Zotec Partners, LLC (collectively, “we,” “our,” or “us”) is committed to protecting your privacy. This policy applies to information we collect through Zotecpartners.com, including any services offered on or through MyDocBill.com (the “Patient Portal”) and Zotec’s provider support pages (the “Provider Support Pages”), which can be accessed through zotecpartners.com/provider-login/ (the “Provider Portal”) (collectively, our “Websites”).
If you are a patient of one of Zotec’s healthcare provider clients, you can use our Patient Portal, available through MyDocBill.com, to get a copy of your healthcare bills and billing history, update your insurance information, and pay your healthcare bills. In order to provide these services, we must collect and maintain certain personal information about you.
If you are one of Zotec’s healthcare provider clients (a “Client”), you can use our Provider Support Pages, available through the Provider Portal, to upload documents and input information required to process payment for the provision of healthcare, including personal information about your patients.
Whether you are a Client or a Client’s patient, we may collect several types of information from and about you when you use our Websites, including information (collectively, “personal information”):
We may collect this information:
Some of the information we collect is collected for security purposes to support compliance with the HIPAA Security Rule and Payment Card Industry Data Security Standards (PCI-DSS), for fraud prevention purposes, and for analytics and marketing purposes to research the effectiveness of our Websites and understand our users’ preferences.
We may use the information that we collect about you or that you provide to us, including any personal information and/or PHI:
We may disclose aggregated information about users of our Websites, and information that does not identify any individual user.
We do not sell personal information or PHI to third parties. Subject to compliance with applicable laws and any agreements we may have with your provider, we may disclose personal information or PHI to third parties in the following ways:
We understand the importance of keeping personal information safe and secure. We take reasonable measures to protect the information we collect from you. However, the transmission of information via the internet is not, and cannot be made, completely secure. We cannot and do not guarantee, ensure, or warrant that personal information will be completely secure from misappropriation by hackers or from other bad actors or criminals, or from the failure of computer hardware, software, or telecommunications networks. You will be notified, as required by law, if we discover a security breach involving your personal information (as defined by the applicable state and federal laws) processed by us.
Children Under the Age of 13
Our Websites are not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on the Websites or through any of its features. If we learn we have collected or received personal information from a child under 13 without parental consent, we will delete that information.
CALIFORNIA CONSUMER PRIVACY ACT – PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
As the operators of the Websites we take your privacy seriously. This section is our Privacy Notice for California Residents (“Notice”) and applies to visitors, users, and others who reside in the State of California (“consumers” or “you/your”) and use our Websites. This notice is provided to comply with the California Consumer Privacy Act of 2018 (“CCPA”); any terms defined in the CCPA have the same meaning when used in this Notice. This Notice does not apply to employment-related personal information collected from California-based employees, job applicants, contractors, or similar individuals.
As outlined above, patients can use our Patient Portal to get a copy of their healthcare bills and billing history, update their insurance information, and pay their healthcare bills. In order to provide these services, we must collect personal information (“PI”) from and about our healthcare providers’ patients. Most of the personal information we collect about consumers is PHI that we receive from our Clients – or from you, when you use the Portal – for payment/billing purposes.
What is PI? The CCPA defines “personal information” as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be directly or indirectly linked with a particular consumer or household.
What is Not Considered PI: Under the CCPA, PI does not include:
The CCPA requires that we describe certain categories of PI to you, provide examples, and state whether we have collected that information in the last twelve (12) months. Because PHI is already subject to and protected by HIPAA, HITECH, and their implementing regulations, the CCPA does not apply to PHI. For information about how your provider uses or discloses your PHI, your provider’s legal duties with respect to your PHI and your rights with respect to your PHI and how you may exercise them, please consult your provider’s Notice of Privacy Practices. If you have questions about this, please contact us so we can explain.
Example: Your healthcare provider (a HIPAA “covered entity”) discloses billing information to us as its HIPAA “business associate” so that we can provide services through the Patient Portal. The billing information contains “Category B” information (such as your name, address, and health insurance information) and “Category C” information (such as your age, sex, and medical condition). Because this information is PHI in this context, it is covered by your healthcare provider’s HIPAA Notice of Privacy Practices and protected by us as a Business Associate of your provider; however, in attempt to avoid confusion in this Notice, we disclose all information collected, including PHI.
Personal Information We Collect That Is Not PHI
|Category||Examples||Do we collect?|
|A. Identifiers||Internet Protocol address||Yes|
|B. Personal information categories listed in the CaliforniaCustomer Recordsstatute (Cal. Civ. Code§ 1798.80(e)).||Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.||Yes|
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||Yes|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No|
|E. Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||No|
|F. Internet or other similar network activity||Browsing history, information on a consumer’s interaction with the Websites.||Yes|
|G. Geolocation data||Physical location or movements||No|
|H. Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information||No|
|I. Professional or employment- related information||Current or past job history or performance evaluations||No|
|J. Non-public education information (per the Family Educational Rights and Privacy Act ((20U.S.C. Section 1232g,34 C.F.R. Part 99))||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|K. Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
We obtain the “Yes” categories of PI listed above both directly from you (for example, when you log in to the Portal) and indirectly from you (for example, by observing and logging the records you access through the Portal).
We do not sell your PI. We may use or disclose the PI we collect for one or more of the purposes listed in the Disclosure of Personal Information section above.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
As outlined in the How We Use Personal Information and Disclosure of Personal Information sections above, we may disclose your personal information to a third-party service provider (such as an IT provider) for a business purpose, subject to appropriate confidentiality provisions, including prohibiting the third-party from using the disclosed information for any purpose except to perform the services for us. We may also disclose your PI as permitted or required by law as follows:
Disclosures of Personal Information for a Business Purpose
In the past twelve (12) months, subject to compliance with applicable laws and any agreements we may have with your provider, we have disclosed the following categories of personal information to service providers for a business purpose:
Sales of Personal Information
In the past twelve (12) months, we have not sold personal information.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete your personal information from our records (and direct our service providers to do the same), unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
Exercising Access, Data Portability, and Deletion Rights
If you wish to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to our Privacy Officer, at 11460 N. Meridian Street, Carmel, IN 46032 or firstname.lastname@example.org.
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at the contact information below. We intend to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we need more time (up to another 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
We do not sell your personal information, and do not disclose your PI to third parties for their direct marketing purposes. If that changes, an opt-in notice will be provided to relevant individuals, and this Notice will be amended to describe your rights under California’s Shine the Light law (Civil Code Section § 1798.83).
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
We do not currently offer financial incentives permitted by the CCPA that could result in different prices, rates, or quality levels. If that changes, an opt-in notice will be provided to relevant individuals.
If you have any questions or comments about this notice, the ways in which we collect and use your information described here, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact our Privacy Officer, at 11460 N. Meridian Street, Carmel, IN 46032 or email@example.com.
If you have questions regarding your bill, you may contact our Billing Director in writing via email at firstname.lastname@example.org. If you have privacy or security concerns, you may contact our Privacy Officer in writing via email at email@example.com.