Patient login
Provider login
Privacy Policy for Miiskin
Home / Privacy Policy

Privacy Policy for Miiskin

Effective Date: December 17, 2025

This Privacy Policy describes how Miiskin (“Miiskin,” “we,” “us,” or “our”) collects, uses, and shares your personal information when you use our website, mobile applications, and services (collectively, the “Service” or “Platform”). We are committed to protecting your privacy and handling your personal information in a transparent and secure manner. We process your personal data in accordance with this Privacy Policy. Before using our Service, please read this Policy carefully. If you do not agree with how we process your personal data, please do not use the Service. Miiskin processes your personal data in compliance with the European General Data Protection Regulation (“GDPR”) and the Health Insurance Portability and Accountability Act (HIPAA).

Miiskin Group ApS is a Danish, internationally operating company with headquarters in Denmark. The Platform allows registered users to self-examine their skin and moles by uploading images and sharing medical information with their chosen medical provider.

1. Information We Collect

We collect various types of information to provide and improve our Service.

1.1 Personal Information

This includes information that can directly or indirectly identify you. The types of Personal Information we collect may include:

  • Contact and Account Information: Your name, email address, phone number, mailing address, date of birth, and account login credentials. Upon signing up, users provide an email, birth year, and gender.
  • Health Information (Consumer Health Data): As a service focused on skin health, we collect information related to your physical and mental health. This “Consumer Health Data” may include:
    • Images of your skin, moles, or other dermatological conditions.
    • Information you provide in health questionnaires, surveys, or during consultations (e.g., medical history, symptoms, diagnoses, treatments, medications, lifestyle factors).
    • Inferences drawn from your health data to create a profile about your health status or preferences.
    • Precise geolocation data, if enabled, which may be considered sensitive if it indicates an attempt to acquire or receive health services.
  • Demographic Information: Such as your gender, racial or ethnic origin, and zip code.
  • Payment Data: If you make payments via our Services, we may require that you provide your financial and billing information, such as billing name and address, credit card number or bank account information.
  • Government-Issued Identifiers: In certain circumstances, for identity verification or legal compliance, we may collect government-issued identification numbers (e.g., driver’s license number, passport number, social security number) and images of such identification cards.
  • Communications: Content of your communications with us, including emails, chat messages, and customer support inquiries.
  • Purchase History: Information related to your purchases on the Platform.

1.2 Sensitive Personal Information

Certain categories of Personal Information are considered “Sensitive Personal Information” under various state laws due to their heightened risk if misused. This includes, but is not limited to:

  • Health Information: As described above, including mental and physical health diagnoses, laboratory results, clinical conditions, and treatments.
  • Biometric Data: Data generated from automatic measurements of your biological characteristics, such as face geometry derived from images you upload, used for identification purposes.
  • Genetic Data: Information about your inherited characteristics.
  • Precise Geolocation Data: Information that identifies your exact location.
  • Racial or Ethnic Origin, Religious Beliefs, Sexual Orientation, Citizenship or Immigration Status.
  • Account Log-in Details, Financial Account Information, Debit or Credit Card Numbers combined with security codes, passwords, or credentials allowing account access.
  • Contents of a consumer’s communications when Miiskin is not the intended recipient.
  • Neural Data: Information about the activity of the human brain and nervous system.
  • Status as transgender or non-binary, or status as a victim of a crime.
  • Pregnancy status.

The collection of Sensitive Personal Information is handled with the utmost care and in accordance with applicable laws, including GDPR’s requirements for special categories of personal data and HIPAA’s protections for Protected Health Information (PHI).

1.3 Information Collected Automatically

When you use our Service, we automatically collect certain information about your device and usage:

  • Device and Usage Data: Internet Protocol (IP) address, device identifiers (e.g., MAC address), device type, operating system, browser type, version, language settings, pages viewed, time spent on pages, access times, and referring URLs. We also collect data related to the use of the Platform, such as who images are shared with.
  • Support Data: If you contact us for support or to lodge a complaint, we may collect technical or other information from you through log files and other technologies, some of which may qualify as Personal Data. (e.g., Internet Protocol (“IP”) address). Such information will be used for the purposes of troubleshooting, customer support, software updates, and improvement of the Services in accordance with this Privacy Policy. Calls with Miiskin may be recorded or monitored for training, quality assurance, customer service, and reference purposes.
  • Cookies and Similar Technologies: We use cookies, mobile IDs, and similar technologies to collect information about your browsing activities, preferences, and interactions with our Service. This helps us personalize your experience, analyze usage patterns, and deliver relevant content.

