Privacy Policy

Pharmalto, LLC (“Pharmalto”) is committed to protecting your privacy. Pharmalto® provides digital programs that an individual registered with Pharmalto (“Users”) can use to manage health-related information. Users can also include persons, such as healthcare providers, insurance providers, and pharmacies, who form part of the individual User’s network of health managers or contributors.

MEDLIFE®, Pharmalto-ID™ Privacy Statement

This privacy statement provides information required by law about privacy, confidentiality and related policies for Users of the Pharmalto MedLife® Personal Health Record Application (the “MedLife® App”) and the other applications and services, including the MedLife® Health Portal (the “MedLife Portal”) and PharmaltoID™ Application (the “PharmaltoID App”), available through the digital ecosystem supporting the MedLife® App. The services provide through the MedLife® App, the MedLife® Portal and the PharmaltoID App are collectively referred to as the “Services.” Web sites not managed or operated by Pharmalto, User agreements for other programs and applications, healthcare provider consent or authorization forms, and any associated agreements may provide additional information about privacy.

This Statement applies to all information collected by or submitted to Pharmalto, to create a personal health record maintained in the MedLife® ecosystem. Pharmalto websites may contain links to external websites and through the existence of these links does not endorse or take any responsibility for their privacy practices or policies.

This Statement is to be read along with the TERMS OF USE and END-USER LICENSE AGREEMENT for the MedLife® App. However, this Statement does not create separate or additional contractual rights.

Introduction

The MedLife® App is a personal health platform that lets you gather, edit, add to, store, and share health information, pursuant to your authorization, on internet resources that, collectively, are called “MedLife®.” With your MedLife®, you can generate, maintain, control and have ready access to your own personal health records. You can also share some or all of your Personal Information (as defined below) with other persons whom you authorize to receive it, such as family, friends, health care professionals, mobile phone applications, health-related devices, and online tools; likewise, those persons may be able to share their own information with you.

Your MedLife® can be shared with separate programs and systems that are part of the MedLife® App digital ecosystem and can connect with the Services (the “Programs”) to use, edit and add to your MedLife®. The Programs can help you manage your MedLife® and find relevant health information.

You can choose to share specific information (or all information) stored in your MedLife® with:

  • Other people (such as friends and family)
  • Programs (such as Programs that add data to your PHR, provide information to your healthcare provider, or use some of your PHR to provide information to you about managing your health)

Please read the TERMS OF USE and END USER LICENSE AGREEMENT for the particular Service you are using.

Collection of your personal information

When registering with Pharmalto to become a User of the Services, you will be asked to enter an identifier (such as a user ID or email address) and password to sign in and provide some other information (but no health information) about you to the Medlife® account system.

When you register, you will be asked to create your MedLife® account. To create your MedLife® account, you must provide personal information such as name, date of birth, e-mail address, postal code and country/region. Depending on which features you use, you may be asked for additional information. Any information you provide for these purposes is considered “Personal Information”.

Pharmalto will use the e-mail address you provide when you create your MedLife® account to send you an e-mail requesting that you validate your email address, to include in sharing invitations you send through the Service and to send you Service notifications, such as e-mail notifications which notify you that information is available to add to your MedLife®. As described in their privacy statements, the Programs you authorize may also use your e-mail address.

Your MedLife® account allows you to create and manage one or more web-based personal health records (“PHRs”), such as the ones you create for yourself and your family members (such as your minor children). You choose the information to put in the PHRs in your MedLife®. Examples of the data you can store in you MedLife® (“PHR Data”) include:

  • Other people (such as friends and family)
  • Programs (such as Programs that add data to your PHR, provide information to your healthcare provider, or use some of your PHR to provide information to you about managing your health)
  • Your name and contact information, such as your address, phone number or email address and
  • other computer information including “cookie” preferences.
  • Your age, gender, ethnicity and occupation.
  • Your medical condition and history, including current conditions, treatment and medications.
  • Your healthcare claims, health plan account numbers, health-related bills and insurance
  • information.
  • Your measurements such as blood glucose and blood pressure.
  • Your discharge summaries from hospitalizations.
  • Your lab results.
  • Your fitness or other wellness related activities.

This information is important to you and your security. You will use the Programs to enter a wide range of health information into your MedLife®. Also, you can give the Programs permission to view, add, modify, or delete information in a PHR in your MedLife®. Some Programs store their own copy of the information they access.

If you have created a MedLife® account or sub-profile PHR as a parent, guardian, or personal representative, on behalf of a minor User or another User for whom you make some or all medical decisions (collectively, the “non-contracting User”), certain Personal Information or PHR Data pertaining to the non-contracting User may be withheld by the healthcare provider of the non-contracting User from MedLife® or PHR pursuant to state or federal law and within the discretion of the health care provider. If you require access to that information, you must request, in writing, that healthcare provider to add the withheld information to the non-contracting User’s PHR. In his or her discretion, the healthcare provider may deny such access and will so advise you directly.

