Privacy & Security Statement

Protecting your privacy and personally identifiable information (‘PII’) is Candle LLC’s priority. This Privacy and Security Statement (‘Statement’) applies to ‘candlemed.com’ and ‘Candle LLC’, AutoRequest, AutoRequest integrations with third-parties, and governs PII collection, usage and storage. For the purposes of this Statement, unless otherwise noted, all references to ‘Candle’ include Candle LLC, candlemed.com, AutoRequest and candled.com/AutoRequest. By using the Candle website, you consent to the data practices described in this statement. BY USING THE CANDLE LLC AND AUTOREQUEST WEBSITE, YOU REPRESENT AND WARRANT THAT YOU HAVE READ AND UNDERSTOOD, AND AGREE TO THE TERMS OF, THIS PRIVACY POLICY. IF YOU DO NOT UNDERSTAND OR DO NOT AGREE TO BE BOUND BY THIS PRIVACY POLICY, YOU MUST IMMEDIATELY LEAVE THE WEBSITE.

1. Collection of Personally Identifiable Information

In order to provide you with the products and services offered on our Site, Candle may collect PII from users and users’ clients (i.e. patients), including:


Individual Client/Patient User
PII
  • First and Last Name
  • First and Last Name
  • Mailing Address
  • Telephone Number
  • Date of Birth
  • Email Address
  • Date(s) of Incident and/or Treatment
  • Credentialing Data (for Site Use/Security)
  • Medical Record Type(s) Requested
  • Employer
  • Treatment Facility Name
  • Social Security Number
  • Health Information
  • Billing/Credit Card Information

Candle does not collect any PII about you unless you voluntarily provide it. However, you may be required to provide PII to us when you elect to use certain products and/or services available on the Site. This may include:

(a) registering for an account on our Site;
(b) entering a sweepstakes or contest sponsored by Candle or one of our partners;
(c) signing up for special offers from selected third parties;
(d) sending us an email message;
(e) submitting your credit card or other payment information when ordering and purchasing products and/or services on our Site.


As such, we will use PII for, but not limited to, communicating with you in relation to services and/or products you have requested from us, and marketing similar products and/or services we believe may be of interest to you.


Use of Personally Identifiable Information
Candle collects and uses PII to operate its website(s), provide, and make improvements to the products and/or services requested.

2. Using AutoRequest to Populate Pre-Signed HIPAA Forms

Certain feature of AutoRequest have the capability of populating fields of authorizations. Before using the populating feature, you must have obtained permission from the client/patient to do so. If the client/patient does not/has not agreed to you using a signed authorization to send record requests to multiple facilities on their behalf during representation, then using these features is strictly forbidden. IF YOU DO NOT HAVE YOUR CLIENTS PERMISSION TO USE COPIES OF THEIR SIGNED ATHORIZATIONS TO OBTAIN RECORDS FROM FACILITIES THEN YOU CANNOT USE THAT FEATURE OF AUTOREQUEST.

3. Third-Party Transfers

Candle does not sell, rent or lease its users’ or users’ clients’ PII to third parties.

Candle may share PII with trusted partners for the purposes to arrange for deliveries of the requests, such as our HIPAA compliant Electronic Fax Provider, E-Fax. E-Fax has executed a BAA with Candle LLC to assure HIPAA and HI TECH compliance. All such third parties are prohibited from using PII except to provide these services to Candle, and are required to maintain the confidentiality and HIPAA compliant security of user and client PII.

Candle may disclose PII to those who perform support functions on its behalf, including those who perform technical, administrative and data processing tasks. The third parties to whom we disclose PII all have agreed to abide by this Privacy Policy with respect to the information provided to them by us and are prohibited by contract from using the information for other purposes (although, as discussed below, some of those third parties have separate privacy policies that govern their collection, use and storage of information that You provide to them directly). We may disclose Personal Information with third parties under other unanticipated situations, but only with Your consent.

Candle may disclose PII, without notice, if required to do so by law or in the good faith belief that such action is necessary to:
(a) conform to the edicts of the law or comply with legal process served on Candle or the site;
(b) protect and defend the rights or property of Candle; and/or
(c) act under exigent circumstances to protect the personal safety of users of Candle, or the public.

