Privacy and Security Statement

This statement discloses the privacy and security practices for the LUMEDX Corporation ("LUMEDX") and its Web site property "LUMEDX.com": these enterprises will be collectively referred to as "the Site" throughout this document.

This Privacy and Security Statement applies solely to information collected by LUMEDX and its Web site properties. Use of any LUMEDX Site constitutes acceptance of the provisions of this Privacy and Security Statement, as well as our Terms and Conditions of Use; continued usage after changes are posted constitutes acceptance of each revised Privacy and Security Statement and Terms and Conditions of Use. If you do not agree to the terms of this statement or any revised policy, please exit the Site immediately.

Through this document you will be informed of the following:

General Terms and Conditions

Links
This Site contains links to other Web sites. Please be aware that LUMEDX is not responsible for the privacy practices of other sites. If you link to a third-party site from a LUMEDX site, any information you disclose on that site is not subject to the LUMEDX Privacy and Security Statement.

Public Information
Please remember that any information (including personal and medical information) that you disclose in a public area (such as a bulletin board or chat room) becomes public information. This information is not subject to the LUMEDX Privacy and Security Statement, as it will be seen by third parties not affiliated with LUMEDX. Please be warned that public information may be used by third parties for solicitations, or for unauthorized and otherwise nefarious purposes.

Notification of Changes
LUMEDX may change this Privacy and Security Statement at any time by posting revisions on its Site(s). We will post a notice on the Home page(s) informing clients and visitors that revisions have been made.

If, at any point, we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will send notifications via e-mail. Clients will have a choice as to whether or not their information is used in a different manner. We will use information in accordance with the Privacy and Security Statement under which the information was collected.

Personally Identifiable Information
Personally identifiable information refers to any individually identifiable health information that has been electronically transmitted to our Site and identifies you as a user; it also applies to situations where there is a reasonable basis to believe that the information can be used to identify you or contact you.

Access to Personally Identifiable Information
Please note that you are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to any password or identifier necessary to access your personally identifiable information. It is your sole responsibility to authorize, monitor, and control access to and use of this information, including notifying all appropriate parties of any need to deactivate and/or change a password or identifier.

You grant LUMEDX and all other persons or entities involved in the operation of the Site the right to receive, transmit, monitor, retrieve, store, and use your personally identifiable information as described in this Privacy and Security Statement--including information that may be privileged and confidential under applicable state and federal laws. LUMEDX cannot and does not assume any responsibility or liability for any information you submit to the Site, or your or any third parties' use or misuse of information transmitted or received.

1. What Personally Identifiable Information is Collected

LUMEDX collects personally identifiable information in the following areas: Web Site Registration, Applications or Services Registration, Applications or Services Information Storage Databases, Ordering or Billing Forms, Surveys and Polls, and any contacts with our marketing division or our webmaster.

Required information on all registration, ordering and billing forms is indicated by an asterisk (*);all other information is optional. For information storage databases, you and/or your health care provider, institution, or organization shall determine the appropriate information for collection.

Web Site Registration
To allow LUMEDX to provide customized services, we recommend that our customers register with us by completing our registration form. The form contains demographic contact information (such as user name and e-mail address) that is required, as well as password information. In general, contact information is only used to inform clients of new services.

Additional information requests include name (required for authentication prior to gaining access to electronic medical records [EMRs]), address, and health care role (required to gain premium access: users are identified by role to receive appropriate EMR access. The default role is patient [general user]). By retaining and guarding this information, LUMEDX is able to provide a more personalized experience for its clients.

Applications or Service Registration
Additional personally identifiable information is collected when you register or agree to allow your health care provider, institution, or organization to register you for our enhanced health care Applications or Services. Registration includes demographic information, such as first/last name, address and email as well as unique identifiers such as user name and password. Shared access to personal medical information and EMRs will also require Social Security numbers.

Social Security Numbers (SSNs) are only required when registering with a participating hospital. The SSN is used with the medical record number and the authentication PIN to match a patient with a record; for physicians, we require a UPIN if they are registering with a participating hospital. This method is used to make the match with the appropriate records in the hospital database.

All users who register with a participating hospital generate a PIN with registration; the hospital administrator has secure access to the PIN numbers. The hospital is responsible for authenticating the user and distributing the PIN. The user then logs on and enters the PIN to complete the registration. Users have access immediately to content, but the PIN is required to gain access to specific applications.

Information Storage Databases
Personally identifiable information (PIN) is collected indirectly from you (for example, from your health care provider's notes about a procedure performed on you) through use of our information storage services databases. You and/or your health care provider, institution, or organization determines the specific information collected through the use of our Charts, DataGuide, and Applications features. Access to these services is only granted by means of valid passwords and/or other security identifiers and other previously mentioned measures.

Ordering or Billing Forms
When you purchase a LUMEDX product, we will request information on our order/billing form, such as contact information (e.g., name and shipping address), and financial information (e.g., credit card number/expiration date). This information is used for billing purposes, to fill orders, and to contact you in case there is a problem in processing an order.

