Privacy Policy
This Privacy Policy describes how Allscripts
Healthcare, LLC ("Allscripts") protects your personal information
when you use this web site, the FollowMyHealth Universal Health Record and all
related products and services (collectively, the "Service"). Allscripts
is located at 222 Merchandise Mart Plaza, Suite 2024, Chicago, Illinois 60654.
All references to Allscripts include its subsidiaries or affiliates
involved in providing the Service. All references to you include your Authorized
Individuals, if any.
Your use of the Service is subject to
this Privacy Policy as well as our Terms of Use. After reading this Privacy Policy, you will know:
Please review this Privacy Policy and the
Terms of Use carefully. If you do not agree with our practices, do not access or use any part of the Service.
A.
Summary of Data
Practices
|
|
PHR Data |
|
|
Release |
Personal Information |
Aggregate Data |
|
Do we release your PHR Data for the
following purposes? |
||
|
Marketing and Advertising |
No |
No |
|
Medical and pharmaceutical
research |
No |
No |
|
Reporting about our company and
our customer activity |
No |
Yes |
|
To your insurer and employer |
No |
No |
|
For developing software
applications |
No |
No |
|
Do we require Limiting
Agreements that restrict what third party Service Providers can do
with your Personal Information? |
Yes |
N/A |
|
Do we stop releasing your Personal
Information if you close or transfer your PHR? |
Yes |
N/A |
|
Do we have Security
Measures that are reasonable and appropriate to protect PHR Data,
in any form, from unauthorized access, disclosure, or use? |
Yes |
Yes |
|
Do we store PHR Data in the U.S. only? |
Yes |
Yes |
|
Do we keep Personal Information Activity
Logs
for your review? |
Yes |
N/A |
B.
Definitions
- Activity Logs
Activity logs are Allscripts' and its Service Providers'
records of when PHR Data is created, accessed, modified, deleted, released, or
exported from and/or within the PHR.
- Aggregate Data
Aggregate Data is PHR Data that is: (1) grouped so it
does not connect to you as an individual and (2) has names and other
identifiers removed or altered. In other words, Aggregate Data is de-identified
data and cannot be used to identify you as an individual.
- Authorized Individuals
An
Authorized Individual is someone you authorize to access your FollowMyHealth
Universal Health Record on your behalf.
- Dependent
A
Dependent is a minor child or other individual over whom an Authorized
Individual has legal authority.
PHR
"PHR" means Personal Health Record. A PHR is an
electronic health data application that can help you collect, manage, and share
your health information. The FollowMyHealth Universal Health Record is a PHR.
- PHR Data
When
you sign up for the FollowMyHealth Universal Health Record, you provide and/or
you authorize all or some of your Providers to provide to the FollowMyHealth
Universal Health Record information about
you. This information makes up PHR Data.
Any information in the FollowMyHealth Universal Health Record is
considered PHR Data. PHR
Data might include, but is not limited to the following:
o Your name and contact information, such as your address,
phone number, or email address
o Your medical history, conditions, treatments, and
medications
o Your healthcare claims, health plan account numbers,
bills, and insurance information
o Demographic information, such as your age, gender,
ethnicity, and occupation
o Computer information, such as your IP address and
"cookie" preferences
As described further below, Allscripts
may use your PHR Data to achieve the following:
o Operate and manage the FollowMyHealth Universal Health
Record platform, software, and website
o Maintain and protect its computer systems
o Comply with the law, such as responding to subpoenas and
search warrants
PHR Data includes Personal Information and
Aggregate Data.
- Personal Information
Personal Information means information about you that reasonably
can be linked to you such as your name, health information, and other identifiers.
Personal Information may also
include but is not limited to your financial information or social security
number.
- Provider
A healthcare provider,
healthcare practice, or hospital that you authorize to provide information to
your FollowMyHealth personal health record. When you sign up for the
FollowMyHealth Universal Health Record, you may provide authorization for a
healthcare practice or hospital, and associated authorized users to send
Personal Information to your PHR.
- Reporting
Allscripts and our Service Providers
might report about business activities and customers (you) to others, such as
investors, auditors, potential business partners, or public communities.
Reports will not include Personal Information without your specific permission
or as permitted or required by law.
- Service Providers
A Service Provider is an entity
that is hired to perform certain functions for Allscripts to support the development, maintenance, and implementation
of FollowMyHealth. Service
Providers may include software or website designers and data storage providers.
