skip to Main Content

Privacy Policy

This Privacy Policy is effective as of April 25, 2019.

We at MDX Medical, Inc., together with our related, affiliated and/or subsidiary companies (“MDX,” “Sapphire Digital,” “We,” “Us,” or “Our”) have created this privacy policy (this “Privacy Policy”) because we know that you care about how information you provide to us is used and shared.  This Privacy Policy relates to the information collection and use practices of MDX in connection with the MDX CareSelect Transparency Suite, SmartShopper application and associated services and call center (collectively, the “Products and Services”), which are made available to you through a variety of platforms, including, but not limited to, www.smartshopper.com (the “Website”) and our mobile app, which is accessible through tablets, cell phones, and other devices (the “App”).  The Website and the App are collectively referred to as the “Platform.”  This Privacy Policy is subject to our terms of use (“Terms of Use”) which are incorporated herein by reference (available at http://www.smartshopper.com/Terms).

DESCRIPTION OF USERS AND ACCEPTANCE OF TERMS

For convenience, the words “User,” “You” and “Your” as used in this Privacy Policy refer to all users of the Platform, including, without limitation, anyone that accesses or visits the Platform (including those that view only publicly-available content), and individuals who have signed up to use our Products and Services.  By (i) visiting our Platform, or (ii) by signing up, accessing, and/or using the Platform, You agree to the terms of this Privacy Policy and the accompanying Terms of Use. Capitalized terms not defined in this Privacy Policy shall have the meaning set forth in the Terms of Use.

CHANGES TO THIS PRIVACY POLICY

Please note that this Privacy Policy may change from time to time. MDX will post any changes on this page. We encourage You to check back and review this Privacy Policy periodically for any updates or modifications. Your continued use of the Platform will be deemed acceptance of the updated Privacy Policy.

If You have any additional questions or concerns about this Privacy Policy, please contact us at:

MDX Medical Inc.

Attn: General Counsel

160 Chubb Avenue

Lyndhurst, NJ 07071

Email address: smartshoppersupport@sapphire-digital.com

 

 

 

 

WHAT INFORMATION DO WE COLLECT/RECEIVE

In the course of operating the Platform, MDX will collect (and/or receive) the following types of information. You authorize us to collect and/or receive such information.

  1. Personal Information

For the purposes of this Privacy Policy, “Personal Information” is information that (i) You voluntarily provide to Us or is obtained by Us through Your Use of the Platform, and (ii) that personally identifies You. Personal Information includes, but is not limited to, Your name, email or other address, fax number, mailing address, business address, phone number, billing and payment information, your Health Plan (as defined in the Terms of Use) member identification number, and other data that can be used to personally identify or contact You. If You decide to utilize any of the Products and Services, including, for example performing a search of Healthcare Providers (defined below) in your Health Plan’s network and where available, scheduling an appointment with a physician, healthcare facility, psychologist, long-term care facility, hospitals, surgery center, and other providers of healthcare services (“Healthcare Provider”) through the Platform, Your Personal Information may also contain sensitive personal information, including any confidential health information (such as your reason for scheduling the provider appointment) that You voluntarily provide.

MDX may obtain, collect, retain, store or otherwise maintain Your Personal Information from the following sources:

  • Your Platform Account: This information may include, for example, information You provide to MDX through Your creation, registration, account activity, email address and maintenance of a user account on the Platform (“Registration Information”), including but not limited to our call center.
  • Other Information You Provide to MDX: Some of the Products and Services allow or require You to provide Personal Information, such as Your Healthcare Providers, pharmacies, insurance information, emergency contact information, personal health information, member number, group number and related information. Personal Information that You may store through the App by means of taking a photograph with Your mobile device (for example, taking a photograph of Your health insurance card) may be stored on Your mobile device. Accordingly, the safety, security and privacy of Your mobile device and the information and photographs that You store on it are Your responsibility and not the responsibility of MDX.
  • Email Communications: MDX may receive a confirmation when You open an email from Us. When Our email communications include a link to an article or other information, We may also receive information on whether the particular articles or links were actually viewed.  We use this information to help Us make Our emails more interesting and helpful to You.
  • Interactive Products and Services: Some of the Products and Services allow You to interact with Healthcare Providers through the Platform. These interactive Products and Services include, but are not limited to, scheduling appointments with Healthcare Providers. In order to provide you with these interactive Products and Services, We may ask you to provide Personal Information (such as the medical reasons for You scheduling the appointment). You understand and agree that MDX may use and/or disclose such Personal Information to Healthcare Providers that You have selected in connection with providing You with the requested interactive Products and Services From time to time, MDX may communicate with You through postal mail, email, fax, telephone, or other forms of electronic communications regarding Your SmartShopper Account on the Platform, your activity on the Platform, inquiries you may make to MDX customer service, the Products and Services, new Products and Services or certain tailored messages based on PHI or Personal Information. If You respond to these communications, Your responses may also contain Personal Information.
  • HIPAA: In order for the Platform to function, the Platform must utilize: (1) information submitted by You, including but not limited to health information and Your Personal Information; and (2) and information, including health related information from your health insurance plan (“Health Plan”) (collectively the “Platform Information”). The Platform Information meets the definition of Protected Health Information (“PHI”) as that term is defined under the Health Insurance Portability and Accountability Act of 1996, and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the regulations promulgated thereunder, in effect or as amended (collectively, “HIPAA”). MDX is not a “Covered Entity” as that term is defined under HIPAA, however, Your Health Plan is a Covered Entity.  Although MDX is not a Covered Entity, we are a Business Associate of Your Health Plan.  We are committed to User privacy and have in place reasonable and appropriate data security policies and measures, and ensure that Users control access to their information. To the extent that MDX has received your Platform Information from a Covered Entity (as defined under HIPAA), in its capacity as a Business Associate (as defined under HIPAA), the terms of the applicable Business Associate Agreement between MDX and your Health Plan shall govern MDX’s use and disclosure of such Platform Information, and shall supersede the foregoing in the event of an inconsistency between the two. MDX may engage third party subcontractors (“Third Party”) to provide Services, including but not limited to process and store your Platform Information. To the extent MDX engages such Third Parties, MDX shall use commercially reasonable efforts to ensure that any such Third Party to whom it provides PHI agrees to the materially similar restrictions and conditions that apply to MDX with respect to such PHI. Your Health Plan should be particularly aware of its obligations of confidentiality with respect to your PHI, including, without limitation, its obligations under United States federal and state laws, in particular HIPAA.  If You wish to restrict the uses of Your PHI, amend, or receive an accounting of the disclosures of your PHI, you must contact Your Health Plan. MDX does not have, and does not assume, any responsibility for the confidentiality of communications between You and Your Health Plan, other than those expressly stated in this Privacy Policy and the Terms of Use, or any responsibility for a violation of HIPAA by Your Health Plan. When You use the Platform, you may automatically receive administrative emails from Us. You cannot opt-out of receiving administrative emails sent by Us.
  • Online Appointments: You may schedule an on-line appointment with a Healthcare Provider through the Platform (“OLA”). In order to do so, You must submit the requested appointment information, including but not limited to Your Personal Information, dates, times, reasons of visit, and any other health-related information (“OLA Information”). The OLA Information provided to MDX meets the definition of PHI under HIPAA. MDX is not a “Covered Entity” as that term is defined under HIPAA. Although MDX is not a Covered Entity, We are committed to User privacy and have in place strict data security policies and measures, and ensure that Users control access to their information. To the extent that MDX has received your OLA Information from a Covered Entity (as defined under HIPAA), in its capacity as a Business Associate of the Health Plan (as defined under HIPAA), the terms of the applicable Business Associate Agreement with the Health Plan shall govern MDX’s use and disclosure of such OLA Information, and shall supersede the foregoing in the event of an inconsistency between the two. MDX may engage a Third Party to process Your OLA request. To the extent MDX engages such Third Parties, MDX shall ensure that any such Third Party to whom it provides PHI agrees to the same restrictions and conditions that apply to MDX with respect to such PHI. Your Health Plan and Healthcare Provider should be particularly aware of its obligations of confidentiality with respect to your PHI, including, without limitation, its obligations under United States state and federal laws, in particular HIPAA.  If You wish to restrict the uses of Your PHI, amend, or receive an accounting of the disclosures of your PHI, you must contact Your Healthcare Provider and Health Plan. MDX does not have, and does not assume, any responsibility for the confidentiality of communications between You and Your Healthcare Provider, other than those expressly stated in this Privacy Policy and the Terms of Use, or any responsibility for a violation of HIPAA by Your Healthcare Provider. When You use the OLA service, you may automatically receive administrative emails from Us. You cannot opt-out of receiving administrative emails sent by Us.

You can decline to provide Your Personal Information to Us by not engaging in the activities described above, such as by not registering or creating a Platform Account on the Platform or by not using the Products and Services. If you decline to submit Personal Information, MDX may not be able to or may choose not to provide to You some or all of its Products and Services. Accordingly, You can determine to a large extent what Personal Information You wish to provide to Us. If you do not want your Health Plan to provide Personal Information to MDX, you must make a request to your Health Plan.

