FormsClient Login
Request a Demo
Search site
Request a Demo

Privacy Policy

PRIVACY AND SECURITY NOTICE – INDIVIDUAL ACCESS SERVICES

This Internet Privacy Policy (“Privacy Policy”) and corresponding Privacy and Security Notice – Individual Access Services (“Notice”, together with Privacy Policy as “Privacy Policy”) describe eHealth Global Technologies, Inc. d/b/a eHealth Technologies (“eHealth Technologies”) online data collection practices and how we use and protect your personal information collected online. This Privacy Policy applies only to the information collected on the general website (www.ehealthtechnologies.com) and the mobile website (m.ehealthtechnologies.com) (collectively “Website”), and does not apply to information that eHealth Technologies obtains about you from other sources. We are committed to protecting your privacy online. Please read the information below to learn the following regarding your use of this site.

YOUR CONSENT:

By using the Website, you consent to the collection and use of your information in the manner we describe in this Privacy Policy. You acknowledge receipt of this Privacy Policy by accessing or using our site and agree to be bound by all of its terms and conditions. IF YOU DO NOT AGREE TO THESE TERMS, PLEASE DO NOT ACCESS OR USE THIS SITE.

CHANGES TO OUR POLICY:

We reserve the right to change this Privacy Policy at any time. Such changes, modifications, additions, or deletions shall be effective immediately upon notice thereof, which may be given by posting the revised Privacy Policy on this page, or if applicable by providing an Individual with an updated version of the revised Privacy Policy with any material changes in accordance with the Individual’s communicated preferences. You acknowledge and agree that it is your responsibility to review this site and this Privacy Policy periodically and to be aware of any modifications you may receive online, or through your communicated preferences. Each version of our Privacy Policy will be prominently marked with an effective date. Your continued use of the site after such modifications will constitute your: (a) acknowledgment of the modified Privacy Policy; and (b) agreement to abide and be bound by the modified Privacy Policy.

TYPES OF INFORMATION COLLECTED:

We currently do not collect information about users of or visitors to eHealthTechnologies.com. However, if you communicate with us through eHealthTechnologies.com, we will collect any information you provide us.

No data transmission over the internet or any wireless network can be guaranteed to be perfectly secured. As a result, while we strive to protect your information using commercially available and industry standard encryption technology, we cannot ensure or guarantee the security of any information you transmit to us, and you do so at your own risk.  Accordingly, we respectfully request that you NOT provide any Protected Health Information (“PHI”), or electronic Protected Health Information (“ePHI”) to us using the eHealthTechnologies.com website, as any PHI/ePHI disclosed to us using this website is not secured nor safeguarded; we certainly want to ensure the appropriate administrative, physical, and technical safeguards are in place for you to protect your own information.

Federal, State, and Other Privacy Laws:

  1. HIPAA/HITECH: eHealth Technologies protects and secures all PHI/ePHI through administrative, physical, and technical safeguards consistent with the requirements of Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) [45 C.F.R. Parts 160, 162, 164], and its implementing rules and regulations, as well as the mandates of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) [42 U.S.C. 13001, et. seq.].
    1. eHealth Technologies has a responsibility to protect individually identifiable health information under the regulations implementing HIPAA/HITECH as well as other federal and state laws protecting the confidentiality of personally identifiable information, and under general professional ethics. As such, eHealth Technologies has adopted administrative, physical, and technical safeguards to comply with HIPAA/HITECH.
  2. GDPR: eHealth Technologies also take appropriate safeguards to protect Personal Data (“PD”) and other information that may be subject to the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) requiring the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
    1. It is the policy of eHealth Technologies to remain compliant with the Privacy Notice Requirements of GDPR as it pertains to individuals within the European Union as designated by the European Commission or Swiss Federal Data Protection Authority and particularly on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. All personnel of eHealth Technologies who are responsible for processing, importing, or exporting personal data, including PHI of individuals who are patients that are being or have been treated by International Medical Record Providers, comply with the GDPR. The Chief Privacy Officer of eHealth Technologies is the Controller for GDPR compliance and ensures that Personal Data is processed on behalf of a patient in accordance with GDPR and eHealth Technologies standard policies on privacy and security and protecting health information.
  3. SHIELD: eHealth Technologies has also developed, implemented, and maintains a data security program consistent with the New York State Stop Hacks and Improve Electronic Data Security (“SHIELD”) Act [N.Y. General Business Law §899-aa and §899-bb, and N.Y. Technology Law §208] that includes Administrative, Physical, and Technical Safeguards that provide reasonable safeguards to protect the security, confidentiality and integrity of private information.
    1. eHealth Technologies is obligated to disclose any breach of the security of its data systems to New York residents whose “private information” was, or is reasonably likely to have been, accessed or acquired without authorization by a third party consistent with NY General Business Law §899-aa. The disclosure must be made without unreasonable delay, and, in certain instances, disclosure may also need to be made to law enforcement and the New York Attorney General within five (5) business days of notifying the United States Secretary of the Department of Health and Human Services of a breach of information.
    2. eHealth Technologies Chief Privacy Officer is designated as the appropriate individual to confirm that the corporation has a Data Security Program that is continuously updated by the Information Security Officer (or Acting Information Security Officer) and distributed for training to the Security and Compliance personnel of the corporation. In addition, eHealth Technologies Chief Privacy Officer is designated as the appropriate individual to provide any required breach notification to a customer, patient, consumer, Secretary of the United States Health and Human Services, or the New York State Attorney General.
  4. CCPA: eHealth Technologies is considered a business associate of healthcare covered entities such as hospitals and medical facilities. Accordingly, protected health information that is collected by a covered entity or business associate is governed by the privacy, security, and breach notification rules of HIPAA, HITECH, and the State of California Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 ) of Division 1). Notwithstanding, eHealth Technologies has also developed and implemented a California Consumer Privacy Policy that is compliant with California Consumer Privacy Act of 2018 (“CCPA”) [California Civil Code 1798.100, et. seq.].
    1. eHealth Technologies does not sell any Personal Information or otherwise collect, retain, use or disclose Personal Information for any purpose other than the services it provides as a business associate to its clients who are healthcare covered entities. Notwithstanding, eHealth Technologies may retain, use or disclose Personal Information for the following purposes pursuant to the CCPA: (i) to process or maintain Personal Information on behalf of a Covered Entity as defined by HIPAA/HITECH and in compliance with the State of California Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 ) of Division 1), and the CCPA; (ii) to retain and employ a Service Provider as a subcontractor, where the subcontractor meets the requirements for a Service Provider under the CCPA; (iii) for internal use by eHealth Technologies to build or improve the quality of its services, provided that the use does not include building or modifying household or consumer profiles to use in providing services to another Business or correcting or augmenting data acquired from another source; (iv) to detect data security incidents, or protect against fraudulent or illegal activity; or (v) for the purposes enumerated in Cal. Civ. Code section 1798.145(a):
      1. Comply with federal, state, or local laws.
      2. Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.
      3. Cooperate with law enforcement agencies concerning conduct or activity that the business, service provider, or third party reasonably and in good faith believes may violate federal, state, or local law.
      4. Exercise or defend legal claims.
      5. Collect, use, retain, sell, or disclose consumer information that is deidentified or in the aggregate consumer information.
      6. Collect or sell a consumer’s personal information if every aspect of that commercial conduct takes place wholly outside of California. For purposes of this title, commercial conduct takes place wholly outside of California if the business collected that information while the consumer was outside of California, no part of the sale of the consumer’s personal information occurred in California, and no personal information collected while the consumer was in California is sold. This paragraph shall not permit a business from storing, including on a device, personal information about a consumer when the consumer is in California and then collecting that personal information when the consumer and stored personal information is outside of California.
    2. Consistent with Cal. Civ. Code section 1798.145(c)(1), protected health information that is collected by a covered entity or business associate is governed by the privacy, security, and breach notification rules of HIPAA, HITECH, and the State of California Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56 ) of Division 1). eHealth Technologies has implemented and maintains reasonable security measures, procedures and practices appropriate to the nature of the Personal Information and as required by the CCPA and any other applicable laws in connection with the Personal Information to protect such information from unauthorized access, destruction, use, modification or disclosure. eHealth Technologies will provide all information and cooperation reasonably necessary in the event of a security incident or a breach of Personal Information and will take all measures and actions necessary to remedy or mitigate the effects of a security incident or breach of personal Information.