1.4 Information from Third-Party Sources

We may obtain information about you from third-party sources, such as service providers, partners, or publicly available sources, to supplement the information we collect directly.

2. How We Use Your Information

We use your Personal Information and Sensitive Personal Information for the following purposes, based on appropriate legal bases as required by HIPAA and GDPR and other applicable privacy laws.

  • Managing User Relationship: Personal data is processed to manage user accounts and provide access to the Platform, based on the fulfillment of contractual obligations. This enables users to self-monitor their skin and moles and seek medical services by sharing data with their chosen medical practitioner.
  • Processing Images and Metadata: Large images (full body, face, or large skin parts) and associated metadata are processed to facilitate core functionality, based on your explicit consent, which can be withdrawn at any time via App settings or by emailing [email protected].
  • Platform Improvement and Development: Personal data, including skin and face images (if opted in), is used to deliver and improve the Platform, manage the business, develop new features, updates, personalization services, algorithms, and machine learning. This processing is based on Miiskin’s legitimate interest to improve its platform and services.
  • To Provide and Maintain the Service: To deliver the core functionalities of Miiskin, including processing your images, providing skin tracking features, and facilitating communication with healthcare professionals, including pharmacies and central laboratories, if applicable.
  • To Improve and Personalize the Service: To understand how you use our Service, develop new features, enhance user experience, and tailor content and recommendations.
  • To Communicate with You: To send you updates, notifications, marketing communications (where you have consented or as permitted by law), and respond to your inquiries. Communication and notification settings can be changed in the App settings. For support inquiries concerning these settings, please contact [email protected].
  • For Security and Fraud Prevention: To protect the security and integrity of our Service, prevent fraudulent activities, and ensure compliance with our terms of service.
  • For Legal and Regulatory Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including those under HIPAA and GDPR.
  • For Research and Analytics: To perform internal research, analysis, and reporting to understand trends, improve our products, and for other business purposes. We may aggregate, de-identify, or anonymize your data for these purposes, and such data may be used and disclosed to third parties and with external research partners. You may decline to have your data used for these purposes by opting out in the settings of our App. A current list of our partners can be found at https://miiskin.com/partners/.

Data Minimization and Purpose Limitation

We adhere to principles of data minimization and purpose limitation, which are core tenets of GDPR and many U.S. state privacy laws. We collect and process only the Personal Information that is adequate, relevant, and limited to what is necessary for the disclosed purposes for which it is processed, in accordance with Article 5(1)(c) of the GDPR. For Sensitive Personal Information, our collection, processing, and sharing are limited to what is strictly necessary to provide or maintain the product or service you have requested. We will not collect data for purposes unrelated to the offered product or service, even with your consent, if such collection is not reasonably necessary and proportionate.

3. How We Share Your Information

We may share your Personal Information with the following categories of third parties:

  • Service Providers: We engage third-party companies and individuals to perform services on our behalf (e.g., hosting, data analysis, customer support, payment processing). These service providers are contractually obligated to protect your information and use it only for the purposes for which they were engaged, in line with GDPR processor requirements and HIPAA business associate agreements.
  • Affiliates: We may share your information with our affiliated companies for business and operational purposes.
  • Healthcare Professionals and Organizations: If you use features that connect you with healthcare professionals, we will share relevant health information with them to facilitate your care, in compliance with HIPAA and other applicable health data privacy laws. When images are transferred to doctors, other healthcare professionals, or third parties such as pharmacies and central laboratoratories, they become the data controller, and their privacy policy applies.
  • Payors: We may share your Personal Data and medical information with payors, including insurance companies and other reimbursement entities, to facilitate billing, claims processing, and payment for the services provided. This sharing is conducted in compliance with applicable laws and regulations, such as HIPAA, to ensure the privacy and security of your information.
  • Professional Advisors: We may share your Personal Data with our lawyers, auditors, accountants, or banks when we have a legitimate business interest in doing so.
  • Legal and Regulatory Authorities: We may disclose your information if required by law, subpoena, or other legal process, or if we believe it’s necessary to protect our rights, property, or safety, or the rights, property, or safety of others. This includes disclosures required by HIPAA or GDPR.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred to the acquiring entity.
  • Other Third Parties: We may share your information with other third parties when we have your explicit consent to do so.

Miiskin does not sell or transfer personal data for marketing purposes. We do not sell your Sensitive Personal Information.

