Last Updated: June 19, 2025
This Privacy Policy explains how information is collected, used and disclosed by ViewPoint Co-Management LLC (“ViewPoint”, “we”, “us”, or “our”), and applies to information we collect when you use or access our website, products, and services (collectively, “Services”), or when you otherwise interact with us.
We provide our Services to healthcare professionals in the ophthalmology field. ViewPoint users gain access to ViewPoint Services based on their level of access governed by their subscription level. As you use our Services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.
Our Privacy Policy explains:
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to ViewPoint and if you have any questions, please email privacy@vpcomanage.com.
Some of the information you provide to us through the Services may be considered protected health information (PHI) and will be protected by ViewPoint as required by federal and state laws (such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA)). Our processing of PHI on behalf of our healthcare provider customers is governed by our agreements with our customers, including our Business Associate Agreement as required by HIPAA. If you are a patient, your healthcare provider may also have its own privacy practices and policies that govern how your provider collects, uses, and shares your information. If you are a healthcare provider, you are required to comply with HIPAA and state privacy laws that govern your disclosure and use of PHI.
This Privacy Policy does not cover the privacy practices of third parties. Our Services may include links to websites and/or applications operated and maintained by third parties. We have no control over the privacy practices of websites or applications that we do not own and cannot guarantee that such third parties will adhere to the same privacy practices as us. We strongly encourage you to review the privacy policies of those third parties.
We collect information to enable our platform to provide the Services offered to our subscribers. The types of personal information we obtain about you depends on how you interact with us and our Services. When we use the term “personal information,” it means information that identifies, relates to, describes, or can be associated with you. Because the Services include referrals transmitted between eye care professionals, ViewPoint will collect PHI that will vary depending on the information that the eye care professional determines is relevant to transmit through our Services. Other types of personal information collected may include basic identifiers such as full name, business address, email address, phone number, account name, signature, or other similar identifiers, payment information such as credit card or ACH information, professional information, demographic data, user content, internet or other network activity, device information (such as your internet protocol (IP) address, browsing or search history, and information related to your interactions with our Services), data related to your use of the site, and geolocation data (such as the location of your IP address), and any inferences we may draw from the information referenced in this paragraph.
The ViewPoint Services are designed to facilitate referrals from eye care professionals (and their staff) to doctors (and/or their staff) in the eye care field. Your information will be used to accomplish that objective and to understand how users are interacting with our Services so that we can continuously improve our platform.
If you are a healthcare provider, under no circumstances will PHI about your patients be shared with another healthcare provider (or their staff), unless it is in support of a referral that you have made and, in that case, health information will only be shared with the healthcare providers that you designate. Those healthcare providers, in accordance with the HIPAA guidelines, could share that information with their various staff members and/or designees. In addition, there are situations where the law requires us to use and disclose your patients’ health information without your authorization where we may use and/or disclose your patients’ health information without first obtaining your written authorization for purposes other than for treatment or health care operations.
For situations not generally authorized by contract, not described in this Privacy Policy, or where disclosure is not required by law, we will ask for your written authorization before we use or disclose your patients’ health information. You may revoke that authorization, in writing, at any time to stop future disclosures of your patients’ information. Information previously disclosed, however, will not be requested to be returned nor will your revocation affect any action that we have already taken. In addition, if we collected the information in connection with a research study, we are permitted to use and disclose that information to the extent it is necessary to protect the integrity of the research study.
This portion of our Privacy Policy describes a patient’s individual privacy rights regarding their health information and how they may exercise those rights.
You may request, in writing, a restriction on how we use or disclose your patients’ protected health information. You may also request a restriction on what health information we may disclose to someone who is involved in your patients’ care, such as a family member or friend. To make a request to ViewPoint, please email privacy@vpcomanage.com.
We are not required to agree to your request. Additionally, any restriction that we may approve will not affect any use or disclosure that we are legally required or permitted to make under the law.
You may ask to look at and obtain a copy of patient health information. You must make your request in writing. To make a request to ViewPoint, please send an email to privacy @vpcomanage.com.
We may charge a fee for copying or preparing a summary of requested health information. We will respond to your request for health information within 30 days of receiving your request unless your patients’ health information is not readily accessible.
The Health Information Technology for Economic and Clinical Health (HITECH) Act expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct ViewPoint to send the e-health record directly to a third party. ViewPoint may only charge for labor costs under electronic transfers of e-health records.
If you are a healthcare provider, you may request in writing a change or addition to your patient’s health information. To make a request to ViewPoint, please send an email to privacy@vpcomanage.com. The law limits your ability to change or add to your patients’ health information.
If you are a healthcare provider, you may ask, in writing, for an accounting of certain types of disclosures of your patients’ health information. The law excludes from an accounting many of the typical disclosures, such as those made to care for your patients or where you provided your written authorization to the disclosure. To make a request for an accounting to ViewPoint, please send an email to privacy @vpcomanage.com. Generally, we will respond to your request within 60 days of receiving your request unless we need additional time.
Even though we have provided this Privacy Policy electronically, you may request a paper copy at any time by sending an email to privacy @vpcomanage.com.
The ViewPoint software application is cloud-based and hosted by a third-party provider. All your information is processed and stored by the third-party provider that is selected by ViewPoint in its reasonable discretion. The hosting provider selected will conform with industry standard security measures. More information regarding our hosting provider can be given upon written request to ViewPoint.
We work hard to protect ViewPoint and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. We encrypt many of our services using SSL and at-rest encryption technology. We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems. We restrict access to personal information to ViewPoint employees, contractors and agents who need to know that information to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
Our Privacy Policy applies to all the Services offered by ViewPoint but excludes services that have separate privacy policies that do not incorporate this Privacy Policy. Our Privacy Policy does not apply to services offered by other companies or individuals, including products or sites that may include ViewPoint Services, or other sites linked from our services. Our Privacy Policy does not cover the information practices of other companies and organizations who advertise our services, and who may use cookies, pixel tags and other technologies to serve and offer relevant ads.
We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
ViewPoint and its members agree to comply with the requirements of COPPA (Children’s Online Privacy Protection Act), which severely restricts what information can be collected from children under the age of 13. Children under the age of 13 in the United States are prohibited from using the Services. The Services are not directed at children and ViewPoint does not knowingly collect any information from individuals under the age of 13 unless inputted by a customer applicable to a patient. We will use that information only to respond directly to that child (or a parent or legal guardian) to inform him or her that he or she cannot use the services and subsequently we will delete that information from our own servers.
Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.