TIK TOK DOC d/b/a
BONELLO CREATIVE GROUP, LLC
I. Health Insurance Portability and Accountability Act (“HIPPA
Title II of HIPAA deals with the privacy and security of electronic healthcare transactions and sets forth the criteria for compliance. It includes five rules of “Administrative Simplification” intended to make healthcare more efficient and medical information more accessible. The Privacy Rule and Security Rule are the two rules related to electronic data communication. HIPAA and the Department of Health and Human Services (“HHS”) define the “covered entities” to which the rules apply as: health plans; health care clearinghouses, such as billing services and community health information systems; and health care providers that transmit healthcare data in electronic form.
BONELLO CREATIVE GROUP, LLC is not a “covered entity” under HIPAA. However, it is a “business associate” of covered entities. Therefore, Bonello Creative Group, LLC may not use or disclose your protected health information (“PHI”) except as provided in its Business Associate Agreement with covered entities, which contains the same (or greater) restrictions on the use and disclosure of your PHI as required under HIPAA and relevant state laws.
The Privacy Rule governs how a patient’s PHI (information about a patient’s health status, treatment, and payment ) is used and disclosed. The Privacy Rule requires covered entities and their business associates to take reasonable steps to ensure confidentiality when using, disclosing, or transmitting your PHI.
 “Protected Health Information” or PHI includes health information that (1) is created or received by a health care provider (or business associate on behalf of a health care provider); (2) is related to your past, present, or future physical or mental health; your receipt of health care; or payment for your health care; and (3) identifies you or could likely be used to identify you.
The Security Rule provides standards for keeping Electronic Protected Health Information (“EPHI”) safe. The EPHI’s section on Technical Safeguards sets forth rules for access to computers and the secure communication of EPHI over public networks to protect it from interception by anyone other than the intended recipient.
Compliance with the Privacy and Security Rules lies with the covered entities who, under 45 C.F.R. 164.312, must “implement technical security measures to guard against unauthorized access to electronic protected health information that is being transmitted over an electronic communications network. As they relate to video conferencing, these measures include a mechanism to authenticate EPHI, a mechanism to encrypt and decrypt EPHI, and policies and procedures to protect EPHI from improper alteration or destruction.
II. How We Collect and Use Information Provided to Us
We collect two types of information: personally identifiable information and non-personally identifiable information, which may include PHI. Personally identifiable information is information that identifies you or can be used to identify or contact you (“Personally Identifiable Information”). We also may collect information that by itself typically cannot be used to identify or contact you, such as demographic information (e.g. age, profession or gender), IP addresses, browser types, domain names, and other anonymous statistical data involving the use of our Services (“Non-Personally Identifiable Information”).
Personally Identifiable Information we collect may include your name, email addresses, postal addresses, ZIP code, telephone number, credit card information, date of birth, gender, age, user name and password, your product preferences, Services you have used and other information either desirable or necessary to provide quality services to our customers and users. We may also collect information about you such as your use of the Services and communication preferences.
To the extent we are able to do so, we may link your Non-Personally Identifiable Information with your Personally Identifiable Information. We may also link information collected online with information we collect offline or that is collected online by third parties.
We may use the information collected from you to provide services which you have requested from us. We may use third-party service providers to send and distribute e-mail and to perform other support functions for the Services. We may use information we collect from you to improve the content of our communications, to enhance users’ experiences when using the Services, and to customize the content and layout of the Services for each individual user.
Cookies, Log Information, Device Identifiers and Metadata:
Log file information may be automatically reported by your browser each time you make a request to access the Services. It can also be provided when the content of the Services is downloaded to your browser or mobile device. When you use our Services, our servers automatically record certain log file information, including your web request, IP address, browser type, referring / exit pages and URLs, the number of clicks and how you interact with links on the Services, domain names, landing pages, pages viewed, and other such information. We may also collect similar information from emails sent to you which then help us track which emails are opened and which links are clicked by recipients. The information allows for more accurate reporting and improvement of the Services.
