Consumer Health Data Privacy Notice

 

CONSUMER HEALTH DATA PRIVACY NOTICE

AM Alder Miller  •  aldermiller.com

Washington My Health My Data Act (RCW Chapter 19.373)

Effective: January 1, 2027  •  Last Updated: January 1, 2027

 

 

We collect the following categories of consumer health data when you order prescription eyewear from AM Alder Miller:

•    Eyeglass prescription values: sphere (SPH), cylinder (CYL), axis, add power (ADD), and pupillary distance (PD) for each eye, as written by your licensed eye care provider.

•    Prescription document: a photograph or digital scan of your written eyeglass prescription, which may include your name, date of birth, prescribing doctor’s name and contact information, and prescription values.

•    Prescription expiration date and your prescribing doctor’s name and practice name.

•    Optical measurement data: for progressive lens orders, segment height and frame measurements used to place lenses correctly.

Purpose: We collect this data solely to verify your eyeglass prescription and fabricate your prescription lenses. We do not use your consumer health data for advertising, marketing, or any purpose unrelated to fulfilling your order.

•    Directly from you: you provide prescription values by entering them manually or uploading a photograph or scan of your prescription through our secure prescription intake portal after placing your order.

•    From your prescribing eye care provider: when your doctor sends your prescription directly to us at your request.

•    From optical measurement tools: for progressive lens orders, segment height measurements may be derived from frame measurements or our optical measurement technology.

We do not collect consumer health data from data brokers, social media platforms, or advertising networks.

•    Prescription values and frame specifications: shared with our licensed optical laboratory service provider to fabricate your lenses.

•    Prescription submission data (entered values, uploaded prescription image, e-signature): stored in our HIPAA-eligible prescription intake platform.

•    Prescription records: stored in our HIPAA-eligible cloud storage provider.

•    Optical measurement data (progressive lenses, if applicable): processed by our optical measurement technology platform.

We do not sell your consumer health data. We do not share your consumer health data with advertising networks, data brokers, or social media companies.

We share consumer health data only with service providers (processors) under binding contracts that restrict their use of your data to providing services to AM Alder Miller. All processors are required by contract to protect your data with security standards equivalent to or exceeding those in this Notice.

•    Licensed optical laboratory service provider, Tacoma, Washington — receives prescription values and frame specifications for lens fabrication only; all data deleted within 30 days of order completion.

•    HIPAA-eligible prescription intake and recordkeeping platform — stores your prescription submission data under a signed Business Associate Agreement.

•    HIPAA-eligible cloud storage provider — stores encrypted prescription record files under a signed Business Associate Agreement.

•    Optical measurement technology platform (for progressive lens orders, where applicable) — processes frame and segment height measurement data under a signed Data Processing Agreement.

AM AlderMiller, LLC has no parent company, subsidiary, or corporate affiliate with whom consumer health data is shared. AM Alder Miller does not share your health data with any entity in a corporate relationship with AM AlderMiller, LLC.

Under the Washington My Health My Data Act (RCW 19.373.040), you have the following rights:

•    Right to confirm whether AM Alder Miller collects, shares, or sells your consumer health data.

•    Right to access a copy of your consumer health data and a list of all third parties with whom it has been shared.

•    Right to withdraw consent to AM Alder Miller’s collection or sharing of your consumer health data.

•    Right to request deletion of your consumer health data from all AM Alder Miller systems.

•    Right to non-discrimination: AM Alder Miller will not deny you service or charge a higher price because you exercised any right under this Notice.

•    Right to appeal: if AM Alder Miller denies your request, you may appeal by emailing privacy@aldermiller.com with the subject line "Appeal — WA Health Data Request." If your appeal is denied, you may contact the Washington State Attorney General at atg.wa.gov.

To submit a request: Email — privacy@aldermiller.com with subject "WA Health Data Rights Request." Online — aldermiller.com/pages/privacy-request. Mail — AM AlderMiller, LLC, Attn: Privacy Officer, 4620 Pacific Avenue, Tacoma, Washington 98408.

Response: We will respond free of charge within 45 days. If we need additional time, we will notify you of the extension and reason. We may require identity verification before processing your request.

We collect your prescription data because it is strictly necessary to provide the prescription eyewear product you have ordered. This collection does not require separate consent under RCW 19.373.030(2).

If AM Alder Miller ever seeks to use or share your consumer health data for any purpose beyond fulfilling your order, we will obtain your separate, affirmative opt-in consent before doing so. We do not infer consent from your use of the website or acceptance of our Terms of Service.

Optional: the prescription submission form includes an optional, unchecked checkbox where you may consent to AM Alder Miller retaining your prescription for future repeat orders. This is optional, not required to place an order, and may be withdrawn at any time.

AM Alder Miller implements administrative, physical, and technical safeguards to protect your consumer health data, including:

•    Your prescription is submitted exclusively through a HIPAA-eligible intake platform with encrypted servers in the United States. It never passes through or is stored on aldermiller.com.

•    All prescription records are stored with AES-256 encryption at rest and TLS 1.2+ encryption in transit.

•    Access is restricted to our Privacy Officer and licensed reviewing optometrist, both using multi-factor authentication.

•    All processors operate under signed agreements with equivalent security requirements.

•    We conduct an annual Security Risk Analysis and review system activity logs monthly.

In the event of a breach of your consumer health data, we will notify you within 72 hours of discovery.