Regardless of the federal, state, or other privacy law that may also protect your privacy, eHealth Technologies does not disclose your information to others. Occasionally, we may be required by law enforcement, government agencies, or judicial authorities to provide identifiable information to the appropriate governmental authorities. We will disclose information upon receipt of a court order, subpoena, or to cooperate with a law enforcement or government agency investigation. We fully cooperate with law enforcement agencies in identifying those who use our services for illegal activities. We reserve the right to report to law enforcement agencies on any activities that we in good faith believe to be unlawful.

USER CHOICES ON COLLECTION AND USE OF INFORMATION; RIGHT TO OBJECT OR OPT OUT:

We may, from time to time, send emails regarding our services. In addition, if you indicated through contacts with us that you are interested in receiving offers or information from us and our partners, we may occasionally send you direct mail or emails about services we feel may be of interest to you. eHealth Technologies will send you these direct mailings and only if you indicate that you do not object to these offers and/or desire to opt out of receiving such communication. On occasion a contracted vendor may be used to send direct mailings. If you do not want to receive such mail, simply tell us when you give us your information.

CHILDREN UNDER THE AGE OF 13:

We believe in the importance of protecting the privacy of children online. The Children’s Online Privacy Protection Act (“COPPA”) governs information gathered online from or about children under the age of 13.  No part of the Website, or any services made available through the Website, are designed or intended to attract or solicit children under the age of 13.  No personal information is knowingly collected from any person under the age of 13.  If you believe that we have received information from a child under age 13, please contact us immediately toll free at (877) 344-8999 and direct such communication to Michael A. Sciortino, Esq., Chief General Counsel.

NO MEDICAL CARE NOR ADVICE

eHealth Technologies does not provide medical care and cannot guarantee clinical outcomes. The information contained on the Website, newsletters, emails or other information or content provided by eHealth Technologies, is neither intended nor implied to constitute medical advice, diagnosis or treatment. We do not endorse, sponsor or recommend any of the third parties referenced on the Website, newsletters, emails or other information or content provided by us, nor any products, services, treatments, information or content provided by such third parties.

PRIVACY POLICIES OF THIRD-PARTY SITES:

Except as otherwise discussed in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. Other sites accessible through our site have their own privacy policies, data collection, use and disclosure practices. Please consult each site’s privacy policy. We are not responsible for the policies or practices of any third-party website you access from this Website including facebook.com, LinkedIn.com, YouTube.com and others that we may utilize on our site.

MISCELLANEOUS PROVISIONS AND DISCLAIMERS:

Errors and/or omissions on the website are unintentional and excepted. eHealth Technologies assumes no responsibility, and shall not be liable for any damage or injury to you, your computer or other personal property including, but not limited to, damages caused by viruses that infect your computer equipment or other property on account of your access to our Website or from your downloading of any materials, data, text, images, video or audio, or other items from the Website. All responsibility and liability for any damages caused by viruses contained within the electronic files of this site are disclaimed. The user is advised to make his/her own arrangements for protection of his/her computer resources from such viruses.

Some links on this Website may lead to websites which are not under our control. You should understand that providing a link does not mean that we have looked at all those sites, that we have checked them out, or that we endorse them. External sites are not endorsed by us, and we make no representation or warranty as to the contents contained in any such external website. When you visit any of those websites you will leave our website, and we will accept no responsibility or liability in respect of the material or any website which is not under our control. We disclaim any responsibility if some website you link to has material on it that offends you in any way.