  1. Other Information

In addition to the Personal Information, we may collect and/or receive additional Information (collectively, the “Other Information”). Such Other Information may include:

 

  1. From Your Activity. MDX also collects non-personally identifiable server-log information relating to its Users. This information may include, but is not limited to, (i) Your Platform Account activity, including storage usage, number of log-ins, data displayed or selected, including user interface elements, links, etc; (ii) Your web or mobile application request, Internet Protocol address (“IP address”), the location of your computer (through the IP address), browser type, browser language, browser programming language, computer or mobile device type, the date and time of your request, date and time of access, and one or more cookies that may uniquely identify your browser and referrer Uniform Resource Locator (“URL”): None of this information alone enables MDX to personally identify or contact You.
  2. From Cookies. When You visit the Platform, We send to Your computer and/or Your mobile device (such as a smartphone), one or more cookies, which are small files containing a string of characters. A cookie, among other things, uniquely identifies Your browser or Your mobile device, as applicable, and allows MDX to “remember” Your mobile device and/or Your activities on the Platform. MDX uses cookies to uniquely identify computers and mobile devices of Users of the Platform. We use cookies to improve the quality of the Products and Services. Most browsers and mobile devices are initially set up to accept cookies but You can reset Your browser or the settings on Your mobile device to reject all cookies. Some browsers also can be set to indicate when a cookie is being sent. Please note that some features of our Platform may not function properly, if Your computer or mobile device is set to reject all cookies.

 

HOW WE USE AND SHARE THE INFORMATION

MDX only uses Your Personal Information, PHI, Platform Information and the Other Information (collectively, the “Information”) for the purposes and in the manner described in this Privacy Policy. Specifically, You explicitly consent to MDX use of Your Information for:

  • Providing the Platform and the Products and Services to You, including but not limited to, the processing, formatting and displaying of Your Information, customized content and the delivery of customized Products and Services to You;
  • Auditing, research and analysis in order to troubleshoot, maintain, protect and improve the Products and Services and the Platform;
  • Ensuring the technical functioning of MDX’s network and the Platform, including creating and maintaining backups or other archival copies of Personal Information and other related data;
  • Developing and offering Products and Services, which may include use of Your Information by MDX in connection with developing and offering to You Products and Services included but not limited to customized and tailored messaging regarding specific health conditions, health services, health education and/or disease prevention). MDX will communicate about these Products and Services to You through postal mail, email, fax, telephone, text message, short message service (SMS) or other forms of electronic communications;
  • For any purpose to which you provided consent to your Health Plan;
  • For any other purposes disclosed at the time the information is collected or to which you consent; creating aggregate data records (“Aggregate Data”), which Aggregate Data will not identify You or any other individual or include any personally identifiable information;  and use and/or share Aggregate Data to improve MDX’s products and services, understand usage, demand trends and general industry trends, develop white papers, reports, databases summarizing the foregoing, and generally for any purpose related to MDX’s business;
  • As otherwise specifically described in this Privacy Policy.

You also authorize us to use and/or share Information as described below:

  • We may share Your Information with employees, contractors and agents of MDX who need to know such Information for performing their duties with respect to the purposes set forth in this section. These individuals and/ or entities are bound by confidentiality obligations similar to those set forth herein.

 

  • We may disclose Your Registration Information to certain third parties in connection with the various programs, tools and services that are provided through the Platform.

 

  • We may employ third parties to perform services on Our behalf. Examples may include services to improve our Platform, storing data, marketing, advertising, compliance and promotional efforts and to facilitate transactions. These third parties will have access to Your Information only as necessary to perform their services, and they may not use Your Information for any other purpose.
  • We may share some or all of your Information with any of our parent companies, subsidiaries, joint ventures, or other companies under common control with us.
  • As we develop our businesses, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, sale of assets, dissolution, or similar event, the Information may be part of the transferred assets.
  • We may disclose Your Information, including Personal Information, to government authorities, and to other third parties when compelled to do so by government authorities, at our discretion, or otherwise as required by law, including but not limited to in response to court orders and subpoenas. We also may disclose Your Information when we have reason to believe that someone is or may be causing injury to or interference with our rights or property, other Users of the Platform, or anyone else that could be harmed by such activities.