- Security Measures
Security measures can include computer safeguards,
secured files, and employee security training. In addition, Allscripts may be
required by law to notify you about particular data breaches.
C.
What
Information Allscripts Collects
1.
Before
you register for the Service, Allscripts may collect your information in two
ways: (1) if you contact Allscripts through the Internet and provide Allscripts
with your contact information (e.g., name, mailing address, email address and
other information); (2) Allscripts may obtain your contact information from a healthcare
Provider with which Allscripts partners. In either case, Allscripts will use
such information for the sole purpose of informing you about the Service and
inviting you to register for the Service.
2.
To
use the Service, you must complete the registration process, which includes accepting the Terms of Use and in the case
of connecting to a Provider practice, signing an Authorization for Release of
Information. As part of the registration process, you may be asked to provide
certain information, such as your name, mailing address, and email address. You
also may be asked to confirm the information that you or a partnering Provider
has provided to Allscripts prior to registration, if any. Further, to register,
you must agree to the FollowMyHealth Terms of Use which incorporates this
Privacy Policy. As part
of the registration process, you will also have the opportunity to provide
additional information to Allscripts, such as information regarding your health
plan, home telephone number, etc. We recommend that you provide such
information, as it will enhance your use of the Service.
3.
In
general, Allscripts collects all information that you supply directly to the
Service. Allscripts also may collect information from participating Providers
whom you expressly authorize to use the Service with respect to you and your
information (each, a "Provider" and collectively, the
"Providers"). By authorizing a Provider, you also authorize Allscripts
to collect information regarding you from your Provider's support staff and
from other practitioners affiliated with your Provider or in your Provider's
practice. Further, Allscripts may collect information from other third party
information providers that you expressly authorize to send information to your
FollowMyHealth account (e.g., the Google Health Personal Health Record system).
4. Allscripts
passively collects information from you as you navigate through our Service. Allscripts
may track IP addresses, use industry standard tracking devices (e.g., session
and persistent cookies, flash cookies, web beacons), and electronically gather
information about the technology you use to access the Service and the areas of
the Service you utilize. Allscripts passively collects this information for
operational purposes such as evaluating, updating and improving the Service.
Cookies
help us in many ways to make your visit to our websites more enjoyable and
meaningful to you. Cookies are text information files that your web browser
places on your computer when you visit a website. Allscripts may use such
"cookie" technology to obtain non-personal information from you as an
online visitor. As an example, this might entail recognizing several web page
requests coming from the same computer and therefore the same visitor. Most
browsers accept cookies automatically, but can be configured not to accept them
or to indicate when a cookie is being sent. If you do not wish Allscripts to collect
cookies, you may set your browser to refuse cookies, or to alert you when
cookies are being sent. If you do so, please note that some parts of the
Service may then be inaccessible and you may not receive the full benefits of
the Service.
D.
How Allscripts
Uses Your Information
1.
Allscripts
uses your information to provide the Service as described on the web site and Terms of Use, as well as to enhance the performance of the
Service and/or create new services. Allscripts will not use Personal
Information for product development or product enhancement without your
express, written permission.
2.
If
you choose to authorize a Provider to participate in the Service with you, then
Allscripts may use your information to facilitate the exchange of information
and communication between you and your Provider (e.g., the Service would enable
you to schedule an appointment with your Provider and receive an appointment
reminder in return).
3.
Communications
between you and your Provider may be initiated by you or your Provider. You are
under no obligation to initiate or respond to such communications. By
participating in such communications, you agree that some or all of your PHR
Data contained in the FollowMyHealth Universal Health Record may be sent to
your Provider through the Service or through interfaces with the Provider's
information systems, and you agree that such PHR Data may be incorporated into your
health record maintained by your Provider. Allscripts will not alter the
content of the communications. However, Allscripts may remove or block any
content that Allscripts deems offensive, indecent, or otherwise objectionable or
in violation of section 15 of the Terms of Use. Allscripts may keep a record of
all communications between you and your Providers. Allscripts will not share
the content of such communications except as permitted under this Privacy
Policy, the FollowMyHealth Terms of Use, or as required by law, unless you
expressly consent to or authorize disclosure.
4.
Allscripts
will not sell or rent, your Personal Information without your written consent.
