Marni Chanoff, MD LLC GDPR Checklist
How do you collect personal data?
We collect information from individuals in any of the following circumstances:
They sign up for a newsletter or other information.
They choose to enroll in one or more of our educational programs.
How and where is this information stored?
We store any personal information in our secured data management software. Patient information is protected health information (“PHI”) under HIPAA and state law and is stored by us in a HIPAA compliant manner.
How is customer information used once it is collected?
For patients: to establish a practitioner-patient relationship with new patients through this website.
For non-patients: to provide them access to our educational programs, newsletters, or other publicly available information. To the extent a non-patient user shares PHI, this is protected in a HIPAA compliant manner.
How is customer information secured?
Visitor and patient information is only stored on private, password and/or access- protected servers or websites. Protected health information is stored in a HIPAA compliant manner.
Is customer data transferred to other organizations or countries?
We do not share customer data or protected health information.
Who in your organization can access the personal data?
Only employees or designated agents of our clinical practice can access personal data.
What Personal Information About Customers do you Collect?
For non-patients: We collect usernames and email addresses
For participants in our educational programs: We collect name, address, email, and telephone information. We may collect protected health information from non-patient participants.
For patients: We receive the protected health information visitors provide to us through this website.
For What Purposes do you Process Its Visitors’ Personal Information?
For non-patients: We use customer information to deliver our educational programs, newsletters or other information.
For patients: We use protected health information to establish a patient-practitioner relationship through this website. Any protected health information is governed by HIPAA compliant privacy terms.
Provide, troubleshoot, and improve our Services: We use customer information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of our website.
Communicate with you. We use customer information to communicate with you about our products and services.
What About Third-Party Advertisers and Links?
We do not currently advertise for any other company or have links to their websites.
What Information Can I Access?
For non-patients: once you enter and upload your information you can no longer access it.
For patients: Patients can at any time access their information to update their information.
What Choices Do I Have?
You will only receive our newsletter or marketing information if you opt-in to receive it. There is an opt-out option on all emails sent by us. Visitors can always contact us directly to request that we delete any of their personal information.
How Long Do We Keep Your Personal Information?
We do not automatically terminate visitor accounts or delete personal information on a set schedule. However, any patient or non-patient may contact us at any time to have their personal information removed from our systems and/or patient records transferred to another healthcare provider.
Contacts, Notices and Revisions
If you have any concern about privacy at our practice or want to contact us about your personal information, please contact us with a detailed explanation and we will try to resolve the issue for you. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. There are also separate HIPAA compliant Privacy Policies that apply to protected health information of patients.