International Data Transfers

Generally, Miiskin does not transfer your personal data out of the EU if it is stored there, or out of the USA if it is stored there, but you may share or transfer your personal data outside of the EU by using the sharing or transfer functionality that we offer you for your convenience. Users located in the USA should be aware that certain data processing activities, such as user support, may involve access by personnel or entities located in Europe. In such cases, we implement appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy and applicable laws, including GDPR’s requirements for international data transfers (e.g., Standard Contractual Clauses).

4. Your Privacy Rights

You have certain rights regarding your Personal Information, subject to applicable state laws and GDPR. To exercise any of these rights, please visit our Privacy Request Portal at or contact us using the information in the “Contact Us” section.

4.1 Right to Access and Confirmation

You have the right to confirm whether we are processing your Personal Information and to access a copy of the Personal Information we hold about you. Fees may apply for additional copies or unfounded requests.

4.2 Right to Correction

You have the right to request that we correct inaccuracies in your Personal Information, or to complete incomplete data, by updating your account.

4.3 Right to Deletion

You have the right to request that we delete your Personal Information, subject to certain exceptions (e.g., legal obligations, completion of transactions). If you request that any required Consumer Health Data be deleted or withdraw your consent for future collection or sharing of any required Consumer Health Data, we may not be able to provide the Service or certain features of the Service to you. NOTE: Once we disclose your Personal Data to third parties, we may not be able to access that Personal Data any longer and cannot force the deletion or modification of any such information by the parties to whom we have made those disclosures.

4.4 Right to Data Portability

You have the right to obtain a portable copy of your Personal Information in a structured, commonly used, machine-readable format.

4.5 Right to Opt-Out of Certain Processing Activities

You have the right to opt-out of the “sale” or “sharing” of your Personal Information, targeted advertising, and profiling that produces legal or similarly significant effects.

  • “Do Not Sell or Share My Personal Information”: If we engage in activities considered “selling” or “sharing” of personal information under applicable state laws, you have the right to opt-out. To exercise this right, please contact our privacy department by emailing [email protected]. You are not required to create an account to exercise this right. We will respect your opt-out decision for at least 12 months.
  • Global Privacy Control (GPC): We recognize and respond to Global Privacy Control (GPC) signals or similar universal opt-out preference signals where required or widely acknowledged by regulation. If you use a GPC-enabled browser, we will make reasonable efforts to respect your choices indicated by a GPC setting or similar control that is recognized by regulation or otherwise widely acknowledged as a valid opt-out preference signal.
  • Do Not Track (DNT): Some web browsers offer a “Do Not Track” (DNT) signal. There is no common understanding of how to interpret the DNT signal; therefore, our websites do not respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the GPC, cookie controls, and advertising controls described above.
  • Mobile Advertising ID Controls: iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.

4.6 Right to Limit the Use or Disclosure of Sensitive Personal Information

For residents of California, Iowa, and Utah, you have the right to opt-out of the processing of your Sensitive Personal Information. California residents also have the right to direct us to limit the use or disclosure of Sensitive Personal Information used to infer characteristics about you.

4.7 Right to Appeal

If we deny your privacy request, you may have the right to appeal our decision. If applicable, our response denying your request will provide information on how to submit an appeal.

4.8 Identity Verification

To protect your privacy and security, we may need to verify your identity before processing your request. This may involve asking you to verify information we already have on file for you. If we cannot verify your identity based on the information we have, we may request additional information, such as a government identification, which will only be used for identity verification and security/fraud prevention purposes.

4.9 California Residents – “Shine the Light” Law

California residents may request and obtain from us, once a year, free of charge, a list of third parties, if any, to which we disclosed their Personal Data for direct marketing purposes during the preceding calendar year and the categories of Personal Data shared with those third parties. If you are a California resident and wish to obtain that information, please submit your request by sending us an email at [email protected] with “California Privacy Rights” in the subject line.

4.10 Nevada Residents

Nevada residents may contact us to inquire about your right to opt out of the sale of your Personal Information.

4.11 Right to Complain to Supervisory Authority

You have the right to complain regarding the processing of personal data concerning you to the supervisory authority, which in Denmark is the Danish Data Protection Agency:

Datatilsynet
Borgergade 28
1300 København K
Phone no.: +45 33 19 32 00
E-mail: [email protected]

5. Children’s Privacy

Our Service is not intended for individuals under the age of 18 or the legal age for granting consent in their jurisdiction. We do not knowingly collect Personal Information from children under 13 without verifiable parental consent, in compliance with the Children’s Online Privacy Protection Act (COPPA). If we learn that we have collected Personal Information from a child under 13 without appropriate consent, we will take steps to delete it. We may use a registration of age as a tool to try and prevent users under the legal age in the jurisdiction where the user resides to read content not rated for minors.

