Effective: February 2018
Our policy regarding the collection and use of your information via DxPortal ("Portal" or "DxPortal") is set forth below. The Portal is part of a private website ("website") owned and managed by NextGen Management LLC d/b/a DxWeb Management LLC ("DxWeb") as your health care provider’s business associate, and DxWeb is committed to disclosing its privacy and data security policies. You have requested to electronically access your health information with your health care provider, and/or to receive electronic messages such as appointment reminders, prescription information including educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings, prescription refill reminders, as well as medication and patient compliance reminders. Please Note: If you are registering for DxPortal not as a patient of a particular health care provider, but for general health management reasons, the term "Patient", "you" or "your" means you as the registrant for DxPortal, and "health care provider" shall mean DxWeb which is providing you information about health care issues and/or products, but is not acting in conjunction with any medical professional nor is it providing medical advice of any kind. In some instances, depending on context, if you are a non-patient, the references to "health care provider" will not apply to you.


Agreement to Privacy Policy
YOUR ACCESS AND USE OF THE PORTAL IS SUBJECT TO YOUR AGREEMENT WITH THE BELOW POLICY, ALONG WITH THE DxPORTAL TERMS & CONDITIONS OF USE. BY USING THIS WEBSITE, YOU EXPRESSLY AGREE TO THE TERMS OF THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION AND USE OF INFORMATION AS DISCUSSED IN THIS PRIVACY POLICY (sometimes referred to just as the “Privacy Policy”). IF YOU DO NOT AGREE WITH THE BELOW POLICY, PLEASE DO NOT USE OR ACCESS THIS PORTAL (OR THE WEBSITE) FOR ANY PURPOSE. PLEASE PRINT A COPY OF THIS PRIVACY POLICY FOR YOUR RECORDS.

Modifications to Privacy Policy
DXWEB MAY REVISE THIS POLICY REGARDING THE COLLECTION OF INFORMATION AT ANY TIME. SHOULD ANY NEW POLICY TAKE EFFECT, DXWEB WILL GIVE NOTICE TO YOU AND ALL USERS BY POSTING A NOTICE REGARDING THE NEW POLICY ON THIS WEBSITE, AND THE NEW POLICY WILL APPLY ONLY TO INFORMATION COLLECTED THEREAFTER. BY ACCESSING OR USING THIS WEBSITE AFTER SUCH CHANGES ARE POSTED, YOU AGREE AND CONSENT TO ALL SUCH CHANGES.

Applicability of this Privacy Policy
This Privacy Policy applies solely to the Portal and provides you information on the specific information that DxWeb may collect from you via the Portal and how DxWeb may use it in connection with this Portal, whether you are using the Portal as a patient or a health care provider. If you are a patient or legal representative, your health care provider's use and disclosure of your identifiable health information is subject to your health care provider's Notice of Privacy Practices. We cannot control any health care provider's use of a patient's identifiable health information. If you are a patient or legal representative of a patient, please contact your health care provider for a copy of their Notice of Privacy Practices. DxWeb provides this Portal on behalf of your health care provider and therefore protects identifiable health information as required by the applicable agreement between DxWeb and your health care provider and in accordance with applicable law. If you have any issues with the identifiable health information managed by your health care provider’s practice, please contact them directly, as we have no ability to change the information you have provided them.

Disclosure of Information Practices
Whether you are a patient or a health care provider, if we collect information from or about you via the Portal, we will tell you what information we are collecting. The amount and type of information that we receive depends on how you use this Portal and the information you choose to submit to us via the Portal. Whether you are a health care provider or patient user, we may track use of your user name and may also capture the paths taken as you move from page to page (i.e., your "click stream" activity). When you log in, your user name and encrypted password will be logged by our system in an audit log but will not be used by us. As a user of the Portal and if available, you may also choose to use the secure messaging feature of the Portal which will allows the exchange of communications between patients and the clinicians who treat them and which may contain identifiable health information. Communications sent via this feature are recorded and maintained by DxWeb. Portal users have the ability to view the trail of messages received and sent via their Portal account. DxWeb does not edit the content of the communications between patients and health care providers.

