Protecting your privacy and personally identifiable information (‘PII’) is Candle LLC’s
priority. This Privacy and Security Statement (‘Statement’) applies to ‘candlemed.com’
and ‘Candle LLC’, AutoRequest, AutoRequest integrations with third-parties, and
governs PII collection, usage and storage. For the purposes of this Statement, unless
otherwise noted, all references to ‘Candle’ include Candle LLC, candlemed.com,
AutoRequest and candled.com/AutoRequest. By using the Candle website, you consent
to the data practices described in this statement. BY USING THE CANDLE LLC AND
AUTOREQUEST WEBSITE, YOU REPRESENT AND WARRANT THAT YOU
HAVE READ AND UNDERSTOOD, AND AGREE TO THE TERMS OF, THIS
1. Collection of Personally Identifiable Information
In order to provide you with the products and services offered on our Site, Candle may
collect PII from users and users’ clients (i.e. patients), including:
Date(s) of Incident and/or Treatment
Credentialing Data (for Site Use/Security)
Medical Record Type(s) Requested
Treatment Facility Name
Social Security Number
- Health Information
Billing/Credit Card Information
Candle does not collect any PII about you unless you voluntarily provide it. However,
you may be required to provide PII to us when you elect to use certain products and/or
services available on the Site. This may include:
(a) registering for an account on our Site;
(b) entering a sweepstakes or contest sponsored by Candle or one of our partners;
(c) signing up for special offers from selected third parties;
(d) sending us an email message;
(e) submitting your credit card or other payment information when ordering and
purchasing products and/or services on our Site.
As such, we will use PII for, but not limited to, communicating with you in relation to
services and/or products you have requested from us, and marketing similar products
and/or services we believe may be of interest to you.
Use of Personally Identifiable Information
Candle collects and uses PII to operate its website(s), provide, and make improvements to
the products and/or services requested.
2. Using AutoRequest to Populate Pre-Signed HIPAA Forms
Certain feature of AutoRequest have the capability of populating fields of authorizations.
Before using the populating feature, you must have obtained permission from the
client/patient to do so. If the client/patient does not/has not agreed to you using a signed
authorization to send record requests to multiple facilities on their behalf during
representation, then using these features is strictly forbidden. IF YOU DO NOT HAVE
YOUR CLIENTS PERMISSION TO USE COPIES OF THEIR SIGNED
ATHORIZATIONS TO OBTAIN RECORDS FROM FACILITIES THEN YOU
CANNOT USE THAT FEATURE OF AUTOREQUEST.
3. Third-Party Transfers
Candle does not sell, rent or lease its users’ or users’ clients’ PII to third parties.
Candle may share PII with trusted partners for the purposes to arrange for deliveries of
the requests, such as our HIPAA compliant Electronic Fax Provider, E-Fax. E-Fax has
executed a BAA with Candle LLC to assure HIPAA and HI TECH compliance. All such
third parties are prohibited from using PII except to provide these services to Candle, and
are required to maintain the confidentiality and HIPAA compliant security of user and
Candle may disclose PII to those who perform support functions on its behalf, including
those who perform technical, administrative and data processing tasks. The third parties
the information provided to them by us and are prohibited by contract from using the
information for other purposes (although, as discussed below, some of those third parties
have separate privacy policies that govern their collection, use and storage of information
that You provide to them directly). We may disclose Personal Information with third
parties under other unanticipated situations, but only with Your consent.
Candle may disclose PII, without notice, if required to do so by law or in the good faith
belief that such action is necessary to:
(a) conform to the edicts of the law or comply with legal process served on Candle or
(b) protect and defend the rights or property of Candle; and/or
(c) act under exigent circumstances to protect the personal safety of users of Candle,
or the public.
4. Automatically-Collected Personally Identifiable Information
Cookies are small pieces of data that are stored by the user's Web browser on the user's
hard drive. Candle only collects cookies which Strictly Necessary cookies which are
essential to the operation of the AutoRequest. At no time with medical or health
information be stores in a cookie. These cookies are essential in helping you to move
around our Site and use the features, such as accessing secure areas of the Site.
