Privacy Policy

At GoTo Telemed, we recognize that your privacy is paramount. As a leading telehealth platform connecting patients with qualified medical practitioners, we understand the sensitive nature of the health information entrusted to us. Our commitment extends beyond mere compliance—we strive to set the gold standard for privacy protection in digital healthcare.

This Privacy Policy serves as your comprehensive guide to understanding how we collect, use, protect, and manage your personal and medical information. We've designed our privacy practices around core principles of transparency, security, and respect for individual rights. Whether you're a patient seeking care or a medical practitioner providing services, you can trust that your data is handled with the utmost care and in full compliance with all applicable privacy regulations.

We believe informed patients and practitioners make better decisions. This policy empowers you with knowledge about your privacy rights and our obligations, ensuring a foundation of trust in every telehealth interaction conducted through our platform.

GoTo Telemed collects various types of information necessary to deliver secure, effective telehealth services. Our data collection practices are designed to serve two primary purposes: facilitating quality healthcare delivery and maintaining regulatory compliance. We collect only the information needed to provide excellent care and operate our platform efficiently.

The scope of information we collect varies depending on your role—whether you're a patient receiving care or a medical practitioner providing services. Every piece of information collected serves a specific purpose in ensuring seamless, secure healthcare delivery.

When you register as a patient on GoTo Telemed, we collect essential personal information that enables us to deliver telehealth services safely and effectively. This includes your full legal name, date of birth, gender, and contact information such as email addresses, phone numbers, and residential address.

Your demographic information may also be used in aggregate form—stripped of identifying details—to improve our services and understand the communities we serve. This ensures we maintain current and accurate records for optimal care delivery.

For medical practitioners joining our platform—including Physicians, Physician Assistants (PAs), Registered Nurses (RNs), Nurse Practitioners (NPs), Dentists (DDS), Registered Dental Hygienists (RDH), and other licensed healthcare professionals—we collect comprehensive professional information to verify credentials and maintain practice standards.

GoTo Telemed maintains detailed electronic health records (EHRs) for every patient receiving care through our platform. These records include your complete medical history, current medications, known allergies, previous diagnoses, and treatment outcomes. Our system integrates information from each consultation, creating a longitudinal health record that enables continuity of care.

Medical practitioners document clinical notes, assessment findings, treatment plans, and follow-up recommendations during and after each telehealth visit. These records are essential for coordinating care between multiple providers, tracking treatment progress, and ensuring patient safety through medication interaction checks and allergy alerts.

Our platform facilitates the collection and secure management of diagnostic information essential for clinical decision-making. This includes laboratory test results from blood work, urinalysis, and other clinical tests ordered by your healthcare provider, as well as diagnostic imaging data such as X-rays, CT scans, MRIs, and ultrasounds.

We collect comprehensive insurance details to facilitate claims processing and verify coverage for telehealth services. This includes your insurance carrier name, policy numbers, group numbers, and subscriber information. For patients with multiple insurance policies, we maintain records of primary and secondary coverage and coordination of benefits information.

We automatically collect information about the devices you use to access our platform and how you interact with our services. This technical information helps us optimize platform performance, ensure compatibility across different devices, and improve user experience.

GoTo Telemed records and stores various forms of communication between patients and medical practitioners to ensure quality care, maintain accurate medical records, and protect both parties. Video consultations may be recorded with your explicit consent, providing an audio-visual record of the clinical encounter.

Before receiving telehealth services through GoTo Telemed, patients and practitioners complete various consent and authorization documents. These legally binding forms establish the foundation for our professional relationship and define how your information may be used and shared.

Your consent is never assumed—we obtain explicit authorization before using your information for purposes beyond direct treatment, payment, or healthcare operations. You maintain the right to revoke certain authorizations at any time through your secure portal.

The Health Insurance Portability and Accountability Act (HIPAA) establishes national standards for protecting sensitive patient health information. As a covered entity under HIPAA, GoTo Telemed adheres strictly to all Privacy Rule and Security Rule requirements governing Protected Health Information (PHI).

Our workforce receives regular HIPAA training covering privacy principles, security practices, and individual responsibilities. Compliance is a core value that shapes every decision we make about protecting your health information.

Protecting your sensitive health information requires multiple layers of sophisticated security technology. GoTo Telemed employs industry-leading encryption protocols to safeguard data throughout its lifecycle—during transmission, while in use, and when stored in our databases.

All data transmitted between your device and our servers uses Transport Layer Security (TLS) 1.3 encryption. When you participate in a video consultation, the audio and video streams are encrypted end-to-end, ensuring your conversation remains private.

Every user accessing GoTo Telemed must authenticate their identity using multiple factors before gaining platform access. Beyond traditional passwords, we require a second verification method—such as a code sent to your mobile device or biometric authentication.

Our role-based access control system ensures users can only access data and features necessary for their specific role. A billing administrator cannot view clinical notes, while a nurse practitioner cannot access billing information beyond what's needed for treatment authorization.