Identifiable Health Information
You are not required to provide identifiable health information to visit this Website. However, if you are a patient or the legal representative of a patient, you must provide certain identifiable health information in order to complete your registration for the non-public Portal to access the health records maintained by your health care provider. If you are a patient (or the legal representative of a patient), we will collect identifiable health information from you with your knowledge during the registration process and in the event you request information or services. We may collect any identifiable health information that you provide to us, such as your name, address, e-mail address, gender, birth date and phone number. If you access the Portal patient registration via the link provided by your health care provider, certain basic information may be pre-filled into your Portal registration, which you will need to verify. When you register for the Portal via the Website, the registration process requires you to choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name and password you understand that those individuals to whom you share that information will have access to your identifiable health information and will be able to add to your identifiable health information as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password. If you are a registered patient user of the Portal, your identifiable health information (or that of the patient for whom you are the legal representative) currently stored electronically in your health care provider records will become accessible to DxWeb in order to provide you access to such information through the Portal. Your electronic health records are not permanently stored in the Portal or Website, but a temporary copy of them is displayed via the Portal when you are logged in with your user name and password.

Non-Identifiable Health Information
Either DxWeb or a third web statistics vendor on behalf of DxWeb may also collect non-identifiable information, which is automatically collected as you browse or otherwise access this website and Portal. We may collect such information by tracking, or asking our third party vendor to track, your click-stream activity when such information is not tied to a user ID through the use of "cookie" technology or by tracking internet protocol (IP) addresses, as explained below.

Regulation & Security
Certain information provided to Us may be Protected Health Information as that term is defined in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), American Recovery and Reinvestment Act ("ARRA"), Health Information Technology for Economic and Clinical Health Act ("HITECH") and in regulations promulgated there under and it may also be subject to regulation under state law ("PHI"). We offer and provide the Company Site and Our products and services in a manner that complies with all applicable laws and regulations we are aware of and/or become known to us and will continue to do so. If you request services that require you to provide personal health information that is protected under any federal or state laws (including HIPAA), You grant to us a non-exclusive, perpetual, irrevocable, royalty-free right and license to use de-identified patient and administrative data ("De-Identified Use Data" as defined under 45 C.F.R. § 165.514) collected or provided through your use of the Portal or website for any lawful business purpose, provided that such data is not personally identifiable. We have the right to de-identify such patient and administrative data and then utilize the De-Identified Use Data for any lawful purpose, including but not limited to creating statistical norms and reports de-identified score cards, regional or national benchmarking, or to be used for research considerations, provided however that the data shall not include member identities and claims information that is unprotected. Personally identifiable patient, health care provider and your information shall remain confidential and shall not be released unless you have agreed that it can be released. Further, should we choose to place the De-Identified Use Data in its national database or in any way incorporate such data in studies and/or analyses conducted directly or indirectly by Us, no such data shall be identified as originating from You, or Your patients, members, or health care providers. The De-Identified Use Data shall also not be utilized in any study, report or publication without first being integrated with a significant body of other data such that you cannot be identified, unless appropriate, advance and written consents to such identification are obtained.

Cookies
We may use "cookie" technology on and off of the Website and Portal. “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. They enhance your online experience by saving your preferences while you are visiting a particular website. The cookies do not contain any identifiable health information and cannot profile your system or collect information from your hard drive. When you view our Website or Portal we may place a cookie on your computer, which may be either temporary or permanent. Temporary cookies are used to complete transactions with this Website or Portal and for other purposes such as counting the number of visits to our certain web pages. These temporary cookies are eliminated when you exit your browser. A permanent cookie may also be stored on your computer by your browser. When you log in, this type of cookie tells us whether you've visited us before or if you are a new visitor. The cookie doesn't obtain any identifiable health information about you or provide us with any way to contact you, and the cookie doesn't extract any information from your computer. The "help" portion of the toolbar on most browsers will tell you how to disable cookies altogether. Please note that disabling temporary cookies may prevent you from using and accessing this Website and Portal. Disabling permanent cookies may also impact your use and access of the Website and Portal and prevent you from seeing any personalization (including your health record) on the Website or Portal that you may activate. In addition, if you visit our Website again after deleting a cookie, a new cookie may be activated. Since third parties may use their own cookies when you click on a hypertext link to their site or service, you should carefully review the privacy policy of other sites you link to from our Website or Portal