Allscripts will not use or disclose your Personal Information, except as
described in this Privacy Policy, the Terms of Use, or as permitted or required
by law.
5.
If
you elect to utilize any billing services features of the Service, Allscripts
also may use your information to process payments, send invoices and conduct
other billing-related activities as requested by you.
E.
Sharing
Your Information With Third Parties
1.
Allscripts
may make your Personal Information available to third parties participating in
the Service that are authorized by you or as necessary to complete transactions
you authorize.
2.
Allscripts
may disclose your Personal Information to Allscripts' Service Providers that
provide technical support or other services to Allscripts related to the
Service. All such Service Providers are subject to confidentiality obligations
and may only access and utilize your data for purposes of fulfilling their
obligations to Allscripts.
3.
Allscripts
may provide or sell Aggregate Data that is de-identified
to third parties. However, Aggregate Data will not include any of your Personal
Information or be individually identifiable.
4.
If a
third party acquires the assets of Allscripts related to the Service and its
products and services (whether by sale, merger, change of control, bankruptcy
or otherwise), your Personal Information may be transferred to the new
owner(s). In such case, your Personal Information would remain subject to the
provisions of the Allscripts privacy policy that was in effect immediately
prior to the transfer unless Allscripts provides you notice otherwise.
F.
Choices
You Have About How Allscripts Uses Your Information
1.
Managing
Your Account. You have
the following choices regarding the Personal Information you provide to Allscripts
for use:
a. Generally, you
may change how your information is used and disclosed through the account setting
and account management features. As explained more fully in the Terms of Use, modifications to your
FollowMyHealth record are not automatically communicated to your Providers or
any third-party sources. If you want your Provider or a third party to know of
changes within your FollowMyHealth record, you must inform the Provider or
third-party of such changes.
You may
access your FollowMyHealth account at any time to review your PHR Data. To
request a change to any of your Personal Information, please contact your
healthcare provider or the organization that provided the Personal Information
for your FollowMyHealth account. For technical questions related to the
FollowMyHealth product, please access the email support link on the
FollowMyHealth Support page.
b. You may opt out
of receiving communications from your Provider with regard to the Service by
changing your account settings or, if the account settings feature is
unavailable, by notifying Allscripts at support@followmyhealth.com.
2. Authorized Individuals. You may grant access to your FollowMyHealth account to one or more Authorized Individuals or Authorized Individual-Representatives. You may grant an Authorized Individual access to your FollowMyHealth account by specifically authorizing FollowMyHealth to permit access by such Authorized Individual to your FollowMyHealth account. When you grant access to an Authorized Individual, you may permit the Authorized Individual to: (a) have the same level of access to your FollowMyHealth account as you have, i.e., the Authorized Individual will be authorized to access your FollowMyHealth health record and to communicate with your Providers and/or engage in other transactions with your Providers to the same extent that you are able using FollowMyHealth; or (b) have "read-only" access to your FollowMyHealth account, i.e., the Authorized Individual will be authorized to access and read your FollowMyHealth health record ONLY, and will NOT be able to communicate with or otherwise engage in transactions with your Providers. Whether or not to grant an Authorized Individual full-access or read-only access to your FollowMyHealth account is your decision. You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized Individual you select; and (b) Allscripts has no responsibility or liability in connection with any access to, or use of, your account and information by any Authorized Individual or Authorized Individual-Representative.
3.
Deactivating
a Provider, Other Third-Party or Authorized Individual. You may revoke any Provider's, third-party's, or Authorized Individual's
authorization to communicate with you, or request information from you or your
FollowMyHealth Universal Health Record through the Service by utilizing the
account management tool of the Service. Once revoked, the Provider, third-party,
or Authorized Individual may no longer access and use the Service with respect
to you and your Personal Information. Any disclosure of your PHR Data or
Personal Information made prior to the authorization revocation cannot be
recalled, removed, or retrieved by Allscripts. By using the Service, you agree that Allscripts
cannot, and has no obligation to, remove Personal Information from your
Provider's, other third-party's or Authorized Individual's records once
properly disclosed.
4.
