Last Updated: June 2010
Welcome to the HealthATM website, located at www.healthatm.com (the “Site”). The Site is provided by HealthATM, Inc. (“Company”), a California-based healthcare limited liability company. The Site provides registered users (“User(s)”) with an online Personal Health Record (“PHR”) where a User can electronically (i) store health care and medical information, personal documentation, and other materials, (ii) access such information at any time and anywhere that Internet access is available and (iii) provide access to such information to authorized emergency and critical care providers (“Providers”) who are registered with the Site and who are treating the User (collectively, the “Services”).
Company is committed to protecting your privacy, including the privacy of any personal information or PHR information that you may provide to us through use of the Site and the Services. This Privacy Policy provides important information about our practices regarding collection, use and disclosure of any information that you may provide by using this Site and the Services.
1. Acceptance of the Privacy Policy
This Privacy Policy is incorporated into and is subject to the HealthATM website Terms and Conditions https://www.healthatm.com/terms_use_out.php . By visiting and using this Site, you agree to abide by the terms and conditions of this Privacy Policy, and you consent to the collection, use and disclosure by Company of your personal information, health care information, and/or other non-personally identifying information in accordance with the terms and conditions of this Privacy Policy. If you do not agree to the terms and conditions of this Privacy Policy or the Terms and Conditions, do not provide us with any information and do not use the Site or the Services.
2. Information Collected by Company
You may visit the Site without providing Company any personally identifiable information about yourself. When you browse the Site, we do not automatically collect personally identifiable information. Company servers may automatically collect and record information about your visit to the Site (through the use of cookies and otherwise) as part of our analysis of the use of the Site and its structure and performance. For example, whenever a web page is requested from our server, we may record the time, date and URL of the request, along with information on the browser being used. This data is not linked to any personal information and is not used to personally identify you, but is aggregated to enable us to analyze trends, administer the Site, and gather broad demographic information to become more familiar with where visits to the Site originate, how often the Site is visited, what parts of the Site are visited most often.
Information from Users. Once you register with the Site and log in to the Site, you are no longer anonymous to us. In registering with the Site and using the Services, Company may ask you to provide personal or financial information, and you may establish a user profile by providing User PHR (as defined in the Terms and Conditions). Types of information that we may collect from you includes, but is not limited to: personal information (e.g., name, postal address, telephone number, living arrangements, email address and user name and password), health care information (e.g., allergies list, immunization records, blood type, current medical records, and family medical history), demographic information (e.g., zip code, hometown, gender, and age), financial information (e.g., credit card information) and insurance information (e.g., insurance policies, coverage limits, and current doctor or physician). You agree that Company is only a facilitator of the Services and has no responsibility for the accuracy of any information in your User PHR.
There are three ways in which you may register with the Site and establish your User PHR: (1) you may register for the Services and enter information yourself, (2) you may register for the Services and have a third party enter information on your behalf, or (3) in some instances, a third party with which you are associated (such as your insurance company, your physician pratice office (“PPO”), or your pharmacy/prescription benefits management (“PBM”) company) may create a user account on your behalf, and such third party could automatically populate your User PHR with certain information upon your direction or you could further update your User PHR on your own behalf. You acknowledge and agree that you are the sole custodian of your User PHR and are responsible for the accuracy and completeness of all information contained in your User PHR. In addition, you control what material in your User PHR may (or may not) be provided to a Provider accessing your User PHR.
If you opt to have a third party provide certain information for your User PHR, you are solely responsible for providing such third party with access to your User PHR. By allowing such third party to enter information into or access your User PHR, you hereby (i) represent that such third party is authorized to provide such information on your behalf, (ii) absolve Company of any need to verify the authenticity of such information, (iii) consent to Company’s use and disclosure of such information in connection with performance of the Services, and (iv) agree to indemnify and hold Company harmless from any claims arising from or related to such information or such third party’s access to your User PHR.
If a third party with which you are associated created your User PHR on your behalf, you are solely responsible for ensuring that the information contained in your User PHR is accurate. If such entity created the account and you do not desire to use the Services, please terminate or otherwise de-activate your User PHR by notifying us. By allowing such entity to create, enter information into or access your User PHR, you hereby (i) consent to such entity’s provision of such information on your behalf, (ii) absolve Company of any need to verify the authenticity of such information, (iii) consent to Company’s use and disclosure of such information in connection with performance of the Services, and (iv) agree to indemnify and hold Company harmless from any claims arising from or related to such information or such entity’s access to your User PHR.
