Privacy Policy

THIS PRIVACY POLICY DESCRIBES THE TYPES OF INFORMATION WE MAY COLLECT FROM YOU WHEN YOU VISIT ZOTECPARTNERS.COM, ZOTEC’S PATIENT SUPPORT WEBSITE MYDOCBILL.COM (FOR PATIENTS), OR ZOTEC’S PROVIDER SUPPORT PAGES (FOR ZOTEC CLIENTS), AND HOW WE USE, MAINTAIN, PROTECT, AND DISCLOSE THAT INFORMATION.

Zotec Partners, LLC (collectively, “we,” “our,” or “us”) is committed to protecting your privacy. This policy applies to information we collect through Zotecpartners.com, including any services offered on or through MyDocBill.com (the “Patient Portal”) and Zotec’s provider support pages (the “Provider Support Pages”), which can be accessed through zotecpartners.com/provider-login/ (the “Provider Portal”) (collectively, our “Websites”).

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. BY ACCESSING OR USING OUR WEBSITES, YOU AGREE TO THIS PRIVACY POLICY.

THE EFFECTIVE DATE OF THIS PRIVACY POLICY IS JANUARY 22, 2021.

Personal Information We Collect and How We Collect It

If you are a patient of one of Zotec’s healthcare provider clients, you can use our Patient Portal, available through MyDocBill.com, to get a copy of your healthcare bills and billing history, update your insurance information, and pay your healthcare bills. In order to provide these services, we must collect and maintain certain personal information about you.

If you are one of Zotec’s healthcare provider clients (a “Client”), you can use our Provider Support Pages, available through the Provider Portal, to upload documents and input information required to process payment for the provision of healthcare, including personal information about your patients.

Whether you are a Client or a Client’s patient, we may collect several types of information from and about you when you use our Websites, including information (collectively, “personal information”):

By which you may be personally identified, such as name, postal address, email, telephone number, date of birth, information related to the payment of the provision of healthcare including medical bills and payment status, insurance information, and guarantor account number; and
About your internet connection, the equipment you use to access our Websites, and usage details. Usage details include your Internet Protocol address (IP address), browsing history, and recorded times and dates of visits to our Websites.

We may collect this information:

Directly from you, when you provide it to us.
Automatically, as you navigate through the Websites. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
From our Clients that share personal information, including protected health information, with us to carry out treatment, receive payment, and conduct healthcare operations as permitted by law.

Most of the personal information we collect about consumers is “protected health information” (“PHI”) that we receive from our Clients who upload it in the Provider Portal, or from Clients’ patients in the Patient Portal, for payment/billing purposes. PHI is governed by the privacy, security, and breach notification provisions of federal laws known as HIPAA (the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191) and HITECH (the Health Information Technology for Economic and Clinical Health Act, Public Law 111-5), and their implementing regulations (Parts 160 and 164 of the Code of Federal Regulations). State law may provide additional requirements for PHI. This privacy policy does not cover PHI we collect about you. For information about how your provider uses or discloses your PHI, your provider’s legal duties with respect to your PHI and your rights with respect to your PHI and how you may exercise them, please consult your provider’s Notice of Privacy Practices. We are a Business Associate of your provider, and are required to protect the privacy and security of the PHI we handle on your provider’s behalf.

Some of the information we collect is collected for security purposes to support compliance with the HIPAA Security Rule and Payment Card Industry Data Security Standards (PCI-DSS), for fraud prevention purposes, and for analytics and marketing purposes to research the effectiveness of our Websites and understand our users’ preferences.

How We Use Personal Information

We may use the information that we collect about you or that you provide to us, including any personal information and/or PHI:

To process payment for the provision of healthcare, including sending claims to your insurer or to a federal program, such as Medicare, that pays for your treatment and sending you a bill for any amounts due which your insurer does not pay.
To present our Websites and the contents to you, including the Portal functions such as account login.
To provide, support, personalize, and develop the Websites and our products and services.
To help maintain the safety, security, and integrity of our Websites, products and services, databases and other technology assets, and business.
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
To provide you with information, products, or services that you request from us.
To support our business activities, such as allowing our auditors, consultants, or attorneys access to personal information to audit our claims to determine if we billed you accurately for the provision of healthcare.
To support compliance with the HIPAA Security Rule, related to the PHI we collect.
To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our consumers and Portal users is among the assets transferred.

