Privacy Policy

MAGNOLIA REGIONAL HEALTH CENTER
Corinth, Mississippi
IM House-wide Policy and Procedure
INFORMATION SYSTEM DIGITAL PRIVACY POLICY
Policy #IM_IT.EX.006
HIPAA: 45 C.F.R. §§ 164.308
TJC: 02.01.03
PCI DSS
NIST Cybersecurity Framework: ID-Governance

PURPOSE:

Magnolia Regional Health Center (‘MRHC’, ‘we’, ‘our’, or ‘us’) values the privacy of our patients, faculty, employees, visitors, and others who interact with the Organization. We owe it to those we serve to handle their information securely and appropriately. MRHC promotes an
organizational culture that provides oversight and leadership to MRHC faculty and staff so they may conduct operations and activities to provide a reasonable expectation of privacy. MRHC complies with applicable federal and state laws, and MRHC policies and procedures, for
the collection, use, disclosure, retention, and disposition of personal information. This Privacy Policy (‘Policy’) describes Magnolia Regional Health Center’s policies on the collection, use, and disclosure of information in connection with use of any part of MRHC digital services, including websites, mobile applications (if applicable), and/or online or mobileenabled technology, digital tools and/or any data available there (collectively, referred to below as the ‘Digital Services’). When you use MRHC Digital Services, you consent to our collection, use, disclosure, and protection of information as described in this Privacy Policy. BY ACCESSING OR USING MRHC DIGITAL SERVICES, YOU AGREE TO THIS POLICY. IF YOU DO NOT AGREE TO THIS POLICY, YOU MAY NOT USE MRHC DIGITAL SERVICES. If you access or use MRHC Digital Services you bind yourself and, to the extent allowed, your Institution, to this Privacy Policy, and your acceptance of said Privacy Policy will be deemed an acceptance by that entity, and ‘you’ and ‘your’ herein shall refer to that entity as well as you.
This Policy does not apply to information collected from you either offline or through websites and other online services that do not display or link to this Policy, including third-party websites to which our online services may link, or information that would be considered “Protected Health Information” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). MRHC’s use and disclosure of Protected Health Information is set forth in the Notice of Privacy Practices.

POLICY:

1. Information We Collect

a. MRHC collects and stores information about you in multiple ways. For example, MRHC may collect information that is provided to us, information that is automatically collected through your use of Digital Services, and information from publicly available sources or non-affiliated third parties.

2. Information You Provide to Us

a. When using Digital Services, you may be invited to provide or upload information that MRHC may access. For example, MRHC may collect the following illustrative (but not exhaustive) types of information when you use

Digital Services:

i. Name, company or organization name, title, address, telephone number, and email address; ii. Information supporting accounts associated with MRHC (e.g., information within your MRHC account);

iii. Any forms you fill out on or submit through Digital Services;

iv. Communications with MRHC through Digital Services (e.g., MRHC
support chat or email); or

v. Any other information that you choose to provide and/or upload to MRHC
through Digital Services.

b. Additionally, you may also provide certain financial account information to MRHC and/or payment processors to make a payment, including bank account and/or credit card information. This information is collected and stored by the payment processing partners. We do not access, store or collect your financial account or credit card information.

c. When you choose to include a photo or video in a message you send to MRHC using our Digital Services, you may select an existing photo or video from your device or take a new photo or video using the camera app on your device. If you use the camera app on your device to take a new photo or video, it will be saved to your camera app. Any photo or video saved to your camera app remains
available in your camera app until you choose to delete it.

d. If you participate in a Digital Services telehealth visit we ask for permission to access your device’s video and audio. We do not record or store video of audio data from these visits.

e. MRHC Digital Services may interact with your microphone only if you choose to use your microphone to dictate within MRHC mobile apps.

3. Information that is Collected Automatically and/or Passively

a. In addition to the information provided to MRHC directly, MRHC may automatically collect information about your use of Digital Services as follows:

i. Device/Usage Information. When you access or use Digital Services, MRHC may collect and analyze information such as your IP address, browser types, browser language, operating system, the state or country from which you accessed Digital Services, software and hardware attributes (including device types and IDs), referring and exit pages and URLS, platform type, connection type (cellular or WI-FI), the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the terms you use in searches on our sites, the date and time of access to Digital Services, uploaded content (such as User Data), error logs, and other similar information. MRHC uses this information (including the information collected by our third-party service providers) to make Digital Services better (including to determine which portions of Digital Services are used most frequently and what Users like or do not like).

ii. Emails. If you receives an email from MRHC, MRHC may collect information related to whether the email was opened, and information describing interactions with the email, including but not limited to which content was viewed.

iii. Device Location. When you access or use Digital Services, MRHC may collect and analyze location-based functionality to find healthcare providers and services near you. You may choose to allow our Digital Services to interact with your location data for those purposes. We do not store your location data.