We may use Strictly Necessary cookies to:
Identify you as being logged into the Site
Provide access to protected areas of a Site
- Remember previously entered text so it is not lost if the page refreshes
5. Obtaining and Sharing Information
At the User’s request, AutoRequest may follow-up on requests made by the user by using
patient/client information provided by the user and may obtain client/patient information
for the user in accordance with the user’s requests. AutoRequest obtains and discloses
such information pursuant to appropriate written authorizations to gather information for,
and disclose it to, its users for the purposes of their representation of the client/patient and
for their other legitimate purposes authorized by law. AutoRequest handles such
information in accordance with its user's directions, the written authorizations,
AutoRequest's contracts with users, and applicable law. AutoRequest does not share
information it obtained from a user with its other users, unless the subject's authorization
Kinds of Information
AutoRequest is authorized by users to act as their representatives in obtaining
information on client/patients regarding the following:
- Health history
- Medical information
- Family history
- Lifestyle character
- Habits, use of alcohol and other drugs
- Driving records
- Marital status
- Death records
- Civil and criminal court records
- Past and present employment and job duties
- Other insurance coverage
- Participation in hazardous hobbies or activities
Sources of such information may include various medical facilities or other information
exchange organizations or individuals provided for personal and business references.
Candle secures your PII from unauthorized access, use, and disclosure. Candle uses the
following methods for this purpose:
- SSL Protocol
- HIPAA Compliant encryption on our database
- HIPAA compliant email
- HIPAA compliant Electronic Faxing
When personal information (such as a credit card number) is transmitted to other
websites, it is protected through the use of encryption, such as the Secure Sockets Layer
We strive to take appropriate security measures to protect against unauthorized access to
or alteration of your personal information. Unfortunately, no data transmission over the
Internet or any wireless network can be guaranteed to be 100% secure. As a result, while
we strive to protect your personal information, you acknowledge that: (a) there are
security and privacy limitations inherent to the Internet which are beyond our control;
and (b) security, integrity, and privacy of any and all information and data exchanged
between you and us through this Site cannot be guaranteed.
7. Children Under Age Thirteen
Candle does not knowingly collect PII from children under the age of thirteen. If you are
under the age of thirteen, you must ask a parent or guardian for permission to use this
website. At this time Candle does not knowingly collect information from clients/patients
who are under the age of 13. If your client/patient is under the age of 13 do not use
AutoRequest to request their records.
8. E-mail Communications
Candle may contact you via email for the purpose of providing announcements,
promotional offers, alerts, confirmations, surveys, and/or other general communications.
If you would like to stop receiving marketing or promotional communications via email
from Candle, you may opt out of such communications by replying STOP.
9. External Storage Sites
Candle may store PII on servers provided by third-party hosting vendors with whom we
have contracted. Our servers and third-party hosting vendors include HIPAA compliant
levels of encryption.
10. Data Accuracy, Access, and Retention
Candle wants your Personal Information to be complete and accurate. By using the the
Services, you represent and warrant that all information you provide on any registration
form or otherwise in connection with your use of the Website and Services will be
complete and accurate, and that you will update that information as necessary to maintain
its completeness and accuracy.
Typically, Candle retains Personal Information for the period necessary to fulfill the
permitted by law. This may include retaining your Personal Information for up to two
years, at which time the data will be permanently deleted. Please note that you can
request, at any time, that we delete the PII you provided to Candle.
11. Changes to this Statement
Candle reserves the right to change this Privacy Statement at any time. We will notify
you about significant changes in the way we handle PII by sending a notice to the
primary email address specified in your account, by placing a prominent notice on our
Site, and/or by updating information on this Statement. Your continued use of the Site
and/or services available through this Site after such modifications will constitute your:
(a) acknowledgment of the modified Privacy Statement; and (b) agreement to abide and
be bound by that Statement.
12. Contact Information
Candle welcomes your questions or comments regarding this Privacy Statement. If you
believe that Candle has not adhered to this Statement, please contact Candle by:
2840 NW 23rd Blvd.
Gainesville, Florida 32605
Effective: May 06, 2019