Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Effective Date

This Notice of Privacy Practices (“Notice”) took effect on March 15, 2022. It will remain in effect until Teladoc replaces it. Teladoc must abide by the terms of this Notice while it is in effect.

Teladoc’s Commitment to Your Privacy

Teladoc Health Medical Group, P.A., Teladoc Health, Inc., and its wholly owned subsidiaries including but not limited to Livongo Health, Inc., Best Doctors, Inc., HealthiestYou, Inc., Advance Medical Inc., myStrength, Inc., and InTouch Technologies (collectively “Teladoc”, “we”, “us” “our”) make up an organized health care arrangement. Teladoc is a clinically integrated care setting in which our members receive health care (“Services”) from more than one health care provider. In addition, we are an organized health care system that jointly participates in numerous activities including quality assessment and improvement activities. Teladoc respects and is committed to protecting the privacy of your medical information. In performing its services, Teladoc will receive, create, and disclose your protected health information (‘PHI’). Teladoc is required by law to maintain the privacy and security of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. For information about our collection, use, and disclosure of personal information other than PHI, please see our privacy policy at www.teladochealth.com/privacy-policy/ and the privacy policies posted on the websites of the affiliates listed above.

Your Information. Your Rights. Our Responsibilities.

In this Notice, we describe:
  • Information We Collect About You
  • When We Use and Share Your Information
  • When We Must Share Your Information
  • When We Need Your Authorization to Use or Share Your Information
  • Your Rights Regarding Your Information
  • How We Keep Your Information Safe
  • Changes to the Terms of This Notice

Information We Collect About You

To provide you with the Teladoc Services, we collect PHI about you from a few sources including directly from you. PHI is information about you that may be used to identify you (such as your name), and that relates to:
  • Your past, present or future physical or mental health or condition,
  • The provision of healthcare to you, or
  • Your past, present, or future payment for the provision of healthcare.
PHI Collected From You PHI Collected from Third Parties PHI Collected Automatically
Of course, as you use the Teladoc Services you will need to provide Teladoc with information about yourself and your medical history, past treatment, and potential future treatment options. As you communicate with us, your telephone calls, emails, and other communications between you and Teladoc and/or Teladoc’s service providers, may be recorded and logged. As such, we will collect and maintain all information discussed during such communications including your identity, the date and time of the communication, and the contents of the communications. In connection with the Teladoc Services, we may collect information about you from third parties such as:
  • Past or current health care providers
  • Health insurance and pharmacy benefit management companies
  • Your employer or other organization that has contracted with Teladoc to give you access to the Services may provide us with your name and demographic information, so we know you are eligible for the Services
 When you register and log in to our secure websites and mobile apps, Teladoc automatically collects information about you. Teladoc must be able to link your activity back to your identity so that changes in our systems can be made and we can track the Services you used. As such, we automatically collect the following types of information about you when you use our secure websites:
  • IP address
  • Device information
  • General geographic information
  • Dates and times you accessed and used the secure websites/mobile apps, features you used, and how long you use the secure websites/mobile apps

When We Use and Share Your Information

To provide you with the Services, we will need to use and disclose your PHI for the following reasons:
Treatment Activities Payment Activities Healthcare Operations Purposes
We will use your PHI within Teladoc to treat you and provide you with medical services. We may also disclose your PHI to other physicians or healthcare providers so that they can treat you and provide you with medical services. When you use our Services, to enhance the continuity and quality of care we provide to you, your PHI may be available to providers within Teladoc for them to provide you with treatment and medical services. For example, your past consults will be available to the provider when you seek a new consult. We can use and share your PHI to get paid and for other payment activities. For example, we will send a claim to your health insurer to get paid. We may share PHI with other entities covered by HIPAA, such as health plans, for their payment activities. Teladoc may use and disclose your PHI to run our business. For example, to improve medical services, provide customer service, conduct quality review, contact you about the Services available to you and health benefits, monitor the qualifications of providers, and other healthcare operations activities. We may share PHI with other entities covered by HIPAA, such as health plans, for their business operations only if they also have or had a relationship with you.
We may also use PHI to:
  • Participate in health information exchanges (HIEs) so that we can share, request, and receive electronic health information from other health care organizations for treatment, payment, and healthcare operations purposes as described above.
  • Engage third parties to assist Teladoc with our payment and healthcare operations. If any such third party needs access to PHI to perform its services on behalf of Teladoc, Teladoc will require that third party to enter a written agreement that protects the PHI. We provide only the minimal PHI to accomplish the intended purpose of the use and sharing of the PHI.
  • Communicate with family and friends who are involved in your care and payment for care.
  • Create deidentified and aggregate information.

