Privacy Policy

Effective Date: November 1, 2015

Your privacy is very important to Vault Medical Records, LLC d/b/a VaultMR (VaultMR, or us). This Privacy Policy describes how VaultMR collects, uses, discloses, stores and otherwise processes information submitted to or through VaultMR™s electronic health record service (the EHR Service) and the website at vaultmr.com (together, the Services).

This Privacy Policy is incorporated into and made a part of our Terms of Service (Terms). If you have not done so already, please also review the Terms because they contain provisions that limit our liability to users of the Services and require users to resolve any dispute with us on an individual basis and not as part of any class or representative action.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR THE TERMS, THEN PLEASE DO NOT USE THE SERVICES.

1. SCOPE
VaultMR has agreements with certain hospitals and other customers for use of the EHR Service (each, a Subscription Agreement) that describe VaultMR™s right to collect, use and store information through the Services, both online and offline. If a provision of a Subscription Agreement conflicts or otherwise is inconsistent with a provision of this Privacy Policy, then the provision of the Subscription Agreement will prevail. In addition, certain Services may have their own privacy policies or practices, which also will prevail over this Privacy Policy to the extent of any conflict or inconsistency.

This Privacy Policy applies to information submitted to and through the Services by authorized users. This Privacy Policy does not apply to information that is collected by any third-party websites or services accessible through the Services.

2. WHAT INFORMATION IS COLLECTED?
VaultMR collects information to operate the Services, including Personal Information, Protected Health Information (which is a subset of Personal Information) and General Information.
Personal Information means information that, either alone or in combination with other information, can be used to uniquely identify, contact or locate an individual. Personal Information does not include aggregated information to the extent that an individual™s identity cannot reasonably be derived from it or any publicly-available information that has not been combined with non-public Personal Information. Personal Information does not include De-Identified Health Information (as defined below).

Protected Health Information means Personal Information that is protected health information under the Health Insurance Portability and Accountability Act of 1996 and the implementing regulations (HIPAA). Our use and disclosure of Protected Health Information is governed by HIPAA. Protected Health Information does not include information that has been de-identified in accordance with HIPAA and other regulatory requirements (De-Identified Health Information). We also use, disclose and protect Protected Health Information in accordance with certain business associate contract provisions included in the Subscription Agreements with our hospital and other customers.

General Information means De-Identified Health Information and other information that, either alone or in combination with other information, cannot be used to uniquely identify, contact or locate any individual. For example, the Services routinely collect and analyze information about origin and navigation of users, browser type (e.g., Internet Explorer, Chrome or Firefox), operating system and webpage(s) visited and other information for system maintenance and to improve user experience with the Services.

The information collected varies by the Services used. VaultMR may link together Personal Information and General Information. Under certain circumstances, the linked information could be used to identify a unique individual and become Personal Information.

3. HOW IS INFORMATION COLLECTED?
The information collected through the Service varies by how the Services are used. For example, Personal Information and General Information are collected:

  • When directly submitted by a patient™s health care professionals, hospital personnel and other users into the EHR Service;
  • When a hospital customer receives Protected Health Information from another health care provider or a patient™s health plan through the EHR Service;
  • When users authorize VaultMR to retrieve and import information from third parties;
  • Automatically during use of the Services, including IP address, domain name, browser type, mobile service provider, mobile device type operating system type, web pages viewed and access date and time;
  • For third-party payment processing. Please note that VaultMR does not store, process or transmit credit card information; instead, VaultMR relies on a third party credit card payment processor and/or other and other third-party service providers, such as vendors who provide fraud detection services to VaultMR. These third parties may store credit card information for future use through the Services;
  • When appointments for services are scheduled through the Services; and
  • When VaultMR receives and responds to customer service requests or general requests for information about the Services.

Information also is collected through cookies and other data collection technologies, as described in Section 4 below.

4. COOKIES & OTHER DATA COLLECTION TECHNOLOGY
VaultMR collects data whenever a user interacts with the Services through cookies, web beacons, server logs and other data collection tools.
Cookies are small bits of data cached in a user™s web browser to store information about the user™s use of the Services. (To find out more about cookies, visit www.allaboutcookies.org.) VaultMR may use cookies to monitor and improve the Services. The information gathered through cookies may include IP address, user language, the operating system, browser type, connection type and information that identifies the cookie.
VaultMR uses session and/or persistent cookies for better user experience. Most web browsers automatically accept cookies but you can usually change your browser settings to prevent this. If you disable cookies, your ability to use some features of the Services may be limited. Session cookies are active when users are logged on to the Services and are removed when the browser window is closed. Persistent cookies are stored in a web browser until deleted.
VaultMR also uses Google Analytics, which is a web analytics tool that helps website operators (like VaultMR) understand how users engage with their services. Google Analytics tracks users™ interactions with the Services and to collect information about how the Services are used. VaultMR then uses the information to compile reports that help VaultMR improve the Services. Google Analytics collects, processes and creates reports about website trends without identifying individual users. Users can opt out of Google Analytics without affecting use of the Services, for more information on opting out of Google Analytics tracking, visit this Google page.
VaultMR uses other data analytics tools to provide better technical updates and services to its end-users.

