Last Updated: July 10th, 2018
- General Terms.
Personal Information. When you register for an Account and use the Services, we will ask you for personally identifiable information, i.e. information about you that can be used to contact or identify you (“Personal Information”). Personal Information includes, but is not limited to, your name, phone number, email address and home and business postal addresses. Personal Information would also include identifiable health information that you provide for transmittal to your Doctor via the Services.
Non-Identifying Information. We also collect other information that you provide as part of registration and the administration of your use of the Services, e.g., individual preferences (“Non-Identifying Information”). Certain Non-Identifying Information would be considered a part of your Personal Information if combined with other identifiers (e.g., combining your postal code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (e.g., your viewing preferences). We may combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site, App and Service are used.
Log Data. When you visit the Site or App, our servers automatically record information that your browser or device sends whenever you visit a website or download an application (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site, App and the Services and for the technical administration of our Site and App, to increase our App and Site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs. For example, some of this information is collected to verify that the user of the Site or App meets the criteria required to process their requests.
Information Use, Sharing and Disclosure.
We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) mainly to provide the Services, administer your inquiries, and as provided below:
Email. Your email address may be used to communicate with you or on your behalf, including but not limited to communications for forgotten password or user account information. [HealthCloud does not share your email address with external companies.] Additionally, users may revoke their email permission at any time to opt out of receiving any future communications. Simply contact us at firstname.lastname@example.org or by the Contact Information below.
Aggregate Information and Non-Identifying Information. We may share and/or distribute to third parties aggregated information that does not include Personal Information, and we may otherwise disclose Non-Identifying Information and Log Data with third parties for industry analysis, demographic profiling and other purposes. Any aggregated information shared in these contexts will not contain your Personal Information.
Service Providers. We may employ third party companies and individuals to facilitate our Services, to provide the Services on our behalf, to perform Site-related or App-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site or App’s features) or to assist us in analyzing how our Site, App and Services are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Compliance with Laws and Law Enforcement. HealthCloud cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of HealthCloud or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
HealthCloud has security measures in place to help protect against the loss, misuse, or alteration of information within the system. All interactions with the Services, including communications with your Doctor, are encrypted. These measures include encryption of information using secure socket layer technology (SSL) system, and using a secure messaging system when Personal Information is transmitted. We also encrypt sensitive information where it is stored on our systems.]
Portions of the Site and App may require a valid user name, password, phone number or additional information (or a combination of the foregoing) to access and use the Services, Site or App. You are solely responsible for (1) maintaining the strict confidentiality of your user name and password (collectively, “User ID”), (2) not allowing another person to use your User ID to access the site, (3) any damages or losses that may be incurred or suffered as a result of your failure to maintain the strict confidentiality of your User ID, and (4) promptly informing HealthCloud in writing of any need to deactivate a User ID due to potential or actual security breaches. HealthCloud is not liable for any harm related to the theft of your User ID, your disclosure of your User ID, or your authorization to allow another person or entity to access and use the Site using your User ID. You agree to immediately notify HealthCloud in writing of any unauthorized use of any of your User ID.
Links to Other Sites
Our Site and App may contain links to other websites or servicers. If you choose to click on a third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
Our Policy Toward Children
This Site is not directed to children under 18. We do not knowingly collect personally identifiable information from children under 13. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us at email@example.com. If we become aware that a child under 13 has provided us with Personal Information, we will delete such information from our files.
- For Patients.
Information Use. If you have registered an account with HealthCloud, you entered into a Patient User Agreement which describes how we can use your information. Please read and review the Patient User Agreement carefully.
- As part of the Services, we may make available information regarding you to your Doctor. Your Doctor should give you a notice of privacy practices that describes how he or she uses and discloses health information about you, including through the Site, Services and App.
- As directed by your Doctor, we will give individually identifiable information about you to individuals to whom your Doctor asks us to give the information. Your doctor’s ability to disclose your health information for these and similar purposes is restricted by applicable federal law and state law, including the Health Information Portability and Accountability Act (HIPAA) and the applicable privacy laws of the region or state in which you reside. If you wish to restrict the disclosures that your Doctor makes of your health information, you should make a request directly to your doctor.
- We may also use your health information to operate our Services, and we may give it to our service providers to assist us in providing Services. We may disclose it if we are compelled to do so by law, including valid legal process.
- You may choose to share your personally identifiable health information with other users or publicly in connection with your use of the Services by adjusting your privacy settings. If you choose to share your personally identifiable health information publicly, we are not responsible for such disclosure.
