Latest Revision Date: November 1, 2020
We are committed to protecting your privacy and the security of the information you entrust with us. While we are not a covered entity or a business associate under the United States’ Health Insurance Privacy and Portability Act of 1996 (HIPAA), in providing Movement Rx digital services to you, we strive to provide you with equivalent levels of security and privacy protection.
It’s Your Personal Health Information
You have complete control over who can access the personally identifiable information (name, email, home address, etc.) contained in your record(s). You decide who you want to have access to your record(s) by making connections with such individuals.
You have complete control over who can contribute to and retrieve information from your record(s) and can terminate their access and permissions at any time. Because it’s your account, you may verify the accuracy of and update your personal information held within your Movement Rx digital services account at any time.
How the Health Information in Your Record is Obtained
The only personally identifiable information Movement Rx obtains is information which you voluntarily provide or authorize.
Healthcare providers may access, contribute to and receive patient care information from records in your account if you create a connection with them and grant them permission to do so.
Health condition management programs (e.g., diabetes, smoking cessation, obesity, etc.) may access, contribute to and receive condition-related information from your record if you create a connection with them and grant them permission to do so.
Devices, such as scales, blood pressure cuffs, and glucometers, may contribute data to your record directly or through a manufacturer’s website, if you create a connection with them and grant them permission to do so.
Sharing Your Personal Health Information
It’s your choice to share the information in your record(s). You can share information with trusted family members and friends, healthcare providers, programs you sign up for (such as condition management programs), as required for Services you choose to participate in, and with other individuals to whom you provide access and assign privileges within your health record. In choosing to grant privileges you are creating a ‘connection’ with such individual or organization.
You can grant these individuals the right to view, contribute to and receive information from your record. You can grant, modify or cancel these privileges at any time. When you create a connection from your Movement Rx digital services account or otherwise share information available through Movement Rx digital services with another individual or organization, you acknowledge and accept responsibility for your decision to provide them access to potentially sensitive information.
How Information is Collected and Used by Movement Rx
Movement Rx collects certain information from you in three ways: (i) from web server logs, (ii) with cookies and web analytics tools, and (iii) directly from you.
Web Analytics – Movement Rx may use web analytics to understand Movement Rx site usage. This information is used to help design, develop, and support Movement Rx. Although the web analytics tool may receive and store Movement Rx’s site usage information (such as pages accessed) it does not receive any individually identifiable or sensitive information as a part of this process. If you do not want data collected by Google Analytics, you can use the Google Analytics Opt-out Browser Add-on available on Google’s website.
Services (User-Supplied Information) – We may use your account and e-mail address to communicate with you about our Services. If you sign up for a new Service, we may collect personal information such as contact information (e.g. name, address, telephone number and alternate e-mail address), demographic information (e.g. zip code, organization and/or role), or sensitive information (e.g. healthcare information). We will not use your personal information to market new Services to you.
De-identified Information – Movement Rx does do not use or disclose your information for any purpose, other than as described in this Policy, without your permission. Movement Rx will ask your permission to use your “de-identified” data if Movement Rx wishes to use it. De-identified data has your personally identifiable information removed and cannot be connected to you in any way. Details on what information is removed can be found at the bottom of this page. You always have the ability to opt-out of sharing your de-identified data. Should you choose to share your de-identified data with Movement Rx, Movement Rx (including its affiliates and partners) may use it for any purpose permitted by law, including analysis in support of healthcare research, incorporation into databases, reports, comparative data sets, scores, or scoring systems generated there from, and use for broader Movement Rx initiatives, including to enhance and improve Movement Rx services.
How Information is Shared and Disclosed by Movement Rx
Movement Rx does not rent, sell or share personal information about you with other people or nonaffiliated companies, except under the following circumstances:
Disclosures to Third Parties Assisting In Movement Rx Operations – Movement Rx may provide your personal information to affiliates, subsidiaries and trusted partners who work with Movement Rx under confidentiality agreements. These companies may use your personal information to assist Movement Rx in our operations.
Movement Rx data is stored in a secure data facility, designed to protect against unauthorized access, use, or disclosure of the information contained within it. Our stringent physical and electronic security measures are regularly reviewed to ensure compliance with our policies and to manage and enhance our capabilities.
If there is ever a breach of the security of your information, we may be required by law to notify you. By accepting this Policy, you authorize us to send any such notification to the email address in your Movement Rx account.
Children’s Privacy Protection
Movement Rx digital services are not designed for or targeted at children. We will not knowingly collect and maintain personally identifiable information from children under 18 years of age.
Third Party Links
Your Ability to Edit, Disable, or Delete Your Information, Records, and Account
At any time, you may verify the accuracy of personal information held by Movement Rx, and subject to certain statutory exceptions, you may access, update and delete your personal information.
You may delete any records you have created in your Movement Rx account at any time. Deletion results in the permanent destruction of the record and the information contained within it.
You may close your Movement Rx account at any time. Closing your account will result in the deletion of all records you have created in your account and all information contained within the records.
Information you share with third parties may remain in their systems or physical records after deletion or modification of your Movement Rx account. It is your responsibility to contact any such third parties to ensure that your information, which is maintained by them, is modified or deleted.
European Union Safe Harbor Statement
By using Movement Rx, you agree to the processing and use, including storage of your information within Movement Rx (in the manner described in this Policy) and including storage of your information outside of the European Economic Area (EEA), in particular through Movement Rx in the United States.
We regularly review our compliance with this Policy. If you have any concerns about how we treat personal information, please contact us at:
Movement Rx Physical Therapy, P.C.
5745 Kearny Villa Road, Suite 113
San Diego, CA 92123
Attention: Movement Rx digital services
This Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security practices evolve. However, we will take reasonable steps to notify you of material changes we make to this Policy. We display a latest revision date on the Policy above so that it will be easier for you to know when there has been a change. You are responsible for regularly reviewing this Policy. Your continued use of Movement Rx digital services constitutes your acceptance of the revised terms. Small changes or changes that do not significantly affect individual privacy interests may be made at any time and without prior notice.
De-identifying Personal Health Information
The information in health records is de-identified by removing the following person-specific information:
- All geographic subdivisions smaller than a state, including street address, city, county, precinct, zip code, and their equivalent geocodes, except for the initial three digits of a Zip code if, according to the current publicly available data from the Bureau of the Census: (1) The geographic unit formed by combining all Zip codes with the same three initial digits contains more than 20,000 people; and (2) The initial three digits of a Zip code for all such geographic units containing 20,000 or fewer people are changed to 000.
- All elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death; and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older.
- Telephone numbers.
- Fax numbers.
- Electronic mail addresses.
- Social security numbers.
- Medical record numbers.
- Health plan beneficiary numbers.
- Account numbers.
- Certificate/license numbers.
- Vehicle identifiers and serial numbers, including license plate numbers.
- Device identifiers and serial numbers.
- Web Universal Resource Locators (URLs).
- Internet Protocol (IP) address numbers.
- Biometric identifiers, including finger and voice prints.
- Full face photographic images and any comparable images.And any other unique identifying number, characteristic, or code.