2. Who Collects the Information and How?

LUMEDX collects information from you at four points on our Web site: Registration, Cookies, Log Files, and Information Storage Databases. LUMEDX collects information on its sites and is the sole owner of the aggregated data. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement.

Registration
Using the registration information you provide, we develop a profile to help customize your service needs. Profiles are used to facilitate a more personalized experience on the Site. We do not share profile information with our partners or other third parties.

Cookies
LUMEDX also collects information through the use of Cookies files. "Cookies" are small computer files that contain pieces of data about you and are stored on your computer's hard drive. They contain information about your use of our Site and allow us to know how often you visit our Site. Use of a cookie is in no way linked to any personally identifiable information. If you reject the cookie, you may still use our Site: however, your use of the Site may be limited in some areas.

Some of our partners, sponsors, and advertisers may also use cookies when you select (click on) their logo or advertisement. However, we have no access to, or control over these cookies or the information third parties may gather.

Log Files
LUMEDX also collects information for aggregate use from IP addresses. This information is used to analyze trends, administer the site, track user movement, and gather broad demographic information. IP addresses are not linked to personally identifiable information.

Information Storage Databases
LUMEDX collects information in our information storage databases as well. You and/or your health care provider, institution, or organization determines the specific ways in which the data is collected and then re-assembled to create your health care records. Access to these databases is only by means of valid passwords and/or other security identifiers and measures. We may create aggregate databases that contain identifiable information: however, no attempt will be made to re-identify or re-assemble the data to create personally identifiable information.

3. How the Information is Used

You and/or your health care provider, institution, or organization determines the specific ways in which information in the information storage databases is used in the management of your medical records.

LUMEDX may create aggregate databases from the information collected from log files and/or information storage databases. These aggregate databases contain de-identifiable information, and no attempt will be made to re-identify or re-assemble the data to create personally identifiable information.

4. Information Shared with Third Parties

As allowed by the Health Insurance Portability and Accountability Act (HIPAA), LUMEDX may share personally identifiable information with third parties under the following circumstances:

  • For treatment, payment, and health care operations;
  • For specific public and public policy-related purposes;
  • When required by law.

To the extent permitted by our Business Associate Agreements, we may share non-personal, non-identifiable, summary, and/or aggregate data with our partners and other third parties. However, we will not disclose any information we gather from you which could be used to identify or contact you.

If you use the Site for ordering or billing purposes, you authorized us to share names and other contact information that is necessary for the third parties we contract for order processing. These third parties are not allowed to use your personally identifiable information, except for the purpose of providing specific services.

LUMEDX will make all reasonable efforts not to use or disclose more than the minimum amount of personal information necessary to accomplish the intended purpose of the use or disclosure, taking into consideration practical and technological limitations.

5. What Choices are Available to You

Opt-In/Opt-Out

We will send you a welcoming e-mail to verify your password and username. We may also occasionally send information about new products, services, and the like.

We provide you the ability to "opt-in" or receive communications from us at the point where we request information about you in our registration process, as well as at other points where information is requested.

We also provide you with the ability to "opt-out" of receiving communications from us. Should you decide to remove your registration information from our database, not receive future communications, or no longer receive our service, reply to the e-mail by putting "Unsubscribe" in the subject line of the e-mail (See "How to Contact Us" below.)

6. The Security Procedures We Use and How Your Privacy is Protected

LUMEDX wants your information to remain as secure as possible, and we take every precaution to protect your information. We have administrative procedures in place, physical safeguards, and technical security services and mechanisms that conform to the latest industry standards. LUMEDX employs multiple levels of data security, including the latest and most current version of Secure Socket Layer ("SSL") data encryption, database encryption, and physical server-site security. We also incorporate the 128-bit SSL Internet Standard developed to ensure private and authenticated communication by encrypting all data transmitted between parties.

Information is stored in a secured database that is field-level encrypted and includes video surveillance cameras-as well as motion, temperature, and vibration detectors as part of the security. Access to the database is also protected by physical plant security. Our database IP is accessible only through our applications and not visible over the Internet. Our server suite is continuously monitored for network intrusion, and our security systems are tested internally and externally against unauthorized entry.

Only authorized LUMEDX staff are permitted to access your information, and only when specific job functions are needed. All LUMEDX staff must abide by our Privacy and Security Statement, as well as our internal privacy and security policies and procedures.

7. How to Update and Correct Your Information

At any time, you may:

  • Update and/or correct personally identifiable information that you have furnished to LUMEDX;
  • Inform us that you no longer desire our service, or specific services.

To do so, e-mail the information you want updated and/or changed to the Webmaster at the appropriate site. Please allow up to five (5) business days for changes to be made. You may contact our webmasters through the following links:

Reminder: Any communications you send to this Site by electronic mail (e-mail) or other electronic means are on a non-confidential basis.

8. How to Contact Us

You may contact us at:
LUMEDX Corporation
555 12th Street, Suite 2060
Oakland, CA 94607
LUMEDXwebmaster@LUMEDX.com

Reminder: Any communications you send to this Site by electronic mail (email) or other electronic means are on a non-confidential basis.

506-10077, Rev A Updated April 2016