IP Addresses
We may also log and track IP addresses for systems administration purposes and for reporting usage trends. Your IP address is usually associated with the physical place from which you enter the Internet, the name of the domain and host from which you access the Internet, the browser software you use and your operating system, and the date and time you access the Website or Portal. By collecting your IP address, we may record the page that linked you to this Website, the web pages you visit, the ads you see or click on, and other information about the type of web browser, computer, platform and settings you are using, and any search terms you enter on this Website or Portal. IP addresses are not used to track an individual user’s session. This information only helps us determine how often different areas of our Website and Portal are visited. We may combine non-identifiable information collected automatically (such as through IP addresses, cookies or click-stream monitoring) with any previously submitted personal information that we may have received from you.

Geographic Location
We may collect your geographic location based on your IP address and other location-based data.

Analytics
We may also use various third party internet vendors to collect, track and analyze track analytical data regarding Website usage and trends.

Surveys
Users of the Portal may have the opportunity to participate through the Portal in various DxWeb surveys depending on the survey and as permitted by law. If you choose not to receive survey invitations through the Portal you may change your privacy settings within the Portal. Any survey responses that you choose to submit may be aggregated, deidentified and provided or sold to third parties as set forth below.

Use and Disclosure of Your Information
Use and Disclosure of Your Information We will not sell, share or rent the information that is collected via the Portal to others in ways that differ from what is disclosed in this Privacy Policy

Identifiable Health Information
We may use any identifiable health information or other information that you voluntarily provide us in order to provide you with information, products or services that you may request from DxWeb. If you are a patient or the legal representative of a patient, any identifiable health information that you share via the Portal will be made accessible to your health care provider and will become a part of the records maintained by your health care provider, which records are subject to your health care provider's Notice of Privacy Practices. DxWeb has no control over or responsibility for your health care provider's use or disclosure of information that you may provide via the Portal or Website. Consistent with the HIPAA Authorization below, to the extent permitted by applicable law, DxWeb may use your participation in the Portal to communicate to you special offers and featured items from third parties, DxWeb, DxWeb's affiliates, and/or other suppliers and vendors. If you are receiving additional communications and special offers, you may revoke your authorization to receive such materials from DxWeb via the Portal at any time by contacting us using the contact information below or as outlined in the applicable communication. We will implement your revocation as soon as is commercially reasonable. DxWeb cannot control any communications and other materials that you may receive directly from third parties. We will also use your information to customize your browsing experience and communicate with you and otherwise respond to your questions and suggestions regarding use of the Portal as may be permitted by applicable law. We may share your information only with our suppliers and vendors to the limited extent permitted by applicable law. We require those suppliers and vendors to comply with all applicable data privacy laws and regulations, including HIPAA. We do not sell, lease or rent your identifiable health information. We may also use your geographic location to provide you with specific content and direct you to your closest service providers to the extent permitted by applicable law.

Non-Identifiable Health Information
The non-identifiable, aggregated health information we collect may be shared with our suppliers and vendors and used in the aggregate to create summary statistics that help us analyze website usage trends, assess what information is of most and least importance, determine technical design specifications, arrange the Website in the most user-friendly way, and identify system performance or problem areas.

