About This Policy
This policy describes the personal information MTBC-PHR collects about you, why
MTBC-PHR collects it and how MTBC-PHR uses it. MTBC’s policy also describes the
choices you can make about how MTBC-PHR collects and uses your information.
About Medical Transcription Billing
MTBC is a healthcare services company that specializes in medical billing, transcription,
and electronic medical record (“EMR”) solutions for physicians of all specialties.
Physicians and medical practices that use our service have online access to a wide-array
of reports and features, including practice management reporting, online scheduling,
as well as secure access to patient’s protected healthcare information “PHI”. MTBC
have also made available the patient information on the individual websites created
for these physicians and specialties.
What Information Does MTBC Collect?
In some areas of this website, we ask for personal information. For instance, user
name (email address) & password must be disclosed in order to login into MTBC-PHR.
A patient can request or create user name by physician. In such situations, a user
may be required to provide certain information, including his/her name, address,
email address, phone number. This list may be expanded without prior notice.
Patient’s can access their PHI through MTBC-PHR. PHI is information that identifies
patients and relates patients’ past, present, or future physical or mental health
or condition, the provision of healthcare to patients, or past, present, or future
payment for the provision of healthcare to patients managed for patient’s physician/medical
providers. This information is only posted in the Verisign
secured Member’s Area, which is 128-bit encrypted and requires a username and password.
What does MTBC do with the information
This information is collected to help MTBC further develop its services, to provide
access to valuable MTBC Internet-based information and services, and to bill as
MTBC employs all reasonable and customary measures to protect PHI sent to MTBC through
the Internet. Once MTBC receives PHI, it is posted in a secure password-protected
MTBC-PHR users are responsible for keeping passwords confidential and will be solely
responsible for all uses of their password. If a user becomes aware of any unauthorized
use of his or her password, he or she is responsible for contacting MTBC to request
deactivation of the password. Most web browsers (Internet Explorer, Netscape, Mozilla,
etc.) offer the opportunity to select a “remember password” function on the website.
If a user selects this option, the password will thereafter be automatically identified
when the user accesses the website. As a result, anyone with access to the specific
computer may have access to patients’ PHI. Users alone are responsible for controlling
access to their computers and for preventing unauthorized access to PHI.
How we may use and disclose medical
information about you.
The following describes different ways that we are permitted to use and disclose
medical information. For each category of uses or disclosures we will explain what
we mean and try to give some examples. Not every use or disclosure in a category
will be listed. However, all of the ways we are permitted to use and disclose information
will fall within one of the categories.
We may disclose medical information about you to your healthcare physicians who
are involved in caring for you at the clinic. Different departments of the clinic
also may share medical information about you in order to coordinate the different
services/treatments you need, such as prescriptions, laboratory work, and x-rays.
We may also disclose medical information about you to people who may be involved
in your healthcare & any other authorized individuals.
We may use and disclose your medical information so that the treatment and services
you receive may be billed and payment may be collected from you, an insurance company,
or a third party. We may tell your health plan about a treatment you are going to
receive in order to obtain prior approval or to determine whether your plan will
cover the treatment. We may also give information to someone who helps pay for your
For Health Care Operations
We may use and disclose your medical information for Health Care Operations. Healthcare
operations are activities that are necessary to make sure that all of our patients
receive quality care. We may also disclose information to doctors for review and
learning purposes. When we do this, information that identifies you may be removed
from this set of medical information so others may use it to study health care and
health care delivery without learning who the specific patients are. If ownership
of the MTBC-PHR changes as a result of sale, transfer, merger or consolidation,
your medical information would be disclosed to the new entity, if that entity was
to follow the same privacy policies.
We may use and disclose medical information to contact you as a reminder that you
have an appointment for treatment or medical care.
We may use and disclose medical information to tell you about or recommend possible
treatment options or health related benefits that may be of interest to you.
As Required By Law:
We will disclose your medical information when required to do so by federal, state
or local law.
To Avert a Serious Threat to Health
We may use and disclose your medical information when necessary to prevent a serious
threat to your health and safety or the health and safety of the public or another
person. Any disclosure, however, would be only to someone able to help prevent the
We may disclose medical information about you to an entity assisting in a disaster
relief effort so that your family can be notified about your condition, status and
Military and Veterans:
If you are a member of the armed forces, we may release your medical information
as required by law. We may also release medical information about foreign military
personnel to the appropriate foreign military authority as required by law.
We may release your medical information for workers' compensation or similar programs.
These programs provide benefits for work-related injuries or illness.
Public Health Risks:
We may disclose, when requested, your medical information for public health activities.