Any advertisements seen on the site are not an indication of the responsibility of eHealth Technologies for any content on such advertisement and we provide hyperlinks of such advertisements to their respective sites without any knowledge or responsibility for such provision. Such advertisements are displayed purely as a business contract between the advertiser and us to lend space on our website’s pages for a specified period of time.

This website is provided as a service to our visitors. We reserve the right to delete, modify or supplement the content of this website at any time for any reason without notification to anyone. Any and all portions of this disclaimer shall automatically apply to all modifications, additions, improvements and/or Amendments as they appear on the website.

PRIVACY AND SECURITY NOTICE – INDIVIDUAL ACCESS SERVICES

eHealth Technologies supports an individual’s (“Individual”) right to access PHI, ePHI, personally identifiable information, and individually identifiable information (collectively, “Individually Identifiable Information”) via an Individual Access Service (“IAS”) Provider’s application, website, or another interface. To support such access, eHealth Technologies as an IAS Provider partners with a Qualified Health Information Network™ (“QHIN™”) Technical Framework (“QTF”), enabling The Trusted Exchange Framework and Common Agreement™ (“TEFCA™”) under a Common Agreement for a Recognized Coordinating Entity® (“RCE™”). Through a Common Agreement, eHealth Technologies contributes to promoting trust and transparency in how Individually Identifiable Information is protected and safeguarded and is publishing this Notice as the “Privacy and Security Notice for Individual Access Services.” eHealth Technologies desires to have its privacy and security practices with respect to Individually Identifiable Information and an Individual’s rights with respect to their Individually Identifiable Information maintained by eHealth Technologies in connection with the Individual Access Services. Please note that eHealth Technologies complies with the latest version of the Federal Plain Language Guidelines and uses an online format that makes this Notice readable, including on smaller screens such as a mobile device. eHealth Technologies will translate this Notice into any non-English language that is the primary language of at least five (5) percent of the individual users within any designated service area that eHealth Technologies services.

Individually Identifiable Information may be accessed, exchanged, used, and/or disclosed by eHealth Technologies or by other persons or entities to whom/which eHealth Technologies discloses or provides access to the information through written, verbal, electronic, digital, and online means using the internet. Individually Identifiable Information is not sold by eHealth Technologies. Please also note the following additional information:

  1. Individually Identifiable Information cannot be accessed, exchanged, used, and/or disclosed by eHealth Technologies to assert any type of claim against the Individual by eHealth Technologies except for the collection of fees.
  2. Individually Identifiable Information may be further accessed by, exchanged with, used by, and/or disclosed to third parties.
  3. The types of persons/entities to which the Individually Identifiable Information may be further disclosed and used, if any, include Covered Entities and their Business Associates and Subcontractor Business Associates consistent with HIPAA, and may include disclosure that may be outside of eHealth Technologies’ control.
  4. eHealth Technologies will retain the Individually Identifiable Information for at least six (6) years as required by HIPAA and its retention period.
  5. eHealth Technologies will be using the Individually Identifiable Information to provide medical record aggregation and image delivery services to its customers who are engaged for either continuity of care of the patient, other treatment purposes, healthcare operations, billing, or payment, as provided for and as dictated by eHealth Technologies’ customers.
  6. As requested by the Individual’s treating healthcare provider or for internal business purposes, eHealth Technologies may de-identify Individually Identifiable Information by removing all identifiers consistent with HIPAA.
  7. That all disclosures through TEFCA are in accordance with the permitted and required uses and disclosures specified in the Common Agreement and applicable U.S. Department of Health and Human Services guidance.
  8. Individually Identifiable Information relating to reproductive health care services, which as defined in Executive Order 14076 means “medical surgical, counseling, or referral services relating to the human reproductive system, including services relating to pregnancy or the termination of a pregnancy,” and may be used and/or disclosed in accordance with a civil or criminal subpoena, court order, search warrant, or other demand for compulsory disclosure including across state lines in accordance with applicable law, even if a service is paid for entirely out-of-pocket by an Individual.
  9. Individually Identifiable Information relating to gender affirming care may be used and/or disclosed in accordance with a civil or criminal subpoena, court order, search warrant, or other demand for compulsory disclosure including across state lines in accordance with applicable law, even if a service is paid for entirely out-of-pocket by an individual.
  10. eHealth Technologies is subject to HIPAA, as a matter of law as it is a Business Associate of a Covered Entity as further defined in HIPAA.
  11. Written or electronic notice will be provided to the affected Individual(s) (unless prohibited by applicable law) within three (3) business days of eHealth Technologies receiving a civil or criminal subpoena, court order, search warrant, or other demand for compulsory disclosure in accordance with applicable law with respect to the Individually Identifiable Information unless such notice is prohibited (e.g., under the Patriot Act). The affected Individual(s) receiving such notice is afforded the right to object to the production of the Individually Identifiable Information or seek a protective order or other appropriate remedy consistent with applicable law.
  12. Written or electronic notice will be provided to the affected Individual(s) (unless prohibited by applicable law) within three (3) business days of eHealth Technologies making Individually Identifiable Information available to law enforcement agencies.