Aggregate Data
We may aggregate and deidentify in accordance with HIPAA identifiable health information, either alone or with other data to create anonymous "aggregate data" regarding the users of our Website and Portal. Aggregate and deidentified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you, but will be used as statistical information to determine such things as user demographics and usage patterns of our Website and Portal. DxWeb may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties, including for the purpose of getting targeted content to you by third party vendors, suppliers, business partners and/or affiliates a picture of our community and services and/or participation in surveys or receipt of emails from third parties.

Other Use and Ownership
We also reserve the right to share your information collected from this Website or Portal with third parties to the extent permitted by applicable law including but not limited to the requirements under HIPAA, and, in the case of identifiable health information, pursuant to DxWeb's business associate agreement with the applicable health care provider. DxWeb maintains full rights to any information collected on this Website or Portal, and may freely collect, use and disclose such information unless prohibited by this Privacy Policy or applicable law as stated above.

Marketing Materials
As part of use of the Portal, you may elect to access in the Portal or receive emails concerning educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings (“Financial Savings Offers”). This may include emails containing information from sponsors such as brands, manufacturers, payors, pharmacy benefit managers (PBM) and retailers, which can provide needed medication education, improve health care provider-patient dialogue and reduce medication-related costs. These communications are provided directly from us; you will not be contacted by any third party concerning these communications on account of electing to receive such communications through the Portal. Some of the Financial Savings Offers, although related to your health care and treatment, may be considered as marketing under HIPAA since your health care provider is communicating about a product or service in a way that encourages you to purchase or use that product or service such as the name brand product that appears on a prescription coupon. The Financial Savings Offers may be considered as advertising. Accordingly, in order to receive Financial Savings Offers, you are asked to agree to and sign a separate HIPAA Authorization form for such use and/or disclosure that appears at the end of this agreement. Your execution of the HIPAA Authorization form permitting such uses and/or disclosures is voluntary.

Security Level
While no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Portal as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers ("SSL") technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, PHI or communications a person directs to DxWeb or the clinician team) to create a protected connection between you and our website to ensure confidentiality. Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Portal. In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law. In order to help maintain security, you should never share your user ID or password and should always sign out when you are finished using the Portal.

Access
We will maintain your information and allow you to request updates at any time by logging into your Portal account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.

Third Party Websites
If you use the Portal to link to another web site, which is not controlled or maintained by DxWeb, you may decide to disclose personal information at that web site. For example, you might provide your contact information to obtain an information packet from an organization. Please be aware that in contacting that site, or in providing information on that site, that third party may obtain personal information about you. This Privacy Policy does not apply when you leave the Portal and go to a third party web site from the Portal. We structure the Service so that no personal or health information goes in the search string or URL when you move from the Portal to a linked web site. We encourage you to be aware when you leave our Service and to read the privacy statements of each and every site that collects personally identifiable information.

Accessing this Portal from outside of the United States
If you are visiting our Website or Portal from outside the United States, please be aware that your information may be transferred to, stored or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries might not be as comprehensive as those in your country, but please be assured that we take steps to protect your privacy. By using the Website or Portal, you understand that your information may be transferred to our facilities and those third parties with whom we share it as described in this privacy policy.

Transfer of Data
In the event of a change in control of DxWeb or sale by DxWeb of substantially all of its assets or other acquisition, merger or reorganization, any information owned by or in the control of DxWeb may be transferred to such DxWeb successor, who will comply with the terms of this Privacy Policy.

Important Note Regarding Children
This Website and Portal is not directed toward children under 18 years of age and DxWeb does not knowingly collect or use information from children under 18 through this Website or Portal. Any information submitted via the Portal regarding a minor under the age of 18 must be submitted by the minor's legal representative. To the extent permitted by applicable state law, minors may access their identifiable health information through their health care provider.