These activities generally include the following:
Health Oversight Activities:
- to prevent or control disease, injury or disability;
- to report births and deaths;
- to report abuse and/or neglect of a child, elder or disabled person;
- to report reactions to medications or problems with products;
- to notify people of recalls of products they may be using;
- to notify a person who may have been exposed to a disease or may be at risk for
contracting or spreading a disease or condition;
We may, when requested, disclose your medical information to a health oversight
agency for activities authorized by law. These oversight activities include, audits,
certifications, investigations, inspections, and licensure. These activities are
necessary for the government to monitor the health care system, government programs,
and compliance with civil rights laws.
Lawsuits and Disputes:
If you are involved in a lawsuit or a dispute, we may disclose your medical information
in response to a court order. Under certain circumstances, we may also disclose
your medical information in response to a subpoena or other lawful process, but
we will do so only if efforts have been made to tell you about the request or to
obtain an order protecting the information requested or if you or a court have provided
We may release your medical information if asked to do so by a law enforcement official,
if permitted by law:
National Security and Intelligence
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable
to obtain the person's agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct; and
- In emergency circumstances: to report a crime; the location of the crime or victims;
or the identity, description or location of the person who committed the crime.
If permitted by law, we may release your medical information to authorized federal
officials for intelligence, counterintelligence, and other national security activities,
authorized by law.
If you are an inmate of a correctional institution or under the custody of a law
enforcement official, we may release medical information about you to the correctional
institution or law enforcement official, under certain circumstances if permitted
by law. This release would be necessary (1) for the institution to provide you with
health care; (2) to protect your health and safety or the health and safety of others;
or (3) for the safety and security of the correctional institution.
Your rights regarding medical information
You have the following rights regarding medical information we maintain about you:
Right to Inspect and Obtain a Copy. You have the right to inspect and obtain a copy
of your medical information that may be used to make decisions about your care.
This request usually includes medical and billing records but does not include psychotherapy
notes. To inspect and obtain a copy of your medical information that may be used
to make decisions about you, you must submit your request in writing for our address.
For copies of your physician's office records, please contact your physician's office
directly. If you request a copy of the information, we may charge a fee for the
costs of copying, mailing or other supplies associated with your request. We may
deny your request to inspect and obtain a copy in certain very limited circumstances.
Right to Amend:
If you think that the medical information we have about you is incorrect or incomplete,
you may ask us to amend the information. You have the right to request an amendment
as long as the information is kept by or for the Clinic. Your request for an amendment
will become a legal part of your medical record, to be sent out along with the rest
of the record whenever a request for copies is received. No part of the original
documentation in the medical record can be destroyed.
To request an amendment of your medical record, your request must be made in writing
and submitted to our address. To request an amendment of your physician office record,
contact your physician's office directly. In addition, you must provide a reason
that supports your request.
We may deny your request for an amendment if it is not in writing or does not include
a reason to support the request. We may also deny your request if you ask us to
amend information that:
Right to Request an Accounting of Disclosures:
- Was not created by us, or the person or entity that created the information is no
longer available to make the amendment;
- Is not part of the medical information kept;
- Is not part of the information which you would be permitted to inspect and copy;
- Is accurate and complete.
You have the right to request an “accounting of disclosures.” This is a list of
the disclosures we made of your medical information for which an authorization was
not obtained, or which were not made for purposes of treatment, payment, or healthcare
To request this list or accounting of disclosures, you must submit your request
in writing to our practice, Health Information Management, address.
Your request must state a time period, which may not be longer than six years and
may not include dates before April 14, 2003. Your request should indicate in what
form you want the list (for example, on paper, electronically). The first list you
request within a 12-month period will be free. For additional lists, we may charge
you for the costs of providing the list. We will notify you of the cost involved
and you may choose to withdraw or modify your request at that time before any costs
Right to Request Restrictions:
You have the right to request a restriction or limitation on the medical information
we use or disclose about you for treatment, payment or health care operations. You
also have the right to request a limit on the medical information we disclose about
you to someone who is involved in your care or the payment for your care, such as
a family member or friend.
We are not required to agree to your request for restrictions. If we do agree, we
will comply with your request unless the information is needed to provide emergency
treatment to you.
To request restrictions on your medical records, you must make your request in writing
to our practice, Health Information Management, Restriction Request, address. To
request restrictions on your physician office records, contact your physician's
office directly. In your request, you must tell us (1) what information you want
to limit; (2) whether you want to limit our use, disclosure or both; and (3) to
whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications:
You have the right to request that we communicate with you about medical matters
in a certain way or at a certain location. For example, you can ask that we contact
you only at work or by mail.
To request confidential communications, you must make your request in writing the
practice Privacy Officer. We will not ask you the reason for your request. At our
discretion, we will accommodate all reasonable requests. Your request must specify
how or where you wish to be contacted.
