Privacy Policy

Information we Collect

This Policy applies to the information we collect from medical care providers (“Providers”) and their patients through this Site. Some of the information SamaCare collects through this Site may be "personal information."  Examples of personal information include (but are not limited to): 

  1. Demographic information on users, including names, addresses, email addresses and phone numbers.
  2. Registration information on users such as passwords and usernames.
  3. Demographic information on patients, including names, date of birth, and phone numbers.
  4. Insurance data on patients, such as insurance carrier and insurance plan.
  5. Health and medical data on patients, including diagnosis codes, medication, clinical and other information required to obtain prior authorizations.
  6. Credit card or debit card numbers and expiration dates if used so that you can register for events or other activities through this Site.

In some cases, we pull data directly from practice IT systems, such as the Electronic MedicalRecord or Practice Management System. Some of the personal information we collect through the Site will also be "protected health information" (as defined by the Health Insurance Portability andAccountability Act).  Protected Health Information is subject to a separate Business Associate Agreement (BAA) between theProvider and SamaCare. To the extent there is a conflict between this Policy and any BAA, the stricter of the two applies.

We also collect and store information from web browsers or mobile devices that access our site.This may include the following:  

  1. IP addresses
  2. Browser type
  3. Internet service provider (ISP),
  4. Operating system type and version
  5. A date/time stamp
  6. Estimated geographic location
  7. Other information associated with the interaction of your browser and this Site

The information we collect from your web browser is stored in temporary log files that reside on our web servers.


By using this Site, you are consenting to the collection, use, disclosure, and transfer of the information described above.  If you do not consent to the collection, use, disclosure and transfer of this information, you may not use this Site. If you have questions about this Policy, please contact us using the information provided below.  We reserve the right to update or amend thisPolicy at any time and without prior notice, by posting the revised version on this Site.

Cookies and Web Beacons

As is true of most websites, we gather certain information through your use of our Sites. This information may include data collected from web browsers or mobile devices as described above, referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), and/or click stream data.


“Cookies” are small data files that are stored on the hard drive of the computer you use to view a web site. Every computer that accesses the SamaCare Services is assigned a different Cookie by SamaCare.“Web Beacons” are graphic image files imbedded in a web page typically used to monitor activity on a web page and send back to its home server (which can belong to the host site, a network advertiser or some other third party)information from your browser, such as the IP address, the URL of the page on which the Web Beacon is located, the type of browser that is accessing the site and the ID number of any Cookies on your computer previously placed by that server.

How We Use Your Information

With Health Plans

SamaCare shares information collected through this Site with health plans in order to obtain prior authorization for prescribed prescription drugs.  

With Third Party Vendors

SamaCare shares information with third-party vendors who act for us or on our behalf. For example, we may use third-party vendors to develop websites and assist with information management systems.  These third-party vendors may need information collected by the Site to perform their functions, but they are contractually obligated to use your information only to perform contracted-for services.

For Internal Process Management

SamaCare uses tools that allow our developers to "replay" the actions of our users, so they canidentify and follow up on system or prior authorization error notifications.

In aggregate or de-identified form

We may use information collected through thisSite in de-identified, aggregate form to study usage patters.  We may share de-identified, aggregate information with third parties so we and they can better understand our users.We may also share with third parties information about how particular individuals use this Site on a de-identified basis. We may provide basic demographic information (gender and age) in conjunction with providing de-identified individual data. We will take reasonable efforts to ensure that third parties cannot  and do not re-identify Individualized Data, including by contractually prohibiting them from doing so. Unless expressly prohibited, Samacare may de-identify protected health information (PHI)received from a Covered Entity in a manner consistent with the Privacy Rule’s standards for de-identification as provided in 45 C.F.R. § 164.514(a)-(c). Business Associate may use and disclose de-identified information to the extent permitted by HIPAA.

As part of a business transfer

Your information may be transferred to successor organization in the event of a merger or acquisition of SamaCare by another business entity, or if we liquidate our assets.   If such a transfer occurs, the successor organization’s use of your information will still be subject to this Policy.

To comply with laws and protect our rights and the rights of others

We may disclose your information when to comply with laws, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime, such as fraud or identity theft; to protect the security of this Site; to enforce or apply our online  Terms and Conditions of Use or other agreements; or to protect our own rights or property or the rights, property or safety of our users or others.

How We Protect Information

SamaCare takes reasonable precautions to provide a level of security appropriate to the sensitivity of the information we collect. Although we use reasonable measures to help protect your information against unauthorized use or disclosure, we cannot guarantee the security of information provided over the Internet or stored in our databases and will not be responsible for breaches of security beyond our reasonable control.

Children’s Privacy

You must be at least 13 years old to have our permission to use this Site. We do not knowingly collect personal information from users under 13 years of age. If you are under the age of 13, you can use this service only in conjunction with your parent's or guardian's permission.

Retention of Personal Information and Requests to Correct or Delete It

In general, SamaCare reserves the right (but does not assume the obligation) to retain the information collected on this Site as long as necessary to provide the services, products and information you request or as permitted by applicable law.

If you would like to review, correct, and/or update the personal information you have provided to us through this Site, you may be able to do so through your account. Otherwise, please contact us using the information provided below. We will respond to your request within a reasonable time or within the time set out by applicable law. When appropriate, or as required by applicable law, we will correct, amend or delete your personal information. We reserve the right to limit or deny access to personal information where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by applicable law.

SamaCare’s Site’s Servers are Located in the United States

SamaCare is a U.S. corporation. The servers that support this Site are located in the United States. While it is in our possession, your information will generally be stored in SamaCare databases or databases maintained by our third-party service providers on servers and data storage devices located in the United States. U.S. data protection laws may not provide as much protection as the data protection laws in force in some other countries. However, we will process your information in accordance with this Policy no matter where our data is stored. If you are located in a country outside the United States, by using this Site you consent to the transfer of your information to the United States.

Governing Law

This Policy shall be governed under the laws of the State of California United States of America without regard to its conflicts of law provisions.

Contact Information

If you need more information or if you would like to exercise one of your rights described above, please contact:

Scott Zhang

Privacy Officer

(415) 355-4657

Effective Date of this Policy: September 25, 2019