When We Must Share Your Information

There are limited times when Teladoc may be permitted or required by law to use or disclose your PHI without your authorization. These include the following:
  • For public health activities such as reporting certain diseases
  • To protect victims of abuse or neglect, such as child abuse and elder neglect
  • For judicial and administrative proceedings such as responding to subpoenas
  • For workers compensation claims
  • To prevent or lessen a serious and imminent threat of harm to a person or the public
  • When required by law or for law enforcement purposes
  • For state and federal health oversight activities such as physician licensing and disciplinary action
  • To coroners, medical examiners, and funeral directors in limited circumstances
  • For organ donation and transplantation
  • For research approved by an institutional review board
  • For specialized government functions such as national security

When We Need Your Authorization to Use or Share Your Information

When We Need Your Authorization to Use or Share Your Information. For instance, your written authorization is needed prior to us using and disclosing your PHI :
  • For Marketing purposes
  • For a sale of your PHI
  • For fundraising purposes
  • To your employer
If Teladoc wants to use or disclose your PHI for the purposes listed above or for any other purpose not described in this Notice, we will seek your authorization using the HIPAA Authorization to Disclose Protected Health Information Form here. You have the right to revoke any authorization that you previously provided.

Your Rights Regarding Your PHI

You have the following rights regarding your PHI maintained by Teladoc. Additionally, your medical power of attorney or legal guardian can exercise these rights on your behalf and make choices about your health information.
Right to Access PHI
Most of your PHI that Teladoc maintains is available to you directly on the Member Portal. Simply log in to obtain your medical and consult history. To request access to information that is not available to you online, you must submit your request in writing to Teladoc on our standard Request to Access PHI Form here. Teladoc may impose a fee for the costs related to copying and mailing. Teladoc may deny your request to access your PHI in certain limited circumstances. If that occurs, we will inform you of the reason for the denial.
Right to Request Amendment of PHI
You have a right to request that Teladoc amend your PHI if you believe it is incorrect. Some changes to your PHI you can make yourself on the Member Portal. To request an amendment of your PHI that you cannot make yourself online, you must submit your request in writing to Teladoc on our standard Request to Amend PHI Form here. If Teladoc denies your request, you will be permitted to submit a statement of disagreement for inclusion in your records.
Right to Request Restrictions on Uses and Disclosures of PHI
You have the right to request that Teladoc not use or disclosure your PHI for treatment, payment, or healthcare operations purposes. To request a restriction, you must submit your request in writing to Teladoc on our standard Request for Restrictions Form here. Teladoc is not required to agree to your request unless you are requesting that we not disclose your PHI to your insurance company or health plan. In such cases, you will be required to pay for services out of pocket.
Right to Request Confidential Communication
You may request that Teladoc communicate with you through alternate means or at an alternate location. To request confidential communications, you must submit your request in writing to Teladoc on our standard Request for Restrictions Form here. Teladoc is not required to agree to your request however we will use best efforts to agree to reasonable requests.
Right to Request an Accounting of Disclosures
You have a right to receive an accounting of disclosures Teladoc has made of your PHI. To request for an accounting of disclosures, you must submit your request in writing to Teladoc on our standard Request for an Accounting of Disclosures Form here. Your right to an accounting of disclosures does not include disclosures made for treatment, payment or healthcare operations, disclosures made pursuant to an authorization, and certain other disclosures. Your first accounting will be free of charge.
You also have the right to: 1) Obtain a paper copy of this Notice from Teladoc at any time upon request; 2) File a complaint with Teladoc and/or the Secretary of Health and Human Services (at www.hhs.gov/ocr/privacy/hipaa/complaints/) if you believe that your privacy rights have been violated; and 3) Obtain more information about Teladoc’s privacy practices by contacting the Privacy Officer in the following ways:
In writing Privacy Officer Teladoc Health 2 Heritage Drive, 5th Floor, Suite 5A, North Quincy, MA 02171
By email [email protected]
By phone (855) 213-6709 (toll free)

How We Keep Your PHI Safe

The security of your PHI is very important to us and all the PHI you provide to Teladoc is protected by strict security safeguards. We use administrative, technical, and physical safeguards to keep your PHI from unauthorized access, and other threats and hazards to its security and integrity. We base our security program on complying with state and federal law, including the HIPAA Security Regulations, as well as industry best practices. We regularly validate the controls we have in place through annual assessment and audits, including SOC II, Type Two and HITRUST certification. More specifically, we protect the confidentiality of your PHI in many ways including the following:
  • Our databases are encrypted at both the volume layer (physical) as well as within the database columns themselves.
  • Access to our databases is tightly controlled and is only allowed to a small subset of technical administrators.
  • On a quarterly basis, access reviews are performed to certify staff roles are still appropriately assigned.
  • Our employees are trained on an annual basis on how to maintain the privacy and security of our members’ information.
If your unsecured PHI is disclosed to an unauthorized person, despite our security safeguards, we will notify you promptly if such disclosure may have compromised the privacy or security of the PHI.

Changes To this Notice

Teladoc reserves the right to change the terms of this Notice at any time, as long as the changes are in compliance with applicable laws. If Teladoc changes the terms of this Notice, the new terms will apply to all PHI that it maintains. If Teladoc changes this Notice, it will post the new Notice on its Web site and will make the new Notice available upon request.