Right to a Paper Copy of This Notice:
You have the right to a paper copy of this notice. You may ask us at any time to
give you a copy of this notice. Even if you have agreed to receive this notice electronically,
you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our website to obtain a paper copy of this
notice, please contact the Reception Desk or: our Office of Business Conduct.
Third Party Information Gathering
Our website may contain links to, and contain content and advertisements hosted
on, third party websites. If you click on such links, content or advertisement,
you may be directed to these third party websites. When accessed, such third-party
websites may place their own cookies on your computer, collect data, solicit personal
information or perform user activity tracking other than that described herein.
For more information about each third party content provider, cookies, and how to
we are not responsible for the privacy practices of such other websites. We encourage
our users to be aware when they leave our site and to read the privacy statements
solely to information collected by this Website.
Sharing your information with people and services you trust
Passive Information Collection/Use
- If you share your information with others, you can view a list of who has access
to your information and you can revoke sharing privileges at any time. When you
revoke someone’s ability to read your health information, that party will no longer
be able to read your information, but may have already seen or may retain a copy
of the information.
- MTBC-PHR contains links to third-party service providers that are capable of securely
integrating information to MTBC-PHR. These service providers (which may include
your medical providers) may provide information about certain medical conditions
or extend the functionality of MTBC-PHR in other ways. By creating a link to these
service providers, you give them permission to integrate you information such as
medical records, prescription histories, or test reports to your MTBC-PHR account.
- You can approve access for some of these service providers to view and copy your
health information. If a service provider accesses your health information and stores
a copy of your information, that copy will be governed by that service provider's
policies of third-party service providers.
- Some of these third-party service providers will be covered by federal and state
health privacy laws (such as the Health Insurance Portability and Accountability
Act, or “HIPAA”), and those laws will govern how they may use and share your information.
HIPAA requires (as does MTBC-PHR) that you must authorize these providers to send
information to your MTBC-PHR account. With that authorization, you also give them
permission to integrate certain especially sensitive types of health information
(such as mental health or substance abuse records) that are protected by federal
and state laws and require special authorization. When you ask MTBC-PHR to send
your health information to others, you will also be giving MTBC permission to send
those sensitive types of health information.
- All entities or business associates covered by HIPAA are contractually required
to comply with HIPAA's rules related to collection, use, and sharing of your information.
All other third-party service providers are contractually required to abide by the
privacy & security policies, which require that they comply with strict privacy
standards for how they collect, use, or share your information.
A cookie is a small text file that is stored on a user’s computer for record-keeping
purposes. Cookies are used on this site. We do not link the information we store
in cookies to any personally identifiable information you submit while on our site.
We use session ID cookies to make it easier for you to navigate our site. A session
ID cookie expires when you close your browser. A persistent cookie remains on your
hard drive for an extended period of time. You can remove cookies by following directions
in your Internet browser’s “help” file. To learn more about cookies, please visit
As users navigate through a website, certain information can be passively collected
(that is, gathered without the user actively providing the information), using various
technologies and means, such as Internet Protocol addresses, cookies, Internet tags,
and navigational data collection. MTBC uses Internet Protocol (IP) addresses on
this site. An IP address is a number assigned to a computer by the Internet service
provider so that it may access the internet. It is generally considered to be non-personally
identifiable information because, in most cases, an IP address is dynamic (changing
each time you connect to the Internet), rather than static (unique to a particular
user's computer). MTBC uses an IP address to diagnose problems with its server,
report aggregate information and determine the fastest route for your computer to
use in connecting to our site in order to administer and improve the website functionality.
MTBC logs IP addresses, or the location of your computer on the Internet, for systems
administration and troubleshooting purposes. Log data is used in the aggregate to
analyze usage of the website and may be used to contact you for purposes of promoting
MTBC products or services. Your data will not be sold to, shared with, or otherwise
made available to any third parties. If you reject cookies, you may still use our
site, but your ability to use some areas of our site, will be limited.
MTBC servers are housed in a well-monitored and secure data center. Moreover, data
protection mechanisms, security layers and data encryption measures have been implemented
to prevent unauthorized access.
All PHI, as well as demographic information, is password protected and encrypted
within the relevant databases. It is important for users to protect their password
and computer from unauthorized access. When users submit personal information to
the secure areas of MTBC’s website, MTBC encrypts it using Secure Sockets Layer
(“SSL”), a software encryption technology. Encryption protects information against
unauthorized access and modification once it is stored in the database.
statement and other places we deem appropriate so that you are aware of what information
we collect, how we use it, and under what circumstances, if any, we disclose it.
We reserve the right to modify this privacy statement at any time, so please review
it frequently. If we make material changes to this policy, we will notify you here.
Furthermore, you are welcome to email us with questions or concerns at