When you use a mobile device to access the Services, we may access, collect, monitor, store on your device, and/or remotely store one or more “device identifiers.” Device identifiers are small data files or similar data structures stored on or associated with your mobile device, which uniquely identify your mobile device. A device identifier may deliver information to us or to a third party about how you browse and use the Services and may help us or others provide reports or personalized content and ads. Some features of the Services may not function properly if use of device identifiers is impaired or disabled.
Metadata is usually technical data that is associated with user content. Metadata can describe how, when and by whom user content was collected and how that content is formatted. Users can add or may have metadata added to their user content (e.g., geotags), comments or other data. This makes your user content more searchable and more interactive.
Sharing of Personal Information:
We may provide your personal information to service providers or contractors to perform functions on our behalf, such as, but not limited to, companies or individuals hired to: communicate news, communicate on our behalf via e-mail and direct mail, to process credit card payments and to assist us with sending communications and performing other support functions. If you consent, we may use third-party social media platforms, including third-party social media websites, to communicate with you.
We also may share with third parties aggregated demographic and statistical information that is not personally identifiable as permitted under HIPAA and relevant state laws.
When permitted by HIPAA and other applicable privacy laws, we also may disclose an individual’s personal information:
in situations where sharing or disclosing your information is required in order to provide you products or services you requested;
to a third party or parties, when disclosure is required by law;
to any other entity that acquires all or a portion of our organization by merger, reorganization, operation of law, or a sale of some or all of our assets.
in connection with a legal action or other proceeding, including without limitation, in response to a court order or a subpoena.
in response to a law enforcement agency’s request.
Through the Services, we may make available areas that allow for user interaction, including blogs, forums, bulletin boards, chat areas, or other message and communications features. Some of these interactive areas may require registration. Please remember that any information that is disclosed in these areas becomes public information, and you should exercise caution when deciding to disclose your personal information.
We do not knowingly solicit or collect personal information on the Services from children under the age of 13 without prior verifiable parental consent. If we learn that, despite these measures, a child under the age of 13 has submitted personally identifiable information to us through the Services, we will take reasonable measures to delete such information from our records and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required by law).
How We Store Your Information:
We are committed to protecting the security of any personal information you provide to us. We maintain commercially reasonable safeguards to maintain the security and privacy of personal information that you provide to us. After you have submitted your information to us, we recommend that you end your browser session before leaving your computer or mobile device. In spite of these protections, we cannot guarantee the security of any data submitted over the Internet. After your information reaches us, however, it is stored on servers (or in the case of information received from you in person, in writing or over the phone, in physical storage areas) protected by procedures and technology designed to block reasonably foreseeable intrusions by unauthorized third parties.
Following termination or deactivation of your user account, we and our affiliates or service providers may retain information and user content for a commercially reasonable time for backup, archival, and/or audit purposes.
Change of Control:
Opt-Out From Mailings:
From time to time, you may receive periodic mailings, telephone calls or e-mails from us with news or other information on events, products, services, discounts, special promotions, upcoming events or other offers from or on behalf of our company. If at any time you wish to stop receiving emails or mailings from us please send us an email to firstname.lastname@example.org with the phrase “Privacy Opt-out: Tik Tok Doc Mailings” in the subject line, or write to us at the address provided below, and we will remove you from our mailing list. Alternatively, for e-mail communications, you may opt out of receiving such communications by following the unsubscribe instructions set forth at the bottom of most promotional e-mail messages from us.
California Privacy Rights:
If you are a California resident, you have the right to request information from us regarding the manner in which we share certain categories of personal information with third parties for their direct marketing purposes, in addition to the rights set forth above. Under California law, you have the right to send us a request at the designated address listed below to receive the following information:
The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year;
The names and addresses of the third parties that received the information; and
If the nature of the third party’s business cannot be determined from their name, examples of the products or Services marketed.
This information may be provided in a standardized format that is not specific to you. The designated email address for these requests can be found at: email@example.com.
by writing to us at:
Tik Tok Doc
2779 W. Horizon Ridge Pkwy. Suite 207
Henderson, NV 89052
Last Updated: 12/01/2016