Once you are registered with the Site, you will be provided with HealthATM Card(s). The cards lists your HealthATM Identification Number and may contain certain medical information that a Provider responding in an emergency would need to know in order to treat you (e.g., blood type, allergies, current medications). You may provide your HealthATM Identification Number to a Provider so the Provider may access your User PHR on the Site. Alternatively, if you are carrying your card and are unconscious or unresponsive while being treated by a Provider, you acknowledge and agree that such Provider may, in the course of treating you, obtain your HealthATM Identification Number from your HealthATM Card in order to access your User PHR on the Site.
YOU MAY, AT ANY TIME, REVIEW AND UPDATE, OR REQUEST THAT WE DELETE, THE INFORMATION THAT YOU PROVIDE TO US THROUGH THE SITE BY EDITING YOUR USER PHR OR CONTACTING US AS INDICATED BELOW.
Information from Providers. Once you register with the Site and log in to the Services, you are no longer anonymous to us. In registering with the Site, Company may ask you to provide certain personally identifiable information (“Provider Information”). Types of Provider Information that we may collect from you includes, but is not limited to: personal information (e.g., name, postal address, telephone number, Social Security Number, email address and user name and password), demographic information (e.g., zip code, hometown, gender, and age) and employment information (e.g., for what entity you work). You are responsible for the accuracy of all information provided to us.
YOU MAY, AT ANY TIME, REVIEW AND UPDATE, OR REQUEST THAT WE DELETE, THE INFORMATION THAT YOU PROVIDE TO US THROUGH THE SITE BY EDITING YOUR PROVIDER INFORMATION OR CONTACTING US AS INDICATED BELOW.
3. Use and Disclosure of INFORMATION by Company
The purpose of the Site and the Service is to provide a method by which you can make your personal and health care information available to emergency and critical care providers (e.g., EMS services or hospital ER) in the case of an emergency. In order to accomplish this purpose, Company may provide access to your User PHR to Providers in the following circumstances: (i) you have expressly given the Provider your HealthATM Identification Number, thus allowing the Provider to access your User PHR once the Provider has logged onto the Site; (ii) in the event you are unconscious or unresponsive, the Provider treating you has obtained your HealthATM Identification number from your HealthATM Card, thus allowing the Provider to access your User PHR once the Provider has logged onto the Site; or (iii) in the event that you are unconscious, unresponsive, and/or do not have your HealthATM Identification Number with you, the Provider treating you may log onto the Site and obtain your HealthATM Identification Number (and thus access your User PHR) by providing the Site with certain available identifiers about you.
With regard to item (iii) above, Company has implemented certain safeguard measures aimed at preventing an unauthorized Provider from gaining access to your User PHR. A Provider who is treating you must have sufficient information about you (e.g., your last name, date of birth, driver’s license number, gender address) in order to precisely locate your HealthATM Identification Number and User PHR. The Provider would obtain this information as a result of your providing the information or, in the event of an emergency, from the contents of material on your person. In registering with the Site, Providers expressly agree that they will only access the User PHRs of individuals whom they are treating. Company also provides you with instantaneous notification whenever your User PHR is accessed by a Provider. Despite its best efforts, Company cannot and does not guarantee that your User PHR can never be accessed by an unauthorized Provider. YOU ACKNOWLEDGE AND AGREE THAT YOU UNDERSTAND THE RISKS DESCRIBED ABOVE AND THAT, BY REGISTERING FOR THE SERVICES, YOU ACCEPT AND CONSENT TO SAID RISKS.
You acknowledge and agree that Company may collect, use, display, transmit, monitor, store and disclose your User PHR as set forth in this Privacy Policy and in connection with the operation of the Services and that Company, its officers, directors, agents AND EMPLOYEES ARE not responsibLE or liabLE for (i) any information you submit to the Site or the Service or (ii) your or third parties' use or misuse of information transmitted or received using the Site or ServiceS. You further acknowledge and agree that Providers may make copies of and/or store your User PHR solely for the purpose and in the course of treating you.