Terminating
Your Account. You may
terminate your Allscripts account at any time by notifying us at support@followmyhealth.com. In addition, except with respect
to an Authorized Individual-Representative who establishes an account on behalf
of a Dependent, Allscripts will terminate your account within thirty (30) days
of its receipt of a death certificate certifying your death. With respect to an Authorized
Individual-Representative, Allscripts will terminate all accounts associated
with such Authorized Individual-Representative within thirty (30) days of its
receipt of a death certificate certifying the death of such Authorized
Individual-Representative unless a Dependent also has a living Authorized
Individual-Representative associated with the account. Otherwise, Allscripts will maintain and/or destroy all PHR Data
and Personal Information associated with your account in accordance with its
then current document retention and destruction policies. Please note that
copies of your Personal Information may remain in your Providers', other
third-parties' and Authorized Individual-Representative's and/or Authorized Individual's records, as
described in Section F.3, above.
G.
Data
from Children Under the Age of 18
The
Service is not intended for use by children younger than 18 years old. Allscripts
will not knowingly collect information from site visitors younger than 18 years.
However, parents or guardians may elect to establish FollowMyHealth Universal
Health Records for their children through the Service as Authorized
Individuals-Representative and, in doing so, expressly consent to Allscripts
utilizing such information as set forth in this Privacy Policy and the Terms of Use.
An Authorized Individual-Representative may authorize
and/or have access to a FollowMyHealth Universal Health Record for a
Dependent. Through the account, the
Authorized Individual-Representative may:
(a) review and update the Dependent's personal health record as
maintained on FollowMyHealth; and (b) engage in such communications and transactions
as permitted between the Authorized Individual-Representative and the
Dependent's Providers through the FollowMyHealth Universal Health Record. Accounts created for Dependents are
specific to each healthcare Provider.
Thus, an Authorized Individual-Representative will have to specifically
authorize each Provider to establish a FollowMyHealth account in the name of
the Dependent. A Dependent's
FollowMyHealth account will be linked to an Authorized Individual-Representative's
FollowMyHealth Universal Health Record account until the earlier of the
date: (i) the Dependent
reaches the age of 18; (ii) the Authorized Individual-Representative is no
longer the legal representative of the Dependent; or, (iii) FollowMyHealth
is notified by the Dependent's Provider or a court of law or agency with
appropriate authority that the Dependent has been emancipated, attained legal
custody of his or her own health information, or that a different Authorized
Individual-Representative has been named.
Each Authorized Individual-Representative agrees that a Dependent's
FollowMyHealth account also may be linked to the FollowMyHealth account of
another Authorized Individual-Representative, and each Authorized
Individual-Representative will have the same rights to access and communicate
through the Dependent's FollowMyHealth account.
H.
How Allscripts
Protects Your Information
Allscripts uses both technical and procedural Security Measures to maintain the integrity and security of the FollowMyHealth Universal Health Record and other databases, including the use of firewalls. FollowMyHealth encrypts all PHR Data during transmission between your Provider and FollowMyHealth. Within FollowMyHealth, all Personal Information is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted.
The safety and security of your Personal
Information also depends on you. Never share your password with anyone else.
Notify Allscripts promptly if you believe your password has been breached.
Also, remember to log off of the FollowMyHealth site before you leave your
computer.
I.
Security
Breach Notification Requirements
Pursuant to applicable law, Allscripts
may be required to send you notice of security breaches or suspected security
breaches that impact your Personal Information. In the unlikely event that
Allscripts must provide you a notice of a security breach, Allscripts will send
you security breach notices to the e-mail address contained in your account
information unless we are otherwise require by law. Please note: many e-mail
systems have built in SPAM filters. If you have one in place, you should check
with your system administrator or the available instructions to confirm that
e-mails from Allscripts are not blocked by the filter (e.g., by confirming that
the Service domain name (followmyhealth.com) is a permitted domain name.
J.
Changes
to this Privacy Policy
Allscripts reserves the right to
change the Privacy Policy in its sole discretion. In such case, Allscripts will
post the new Privacy Policy on the web site and the effective date of the new
Privacy Policy will be clearly marked. If Allscripts updates this Privacy
Policy, your continued use of the Service (following the posting of the revised
Privacy Policy) means that you accept and agree to the terms of the revised
Privacy Policy. Remember, by using any part of the Service, you accept and
agree to our Privacy Policy and privacy practices.
K.
More
information
If you have additional questions,
please contact Allscripts any time. Or write to the company at:
Allscripts
ATTN: Privacy Matters
222 Merchandise Mart Plaza
Suite 2024
Chicago, IL 60654 (USA)
Date last modified: July 14, 2017