Our Services are not intended for or designed to attract children under the age of 18. Moreover, we do not knowingly collect any personal information from anyone under the age of 18 without the consent of a parent or guardian, and you must be 18 years of age or older to submit registration or survey information. Should you believe that a minor of whom you are a parent or guardian has registered, please contact us at operations@JoinMidi.com and we will make reasonable efforts to remove all personal information related to the minor.
You can generally visit the Services without revealing any personal information about yourself. However, to access certain options and services we may ask you to provide certain personal information and without providing such personal information, you may be unable to access certain options and services. The following is a list of information that we may collect from or about you:
In addition, when you request treatment from a Practice or Provider through the Services or services from a Laboratory or Pharmacy, you may share:
The information you provide to a Practice, Provider or Pharmacy through the Services may be protected under applicable federal and state laws applicable to health information, including but not limited to the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, and its implementing regulations, as may be amended from time to time (collectively, “HIPAA”). To the extent applicable, the Practice, Providers and Pharmacies will use and disclose information about you that is protected under such privacy laws only as permitted or required by such laws. The Practice has adopted a NOTICE OF PRIVACY PRACTICES that describes how they use and disclose PHI. By accessing or using any part of the Service, you are acknowledging receipt of the Notice of Privacy Practices from the Practice.
We will not use or disclose PHI or other information about you that is protected under health information privacy laws except on behalf of the Practice, Providers and Pharmacies, or as otherwise permitted by such laws, but we may combine the personal information your share with us through the Services with other information we collect from or about you, both online and offline. We also may combine personal information with records provided by third parties. We use this consolidated information to help us better design our Services, including the selection of Services and Products, to communicate information to you, to enhance our marketing and research activities, and to facilitate other business functions. We also may de-identify PHI in compliance with HIPAA, and use such de-identified data for research or marketing purposes, or any other purpose not prohibited by law.
We may collect information directly from you when you visit, access or use the Services or when you register an account with us. We may also collect information when you purchase a service or any Products available on our Services, submit information to use through a survey, register for in-person or virtual educational or promotional events, communicate with us, or post or submit content on or in the Services.
In addition to the information we collect directly from you, we may also collect information from the Practice and/or Providers who provide treatment and other services you in connection with the Services. This information may include, but is not limited to, diagnoses, treatment plans (including details about the Therapies provided), and notes. We also may receive information from third parties that pay for your care or provide you with treatment or prescription medication, which may include prescription history, insurance policy, insurance eligibility and coverage, and laboratory or other testing results.
Some of the information we collect depends on the settings on your web browser or mobile device. Please check your web browser or mobile device if you want to learn what information your browser or mobile device sends or how to change your settings. In addition to the information sent by your web browser or mobile device, as you navigate through a website or mobile app, certain information can be passively collected (that is, gathered without you actively providing the information) using various technologies and means, such as navigational data collection.
“Cookies” are small text files that are stored on your browser or device by websites, mobile apps, online media and advertisements. There are different types of cookies. Cookies served by the entity that operates the website or app you are visiting or using are called “first party cookies” (so cookies served by us while you are using our Services are first party cookies). Cookies served by companies that are not operating the website or app you are visiting or using are called “third party cookies” (so, we may use a website analytics provider to set a cookie on your computer via our Services while you visit our Services, and that would be a third party cookie). Cookies may also endure for different periods of time. “Session Cookies” last only as long as your browser or app is open. These are deleted automatically once you close your browser or app. Other cookies are “persistent cookies” meaning that they survive after your browser or app is closed (for example, they may recognize your computer when you re-open our online services).
“Local shared objects” (also called Flash cookies or HTML5 cookies) and any other successor technology refers generally to the collection of cookie-like data stored on a browser or computer by websites, ads, or third parties.
“Pixel tags” (also called beacons or pixels) are small blocks of code installed on (or called by) a web page, app or advertisement which can retrieve certain information about your device and browser, including device type, operating system, browser type and version, website visited, time of visit, referring website, IP address, and other similar information (including the small text file (the cookie) that uniquely identifies the device). Pixels provide the means by which third parties can set and read browser cookies from a domain that they do not themselves operate and collect information about visitors to that domain, typically with the permission of the domain owner. “Software Development Kits” (also called SDKs) function like pixels and cookies, but operate in the mobile app context where pixels and cookies cannot always function. The primary app developer can install pieces of code (the SDK) from partners in the app, thereby allowing such partners to collect certain information about user interaction with the app, information about the user device and network information.
We may use the personal information identified above to:
Subject to the limitations described in the Applicability of HIPAA section below, we may share the information we collect from you with the following third parties:
We also may de-identify your information and disclose such de-identified information for any purpose not prohibited by applicable law.
The Services may use social media plugins (e.g., the Facebook “Like” button, ‘“Share to Twitter”‘ button) to enable you to easily share information with others. When you visit the Services, the operator of the social plugin can place a cookie on your computer, enabling that operator to recognize individuals who have previously visited the Services. If you are logged into the social media website (e.g., Facebook, Twitter, Google+) while browsing on our Services, the social plugins allow that social media website to receive information that you have visited our Services. The social plugins also allow the social media website to share information about your activities on our Services with other users of their social media website. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allow you to see your friends’ Facebook activity on our Services. We do not control any of the content from the social media plugins. For more information about social plugins from other social media websites you should refer to those sites’ privacy and data sharing statements.
Midi may retain your information for as long as it believes necessary, including as long as necessary to comply with applicable law, resolve disputes or enforce its agreements, and/or as long as needed to provide you with the Services. Midi may dispose or delete such information at any time, except as set forth in any agreement entered into by Midi, or as required by law.
Similarly, the Practice and Providers may retain your information for as long as they believe necessary, including as long as necessary to comply with applicable law, resolve disputes or enforce their agreements, and/or as long as needed to provide you with the Services. The Practice and Providers may dispose or delete such information at any time, except as set forth in any agreement entered into by Midi, or as required by law.
In the event we retain and use personal information for purposes not covered by the original notice, we will provide you with additional notice.
As described in our Terms of Service, Midi does not engage in the practice of medicine and is not a health care provider or a "covered entity" as defined by HIPAA. The Laboratories, Pharmacies, Practice and its Providers each may be considered a "covered entity" under HIPAA, and Midi may, in some cases, may also be a "business associate" of a Practice or Provider. If Midi is deemed a "business associate," we will be subject to additional protections with respect to your "protected health information," as defined under HIPAA (“PHI”), or other state laws. Your PHI will be used and disclosed only in accordance with such applicable laws and regulations.
We may employ procedural and technological security measures, consistent with industry practice. Such measures are reasonably designed to protect your personal information from loss, unauthorized access, disclosure, alteration or destruction. We may use encryption, password protection, secure socket layers, internal restrictions and other security measures to help prevent unauthorized access to your personal information. However, you provide your information to us at your own risk. We cannot guarantee that your data will not be lost, accessed without authorization, disclosed, altered, or destroyed.
If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by certain members of Midi to third parties for the third parties’ direct marketing purposes. To make such a request, please send an email to operations@JoinMidi.com with the title “Shine the Light''.
Because of the changing state of technology and indecision within the industry regarding the meaning of DNT signals, we currently do not make any guarantee that we will honor DNT signals.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at operations@JoinMidi.com