For minors between the ages of 13 and 17, certain state laws (e.g., New Jersey, Maryland) impose additional protections. We will not process or sell the Personal Information of consumers under the age of 18 for targeted advertising if we know, or should know, their age. If our Service is likely to be accessed by minors, we aim to implement privacy-by-design principles, including default privacy settings and parental controls where applicable. We also prohibit the collection of precise geolocation data of children unless strictly necessary for the service, collected for a limited time, and with clear notice and consent. These measures align with the spirit of GDPR’s heightened protections for children’s data.

6. Data Retention

We retain your Personal Information and Consumer Health Data only for as long as necessary to fulfill the purposes for which it was collected, including for the provision of the Service, to comply with legal obligations, resolve disputes, and enforce our agreements. Our data retention practices are guided by an internal data retention schedule that considers federal, state, industry-specific, country-specific, and international record-retention mandates, including those under GDPR and HIPAA.

Personal data, including images, is stored as long as the account is active. Accounts inactive for 36 months will be deleted, with prior notice to the user. Some personal data may be stored to comply with legal obligations. Updated information may have unrevised copies maintained in system backups for a period. Users can request account deletion by emailing [email protected] or using the in-app support function. Deleting the account removes data from Miiskin servers, but users must uninstall the app to remove locally stored data. Some information may remain in records after deletion, and anonymized data (no longer personal data) may be retained indefinitely for business purposes.

7. Data Security

We implement appropriate technical and organizational measures to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction. These measures include encryption, access controls, and regular security assessments, in accordance with the security principles of GDPR and the security rule requirements of HIPAA. Specifically, our website and mobile application employ the following data security measures:

  • Your user account on our website is protected with a two-factor authentication.
  • Access to our App on your phone is only restricted if you apply access protection to your phone.
  • If you use our premium product, you can make use of a passcode provided with the premium version of the App, in particular to protect your large images.
  • All images are stored encrypted on your phone to prevent other mobile applications from gaining access to your images
  • Only our App can decrypt the images for you to access and view.
  • All images and other personal information that have been synched with our cloud are also encrypted when stored.
  •  All images and other personal information are encrypted when transmitted between your phone and our cloud solution (storage).

However, users should be aware that internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure. As a result, we cannot guarantee the security of information you transmit to us. By using the Services and transmitting data to our platform, you are assuming this risk of possible disclosure despite the security measures Miiskin uses to protect your information. Additionally, users should be aware that images exported from the App to the phone or from the website account are no longer encrypted/protected, and this export is the user’s sole responsibility.

7.1 Your Responsibilities for Data Security

You are solely responsible for protecting information entered or generated via the Services that is stored on your device and/or removable device storage. Miiskin has no access to or control over your device’s security settings, and it is up to you to implement any device-level security features and protections you feel are appropriate (e.g., password protection, encryption, remote wipe capability, etc.). We recommend that you take any and all appropriate steps to secure any device that you use to access our Services.

In addition, we will NEVER send you an email requesting confidential information such as account numbers, usernames, passwords, or social security numbers, and you should NEVER respond to any email requesting such information. If you receive such an email purportedly from Miiskin, DO NOT RESPOND to the email and DO NOT click on any links and/or open any attachments in the email, and notify Miiskin support at [email protected].

8. Service Provider Contracts

We require our third-party service providers and data processors to adhere to similar privacy and security standards through robust contractual agreements. These contracts ensure that they process your Personal Information only for specified purposes and implement appropriate safeguards, consistent with GDPR’s requirements for data processing agreements and HIPAA’s requirements for business associates.

9. Cookies and Other Technologies

Cookies are small files that a web server sends to your computer or device when you visit a website that uses cookies to keep track of your activity on that site. Cookies hold a small amount of data specific to that website, which can later be used to help remember information you enter into the website (like your email or other contact info), preferences selected, and movement within the site. If you return to a previously visited website (and your browser has cookies enabled), the website sends the small file to the web server, which tells it what activity you engaged in the last time you used the website, and the server can use the cookie to do things like expedite logging in and retrieving user data and keeping your browser session secure. For more information on the cookies Miiskin uses on our website, please review our Cookie Policy.