Disputes and Interpretation
This agreement shall be governed by, interpreted and construed in accordance with the laws of the State of Florida, excluding its choice of law provisions and any controversy or claim arising out of or relating to the terms of this agreement, or the breach thereof, shall be settled by arbitration administered by the American Arbitration Association sitting in Palm Beach County or Broward County, FL, in accordance with its Consumer Arbitration Rules, and judgment on the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof. You understand that by agreeing to these terms, you are giving up the right to bring a claim in court or in front of a jury, and that you are giving up the right to proceed with any class action or other representative action. Except as otherwise prohibited by applicable law, any claim with respect to this agreement must be commenced within one (1) year after the action or claim arises. Certain provisions, by their nature or as explicitly stated, will survive any termination or expiration of this Agreement. If any of these conditions shall be deemed invalid, void, or for any reason unenforceable, that condition will be severable and shall not affect the validity and enforceability of any remaining condition.

Questions or concerns regarding this Privacy Policy
If you have any questions about this Portal Privacy Policy or the use of your information by DxWeb please contact us at: DxWeb, 5355 Town Center Road, Suite 203, Boca Raton, FL 33486, Email: patientcare@dx-web.com I have indicated my signature and acceptance of this DxPortal Privacy Policy on the signature page click box or other format for my Portal registration.

HIPAA PATIENT AUTHORIZATION
You as the patient have agreed that you would like to receive information electronically via my patient portal and/or by email), and you represent and agree as follows (“I” means you, the patient): I have indicated to my health care provider and its business associate, NextGen Management, LLC d/b/a DxWeb Management LLC (“DxWeb”) that I would like to receive information from my health care provider which may include receiving messages about my appointment reminders, prescriptions including educational materials, guidance and third-party financial savings offers in the form of coupons and special offers for prescription cost savings, prescription refill reminders, as well as medication and patient compliance reminders. I understand that in order to electronically access and/or receive email communications, I must provide personal information to DxWeb, such as my name, date of birth, telephone number or email address, and that DxWeb may also access information located in my medical record in the DxWeb Patient Portal known as DxPortal relevant to the prescriptions I have been and will be prescribed. I understand that this information is known as Protected Health Information (“PHI”) as that term is defined in the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). I have also indicated to my health care provider that I would like to electronically access and/or receive email communications including third-party financial savings offers in the form of coupons and special offers for prescription cost savings (“Financial Savings Offers”), and that although related to my health care and treatment, these may be considered as marketing under HIPAA since my health care provider is communicating about a product or service in a way that encourages me to purchase or use that product or service such as the name brand product that appears on a prescription coupon. I further understand that Financial Savings Offers may be considered as advertising. I understand that DxWeb may aggregate and de-identify my PHI in accordance with HIPAA, either alone or with administrative data to create anonymous "aggregate data" regarding users of Text Messaging ("De-Identified Use Data" as defined under 45 C.F.R. § 165.514). De-Identified Use Data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal patient identity. This data does not identify me, but will be used as statistical information to determine such things as user demographics and usage patterns concerning the products relating to Financial Savings Offers, such as prescription medication. I understand that this De-Identified Use Data may be provided by DxWeb to third parties including to the manufacturers of the products appearing on prescription coupons, but that my physician does not receive any remuneration for this. I understand that this information is subject to the terms of DxWeb’s DxPortal Privacy Policy that restrict its use to the specific purposes described in the DxPortal Privacy Policy and herein. I therefore authorize my health care provider and DxWeb to use my personal information/PHI in the manner stated above. I understand that this authorization is voluntary and I may refuse to sign. My refusal to sign will not affect my ability to obtain treatment or payment for my treatment. However, I may be ineligible to receive the above-requested communications. I may receive a copy of this authorization by submitting a request to DxWeb’s contact information listed above. I understand that I may revoke this authorization by notifying DxWeb in writing to DxWeb’s contact information listed above. However, I understand that this revocation will not apply to information that has already been released by DxWeb in reliance of this authorization. DxWeb will implement my revocation as soon as is commercially reasonable. I have indicated my signature and acceptance of this HIPAA Authorization on the signature page click box or other format for my Text Messaging registration.