Last Updated: February 22, 2017
TYPES OF DATA WE KEEP AND STORE
When you use our Services, we collect and keep the following types of non-health related data:
1. Log in details, including username and password for each staff member logging into the system.
2. Account information. For each logged in customer account of the system, we store the first and last name, photograph, and group home name is maintained. Other data is maintained for each staff member system user including training reports and time tracking information.
3. Communications. We may store the e-mail address and content of emails of those who communicate with us via e-mail.
4. Use of Services. We may aggregate information on what pages consumers use or visit, and information volunteered by the consumer (such as survey information and/or site registrations).
PROTECTED HEALTH INFORMATION – PHI
When you use or Services, we keep and store Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (HIPAA), and under the privacy and security provisions of the Health Information Technology for Economic and Clinical Health Act of 2009 (the HITECH Act). To the extent we qualify as a business associate under HIPAA, we comply with the business associate provisions of these regulations with regard to Protected Health Information, and we also comply with provisions of the HIPAA Security Rule that apply to business associates under the HITECH Act, and the privacy and security provisions of the HITECH Act that are applicable to business associates. See our General Terms and Conditions for additional details.
USE OF GENERAL DATA
We will not sell, rent or lease any personally identifiable information included therein to third parties, without receiving your prior explicit consent, except in any of the following instances:
-To operate the Services, including storing and processing your Data through third party hosting services;
-If we acquired by, or merged with another entity, provided however, that those entities agree to be bound by the provisions of this Policy; or
-As otherwise required by law. For example, we may disclose personally identifiable information under special circumstances, such as to comply with subpoenas or lawful court orders
We may utilize, transfer, or disclose aggregated information, including summary statistics, that do not identify an individual and cannot be used to identify an individual for any purpose. We may also utilize your data to:
– develop new functionality and features of our Services
-Respond to questions, communications, and feedback
-contact you about our Services, updates to Services, and new features
-analyze user trends, measure effectiveness, prepare reports
– when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our General Terms and Conditions
USE OF PROTECTED HEALTH INFORMATION – PHI
In accordance with HIPAA and HITECH, we may use PHI:
-For the purpose of allowed users to provide healthcare and treatment
-For research purposes of de-identified health information for research purpose
-To permit users to create reports or limited data sets, and disclose them for any purpose for which you may disclose a limited data set
-To aggregate health information with that of other users, and use the aggregated information for reporting and share aggregated information in accordance with applicable state and federal law
-As otherwise required by law. For example, we may disclose PHI under special circumstances, such as to comply with subpoenas or in response to a lawful court order
We use a third party vendor and hosting partner to store your data and utilize reasonable security tools and procedures to secure your data. These tools include protection such as encryption for communication and user authentication to prevent unauthorized user access or other malicious activities. While such tools and procedures reduce the risk of security breaches, we cannot guarantee that the Services will be immune from any unlawful interceptions, data loss or unauthorized access. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we use standard practices to secure your data, we cannot guaranty the security of any information you transmit to us and you do so at your own risk.
CREDIT CARD INFORMATION
Credit card information will be used solely for processing payments. Your financial information will not be stored by us except for the name and address of the card holder, the expiry date and the last four digits of the Credit Card number. Subject to your prior consent and where necessary for processing future payments, your financial information will be stored in encrypted form on secure servers of our payment processor.
Please contact us at firstname.lastname@example.org