We use essential cookies to provide user authentication and other technologies to, among other things, better serve you with more tailored information, and to facilitate efficient and secure access to the Service. Essential cookies are those necessary for us to provide Services to you. We may also collect information using pixel tags, web beacons, clear GIFs or other similar technologies. These may be used in connection with some Service pages and HTML-formatted email messages to, among other things, track the actions of users and email recipients, and compile statistics about usage and response rates.

How to Manage Your Cookies

Most web browsers let you choose whether to accept cookies. Most also let you delete cookies already set. The choices available, and the mechanism used, will vary from browser to browser. Such browser settings are typically found in the “options”, “tools” or “preferences” menu. You may also consult the browser’s “help” menu.

There are online tools available for clearing all cookies left behind by the websites you have visited, such as www.allaboutcookies.org. Usually, deletion of cookies will anonymize the information associated with the pixel and a website will not receive any further associated information.

Please note that if you choose to set your browser to remove cookies or reject cookies, or if you enable a “Do Not Track” (DNT) signal or otherwise configure your browser to prevent Miiskin from collecting any cookies, you may no longer be able to access certain features or the full functionality of the Service.

10. Responsible Entity / Data Controller

Miiskin is the data controller of your Personal Data and may process Personal Data in accordance with this Privacy Policy and applicable data privacy laws. If we are processing Personal Data on behalf of a third party that is not an agent or affiliate of Miiskin (e.g., a healthcare provider who is the primary data controller for certain patient data), the terms of that third party’s privacy policy may apply to certain data, and you should refer to their policy for specific details regarding their data practices. Miiskin will process your personal data in compliance with GDPR and HIPAA rules.

11. Face Data Privacy

If you choose to take photographs of your face for the purpose of monitoring your skin, Miiskin will store your face data to facilitate that purpose, so that you can refer to those photographs over time and look for changes.

·       If you choose to take photographs of your face to undertake a telehealth consultation with your chosen medical provider, Miiskin will store your photographs so that your chosen medical provider can access them on the Platform and make a clinical assessment.

·       Photographs of your face taken for the purpose of monitoring your skin will be stored by Miiskin as long as you have an active account with Miiskin.  Miiskin will store your face data for a further 36 months after your account becomes inactive and then it will be deleted.

·       Photographs of your face taken to undertake a telehealth consultation with your chosen medical provider will be stored for 10 years, to allow for compliance with legal requirements for medical record keeping that allow tracing and medical audits.

·       Photographs of your face will be shared with our data storage partner (currently IBM) for them to store the photographs and back them up on your behalf.  IBM comply with HIPAA and GDPR laws controlling the use and storage of facial data and Miiskin have an agreement with IBM to verify this.

·       Photographs of your face will also be shared with your chosen provider of medical services if you provide explicit consent for the purpose of them medically assessing the images you provide.  If you agree to their Privacy Policy, your chosen medical service provider may store your personal data including images you share with them (and face images) in their own systems for the purposes of medical record keeping as required by applicable laws.  All medical providers who use the Platform comply with HIPAA laws controlling the use and storage of facial data.  They all enter into an agreement with Miiskin to verify this.

12. HIPAA Privacy Policy

This section describes how Miiskin (“Miiskin”) collects, uses, and shares your Protected Health Information (PHI) as a HIPAA Business Associate in accordance with the Health Insurance Portability and Accountability Act (HIPAA) as amended, including, without limitation, amendments by the Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively, “HIPAA/HITECH”).

Miiskin sends and receives your PHI with your HIPAA Covered Entity, with whom you have a relationship for health care services, to perform certain functions or services on behalf of the Covered Entity.

12.1 Definitions

  • Business Associate: An entity that performs functions or activities on behalf of a Covered Entity when those services involve access to, or the use or disclosure of, Protected Health Information. For the purpose of this Policy, Miiskin is the Business Associate.
  • Business Associate Agreement (BAA): A formal written contract between a Business Associate and a Covered Entity that requires the Business Associate to comply with specific requirements related to PHI.
  • Covered Entity: A health plan, healthcare provider, or healthcare clearinghouse. For the purpose of this Policy, a dermatologist or other physician delivering services to patients in the United States, who signs up to Miiskin’s telemedicine platform, is a Covered Entity.
  • Protected Health Information (PHI): Identifiable health information about you (such as your name, social security number, or address) that relates to (a) your past, present, or future physical or mental health or condition, (b) the provision of health care to you, or (c) your past, present, or future payment for the provision of health care.