4. Automatically-Collected Personally Identifiable Information

Cookies are small pieces of data that are stored by the user's Web browser on the user's hard drive. Candle only collects cookies which Strictly Necessary cookies which are essential to the operation of the AutoRequest. At no time with medical or health information be stores in a cookie. These cookies are essential in helping you to move around our Site and use the features, such as accessing secure areas of the Site. We may use Strictly Necessary cookies to:

  • Identify you as being logged into the Site
  • Provide access to protected areas of a Site
  • Remember previously entered text so it is not lost if the page refreshes


5. Obtaining and Sharing Information

At the User’s request, AutoRequest may follow-up on requests made by the user by using patient/client information provided by the user and may obtain client/patient information for the user in accordance with the user’s requests. AutoRequest obtains and discloses such information pursuant to appropriate written authorizations to gather information for, and disclose it to, its users for the purposes of their representation of the client/patient and for their other legitimate purposes authorized by law. AutoRequest handles such information in accordance with its user's directions, the written authorizations, AutoRequest's contracts with users, and applicable law. AutoRequest does not share information it obtained from a user with its other users, unless the subject's authorization permits such.

Kinds of Information
AutoRequest is authorized by users to act as their representatives in obtaining information on client/patients regarding the following:
  • Health history
  • Medical information
  • Family history
  • Lifestyle character
  • Habits, use of alcohol and other drugs
  • Driving records
  • Marital status
  • Death records
  • Civil and criminal court records
  • Past and present employment and job duties
  • Finances
  • Other insurance coverage
  • Participation in hazardous hobbies or activities

Sources of such information may include various medical facilities or other information exchange organizations or individuals provided for personal and business references.

6. Security

Candle secures your PII from unauthorized access, use, and disclosure. Candle uses the following methods for this purpose:

  • SSL Protocol
  • HIPAA Compliant encryption on our database
  • HIPAA compliant email
  • HIPAA compliant Electronic Faxing
When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Sockets Layer (SSL) protocol.

We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.

7. Children Under Age Thirteen

Candle does not knowingly collect PII from children under the age of thirteen. If you are under the age of thirteen, you must ask a parent or guardian for permission to use this website. At this time Candle does not knowingly collect information from clients/patients who are under the age of 13. If your client/patient is under the age of 13 do not use AutoRequest to request their records.

8. E-mail Communications

Candle may contact you via email for the purpose of providing announcements, promotional offers, alerts, confirmations, surveys, and/or other general communications. If you would like to stop receiving marketing or promotional communications via email from Candle, you may opt out of such communications by replying STOP.

9. External Storage Sites

Candle may store PII on servers provided by third-party hosting vendors with whom we have contracted. Our servers and third-party hosting vendors include HIPAA compliant levels of encryption.

10. Data Accuracy, Access, and Retention

Candle wants your Personal Information to be complete and accurate. By using the the Services, you represent and warrant that all information you provide on any registration form or otherwise in connection with your use of the Website and Services will be complete and accurate, and that you will update that information as necessary to maintain its completeness and accuracy.

Typically, Candle retains Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. This may include retaining your Personal Information for up to two years, at which time the data will be permanently deleted. Please note that you can request, at any time, that we delete the PII you provided to Candle.

11. Changes to this Statement

Candle reserves the right to change this Privacy Statement at any time. We will notify you about significant changes in the way we handle PII by sending a notice to the primary email address specified in your account, by placing a prominent notice on our Site, and/or by updating information on this Statement. Your continued use of the Site and/or services available through this Site after such modifications will constitute your: (a) acknowledgment of the modified Privacy Statement; and (b) agreement to abide and be bound by that Statement.

12. Contact Information

Candle welcomes your questions or comments regarding this Privacy Statement. If you believe that Candle has not adhered to this Statement, please contact Candle by:

Mail:
Candle LLC
2840 NW 23rd Blvd.
Gainesville, Florida 32605
USA

Email:
landon@candlemed.com

Telephone:
+1-850-777-9504


Effective: May 06, 2019