Disclosure of Personal Information

We may disclose aggregated information about users of our Websites, and information that does not identify any individual user.

We do not sell personal information or PHI to third parties. Subject to compliance with applicable laws and any agreements we may have with your provider, we may disclose personal information or PHI to third parties in the following ways:

We may share personal information with affiliates or subsidiaries, business partners, healthcare providers, service providers, or other third parties we use to provide you with the Websites and billing services and to process payment for the provision of healthcare.
We may share personal information that is not PHI with third parties who assist us with our marketing efforts. For example, we may share your device and usage details with a third-party analytics provider to assist us in researching the effectiveness of our Websites and understand our users’ preferences.
We may share personal information to comply with any court order, law, or legal process, including responding to any government or regulatory request, or if the disclosure is otherwise required or permitted by law.
If we become involved in a transaction involving the sale of assets, such as a merger or acquisition, we may disclose and/or transfer personal information as part of the transaction.
Where necessary for the administration of our general business, accounting, record keeping and legal functions, we may share personal information with our tax advisors, legal counsel and other professional services entities or agents.

Data Security

We understand the importance of keeping personal information safe and secure. We take reasonable measures to protect the information we collect from you. However, the transmission of information via the internet is not, and cannot be made, completely secure. We cannot and do not guarantee, ensure, or warrant that personal information will be completely secure from misappropriation by hackers or from other bad actors or criminals, or from the failure of computer hardware, software, or telecommunications networks. You will be notified, as required by law, if we discover a security breach involving your personal information (as defined by the applicable state and federal laws) processed by us.

Children Under the Age of 13

Our Websites are not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Websites or through any of its features. If we learn we have collected or received personal information from a child under 13 without parental consent, we will delete that information.

CALIFORNIA CONSUMER PRIVACY ACT – PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

As the operators of the Websites we take your privacy seriously. This section is our Privacy Notice for California Residents (“Notice”) and applies to visitors, users, and others who reside in the State of California (“consumers” or “you/your”) and use our Websites. This notice is provided to comply with the California Consumer Privacy Act of 2018 (“CCPA”); any terms defined in the CCPA have the same meaning when used in this Notice. This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.

Personal Information We Collect

As outlined above, patients can use our Patient Portal to get a copy of their healthcare bills and billing history, update their insurance information, and pay their healthcare bills. In order to provide these services, we must collect personal information (“PI”) from and about our healthcare providers’ patients. Most of the personal information we collect about consumers is PHI that we receive from our Clients – or from you, when you use the Portal – for payment/billing purposes.

What is PI? The CCPA defines “personal information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked with a particular consumer or household.

What is Not Considered PI: Under the CCPA, PI does not include:

Publicly available information from government records
De-identified or aggregated consumer information
Information specifically excluded from the CCPA’s scope, such as medical information governed by HIPAA (discussed below) or the California Confidentiality of Medical Information Act (“CMIA”), and personal information governed by certain sector-specific privacy laws such as the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994

The CCPA requires that we describe certain categories of PI to you, provide examples, and state whether we have collected that information in the last twelve (12) months. Because PHI is already subject to and protected by HIPAA, HITECH, and their implementing regulations, the CCPA does not apply to PHI. For information about how your provider uses or discloses your PHI, your provider’s legal duties with respect to your PHI and your rights with respect to your PHI and how you may exercise them, please consult your provider’s Notice of Privacy Practices. If you have questions about this, please contact us so we can explain.