5. HOW IS INFORMATION USED AND DISCLOSED?
VaultMR uses Personal Information and General Information:

  • To make available the features and functionalities of our EHR Service to our customers and their authorized users;
  • To provide customer support and to analyze customer usage trends, such as for measuring the effectiveness of features of the Services;
  • For surveys, questionnaires and other marketing communications permitted by applicable law. (The information collected through these marketing communications is shared with service providers and other partners on an aggregate basis.);
  • To facilitate one-on-one communications between users, including for referrals, prescriptions, test requisitions and responding to an after-hours voice message;
  • To help vendors perform the services for which VaultMR engaged them, such as data analysis, system design and maintenance, customer services and marketing.
  • For protecting the Services, VaultMR™s rights and the rights of users;
  • To maintain modify, enhance, improve the content of the Services and customize the Services to reflect user preferences;
  • For the purposes described in a binding Subscription Agreement;
  • To create De-Identified Health Information and use, disclose, create derivative works of and sell De-Identified Health Information for any purpose not prohibited by applicable law;
  • To create limited data sets, which include certain limited Protected Health Information but exclude name and other direct identifiers, as permitted by HIPAA and other applicable law;
  • In VaultMR™s public and professional directories of hospitals and other health care providers pursuant to a Subscription Agreement. (These directories include profile information (e.g., contact, specialty and other information) and other features that allow users to locate and contact them.);
  • To identify patients for clinical research studies or to otherwise conduct or support clinical research as permitted by applicable law;
  • To contact you to seek your consent and authorization to use or disclose your Personal Information; and
  • For other uses and disclosures required or permitted by law, such as: (1) responding to a subpoena, court order or similar process; (2) responding to a law enforcement agency’s request for information, whether or not a response is required by applicable law; (3) complying with legal requirements that may apply to operation of the Services and for public health purposes; (4) enforcing and protecting VaultMR™s rights, property and information security; (5) responding to emergencies; (6) fraud detection and prevention; and (7) providing Personal Information to a third party in connection with a proposed or consummated corporate transaction, such as a merger, acquisition, sale of assets, dissolution, reorganization or bankruptcy.

The Services may also include publicly displayed communities, blogs and other public forums that allow users to communicate with groups of users or the general public. All information a user posts in one of our communities will be available to a wide range of individuals, and should be presumed public. We strongly advise users to exercise care in selecting what information they share with our communities or public forums, and strongly recommend against sharing any Protected Health Information or other Personal Information that could directly or indirectly be traced to any individual, including yourself. You are required to comply with applicable laws when using and disclosing information through the Services.

6. HOW THE SERVICES RESPOND TO DO NOT TRACK SIGNALS
Some web browsers incorporate a Do Not Track feature that signals the websites that you visit that you do not want to have your online activity tracked. The Help, Preferences or Tools settings (or similar menu option) on most major web browsers will explain how to enable or disable the Do Not Track signal. How browsers communicate the Do Not Track signal is not yet uniform. For this reason, many websites and applications, including the Services, are not set up to interpret Do Not Track signals. To find out more about Do Not Track signals, visit http://allaboutdnt.com.

Opting Out: From time to time, we may request your consent, authorization or other permission to use or share information in a manner that is not otherwise stated in the applicable Subscription Agreement or this Privacy Policy. Unless otherwise explicitly stated at the time of obtaining such a permission, you may rescind your permission and opt-out of VaultMR™s future use or sharing of information under the permission in the future by sending an email to help@vaultmr.com. Although VaultMR will cease use and sharing of that information, we may not be able to stop use of the information by recipients with whom such information has been shared.

Correcting and Deleting Information: An authorized user may ask VaultMR to correct stored Personal Information or remove Personal Information from the Services in accordance with the terms of the applicable Subscription Agreement, including its business associate contract terms.

7. LINKS TO OTHER WEBSITES & SERVICES.
A link to a third-party website or digital service within the Services does not mean that VaultMR endorses the third-party website or digital service or the quality or accuracy of information presented on it. If you decide to visit a third-party website or service, you are subject to its privacy practices and not this Privacy Policy. We encourage you to carefully read the privacy policy or statement and other legal notices of each website or service that you visit.

8. INFORMATION PROTECTION
VaultMR takes reasonable precautions intended to help protect information that we collect and store in accordance with the Subscription Agreement and applicable law. Unfortunately, however, no security measure is 100% secure. We cannot guarantee the security of information transmitted to or by us. VaultMR expects that you will use appropriate security measures to protect information you submit to us.

You are responsible for keeping confidential your log-in credentials, passwords or other forms of authentication involved in obtaining access to password-protected or secure areas of the Services. Access to the Services through your log-in credentials will be treated as authorized by you. Unauthorized access to password-protected areas is prohibited and may lead to criminal prosecution. We may suspend your use of all or part of any of the Services, without notice, if we suspect or detect any breach of security.

9. CHILDREN’S PRIVACY
The Services permit an authorized user to submit information about minors but the Services are not intended for use by minors. Use of the Services by a minor is prohibited.

10. CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83, VaultMR is required to, once per calendar year and upon request, disclose to customers that are California residents the identity of any third parties to whom the business has disclosed Personal Information within the previous calendar year, along with the type of Personal Information disclosed, for the third parties’ direct marketing purposes. VaultMR does not disclose customers™ or authorized users™ personal information to third parties for their direct marketing purposes.

11. HOSTING
VaultMR and its subcontractors host the Services in the United States of America. By providing information to or through the Services, you expressly consent to the transfer and processing of information to the United States of America.

12. CHANGES TO THIS PRIVACY POLICY
The Effective Date of this Privacy Policy is set forth at the top of this webpage. VaultMR will notify you in advance about any material change by posting notice on the log-in page and, when practicable, contacting you using the email address you have provided to us (if any). We will not make retroactive changes that materially reduce privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date of an amended Privacy Policy constitutes your acceptance of the amended Privacy Policy. The amended Privacy Policy supersedes all previous versions.

CONTACT US
Please send questions, comments and requests regarding these Terms or our Privacy Policy to:
help@vaultmr.com
or
Vault Medical Records, LLC,
1721 W Plano Pkwy #222,
Plano, TX 75075.