Mississippi Eye Consultants Web Protocol
This protocol describes how Mississippi Eye Consultants handles information from users during a visit to this website.
By using this website, you accept these terms and conditions:
- You understand that Mississippi Eye Consultants is providing this website for educational purposes.
- You agree not to rely on any information on this website as a substitute for consultation with your doctor or another qualified health care provider.
- You agree that Mississippi Eye Consultants or any other party involved in creating this website will not be liable to you for any action you take or fail to take based on the information on this website.
- You acknowledge that health care information is always changing, and that this website may not contain the most recent, complete or useful information at the time you access it.
- You understand that the health care providers featured on the website are not necessarily the agents or employees of Mississippi.
- Mississippi Eye Consultants may change these terms and conditions at any time. Any changes go into effect as soon the new terms are posted on the website. Your continued use of this website is deemed as acceptance of the modified terms and conditions.
Information Collection and sharing
Mississippi Eye Consultants is the sole owner of information collected through the website https://mseye2020.com. We do not collect any personally identifiable information unless users voluntarily supply it as part of a request for service or information. We do not share information collected through the website with any third-party advertisers.
Use of "Cookies"
In most cases, a web browser will automatically accept cookies. Users should be able to change browser settings to disable cookies. Disabling cookies may make it more difficult to use some parts of the website. For more information about deleting cookies, see the web browser’s help section.
Like many websites, https://mseye2020.com uses Google Analytics to gather information about how visitors use the website. Users may opt out if they do not want their data to be used by Google Analytics. Visit Google to learn how.
Normal email is not encrypted. Because of this, it is possible for unauthorized individuals to intercept emails sent to Mississippi Eye Consultants. Mississippi Eye Consultants is not responsible for the privacy of those messages once we have sent them to a website user or a user’s email provider. We are also not responsible for the privacy of messages while they are in transit.
Mississippi Eye Consultants encrypts certain email messages that contain sensitive information, such as patient medical and financial information. This is to protect the privacy of our patients and to comply with federal regulations. Encryption protects against unauthorized individuals intercepting these messages. A user will receive a link to a secure website where the user will need to register and log in to the secure website to view encrypted messages.
If a user notices suspicious activity, such as emails seeking personal financial information that appear to be from Mississippi, contact the staff via our phone line (662) 234-3937 or through the contact form at Mississippi Eye Consultants, and the Internet Crime Complaint Center.
There are secure forms on the Mississippi Eye Consultants website for users to request services and information via the internet. Users may need to provide confidential health information to help Mississippi Eye Consultants fulfill a request. We will use this information only to help us respond to the user’s request.
To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, Mississippi Eye Consultants has put in place appropriate physical, electronic and administrative procedures to safeguard and secure the information we collect through these online forms. These procedures are consistent with The Health Insurance Portability & Accountability Act of 1996 (HIPAA), and the laws and regulations of the State of Mississippi.
Any personally identifiable information we collect is securely stored within a database. We use standard, industry-wide procedures to protect information we receive from visitors to the website. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our database, nor can we guarantee that information supplied by visitors to the website will not be intercepted while being transmitted to us over the internet.
Users are prohibited from violating or attempting to violate the security of this website, including, without limitation, (1) accessing data not intended for them or logging onto a server or an account which they are not authorized to access; (2) attempting to probe, scan or test the vulnerability of a system or network, or to breach security or authentication measures without proper authorization; or (3) accessing or using the website or any portion thereof without authorization, in violation of this protocol or in violation of applicable law. Violations of system or network security may result in civil or criminal liability.
Online Payments and Third-Party Intermediaries
Mississippi Eye Consultants uses processing companies to process credit card transactions. These credit card processing companies do not store, share or use personally identifiable information for any secondary purposes.
The user represents and warrants that if they are making online payments that (1) any credit card, debit card and bank account information the user supplies is true, correct and complete; (2) the user will pay the charges incurred in the amounts posted; and (3) the user is the person in whose name the card was issued and is authorized to make a purchase or other transaction with the relevant card and card information.
Mississippi Eye Consultants will contact the user if all or any portion of the user’s order is canceled, or if additional information is required to accept the user’s order. If the user’s order is canceled after their credit card (or other payment account) has been charged, Mississippi Eye Consultants will issue a credit to their credit card (or other applicable payment account) in the amount of the charge.
Though Mississippi Eye Consultants makes every effort to preserve user privacy, we may need to disclose personal information when we have a good faith belief that this is necessary to comply with a judicial proceeding, court order, government investigation or legal process served on our website.
Links From This Website
This website contains links to other websites. Mississippi Eye Consultants has no authority over third-party websites that a user may link to from this website. Each of these websites maintains its own independent privacy and data collection policies and procedures. Mississippi Eye Consultants is not responsible or liable for these independent methods or actions, nor for the policies or procedures of destination websites. We also do not assume responsibility for the privacy policies or procedures of any website that links users to this website.
EU regulations – medical data and the General Data Protection Regulation
As of 2018, the European Union has unified legal conditions for the processing of medical data. It happened due to the entry into force of the provisions of the Regulation of the European Parliament and the Council on the protection of individuals concerning the processing of personal data and on the free movement of such data.