eHealth Technologies is required to act in conformance with the Privacy and Security Notice and must protect the security of the information it holds in accordance with the applicable agreements it has in place with the QHIN™. Additionally, please also note the following additional information:

  1. eHealth Technologies uses commercially reasonable efforts to protect Individually Identifiable Information from unauthorized or illegal access, modification, use, or destruction.
  2. eHealth Technologies encrypts all Individually Identifiable Information held by the IAS Provider, both in transit and at rest, regardless of whether such data is TEFCA Information.
  3. eHealth Technologies will notify Individuals whose Individually Identifiable Information has been or is reasonably believed to have been affected by breach of data privacy or information security, and such notice will include, to the extent possible, the following information:
    1. A brief description of what happened, including the date of the breach and the date of its discovery, if known.
    2. A description of the type(s) of Individually Identifiable involved in the breach (e.g., full name, Social Security number, date of birth, home address, or other types of information involved).
    3. Any steps Individuals should take to protect themselves from potential harm resulting from the breach.
    4. A brief description of what eHealth Technologies is doing to investigate the incident or breach, to mitigate harm to Individuals, and to protect against any further incidents or breaches.
    5. Contact procedures for Individuals to ask questions or learn additional information related to the breach, which shall include a toll-free telephone number, e-mail address, and website with contact information and/or a contact form for eHealth Technologies.
  4. eHealth Technologies’ obligations under the Privacy and Security Notice will continue for as long as eHealth Technologies maintains the Individually Identifiable Information.
  5. eHealth Technologies requires similar privacy and security practices of third parties that provide any services on behalf of eHealth Technologies and with whom eHealth Technologies shares Individually Identifiable Information in connection with such services consistent with a Business Associate Agreement and Information Security Addendum.

eHealth Technologies will collect an Individual’s express documented and informed consent within an Authorization for Release of Health Information as may be applicable whereby Individuals are provided with sufficient context at the time consent is requested for the release of health information to understand the consequences of their choices. eHealth Technologies collects the Individual’s express documented and informed consent before using Individually Identifiable Information in a materially different manner than as provided for within this Notice. eHealth Technologies provides an option to collect/capture/obtain the Individual’s express documented and informed consent via paper or electronic signature in accordance with applicable law. eHealth Technologies maintain express documented and informed consent in a secured auditable format sufficient to validate and verify the consent. Any Individual may revoke consent to an Authorization for Release of Health Information or other consent form as required within this Notice. The revocation will not be burdensome to the Individual and may be submitted through written or electronic means through the Contact Information below. Please note that any such revocation will not affect any actions taken by the eHealth Technologies in reliance on the consent prior to the date of such revocation. Subsequent to the date of such revocation, the Individual will no longer be able to access the eHealth Technologies’ services.