Example: Your healthcare provider (a HIPAA “covered entity”) discloses billing information to us as its HIPAA “business associate” so that we can provide services through the Patient Portal. The billing information contains “Category B” information (such as your name, address, and health insurance information) and “Category C” information (such as your age, sex, and medical condition). Because this information is PHI in this context, it is covered by your healthcare provider’s HIPAA Notice of Privacy Practices and protected by us as a Business Associate of your provider; however, in attempt to avoid confusion in this Notice, we disclose all information collected, including PHI.

Personal Information We Collect That Is Not PHI

Category	Examples	Do we collect?
A. Identifiers	Internet Protocol address	Yes
B. Personal information categories listed in the CaliforniaCustomer Recordsstatute (Cal. Civ. Code§ 1798.80(e)).	Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	No
E. Biometric information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	No
F. Internet or other similar network activity	Browsing history, information on a consumer’s interaction with the Websites.	Yes
G. Geolocation data	Physical location or movements	No
H. Sensory data	Audio, electronic, visual, thermal, olfactory, or similar information	No
I. Professional or employment- related information	Current or past job history or performance evaluations	No
J. Non-public education information (per the Family Educational Rights and Privacy Act ((20U.S.C. Section 1232g,34 C.F.R. Part 99))	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	No

We obtain the “Yes” categories of PI listed above both directly from you (for example, when you log in to the Portal) and indirectly from you (for example, by observing and logging the records you access through the Portal).

How We Use Personal Information

We do not sell your PI. We may use or disclose the PI we collect for one or more of the purposes listed in the Disclosure of Personal Information section above.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

How We Share Personal Information

As outlined in the How We Use Personal Information and Disclosure of Personal Information sections above, we may disclose your personal information to a third-party service provider (such as an IT provider) for a business purpose, subject to appropriate confidentiality provisions, including prohibiting the third-party from using the disclosed information for any purpose except to perform the services for us. We may also disclose your PI as permitted or required by law as follows:

For law enforcement purposes.
As necessary for safety reasons.
Related to any sale or acquisition of our assets.
To comply with legal obligations.

Disclosures of Personal Information for a Business Purpose

In the past twelve (12) months, subject to compliance with applicable laws and any agreements we may have with your provider, we have disclosed the following categories of personal information to service providers for a business purpose:

Category A: Identifiers
Category F: Internet or other similar network history

Sales of Personal Information

In the past twelve (12) months, we have not sold personal information.

Your Rights and Choices

The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

The categories of personal information we collected about you.
The categories of sources for the personal information we collected about you.
Our business or commercial purpose for collecting or selling that personal information.
The categories of third parties with whom we share that personal information.
The specific pieces of personal information we collected about you (also called a data portability request).
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete your personal information from our records (and direct our service providers to do the same), unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Support compliance with a legal obligation.
To support compliance with the HIPAA Security Rule, related to the PHI we collect.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

If you wish to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to our Privacy Officer, at 11460 N. Meridian Street, Carmel, IN 46032 or privacyofficer@mydocbill.com.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at the contact information below. We intend to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we need more time (up to another 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

We do not sell your personal information, and do not disclose your PI to third parties for their direct marketing purposes. If that changes, an opt-in notice will be provided to relevant individuals, and this Notice will be amended to describe your rights under California’s Shine the Light law (Civil Code Section § 1798.83).

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

Deny you goods or services.
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
Provide you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

We do not currently offer financial incentives permitted by the CCPA that could result in different prices, rates, or quality levels. If that changes, an opt-in notice will be provided to relevant individuals.

Changes to Our Privacy Policy

We reserve the right to change this privacy policy at our discretion and at any time. When we make changes to this privacy policy, we will post the updated policy on our Websites and update the policy’s effective date. Your continued use of the Websites after we post changes means that you accept the changes.

Contact Information

If you have any questions or comments about this notice, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact our Privacy Officer, at 11460 N. Meridian Street, Carmel, IN 46032 or privacy@zotecpartners.com.

If you have questions regarding your bill, you may contact our Billing Director in writing via email at billing@mydocbill.com. If you have privacy or security concerns, you may contact our Privacy Officer in writing via email at privacy@zotecpartners.com.