Under the General Data Protection Regulation (GDPR), health data is seen as a particular category of personal data. Therefore, it requires even more extraordinary measures to protect it than other, “ordinary” types of personal data. Article 4(15) of the GDPR defines personal health data as “personal data related to a person’s physical or mental health, including the provision of healthcare services, which reveal information on their health status”.
The GDPR points to the following principles for processing digital health data:
- fairness and transparency of processing;
- limited purpose;
- data minimization;
- limitation of storage;
- integrity and confidentiality.
This means that digital data (including medical data) should be collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes. Data should also be kept in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed and in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.
In particular, respect for the principle of confidentiality and integrity is essential when transferring data to external servers. Therefore, on top of other challenges, they’re facing, medical facilities that collect digital health data must ensure their security and prevent unauthorized use.
Right to be forgotten
GDPR provides EU citizens with the “right to be forgotten,” which in practice boils down to the fact that they can request their digital health data be deleted. To fulfill this right, a medical facility must have knowledge and control over where patient data is stored by the service provider, affiliates, and related entities. The same applies to all medical software that stores the patients’ data.
The California Consumer Privacy Act (CCPA) gives you the right to know and request the following information:
- The categories of personal information collected about you.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting or selling personal information.
- The categories of third parties with whom we share personal information.
- The specific pieces of personal information collected about you.
- The categories of personal information disclosed.
The CCPA also gives you the right to deletion of your personal information, with some exceptions, including if we need the information to detect security incidents, to comply with law, or to carry out internal business consistent with your relationship with TPF.
You may access the information described above by contacting us via email listed in the contact section at the bottom. You may also use these contact options to provide updates to your personal information or request that we delete your personal information.
Notification of Changes
If our website protocol changes, we will post changes at this page to ensure that our users are always aware of the information we collect, how we use it and under what circumstances, if any, we disclose it. We will use information in accordance with the protocol under which the information was collected. A user’s continued use of this website shall be deemed as acceptance of the modified privacy statement.
Exhibit 3: Notice of Privacy Practices Notice of Privacy Practices
Notice of Privacy Practices
MISSISSIPPI EYE CONSULTANTS
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE READ IT CAREFULLY
The Health Insurance Portability & Accountability Act of 1996 (HIPAA) is a Federal program that requests that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally are kept properly confidential. This Act gives you, the patient, the right to understand and control how your personal health information (PHI) is used. HIPAA provides penalties for covered entities that misuse personal health information.
As required by HIPAA, we prepared this explanation of how we are to maintain the privacy of your health information and how we may disclose your personal information.
We may use and disclose your medical records only for each of the following purposes: treatment, payment, and health care operation:
- Treatment means providing, coordinating, or managing health care and related services by one or more health care providers. An example of this is a primary care doctor referring you to a specialist doctor.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collections activities, and utilization review. An example of this would include sending your insurance company a bill for your visit and/or verifying coverage prior to a surgery.
- Healthcare operations include business aspects of running our practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis, and customer service. An example of this would be new patient survey cards.
- The practice may also be required or permitted to disclose your PHI for law enforcement and other legitimate reasons. In all situations, we shall do our best to assure its continued confidentiality to the extent possible.
- We may also create and distribute de-identified health information by removing all reference to individually identifiable information.
- We may contact you, by phone or in writing, to provide appointment reminders or information about treatment alternatives or other health-related benefits and services, in addition to other fundraising communications, that may be of interest to you. You do have the right to “opt out” with respect to receiving fundraising communications from us.
The following use and disclosures of PHI will only be made pursuant to us receiving a written authorization from you:
- Uses and disclosure of your PHI for marketing purposes, including subsidized treatment and health care operations;
- Disclosures that constitute a sale of PHI under HIPAA; and
- Other uses and disclosures not described in this notice.
You may revoke such authorization in writing, and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your prior authorization.
You may have the following rights with respect to your PHI.
- The right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures of family members, other relatives, close personal friends, or any other person identified by you. We are, however, not required to honor a request restriction except in limited circumstances which we shall explain if you ask. If we do agree to the restriction, we must abide by it unless you agree in writing to remove it.
- The right to reasonable requests to receive confidential communications of Protected Health Information by alternative means or at alternative locations.
- The right to inspect and copy your PHI.
- The right to amend your PHI.
- The right to receive an accounting of disclosures of your PHI.
- The right to obtain a paper copy of this notice from us upon request.
- The right to be advised if your unprotected PHI is intentionally or unintentionally disclosed.
If you have paid for services “out of pocket”, in full and in advance, and you request that we not disclose PHI related solely to those services to a health plan, we will accommodate your request, except where we are required by law to make a disclosure.
We are required by law to maintain the privacy of your Protected Health Information and to provide you the notice of our legal duties and our privacy practice with respect to PHI.
This notice is effective as of October 1, 2016, and it is our intention to abide by the terms of the Notice of Privacy Practices and HIPAA Regulations currently in effect. We reserve the right to change the terms of our Notice of Privacy Practice and to make the new notice provision effective for all PHI that we maintain. We will post and you may request a written copy of the revised Notice of Privacy Practice from our office.
You have recourse if you feel that your protections have been violated by our office. You have the right to file a formal, written complaint with office and with the Department of Health and Human Services, Office of Civil Rights. We will not retaliate against you for filing a complaint.
Feel free to contact the Practice Compliance Officer Hannah Mayo 662-234-3937 for more information, in person or in writing.