Voafit Privacy Policy

Effective Date: September 18, 2023.

Voafit, a service provided by Dr. Justl Ellis MD ("Voafit," "us," "we," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you access or use our website ("Website") and services ("Services"). By using our Website and Services, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1. Personal Information: We may collect personal information when you register for an account, subscribe to our Services, or contact us. This may include your name, email address, phone number, and billing information.

1.2. Usage Information: We automatically collect information about your interaction with our Website and Services. This may include your IP address, device information, browser type, and pages visited.

2. How We Use Your Information

2.1. Provide Services: We use your personal information to deliver and manage our Services, including processing payments, sending notifications, and providing customer support.

2.2. Improve Services: We analyze usage data to improve our Website and Services, enhance user experiences, and develop new features.

2.3. Communications: We may use your contact information to send you service-related announcements, updates, and promotional material. You can opt out of receiving promotional emails at any time.

3. Data Security

3.1. We take reasonable measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. However, no data transmission over the internet or electronic storage method is entirely secure. Therefore, we cannot guarantee the absolute security of your data.

4. Sharing of Information

4.1. We may share your personal information with trusted third parties, including payment processors, service providers, and partners, to fulfill our Services. We do not sell or rent your personal information to third parties.

4.2. We may disclose your information to comply with legal obligations, enforce our Terms and Conditions, protect our rights, privacy, safety, or property, and respond to lawful requests from public authorities.

5. Cookies and Tracking Technologies

5.1. We use cookies and similar tracking technologies to collect information about your interaction with our Website. You can control cookies through your browser settings, but disabling cookies may limit your ability to use some features of our Website.

6. Changes to this Privacy Policy

6.1. We may update this Privacy Policy from time to time. The most current version will be posted on our Website with the effective date. Your continued use of our Website and Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

7. Contact Us

7.1. For any questions or concerns about this Privacy Policy or our data practices, please contact Jason McOlgan (practice administrator) at admin@voafit.com.

Thank you for choosing Voafit and entrusting us with your personal information.

ADDENDUM: AMENDMENTS RELATED TO HIPAA COMPLIANCE
Effective Date: June 8th, 2023.

PURPOSE

To ensure Voafit maintains compliance with the Health Insurance Portability and Accountability Act (HIPAA) when delivering healthcare services via telemedicine, protecting the privacy and security of patients’ protected health information (PHI).

I. DEFINITIONS

  • PHI (Protected Health Information): Any individually identifiable health information transmitted or maintained in any form (electronic, paper, oral).

  • Covered Entity: Voafit, as a healthcare provider transmitting health information electronically.

  • Business Associate: Any third party that handles PHI on behalf of Voafit (e.g., cloud storage, video platforms, billing services).

  • Telemedicine: The remote diagnosis and treatment of patients through telecommunications technology.

II. PRIVACY RULE COMPLIANCE

  1. Minimum Necessary Standard:
    Voafit workforce members must only access the minimum necessary PHI to perform their duties.

  2. Notice of Privacy Practices:
    Voafit must provide a HIPAA-compliant privacy notice to patients outlining their rights and how their PHI is used.

  3. Patient Rights:

    • Right to access medical records.

    • Right to request amendment of incorrect data.

    • Right to request restrictions on disclosure.

    • Right to an accounting of disclosures.

  4. Consent and Authorization:
    Patients must provide consent for treatment and authorization for any use of PHI outside of treatment, payment, and healthcare operations.

III. SECURITY RULE COMPLIANCE

A. Administrative Safeguards

  • Assign a Privacy Officer and Security Officer.

  • Conduct annual HIPAA training for all staff.

  • Perform risk assessments and maintain documentation.

  • Establish policies for incident response, workforce sanctions, and data access control.

B. Physical Safeguards

  • Ensure workstations used for telemedicine are in secure areas.

  • Limit physical access to areas where PHI is stored or accessed.

  • Implement access control for mobile devices used in telehealth delivery.

C. Technical Safeguards

  • Use end-to-end encrypted video conferencing platforms (e.g., Zoom for Healthcare, Doxy.me with BAA).

  • Require unique user IDs, strong passwords, and automatic logoff features.

  • Ensure data at rest and in transit is encrypted.

  • Utilize audit controls to log access to PHI.

IV. BUSINESS ASSOCIATE AGREEMENTS (BAAs)

Voafit must execute BAAs with all vendors handling PHI, including:

  • Telehealth platforms

  • Cloud storage providers

  • EHR systems

  • Payment processors

Each BAA must outline the responsibilities of the business associate to safeguard PHI in accordance with HIPAA.

V. BREACH NOTIFICATION RULE

In the event of a data breach involving PHI:

  1. Notify affected individuals within 60 days.

  2. Notify the HHS Office for Civil Rights (OCR).

  3. Notify the media if breach affects 500 or more individuals.

  4. Maintain a log of breaches affecting fewer than 500 individuals and report them annually.

VI. TELEHEALTH-SPECIFIC CONSIDERATIONS

  • Obtain informed consent for telehealth from each patient.

  • Ensure video and audio communications are conducted via HIPAA-compliant platforms.

  • Verify patient identity at the beginning of each visit.

  • Document each telemedicine encounter in the EHR just as with in-person visits.

  • Limit telehealth sessions to private, secure locations on both ends.

VII. TRAINING & ENFORCEMENT

  • All Voafit staff must undergo HIPAA and telemedicine compliance training upon hire and annually.

  • Regular audits and reviews of systems and procedures must be conducted.

  • Violations may result in disciplinary action, up to and including termination.

VIII. UPDATES & REVIEW

This guideline will be reviewed and updated annually or whenever significant changes to regulations or technologies occur.