Effective Date: November 1, 2015
2. WHAT INFORMATION IS COLLECTED?
VaultMR collects information to operate the Services, including Personal Information, Protected Health Information (which is a subset of Personal Information) and General Information.
Personal Information means information that, either alone or in combination with other information, can be used to uniquely identify, contact or locate an individual. Personal Information does not include aggregated information to the extent that an individual™s identity cannot reasonably be derived from it or any publicly-available information that has not been combined with non-public Personal Information. Personal Information does not include De-Identified Health Information (as defined below).
Protected Health Information means Personal Information that is protected health information under the Health Insurance Portability and Accountability Act of 1996 and the implementing regulations (HIPAA). Our use and disclosure of Protected Health Information is governed by HIPAA. Protected Health Information does not include information that has been de-identified in accordance with HIPAA and other regulatory requirements (De-Identified Health Information). We also use, disclose and protect Protected Health Information in accordance with certain business associate contract provisions included in the Subscription Agreements with our hospital and other customers.
General Information means De-Identified Health Information and other information that, either alone or in combination with other information, cannot be used to uniquely identify, contact or locate any individual. For example, the Services routinely collect and analyze information about origin and navigation of users, browser type (e.g., Internet Explorer, Chrome or Firefox), operating system and webpage(s) visited and other information for system maintenance and to improve user experience with the Services.
The information collected varies by the Services used. VaultMR may link together Personal Information and General Information. Under certain circumstances, the linked information could be used to identify a unique individual and become Personal Information.
3. HOW IS INFORMATION COLLECTED?
The information collected through the Service varies by how the Services are used. For example, Personal Information and General Information are collected:
- When directly submitted by a patient™s health care professionals, hospital personnel and other users into the EHR Service;
- When a hospital customer receives Protected Health Information from another health care provider or a patient™s health plan through the EHR Service;
- When users authorize VaultMR to retrieve and import information from third parties;
- Automatically during use of the Services, including IP address, domain name, browser type, mobile service provider, mobile device type operating system type, web pages viewed and access date and time;
- For third-party payment processing. Please note that VaultMR does not store, process or transmit credit card information; instead, VaultMR relies on a third party credit card payment processor and/or other and other third-party service providers, such as vendors who provide fraud detection services to VaultMR. These third parties may store credit card information for future use through the Services;
- When appointments for services are scheduled through the Services; and
- When VaultMR receives and responds to customer service requests or general requests for information about the Services.
Information also is collected through cookies and other data collection technologies, as described in Section 4 below.
4. COOKIES & OTHER DATA COLLECTION TECHNOLOGY
VaultMR collects data whenever a user interacts with the Services through cookies, web beacons, server logs and other data collection tools.
VaultMR uses session and/or persistent cookies for better user experience. Most web browsers automatically accept cookies but you can usually change your browser settings to prevent this. If you disable cookies, your ability to use some features of the Services may be limited. Session cookies are active when users are logged on to the Services and are removed when the browser window is closed. Persistent cookies are stored in a web browser until deleted.
VaultMR also uses Google Analytics, which is a web analytics tool that helps website operators (like VaultMR) understand how users engage with their services. Google Analytics tracks users™ interactions with the Services and to collect information about how the Services are used. VaultMR then uses the information to compile reports that help VaultMR improve the Services. Google Analytics collects, processes and creates reports about website trends without identifying individual users. Users can opt out of Google Analytics without affecting use of the Services, for more information on opting out of Google Analytics tracking, visit this Google page.
VaultMR uses other data analytics tools to provide better technical updates and services to its end-users.
5. HOW IS INFORMATION USED AND DISCLOSED?
VaultMR uses Personal Information and General Information:
- To make available the features and functionalities of our EHR Service to our customers and their authorized users;
- To provide customer support and to analyze customer usage trends, such as for measuring the effectiveness of features of the Services;
- For surveys, questionnaires and other marketing communications permitted by applicable law. (The information collected through these marketing communications is shared with service providers and other partners on an aggregate basis.);
- To facilitate one-on-one communications between users, including for referrals, prescriptions, test requisitions and responding to an after-hours voice message;
- To help vendors perform the services for which VaultMR engaged them, such as data analysis, system design and maintenance, customer services and marketing.
