WinguMD, INC.is required to comply with The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH) Act, and General Data Protection Act (GDPR) in EU countries which regulates the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
Mobile application and portal privacy statement: our application uses acquired information for ongoing quality improvement activities. Disclosure of an individual’s information is limited as required by state and federal law. We do not sell or rent personal information about our users and patients.
BodyMapSnap and WinguMD have security measures in place to help protect against the loss, misuse or alteration of information under our control. These measures Include the encryption of data using the Secure Socket Layer (SSL) system as well as HIPAA compliant servers. We do not use the native photo gallery to store photos to ensure that photos can only be viewed after user logs into the BodyMapSnap application. For added security we have implemented a timed auto-log-out feature which ensures the application closes with inactivity. Despite these measures, the confidentiality of any communication or material transmitted to or from us via BodyMapSnap cannot be guaranteed. At your discretion, you may contact us using our email address, firstname.lastname@example.org.
User data: We routinely gather data on our applications and website activity. This data helps us improve our content and overall usage. Aggregated anonymous data is used to communicate the usage of our app and website.
Data caching: In order to ensure a good user experience, certain data may be temporarily or permanently cached encrypted by the mobile application on user’s mobile device. Any data that is personally identifiable will be encrypted and will not be viewable by anyone without access to the user’s User Name and Password.
Logs: We maintain standard mobile application and web logs to record data about all users and we store this information for a while. These logs may contain the internet domain, IP address, type of browser, operating system and the date and time you visited; the pages or mobile screens you viewed; the address of the website you linked from, if any. We will also maintain a log of each sign in.
For additional information about our approach to the GDPR compliance, please read this page.