MyElixir Privacy Policy

Effective Date: 2024-09-12

Introduction

MyElixir is committed to protecting the privacy and security of your personal information, including your Protected Health Information (PHI), as required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services. It also describes your rights and the choices available to you regarding your information, particularly in relation to the monetization of de-identified data and the use of third-party machine learning models.

Information We Collect

We collect the following types of information:

  • Personal Information: Includes your name, email address, phone number, and any other information you provide when registering for our services.
  • Protected Health Information (PHI): Includes medical records, treatment information, and other health-related data that you share with us or that we obtain from your healthcare providers.
  • De-Identified Data: We may de-identify your PHI by removing personal identifiers so that the information cannot be traced back to you. This de-identified data is used for research, analysis, and may be monetized if you opt-in.

How We Use Your Information

  • Providing Services: We use your PHI to deliver, manage, and enhance our services, including the secure exchange of health data with your healthcare providers who use MyElixir as an EHR.
  • Monetization of De-Identified Data: If you opt-in, we may share de-identified data with third parties such as pharmaceutical companies, research institutions, and healthcare analytics companies. This data cannot be linked back to you and is used to drive medical research and innovation.
  • Third-Party Machine Learning Models: With your consent, we may share de-identified data with third-party machine learning model providers to generate insights, predictions, or diagnoses. These models can be accessed through our platform, and you may choose to pay for their use. All data shared with these models remains de-identified unless you opt to re-identify it for specific purposes.

How We Share Your Information

  • With Your Consent: We share your PHI or personal data with third parties only with your explicit consent or as required by law.
  • Healthcare Providers: We share your PHI with healthcare providers who use MyElixir as an EHR, facilitating secure and compliant data exchange.
  • Business Associates: We may disclose your PHI to third-party service providers (business associates) who perform functions on our behalf, provided they agree to protect your information in compliance with HIPAA regulations.
  • De-Identified Data: De-identified data may be shared with research partners, commercial entities, or used in aggregated reports that benefit public health initiatives. This data cannot be traced back to you.
  • Legal Requirements: We may disclose your PHI or other information when required to do so by law, such as in response to a court order or subpoena.

How We Protect Your Information

We employ a variety of security measures to ensure the protection of your data:

  • Technical Safeguards: We use encryption, access controls, secure communication channels, and regular security audits to protect PHI during transmission and storage.
  • Physical Safeguards: Our facilities have secure access controls, surveillance, and strict entry policies to prevent unauthorized access.
  • Administrative Safeguards: We train our employees regularly on HIPAA requirements and best practices for handling PHI and de-identified data.

Your Rights

  • Access: You have the right to access and receive a copy of your PHI that we maintain.
  • Amendment: You may request corrections to your PHI if you believe it is inaccurate or incomplete.
  • Opt-Out: You have the right to opt-out of data sharing for monetization purposes at any time. Opting out does not affect your access to our core services.
  • Disclosure Accounting: You have the right to request a record of disclosures of your PHI made by MyElixir, except those made for treatment, payment, or healthcare operations.
  • Restriction Request: You may request restrictions on certain uses or disclosures of your PHI.
  • Confidential Communications: You may request that we communicate with you using alternative means or at alternative locations.

Breach Notification

In the event of a breach involving your PHI, MyElixir will promptly notify you, the Department of Health and Human Services (HHS), and, if required, the media, in compliance with HIPAA regulations.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. Any changes will be posted on our website, and the effective date will be updated accordingly. Your continued use of our services after the posting of changes constitutes your acceptance of those changes.

Contact Information

If you have any questions about this Privacy Policy or your privacy rights, please contact us at:

Email: info@myelixir.ai
Phone: (425)213-3001

Acceptance of This Policy

By using our services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.