At a minimum, with respect to Individually Identifiable Information, each Individual has the right to:

  1. Require that all the Individually Identifiable Information maintained by eHealth Technologies in connection with the IAS be deleted completely, to the extent technically feasible, with respect to any future uses or disclosures, unless such deletion is prohibited by applicable law; provided, however, that the foregoing shall not apply to Individually Identifiable Information contained in audit logs.
  2. Access their Individually Identifiable Information maintained by eHealth Technologies in connection with the IAS.
  3. Obtain an export of their Individually Identifiable Information in a machine-readable format, including the means to interpret such machine-readable format.
  4. Be notified in the event their Individually Identifiable Information is reasonably believed to have been affected by a breach of data privacy or information security.

An Individual has choices regarding the collection, use, deletion, and sharing of their Individually Identifiable Information, including the Individual’s right to opt out of having eHealth Technologies disclose their Individually Identifiable Information via TEFCA Exchange. An Individual who wishes to exercise the choice to opt out of same, or to obtain access to and an export of their Individually Identifiable Information and the available format(s) in which the Individually Identifiable Information can be exported, shall contact eHealth Technologies through the authorized individual within the Contact Information included below. eHealth Technologies will respect the Individual’s choices by implementing any such choices within a reasonable time period and will also inform the Individual if eHealth Technologies is reasonably aware of any applicable law that would prohibit it from honoring the Individual’s request to delete Individually Identifiable Information.

Please note that eHealth Technologies does not charge an Individual with any applicable fees or costs related to the IAS including the exercise of any Individual rights. If there are repeated requests for disclosure of the same Individually Identifiable Information, eHealth Technologies may charge a service/handling fee to provide duplicate copies. Those fees will be charged to Individuals on a transactional basis and shall be limited to the maximum amount dictated by respective state law.

PRIVACY AND SECURITY

eHealth Technologies is committed to preserving the security and privacy of all data and information. eHealth Technologies’ Compliance Officer is its internal Chief General Counsel and Chief Privacy Officer, Michael A. Sciortino, Esq. Along with an Information Security Officer, eHealth Technologies closely monitors the security and privacy of all information to ensure proper requirements are met and maintains a process for documenting privacy-related complaints, as well as response, including the final disposition of such complaints. If you have a concern about the privacy and security of any health information, you may reach our Compliance Officer toll free at (877) 344-8999 for further information. Written communication may also be directed to our Compliance Officer: Michael A. Sciortino, Esq., Chief Privacy Officer, eHealth Global Technologies, Inc. d/b/a eHealth Technologies, 500 WillowBrook Office Park, Suite 500, Fairport, New York 14450. In the alternative, our Information Security Officer may be reached toll free at (877) 344-8999, or by written communication directed to Information Security Officer, eHealth Global Technologies, Inc. d/b/a eHealth Technologies, 500 WillowBrook Office Park, Suite 500, Fairport, New York 14450.

CONTACT INFORMATION:

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, any complaints, or would like to revoke any prior consent previously provided, please contact eHealth Technologies by sending correspondence to:

Michael A. Sciortino, Esq.
Chief General Counsel/Chief Privacy Officer
eHealth Global Technologies Inc. d/b/a eHealth Technologies
500 WillowBrook Office Park, Suite 500
Fairport, New York 14450
West Henrietta, New York 14586
Telephone: (877) 344-8999

Effective Date of Notice: August 13, 2025

Helping patients get on the road to recovery, faster

Our technology ensures that a care team has a patient’s comprehensive medical history to create an effective care plan in time for meaningful and productive patient appointments.
Request a Demo
eHealth Technologies
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

View the full eHealth Technologies privacy policy.