GoTo Telemed's technical infrastructure is built on enterprise-grade cloud services maintained in secure, geographically distributed data centers. These facilities feature 24/7 physical security, environmental controls, redundant power systems, and sophisticated fire suppression—all designed to ensure your data remains available and protected.

All data storage locations are within the United States, subject to U.S. privacy laws and healthcare regulations. We maintain detailed documentation of data flows, storage locations, and system architectures to support security audits and regulatory compliance reviews.

Delivering comprehensive telehealth services requires collaboration with carefully selected third-party vendors and service providers. GoTo Telemed works only with partners who demonstrate strong security practices and willingness to comply with HIPAA requirements through Business Associate Agreements.

Each third-party provider operates under strict contractual obligations limiting how they may access, use, and disclose your information. We regularly review vendor compliance through audits, security assessments, and performance evaluations. We maintain a current list of all third-party processors with access to patient data, available upon request to regulatory authorities.

Your medical information belongs to you, and GoTo Telemed takes seriously our responsibility to share it only when appropriate and authorized. Our default position is always to restrict sharing unless there's a clear legal basis or your explicit consent.

As a patient using GoTo Telemed services, you possess important legal rights regarding your personal health information. We are committed not only to respecting these rights but to making them easy to exercise.

You can exercise these rights by submitting requests through your secure patient portal or by contacting our privacy office. In most cases, there is no charge for accessing your records.

Medical practitioners on the GoTo Telemed platform operate under the principle that governs all healthcare: access patient information only when directly relevant to providing treatment. Our system enforces strict limitations ensuring practitioners can view records only for patients under their active care.

GoTo Telemed maintains your health information for specific periods determined by medical best practices, legal requirements, and regulatory standards. Our retention schedules balance the need to preserve records for continuity of care and legal protection against privacy principles favoring limited data retention.

You may request continued retention of your records beyond standard periods by contacting us in writing, and we will accommodate such requests when operationally feasible.

When health information reaches the end of its retention period or when you request deletion of your data, GoTo Telemed follows rigorous procedures to ensure complete and irreversible destruction. We employ methods that make information technically infeasible to recover, meeting standards established by NIST and HIPAA guidelines.

Despite our best efforts to prevent security incidents, we recognize that no system is completely immune to breaches. GoTo Telemed has established comprehensive procedures to detect, investigate, contain, and report any unauthorized access to or disclosure of protected health information.

HIPAA regulations require that any third party accessing protected health information on behalf of a covered entity must sign a Business Associate Agreement (BAA). GoTo Telemed executes comprehensive BAAs with every vendor, contractor, or service provider who may encounter PHI in the course of working with us.

While HIPAA establishes baseline federal privacy protections, many states have enacted additional privacy laws providing even stronger safeguards. GoTo Telemed complies with privacy requirements in all 50 states where we operate, ensuring your information receives the maximum protection afforded by applicable state law.

We maintain state-specific procedures ensuring compliance with these additional protections, applying them consistently to avoid confusion and provide maximum privacy regardless of location.

GoTo Telemed primarily serves patients and practitioners within the United States, and we store all patient health information on servers located within U.S. borders. However, when any international data transfer occurs, we implement safeguards ensuring your information receives privacy protections equivalent to U.S. standards.

GoTo Telemed uses cookies and similar tracking technologies to deliver functionality, improve user experience, and analyze platform performance. We are transparent about what tracking occurs and provide options to control certain types of data collection.

GoTo Telemed respects your communication preferences and provides clear options for managing how we contact you. While some communications are necessary for service delivery, other messages are optional, and you can choose whether to receive them.

You can modify your communication preferences anytime through your account settings or by using unsubscribe links in emails. We honor opt-out requests immediately, processing them within 10 business days.

Privacy laws, technology capabilities, and healthcare practices evolve over time, requiring periodic updates to this Privacy Policy. GoTo Telemed commits to maintaining current, accurate privacy documentation reflecting our actual data practices.

As a healthcare organization handling protected health information, GoTo Telemed is subject to oversight by multiple regulatory agencies. We maintain transparent, cooperative relationships with regulators and welcome audits as opportunities to demonstrate our commitment to privacy protection.

During audits, we provide requested documentation including policies, security assessments, breach logs, and training records. Our staff cooperates fully with investigators. Following audits, we implement corrective action plans addressing identified deficiencies.

GoTo Telemed is committed to addressing your privacy questions, concerns, and complaints promptly and thoroughly. We've established multiple channels for privacy communication, ensuring you can reach us through your preferred method.

We acknowledge all privacy inquiries within 2 business days and provide substantive responses within 10 business days for most issues. If you're not satisfied with our response, you have the right to escalate to external authorities including the HHS Office for Civil Rights or your state attorney general.

Transparency and accountability require clear documentation of when privacy practices take effect and how they've evolved over time. This section provides critical information about this Privacy Policy's current status and historical versions.

For questions about this policy, previous versions, or how changes may affect you, please contact our Privacy Office at privacy@gototelemed.com or call (660) 628-1660. We're here to help you understand your privacy rights and our obligations.

Document Information: Privacy Policy Version 1.0 | Effective Date: January 1, 2025 | Last Reviewed: December 2024 | Next Review: March 2025