at:
548 Market St
PMB 897614
San Francisco, CA 94104-5401
Last Revised January 10,2024