4. Information from Third-Party Sources

a. Cookies and Other Technologies – MRHC and our third-party service providers may use cookies and other technologies that help MRHC better understand user behavior, personalize preferences, and perform research and analytics for improving the services we provide. Most web browsers automatically accept cookies, but the browser may allow you to modify browser settings to decline certain cookies if preferred. Disabling cookies may prevent you from accessing or taking full advantage of Digital Services. To learn more about cookies, please visit https://www.allaboutcookies.org/.

b. Web Logs – In conjunction with the gathering of data through cookies, Web servers may log records such as device type, operating system type, device advertising identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where the device is located. The Web server logs also may record the address of the Web page that referred you to Digital Services, the IP address (and associated city and state or province for the IP address) of the device used to connect to the Internet, and data about interactions with Digital Services such as which pages were visited.

c. Online Analytics – MRHC may use third-party web analytics services, such as those provided by Google Analytics. These service providers use cookies and other technologies to help analyze how MRHC’s digital services are used and provide tutorials and support to Users within Digital Services. The information collected by these services will be disclosed to or collected directly by these service providers. To request prevent Google Analytics from using your information for analytics, a user may consult the following: https://tools.google.com/dlpage/gaoptout.

5. Mobile Health App Disclosure

a. MRHC mobile apps access, collect, use, and share your information (including video, audio, images, files) as stated in the section titled, “How We Use the Information We Collect.” MRHC also prominently highlights these uses, describes the type of data being accessed, and obtains your consent for these purposes as you use our mobile apps.

b. MRHC mobile apps were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information on file with your healthcare organization. Your healthcare organization may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our mobile apps. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information
relating to other conditions, services, tests, or vaccinations.

6. How We Use the Information We Collect

a. We may use your information for any of the following reasons:

i. For the purposes for which you provide it;

ii. To enable use of Digital Services, including application evaluation for access to Digital Services, registering a Digital Services account, and verifying identity and authority to use Digital Services;

iii. For customer support and to respond to your inquiries;

iv. For internal recordkeeping purposes;

v. To analyze, improve and maintain Digital Services and product
development;

vi. To address fraud or safety concerns, or to investigate complaints or
suspected fraud or wrongdoing;

vii. To provide a personalized experience on Digital Services;

viii. To contact you with information about your use of Digital Services;

ix. To provide location-based functionality for locating healthcare providers
near you;

x. For other research and analytical purposes; and

xi. To protect, enforce, or defend the legal rights, privacy, safety, security, or property of MRHC, its employees, agents, or other users, and to comply with applicable law.

b. We may combine information that we collect from you through Digital Services with information that we obtain from affiliated and non-affiliated third parties, and information derived for any other products or Platforms we provide.

c. We may aggregate and/or de-identify information collected through Digital Services. We may use de-identified or aggregated data for any purpose, including without limitation for research and marketing purposes and may also share such data with third parties.

7. How We Share Information

a. Affiliates and Partners. We may share information with our affiliates. Information may also be available to a Digital Services Partner, such as Microsoft Azure or MEDITECH, as described in its privacy policies and terms. See
https://azure.microsoft.com/en-us/support/legal/ and
https://home.meditech.com/en/d/mobileappssupport/pages/mhealthprivacy.htm

b. Service Providers. We may share information with third parties that help operate our business and provide services, such as contractors that provide technology, services, data, or content.

c. Other Parties When Required by Law or as Necessary to Protect Our Users and Digital Services. We may share information when we believe that doing so is necessary to protect, enforce, or defend the legal rights, privacy, safety, or property of MRHC, our employees, agents, users, or to comply with applicable law or legal process, including responding to requests from public and
government authorities.

d. Aggregated or De-Identified Information. We may share aggregated or deidentified data without restriction.

e. Otherwise with Your Consent or at Your Direction. In addition to the sharing described in this Policy, we may share information with third parties you consent to or direct such sharing.

8. Privacy and Security

a. Children’s Privacy. As defined by the Children’s Online Privacy Protection Act of 1998, we do not knowingly collect and will, upon detection, delete any personal information collected on MRHC Digital Services directly from children under the age of 13 without parental consent, unless otherwise permitted by law.

b. Security. We employ administrative, technical, and physical security measures to help protect information from unauthorized access. These measures vary depending on the sensitivity of the information we have collected. However, no method of transmission over the Internet or via mobile device, or method of electronic storage, is absolutely secure. Therefore, while we strive to use
commercially acceptable means to protect your information, we cannot and do not guarantee its protection.

c. Third Party Links and Services. MRHC Digital Services may contain links to third-party websites or services. MRHC is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and other information will be subject to the privacy policies of the third party websites or services, and not this Policy. We urge you to read the privacy and security policies of these third parties.

DATE ISSUED: 4/4/2023