12.2 Uses and Disclosures of PHI

Miiskin will use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of performing our obligations under our services agreements to Covered Entities, provided that such use or disclosure is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates.

Miiskin may use PHI only to the extent such use of PHI is permitted or required by Miiskin’s policies including, but not limited to, the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates. Miiskin may use de-identified data (i.e., data that does not identify an individual and cannot be re-identified) derived from PHI for the improvement of Miiskin service, in accordance with both HIPAA de-identification standards and the GDPR. Any such use will require either your explicit consent or another valid legal basis under the GDPR, which you may withdraw at any time.

Miiskin may disclose PHI for law enforcement purposes as required by law or in response to a valid subpoena.

Miiskin may disclose PHI to downstream subcontractors or agents that provide supporting services to us; however, Miiskin will require such subcontractors and agents to comply with the same terms and conditions that apply to us under the applicable Business Associate Agreement, and in any case in accordance with the main BAA with your Covered Entity, including the implementation and maintenance of required safeguards.

Other uses and disclosures not described in this Policy will be made only with your express written consent or authorization.

12.3 Your Rights (Specific to PHI under HIPAA)

The following rights apply to your Protected Health Information (PHI). For EU residents, these rights are in addition to your rights under the GDPR:

  • Right to Access: You have the right to access and obtain a copy of your PHI that Miiskin maintains, with certain limited exceptions.
  • Right to Request Restrictions: You have the right to request restrictions on our processing of your PHI, with certain limited exceptions.
  • Right to Request Confidential Communications: You have the right to request that communication with you about your PHI is done in a certain way or at a certain location.
  • Right to Request Amendment: You have the right to request the amendment of your PHI if you believe it is incorrect or incomplete, with certain limited exceptions.
  • Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures Miiskin has made of your PHI.
  • Right to File a Complaint: You have the right to file a complaint with us or with the Secretary of Health and Human Services if you believe Miiskin has violated your privacy rights.

Miiskin will make available to Covered Entities information necessary for the Covered Entity to give individuals the ability to exercise their rights in accordance with HIPAA/HITECH regulations.

Upon request, Miiskin will make our internal practices, books, and records, including policies and procedures relating to the use and disclosure of PHI received from, or created or received by the Business Associate on behalf of a Covered Entity, available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BAA and HIPAA/HITECH regulations.

12.4        Our Responsibilities (as a HIPAA Business Associate)

As a Business Associate, Miiskin has a number of privacy responsibilities, including:
• Entering into written Business Associate Agreements with Covered Entities that require us to maintain the privacy of PHI, limit our use or disclosure of PHI to those purposes authorized by the Covered Entities, and assist Covered Entities in responding to your requests concerning your PHI;
• Amending your PHI when requested by a Covered Entity;
• Making certain disclosures available to a Covered Entity in order for the Covered Entity to fulfill its obligations to you and to provide you with accountings of such disclosures;
• Entering into a BAA with each of our subcontractors who may have access to your PHI;
• Complying with the HIPAA Privacy Rule provisions, including rules governing the uses and disclosure of PHI and your rights concerning your PHI;
• Performing a Security Rule risk analysis;
• Implementing Security Rule safeguards;
• Training personnel on the HIPAA Rules and sound compliance practices;
• Responding immediately to any security violation or breach;
• Timely reporting security incidents and breaches to appropriate parties; and
• Maintaining all required documentation.


12.5 Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of the BAA, Miiskin will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include the following:
• Reporting any use or disclosure of PHI not provided for by the BAA and any security incident of which Miiskin become aware to the Covered Entity;
• Documenting such disclosures of PHI and information related to such disclosures as would be required for the Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA/HITECH.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

[email protected]

Miiskin is an online dermatology consultations platform that connects patients with independent dermatologists.

All consultations are provided by independent online dermatologists on a cash-pay-only basis. Miiskin does not practice medicine or pharmacy. Prescriptions, if medically appropriate, are sent to third-party pharmacies, which are paid directly for any medication. Medication images on the website are for illustrative purposes only and images of people are not actual patients. Medical information on miiskin.com is for informational purposes and not medical advice. Consult a healthcare provider for any concerns.

Verify Approval for Miiskin.com HIPAA Compliance Verification - Miiskin.com


Terms of Service · Privacy Policy · Privacy Settings · Cookie Policy · Miiskin © 2025