- Because User Content becomes part of your doctor’s health record about you, you cannot delete it. You may, however, terminate your access to it. Please contact firstname.lastname@example.org if you wish to do so.
- In order to maintain the security of your Account, we may log access to it, and we may maintain the log until we determine it is no longer needed.
- We may use health information you place in your User Content to create de-identified information (i.e., information that does not identify you), and we may use or disclose de-identified information without restriction.
- We have the right to remove personal identifiers from your personal information, including health information, so that it cannot reasonably be used to identify you. As part of the Patient User Agreement, you transfer and assign to us all right, title and interest in and to all such de-identified personal information, and you agree that we may use, disclose, market, license and sell such de-Identified personal information for any purpose without restriction, and that you have no interest in such de-identified personal information, or in the proceeds of any sale, license, or other commercialization thereof.
- We use IP addresses to analyze trends, administer the Site and gather broad demographic information for aggregate use. IP addresses are not linked to individually identifiable information.
Only individuals who are 18 years of age and older are authorized to use the Services via the App. If you are not yet 18 years of age, please delete the App immediately.
In the event of a breach of the security of unsecured protected health information that we maintain concerning you, we will notify your Doctor in accordance with our obligations under applicable federal and state law.
III. For Doctors and healthcare professionals.
If you are a Doctor or a member of Doctor’s staff, you entered into a Doctor User Agreement which supersedes the terms herein and describes our practices and your obligations with regard to personal information and protected health information. Please refer to the Doctor User Agreement if you are accessing the Services from the Site or our App.
Protected Health Information
Our Doctor User Agreement sets forth our obligations as your business associate under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (HIPAA), and under the privacy and security provisions of the Health Information Technology for Economic and Clinical Health Act of 2009 (the HITECH Act). We will comply with the business associate provisions of our Doctor User Agreement and the provisions of HIPAA and the HITECH Act that are applicable to business associates.
Permitted Uses of Protected Health Information
The Doctor User Agreement sets forth the ways in which we may use or disclose protected health information we receive from you, or maintain, create, transmit or receive on your behalf. Among other permitted uses, we may:
- Allow access to your health information to you and your workforce for whatever purpose you require it.
- De-identify your health information. In the Doctor User Agreement, you transfer and assign to us all right, title and interest in and to all de-identified information that we make from your health information, and you agree that we may use, disclose, market, license and sell such de-Identified information for any purpose without restriction, and that you have no interest in such de-identified information, or in the proceeds of any sale, license, or other commercialization thereof. We will, however, maintain the confidentiality and security of the original health information as required by the Doctor User Agreement.
- Create limited data sets from your health information, and disclose them for any purpose for which you may disclose a limited data set. In the Doctor User Agreement, you authorize us to enter into data use agreements on your behalf for the use of limited data sets, in accordance with applicable state and federal law and regulation.
- Aggregate your health information with that of other users, and share aggregated information in accordance with applicable state and federal law.
- Use your health information for the proper management and administration of our business, and to carry out our legal responsibilities. We may also disclose your health information for these purposes if the disclosure is required by law, or we obtain reasonable assurances from the recipient that the information will be held confidentially and used or further disclosed only as required by law or for the purpose for which it was disclosed to the recipient, and the recipient notifies us of any instances of which the Doctor User is aware in which the confidentiality of the information has been breached. For example, we may permit access to the system by our contracted system developers under appropriate confidentiality agreements.
- We reserve the right to make any other uses of your health information that are permitted to a Business Associate, as described from time to time in our policies and procedures. However, except as permitted by the Privacy Rule, we will not use or disclose your health information in any manner that would violate the Privacy Rule if done by you or your business associate.
You agree that you will use other persons’ information available on or through the Site (whether or not protected health information) strictly in accordance with applicable laws and regulations, and you will ensure that others under your control who have access to such information also comply with applicable laws and regulations. You are solely responsible for obtaining and maintaining all patient consents and authorizations necessary for your use of the Site and the Services to which it provides access.
To access your account, you must provide the identifier we provided you. With this information, we can verify your identity and permit you to view data in our system. We log and audit system use in order to ensure that users are using the system appropriately. If we have questions about your use of the Site, Services or App, we may contact you. We may also disclose your identity to others to assist in the investigation of suspected misuse of the Site, Services or App, and otherwise to ensure the proper operation of the Site, Services or App.