Aggregated Non-Personal Information

We may disclose Aggregated Non-Personal Information to third parties, including third-party content providers, paid advertisers and licensees of the Products and Services without prior notice to You. For the purposes of this Privacy Policy, “Aggregated Non-Personal Information” is information about some or all of the Users of the Products and Services, but unlike Personal Information, does not reflect or reference an individually identifiable User. Aggregated Non-Personal Information may be formed from Personal Information, but any of the Personal Information used to form the Aggregated Non-Personal Information has been processed to no longer reflect or reference an individually identifiable User.

EXTERNAL LINKS

This Privacy Policy only applies to the Platform and the Products and Services made available through the Platform. This Privacy Policy does not apply to any other websites or mobile applications, including those that may link to or from any part of the Platform or those from which you may be able to download or launch the Platform.  (collectively, the “External Sites”). MDX does not endorse and is not responsible for the maintenance or content of any linked External Sites. These External Sites may have their own privacy policies and terms of use, which We encourage You to read. You should contact these External Sites directly if You have any questions about their use of Your information. MDX is not responsible for any use of Your information, including Your Personal Information, when You use or visit such third party websites, mobile applications and services.

INFORMATION SECURITY

We take reasonable and appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Your Information, including Personal Information stored or maintained on our servers and other systems. These measures include internal reviews of MDX’s data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to servers and systems where MDX stores personal data.

However, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guaranty the security of Your Information, including Personal Information.

DATA INTEGRITY

MDX processes Personal Information only for the purposes for which it was collected and in accordance with this Privacy Policy. MDX though, must depend on You and our other Users to provide, accurate, complete and current Personal Information and to update or correct their Personal Information whenever necessary. MDX does not and cannot monitor or pre-screen the Personal Information that You provide for accuracy and completeness but takes reasonable steps to ensure that We accurately process and maintain the Personal Information that You provide.

ACCESSING AND UPDATING PERSONAL INFORMATION

Information You Provide When Registering For a Platform Account

You may change or update the e-mail address and password that You provided when You registered for Your Platform Account via the “settings” or “account settings” section of such account. You may terminate Your Platform Account by sending an e-mail with your account termination request to smartshoppersupport@sapphire-digital.com.

Information You Store or Access When Using the Platform

When you use the Platform, We make good faith efforts to provide You with access to Your Personal Information. You may organize or delete or change certain of the information that is entered or uploaded into Your Platform Account via the section of Your account where the information is located. Where applicable, We ask individual Users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case, where We provide information access and correction, We provide this service free of charge, except if doing so would require a disproportionate effort. If you have any questions or want more information about accessing or updating Your Personal Information, please contact MDX by e-mail to smartshoppersupport@sapphire-digital.com

All deletions, changes or updates that you make to Your Personal Information and account  termination requests will take effect after We receive and process Your e-mail termination request. Except for deleted information that was stored exclusively on Your mobile device, residual copies of the deleted information, may remain in perpetuity in backup systems.

Deleting the App from Your mobile device will not terminate Your Platform Account but will delete any information that You stored through the App by means of taking a photograph with Your mobile device (“Stored Photographic Information”). Terminating Platform Account will not delete Stored Photographic Information unless You also delete the App from Your mobile device.

Please note though that according to the Terms of Use, Your Submissions to the Platform should not include any “personally identifiable information (other than the name of the Healthcare Providers being reviewed).” This Privacy Policy does not apply to any Personal Information that You may nevertheless include in your Submissions and You may not be able to change or update any such Personal Information included in Your Submissions.

CHILDREN

We do not knowingly collect Personal Information from children under the age of 13 through the Platform.  If you are under 13, please do not give us any Personal Information.  We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Information through any website without their permission.  If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please contact us, and we will endeavor to delete that information from our databases.

ENFORCEMENT

Please direct any questions or concerns regarding this Privacy Policy or MDX’s treatment of Personal Information by contacting Us at the following address:

MDX Medical Inc.

Attn: General Counsel

160 Chubb Avenue

Lyndhurst, NJ 07071

Email address: smartshoppersupport@sapphire-digital.com

When MDX receives formal written complaints at this address, its policy is to contact the complaining User regarding his or her concerns. MDX will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that cannot be resolved between an individual and MDX.

 IMPORTANT NOTICE TO NON-U.S. RESIDENTS

The Platform is operated in the United States.  If you are located outside of the United States, please be aware that any information you provide to us will be transferred to the United States.  By providing us with any information through the Platform, you consent to this transfer and our use of such information in accordance with this Privacy Policy.

Copyright © 2019 MDX Medical Inc. All Rights Reserved.

Back To Top