- For protecting the Services, VaultMR™s rights and the rights of users;
- To maintain modify, enhance, improve the content of the Services and customize the Services to reflect user preferences;
- For the purposes described in a binding Subscription Agreement;
- To create De-Identified Health Information and use, disclose, create derivative works of and sell De-Identified Health Information for any purpose not prohibited by applicable law;
- To create limited data sets, which include certain limited Protected Health Information but exclude name and other direct identifiers, as permitted by HIPAA and other applicable law;
- In VaultMR™s public and professional directories of hospitals and other health care providers pursuant to a Subscription Agreement. (These directories include profile information (e.g., contact, specialty and other information) and other features that allow users to locate and contact them.);
- To identify patients for clinical research studies or to otherwise conduct or support clinical research as permitted by applicable law;
- To contact you to seek your consent and authorization to use or disclose your Personal Information; and
- For other uses and disclosures required or permitted by law, such as: (1) responding to a subpoena, court order or similar process; (2) responding to a law enforcement agency’s request for information, whether or not a response is required by applicable law; (3) complying with legal requirements that may apply to operation of the Services and for public health purposes; (4) enforcing and protecting VaultMR™s rights, property and information security; (5) responding to emergencies; (6) fraud detection and prevention; and (7) providing Personal Information to a third party in connection with a proposed or consummated corporate transaction, such as a merger, acquisition, sale of assets, dissolution, reorganization or bankruptcy.
The Services may also include publicly displayed communities, blogs and other public forums that allow users to communicate with groups of users or the general public. All information a user posts in one of our communities will be available to a wide range of individuals, and should be presumed public. We strongly advise users to exercise care in selecting what information they share with our communities or public forums, and strongly recommend against sharing any Protected Health Information or other Personal Information that could directly or indirectly be traced to any individual, including yourself. You are required to comply with applicable laws when using and disclosing information through the Services.
6. HOW THE SERVICES RESPOND TO DO NOT TRACK SIGNALS
Some web browsers incorporate a Do Not Track feature that signals the websites that you visit that you do not want to have your online activity tracked. The Help, Preferences or Tools settings (or similar menu option) on most major web browsers will explain how to enable or disable the Do Not Track signal. How browsers communicate the Do Not Track signal is not yet uniform. For this reason, many websites and applications, including the Services, are not set up to interpret Do Not Track signals. To find out more about Do Not Track signals, visit http://allaboutdnt.com.
Correcting and Deleting Information: An authorized user may ask VaultMR to correct stored Personal Information or remove Personal Information from the Services in accordance with the terms of the applicable Subscription Agreement, including its business associate contract terms.
7. LINKS TO OTHER WEBSITES & SERVICES.
8. INFORMATION PROTECTION
VaultMR takes reasonable precautions intended to help protect information that we collect and store in accordance with the Subscription Agreement and applicable law. Unfortunately, however, no security measure is 100% secure. We cannot guarantee the security of information transmitted to or by us. VaultMR expects that you will use appropriate security measures to protect information you submit to us.
You are responsible for keeping confidential your log-in credentials, passwords or other forms of authentication involved in obtaining access to password-protected or secure areas of the Services. Access to the Services through your log-in credentials will be treated as authorized by you. Unauthorized access to password-protected areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of any of the Services, without notice, if we suspect or detect any breach of security.
9. CHILDREN’S PRIVACY
The Services permit an authorized user to submit information about minors but the Services are not intended for use by minors. Use of the Services by a minor is prohibited.
10. CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83, VaultMR is required to, once per calendar year and upon request, disclose to customers that are California residents the identity of any third parties to whom the business has disclosed Personal Information within the previous calendar year, along with the type of Personal Information disclosed, for the third parties’ direct marketing purposes. VaultMR does not disclose customers™ or authorized users™ personal information to third parties for their direct marketing purposes.
VaultMR and its subcontractors host the Services in the United States of America. By providing information to or through the Services, you expressly consent to the transfer and processing of information to the United States of America.
Vault Medical Records, LLC,
1721 W Plano Pkwy #222,
Plano, TX 75075.