If you are a non-contracting User, please consult your healthcare provider, legal counsel, or applicable laws regarding health services you may or are required to consent to and regarding authorization for others to gain access to such information.

Other information Pharmalto collects

Pharmalto does not obtain your Personal Information unless you provide it to Pharmalto voluntarily or authorize a third party to provide it to Pharmalto. However, Pharmalto may obtain other information regarding your use of its Services or its webpages (collectively, “Statistical Data”), examples of which are:

  • Internet address of the computer being used
  • Webpages requested
  • Network software access
  • Referring Web page
  • Browser used
  • Date, time and duration of activity
  • Passwords and accounts accessed
  • Volume of data storage and transfers

Statistical Data does not include your names and other information that may identify it with you and is grouped or aggregated so it cannot be attributed to you as an individual.

Sharing of your personal information

You are the custodian of your MedLife®. You may create sub-profiles for other individuals or Programs to access and view your MedLife®, but you must invite them before they may gain access to the sub-profile you created. Some of the information stored in your MedLife® may be highly sensitive, so you need to consider carefully with whom you choose to share your PHRs and other information. So, if you so choose, your MedLife® may have multiple profiles within it.

The MedLife® App and the other Services enable you to share your health information with people and programs who can help you meet your health-related goals. For example, you can share information in your MedLife®:

  • to co-manage the health of a family member
  • to use it with other health-related products and services
  • to consult with your health care provider
  • to provide fitness information to coaches and trainers.

The Programs you elect to use will likewise gain access to your information. The access request will include: (a) the type of information the Program will access; (b) the function the Program will perform using your information (view, add, modify); and (c) links to more detailed information from the Program about its legal terms and privacy practices. You can find some Programs listed at https://medlife.health and you can access Programs directly through their own websites. You must affirmatively authorize a Program’s access to any PHR in your MedLife® account. Pharmalto requires Program providers to agree to provide accurate information about their privacy practices and comply with applicable laws. Pharmalto limits the access any Program may have to your MedLife® to that which you expressly permit in connection with your utilizing the Program, but Pharmalto does not control or monitor the privacy practices of any Programs, which will vary. You should read each Program’s privacy statement for more information. You can freely grant and revoke a Program’s access to the information stored in your MedLife®. The access you grant a Program is valid until you revoke that access.

Except as expressly authorized by you, Pharmalto will not provide any unauthorized third party access to your Personal Information. For that reason, you must provide consent for each healthcare provider to have access to your Personal Information. For example, if you have authorized Physician A to have access to your Personal Information, and Physician A is on vacation and Physician B is the “on call” physician attending to you, then Physician B may only access your Personal Information if you provide consent to Physician B’s access. You will be asked to provide that consent in response to an electronic notification from Pharmalto. As another example, if you wish to change physicians, you will need to provide consent so that Pharmalto may provide your new physician with access to your Personal Information. Again, Pharmalto will ask for your consent via an electronic notification to you.

How Pharmalto may use your information

Pharmalto uses PHR Data to provide the Services and for the purposes described in this Statement. PHR Data in your MedLife® may be stored or processed in the United States or any other country in which Pharmalto or its affiliates or Service Providers maintain facilities or equipment. Generally, a “Service Provider” is someone that is hired to perform certain functions for and operate under the direction and control of Pharmalto, and includes software or website designers and data storage providers.

Pharmalto does not use or disclose your information except as described in this Statement. Pharmalto may access or disclose your information if it believes to do so is necessary to: (a) comply with the law or respond to legal process in connection with legal proceedings, law enforcement investigations, or applicable law; or (b) to maintain and protect its computer systems and computer code operability and otherwise protect the rights or property of Pharmalto (including the enforcement of its agreements).

Additionally, Pharmalto will release your information to those persons you have given consent to receive that information. Moreover, Pharmalto occasionally hires other service providers to provide limited services on its behalf. Those services may require Pharmalto to give those services providers portions of your information. In that case, Pharmalto gives those service providers only that part of your information needed to perform the limited services. Pharmalto requires them to enter into an agreement that prohibits them from releasing your Personal Information or identifying you with any information they receive and to otherwise keep the information confidential.

Pharmalto may use Statistical Data to understand the way in which Users use the Services, to monitor, preserve and enhance the function and integrity of MedLife® App digital ecosystem, to improve the quality of the Services, and to market the Services (for example, to tell potential advertisers how many Users live in the United States). Statistical Data is also collected for analysis and statistical purposes, and is used to help diagnose problems with Pharmalto’s equipment or to assess the performance of the ecosystem or parts of it. This information is not used in any way that would reveal your Personal Information to other persons except as described above.

