describes how Allscripts Healthcare, LLC ("Allscripts") protects your
personal information when you use this web site, the FollowMyHealth Universal
Health Record and all related products and services (collectively, the "Service").
Allscripts is located at 222 Merchandise Mart Plaza, Suite 2024, Chicago,
Illinois 60654. All references to Allscripts include its subsidiaries or
affiliates involved in providing the Service. All references to you include
your Authorized Individuals, if any.
What information Allscripts Collects
How Allscripts Uses Your Information
How the Information is Shared with Third Parties
Choices You Have About How Allscripts Uses Your Information
What About Data from Children Under 18
Security and Confidentiality
How We Provide Required Notices of Security Breaches
If you do not agree with our practices, do not access or use any
part of the Service.
Activity logs are Allscripts' and its Service Providers' records of
when PHR Data is created, accessed, modified, deleted, released, or
exported from and/or within the PHR.
Aggregate Data is PHR Data that is: (1) grouped so it does not identify,
relate to, describe, be capable of being associated with, connected, or
be linked, directly or indirectly, to you as an individual and (2) has
names and other identifiers removed or altered. In other words,
Aggregate Data cannot be used to identify you as an individual.
An Authorized Individual is someone you authorize to access your
FollowMyHealth Universal Health Record on your behalf.
De-identified data is PHR Data in which personal identifiers are removed
and do not allow someone to determine a person’s identity.
A Dependent is a minor child or other individual over whom an
Authorized Individual has legal authority.
"PHR" means Personal Health Record. A PHR is an electronic health
data application that can help you collect, manage, and share
your health information. The FollowMyHealth Universal Health
Record is a PHR.
When you sign up for the FollowMyHealth Universal Health Record,
you provide and/or you authorize all or some of your Providers
to provide to the FollowMyHealth Universal Health Record information
about you. This information makes up PHR Data. Any information
in the FollowMyHealth Universal Health Record is considered PHR
Data. PHR Data might include, but is not limited to the following:
Your name and contact information, such as your address, phone
number, or email address
Your medical history, conditions, treatments, and medications
Your healthcare claims, health plan account numbers, bills,
and insurance information
Demographic information, such as your age, birthdate, gender,
ethnicity, and occupation
Computer information, such as your IP address and "cookie"
PHR Data includes Personal Information,
De-Identified Data and
Allscripts may use your PHR Data as described below.
Personal Information means information about you that reasonably
can be linked to you such as your name, health information,
demographic information, and/or other identifiers as may be
defined under state and federal law. Personal Information may
also include but is not limited to your financial information
or Social Security Number.
A healthcare provider, healthcare practice, or hospital that
you authorize to provide information to your FollowMyHealth
PHR. When you sign up for the FollowMyHealth Universal Health
Record, you may provide authorization for a healthcare
practice or hospital, and associated authorized users to send
Personal Information to your PHR.
Allscripts and our Service Providers might report about
business activities and customers (you) to others, such
as investors, auditors, potential business partners, or
public communities. Reports will not include Personal
Information without your specific permission or as
permitted or required by law.
A Service Provider is an entity that is hired to perform
certain functions for Allscripts to support the development,
maintenance, and implementation of FollowMyHealth. Service
Providers may include software or website designers and
data storage providers.
Security measures can include computer safeguards, secured
files, and employee security training. In addition,
Allscripts may be required by law to notify you, your
provider, and/or regulatory authorities about particular
B. What Information Allscripts Collects
Before you register for the Service, Allscripts may collect your
information in two ways: (1) if you contact Allscripts through
the Internet and provide Allscripts with your contact information
(e.g., name, mailing address, email address and other
information); (2) Allscripts may obtain your contact information
from a healthcare Provider with which Allscripts partners. In
either case, Allscripts will use such information for the sole
purpose of informing you about the Service and inviting you to
register for the Service.
To use the Service, you must complete the registration process,
connecting to a Provider practice, signing a Request for Access.
As part of the registration process, you may be asked to provide
certain information, such as your name, mailing address, and
email address. You also may be asked to confirm the information
that you or a partnering Provider has provided to Allscripts
prior to registration, if any. Further, to register, you must
agree to the
As part of the registration process, you
will also have the opportunity to provide additional information
to Allscripts, such as information regarding your health plan,
home telephone number, etc. Providing such information, will
enhance your use of the Service.
In general, Allscripts collects all information that you supply
directly to the Service. Allscripts also may collect
information from participating Providers whom you expressly
authorize to use the Service with respect to you and your
information (each, a "Provider" and collectively, the
"Providers"). By authorizing a Provider, you also authorize
Allscripts to collect information regarding you from your
Provider's support staff and from other practitioners
affiliated with your Provider or in your Provider's practice.
Further, Allscripts may collect information from other
third-party information providers that you expressly authorize
to send information to your FollowMyHealth account.
Allscripts passively collects information from you as you
navigate through our Service. Allscripts may track IP addresses,
use industry standard tracking devices (e.g., session and
persistent cookies, flash cookies, web beacons), and electronically
gather information about the technology you use to access the
Service and the areas of the Service you utilize. Allscripts
passively collects this information for operational purposes
such as evaluating, updating and improving the Service.