Security of your personal information

Pharmalto is committed to protecting the security of your Personal Information. Pharmalto uses a variety of security measures, including computer safeguards, secured files, and employee security training, to help protect your Personal Information from unauthorized access, use, and disclosure. For example, Pharmalto stores the Personal Information you provide on computer servers with limited access that are located in controlled facilities. Additionally:

  • Pharmalto sends all communications using encryption.
  • You can view a history of access and actions to any MedLife® record of which you are a custodian.

Application Notification, Email and Text Message controls

The service will periodically send you an email summarizing recent account activity, or notifications and reminders. Users may alter the types and frequency of notifications being received; however, a User may not opt out of this feature.

Deleting portions of health information

If you or a Program, deletes a piece of health information, it is permanently deleted, meaning Pharmalto cannot restore it. Pharmalto will add an entry in your Audit Log noting the name of the person who permanently deleted the information and the date the deletion occurred. The Programs and non-custodial persons with whom you have shared your information are not able to see or restore items in the trash, nor may they permanently delete health information.

Deleting PHRs

If you are a custodian of a MedLife® account, you may delete whole PHRs in that account by signing in to your MedLife® account and deleting the PHR. If other Users had any level of access to that record, the record will no longer appear to them because the Service deletes the record for all Users and Programs. However, Pharmalto will wait ninety days before permanently deleting the deleted information to help avoid accidental or malicious removal of your health information.

Sharing records with Programs through the Service

Pharmalto provides some information regarding the Programs. The Programs may store or process personal health information in other countries or regions of the world. You should review information from the Programs, including their privacy statements and terms of use, before using them or allowing them access to any of your Personal Information.

Each Program provider must agree to provide accurate information about its privacy practices and comply with applicable laws. Pharmalto may revoke a Program provider’s access to any Service if a Program does not meet Pharmalto’s requirements. However, once you authorize and elect to use a Program, Pharmalto does not control or monitor those Programs, except to limit its access to your PHR data according to your authorization. Please contact Pharmalto if you believe a Program is not protecting the privacy or security of your health data.

No Program has access to your information through any Service unless and until you grant the Program access. You control the health information a Program may access and the time during which access is permitted. If a Program requires information you do not want to share, you should not use that Program or, if the Program allows you to withhold access to that information, you should elect to withhold access.

If you authorize a Program to have access to a record, the Program will get the name associated with your MedLife® account, the nickname of the authorized record(s), and your relationship to that record.

The Services allow you to control (by accepting or denying Program requests for access) the types of health information you choose to share with each Program and the actions you will allow each Program to perform on the health information.

Sharing records with other Users

The level of access you can grant as a custodian includes:

  • View-only access (time-limited access)

Access becomes active only when the recipient accepts the invitation.

Custodian access is the highest level of access. A custodian of a health record may:

  • Read the record
  • Change the record
  • Delete the record
  • Grant to Users access to the record
  • Revoke the access of any User to a record.

Because inappropriate granting of access could allow a grantee to violate your privacy or even revoke your access to your own records, carefully consider all the consequences before you grant access to your records.

As explained above, you as the custodian can create PharmaltoID access codes that can be used by anyone to get view-only access at Pharmalto’s web site to emergency profile information stored in the record, until the access code is cancelled by you.

Record access and controls

You choose whether to create a MedLife® account. The information in your MedLife® account includes your name, e-mail address, geographic region, and username and password. Pharmalto may request other optional information, which will be identified as optional at the time of the request. You can review and update your account information. You can modify, add, or delete any optional information in your MedLife® by signing into your MedLife® account and editing your account profile.

You can close your MedLife® account at any time by signing in and editing your account profile. Pharmalto holds the information in your MedLife® account for ninety days before permanently deleting it to help avoid accidental or malicious removal of your health information. At that time, the MedLife® App will delete all records for which you are the custodian. You should think carefully before you grant access to your records.

Changes to this statement

Pharmalto may occasionally update this Statement. When it does so, the version number and date at the top of this Statement will be updated to reflect the change. For material changes to this Statement, Pharmalto will notify you either by placing a prominent notice on the home page of the Pharmalto website or by sending you a notification directly. Please review this Statement periodically to stay informed about the procedures used to protect the Personal Information your provide Pharmalto. Your continued use of the Service constitutes your agreement to this Statement and any updates. Please be aware that this Statement and any choices you make on the Service do not necessarily apply to Personal Information you may have provided to Pharmalto in the context of other, separately operated, Pharmalto products or services.

Partners

Pharmalto is an authorized integrator with Allscripts, whose mission is to connect third-party applications, devices and other innovative healthcare technologies with Allscripts products to maximize an Open, Connected Community of HealthTM. To learn more, visit developer.allscripts.com and follow the Allscripts Developer Program on Twitter for the latest news.

Contact information

Pharmalto welcomes your comments regarding this Statement. If you have questions about this Statement or believe that Pharmalto has not adhered to it, please contact Pharmalto at: https://medlife.health/contact-us/