Cookies help us in many ways to make your visit to our
websites more enjoyable and meaningful to you. Cookies are
text information files that your web browser places on
your computer when you visit a website. Allscripts may use
such "cookie" technology to obtain non-personal information
from you as an online visitor. As an example, this might
entail recognizing several web page requests coming from
the same computer and therefore the same visitor. Most
browsers accept cookies automatically, but can be
configured not to accept them or to indicate when a cookie
is being sent. If you do not wish Allscripts to collect
to alert you when cookies are being sent. If you do so,
please note that some parts of the Service may then be
inaccessible and you may not receive the full benefits of
C. How Allscripts Uses Your Information
Allscripts uses your PHR Data to provide the Service as
described on the web site and
as well as to
operate, maintain, improve and enhance the performance of
the Service and/or create new services.
If you choose to authorize a Provider to participate in the
Service with you, then Allscripts may use your PHR Data to
facilitate the exchange of information and communication
between you and your Provider (e.g., the Service would
enable you to schedule an appointment with your Provider
and receive an appointment reminder in return).
If you elect to utilize any billing services features of
the Service, Allscripts also may use and disclose your PHR
Data to process payments, send invoices and conduct other
billing-related activities as requested by you. PHR Data
may be shared with third-parties for billing purposes as
noted in Sharing Your Information With Third Parties below.
Allscripts may use your PHR Data to operate and manage the
FollowMyHealth Universal Health Record platform, software,
and website; maintain and protect its computer systems;
and comply with the law, such as responding to subpoenas
and search warrants.
Allscripts may de-identify your PHR Data.
Allscripts may use your PHR Data for marketing and
advertising purposes, including sending you customized marketing and
advertising communications whether on our behalf or on
behalf of third party partners with whom we may engage. Allscripts
will not sell any identifiable information about you to
our third party partners without your consent.
D. Sharing Your Information With Third Parties
Allscripts may make your PHR Data available to third
parties participating in the Service that are authorized
by you or as necessary to complete transactions you
authorize. Additionally, Allscripts may make your PHR
Data available to third parties as directed by you.
Allscripts may provide De-Identified Data to third parties and
Service Providers that provide products and services to
us, that help market or advertise to you, or that
provide products or services to you. State laws may vary,
and Allscripts may request an additional authorization from you.
We may use third
parties or Service Providers to perform any of the
Allscripts may disclose your PHR Data to Allscripts'
Service Providers that provide technical support or other
services to Allscripts related to the Service. All such
Service Providers are subject to confidentiality
obligations and may only access and utilize your data for
purposes of fulfilling their obligations to Allscripts.
Allscripts may provide or sell Aggregate Data or
De-identified Data to third parties, however, Allscripts will not
sell any identifiable information about you to our
third party partners without your consent..
If a third party acquires the assets of Allscripts related
to the Service and its products and services (whether by
sale, merger, change of control, bankruptcy or otherwise),
your PHR Data may be transferred to the new owner(s). In
such case, your PHR Data would remain subject to the
effect immediately prior to the transfer unless Allscripts
provides you notice otherwise.
E. Choices You Have About How Allscripts Uses Your Information
Managing Your Account. You have the following choices
regarding the Personal Information you provide to
Allscripts for use:
Generally, you may change how your information is used
and disclosed through the account setting and account
management features. As explained more fully in the
modifications to your FollowMyHealth record are not
automatically communicated to your Providers or any
third-party sources. If you want your Provider or a
third party to know of changes within your FollowMyHealth
record, you must inform the Provider or third-party of
You may access your FollowMyHealth account at any
time to review your PHR Data. To request a change
to any of your Personal Information, please contact
your healthcare provider or the organization that
provided the Personal Information for your FollowMyHealth
account. For technical questions related to the
FollowMyHealth product, please access the email support
link on the FollowMyHealth Support page.
You may opt out of receiving various communications
with regard to the Service by changing your account
settings or, if the account settings feature is unavailable,
by notifying Allscripts at
Authorized Individuals. You may grant access to
your FollowMyHealth account to one or more Authorized
Individuals or Authorized Individual-Representatives. You may
grant an Authorized Individual access to your FollowMyHealth
account by specifically authorizing FollowMyHealth to permit
access by such Authorized Individual to your FollowMyHealth
account. When you grant access to an Authorized Individual,
you may permit the Authorized Individual to: (a) have the
same level of access to your FollowMyHealth account as you have,
i.e., the Authorized Individual will be authorized to access
your FollowMyHealth health record and to communicate with your
Providers and/or engage in other transactions with your
Providers to the same extent that you are able using
FollowMyHealth; or (b) have "read-only" access to your
FollowMyHealth account, i.e., the Authorized Individual will be
authorized to access and read your FollowMyHealth health record
ONLY, and will NOT be able to communicate with or otherwise
engage in transactions with your Providers. Whether or not to
grant an Authorized Individual full-access or read-only access
to your FollowMyHealth account is your decision. You
acknowledge and agree that: (a) you are solely responsible for
verifying the identity of, and monitoring the use by, any
Authorized Individual you select; and (b) Allscripts has no
responsibility or liability in connection with any access to,
or use of, your account and information by any Authorized
Individual or Authorized Individual-Representative.
Deactivating a Provider, Other Third-Party or Authorized Individual.
You may revoke any Provider's, third-party's, or
Authorized Individual's authorization to communicate with you,
or request information from you or your FollowMyHealth Universal
Health Record through the Service by utilizing the account
management tool of the Service. Once revoked, the Provider,
third-party, or Authorized Individual may no longer access and
use the Service with respect to you and your Personal
Information. Any disclosure of your PHR Data or Personal
Information made prior to the authorization revocation cannot
be recalled, removed, or retrieved by Allscripts. By using the
Service, you agree that Allscripts cannot, and has no
obligation to, remove Personal Information from your Provider's,
other third-party's or Authorized Individual's records once
Terminating Your Account.
You may terminate your Allscripts account at any time by
notifying us at
except with respect to an Authorized Individual-Representative
who establishes an account on behalf of a Dependent,
Allscripts will terminate your account within thirty (30)
days of its receipt of a death certificate certifying your
death. With respect to an Authorized Individual-Representative,
Allscripts will terminate all accounts associated with
such Authorized Individual-Representative within thirty (30)
days of its receipt of a death certificate certifying the
death of such Authorized Individual-Representative unless a
Dependent also has a living Authorized Individual-Representative
associated with the account. Otherwise, Allscripts will
maintain and/or destroy all PHR Data and Personal Information
associated with your account in accordance with its then current
document retention and destruction policies. Please note that
copies of your Personal Information may remain in your Providers',
other third-parties' and Authorized Individual-Representative's
and/or Authorized Individual's records, as described in Section
F. Data from Children Under the Age of 18
The Service is not intended for use by children younger than 18
years old. Allscripts will not knowingly collect information from
site visitors younger than 18 years. However, parents or guardians
may elect to establish FollowMyHealth Universal Health Records for
their children through the Service as Authorized
Individuals-Representative and, in doing so, expressly consent to
Allscripts utilizing such information as set forth in this Privacy
Policy and the
An Authorized Individual-Representative may authorize and/or have
access to a FollowMyHealth Universal Health Record for a Dependent.
Through the account, the Authorized Individual-Representative may:
(a) review and update the Dependent's personal health record as
maintained on FollowMyHealth; and (b) engage in such communications
and transactions as permitted between the Authorized
Individual-Representative and the Dependent's Providers through the
FollowMyHealth Universal Health Record. Accounts created for
Dependents are specific to each healthcare Provider. Thus, an
Authorized Individual-Representative will have to specifically
authorize each Provider to establish a FollowMyHealth account in
the name of the Dependent. A Dependent's FollowMyHealth account
will be linked to an Authorized Individual-Representative's
FollowMyHealth Universal Health Record account until the earlier
of the date: (i) the Dependent reaches the age of 18; (ii) the
Authorized Individual-Representative is no longer the legal
representative of the Dependent; or, (iii) FollowMyHealth is
notified by the Dependent's Provider or a court of law or agency
with appropriate authority that the Dependent has been
emancipated, attained legal custody of his or her own health
information, or that a different Authorized
Individual-Representative has been named. Each Authorized
Individual-Representative agrees that a Dependent's FollowMyHealth
account also may be linked to the FollowMyHealth account of
another Authorized Individual-Representative, and each Authorized
Individual-Representative will have the same rights to access and
communicate through the Dependent's FollowMyHealth account.
G. Security and Confidentiality
Allscripts uses both technical and procedural Security Measures
to maintain the confidentiality, integrity, and security of the
FollowMyHealth Universal Health Record and other databases,
including the use of firewalls, complex passwords, dual-factor
authentication, various audit trails, data loss prevention,
regular penetration testing, risk assessments, and anti-virus
software. FollowMyHealth encrypts all PHR Data during transmission
between your Provider and FollowMyHealth. Within FollowMyHealth,
all PHR Data is encrypted at three levels: each individual has a
unique encryption key; demographic information is encrypted; and
clinical data is separately encrypted.
The safety and security of your Personal Information and PHR
Data also depends on you. You are solely responsible for deciding
to disclose or transmit PHR Data in your FMH account to any
external third party and whether to do so via encrypted or
unencrypted mechanisms. To further protect the confidentiality
of your Personal Information and PHR Data, change your password
on a regular basis and keep your password confidential. Notify
Allscripts immediately if you believe your password has been
breached. Also, remember to log off the FollowMyHealth site
before you leave your computer.
H. Security Breach Notification Requirements
Pursuant to applicable law, Allscripts may be required
to send you notice of security breaches or suspected security
breaches that impact your Personal Information and PHR Data.
sole discretion. In such case, Allscripts will post the new
a reasonable period of time prior to the change.
J. More information
If you have additional questions, please contact Allscripts any
time. Or write to the company at:
222 Merchandise Mart Plaza
Chicago, IL 60654 (USA)
Date last modified: November 13, 2019