You acknowledge and agree that Company may provide general aggregate data (i.e., data that cannot be used to identify specific individuals) that is partly based on information about you and your transactions with Company to outside companies for the purpose of conducting customer research in order to improve Company’s products and services. These outside companies are contractually bound to use information that Company shares with them only to perform the services we have hired them to provide.
In the event of a mass casualty natural or other disaster, you acknowledge and agree that Company may provide general aggregate data based on your User PHR to law enforcement officials, local emergency relief organizations, county or state Emergency Operations Centers, FEMA officials, and similar entities and agencies to assist these entities in responding to the disaster. Such general aggregate data would include, e.g., the number of individuals in a given region requiring oxygen, number of individuals in a given region requiring O blood, or quantities of specific medicine required by the community in a given region.
Company does not rent, sell, or share your financial, User PHR or Provider Information, as applicable, with other people or non-affiliated companies except to accomplish the purpose of the Services (as described above), when we have your permission, or under the following circumstances: (a) we may provide information to trusted partners who work on behalf of or with Company under confidentiality agreements, and these partners do not have any independent right to share this information; (b) we provide the information if we are required to do so by law or to establish or exercise our legal rights or defend against legal claims; and (c) we may provide information if we reasonably believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person or violations of the Terms and Conditions.
4. Opt-in/Opt-out Choice
When you register with the Site and from time to time, Company may offer you the opportunity to (i) register to receive information regarding surveys, clinical trials and other research related activities (“Clinical Information”) organized by our partners and sponsors, and (ii) register to become part of the forum or social network relating to specific health issues (“Health Forums”). By opting to receive Clinical Information and/or the Health Forums, you acknowledge and agree that Company may display or otherwise provide you with targeted advertisements based on the personal information you provided to Company. Company does not provide any personal information to the advertiser when you interact with or view a targeted ad. However, by interacting with or viewing an ad, you acknowledge that the advertiser may make the assumption that you meet the targeting criteria used to display that ad.
To receive material regarding Clinical Information, you will be required to complete a form authorizing the release of your contact information (limited to name, address, phone number and email address) to our partners and sponsors. After Company has received your authorization form, you may always choose to later “opt-out” of receiving Clinical Information by contacting us at https://www.healthatm.com/contact/index.htm . You may also “opt-out” of participating in the Health Forums by contacting us at https://www.healthatm.com/contact/index.htm .
5. Health Insurance Portability and Accounting Act (HIPAA)
Consumers are becoming increasingly aware of the need for privacy and security when storing personal information online. When it comes to healthcare, the situation is no different. At a national level, the healthcare industry is moving toward electronic storage of medical records. As this situation progresses, laws have been enacted to honor the privileged nature of information exchanged between patients and their doctors and other health care providers. As a result, the Health Insurance Portability and Accountability Act of 1996 (“HIPPA”) Privacy and Security Regulations require that covered entities safeguard individual protected health information.
When you visit a healthcare provider or pharmacy, you will likely receive a Notice of Privacy Practices that details your privacy rights under HIPAA, including how your information may be used and disclosed. The notice also explains who may have access to your information. The healthcare provider or pharmacy will require you to sign a statement affirming that you received this notice.
In order to help you build a thorough and accurate User PHR using the Site and Service, you may want to obtain copies of your medical records. We suggest you contact your healthcare providers to determine what information can be made available to you.
While Company is not a Covered Entity and is not subject to the HIPAA Privacy and Security Regulations, Company designed the Site and Services to follow the HIPAA Privacy and Security Regulations while enabling you to use the Services from any computer with Internet access. Company generally follows and exceeds the requirements of the HIPAA Privacy and Security Regulations. The Site and Services allow you to store, change, and direct your information to healthcare providers, as well as generate an email notifying you whenever another party accesses your User PHR. Please remember that you, and you alone, are the custodian of your User PHR. Company simply facilitates your storage of your User PHR and your sharing of your User PHR with emergency and critical care providers.
6. Security
Company takes all reasonable precautions to protect your User PHR and Provider Information, as applicable. Company uses industry standard security measures, including but not limited to use of Secure Socket Layer (SSL) encryption software, to safeguard this information and protect it from unauthorized access or against loss, misuse or alteration by third parties. Your information is also protected with certain user credentials, such as a valid user name and password. You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your User PHR, user name, and/or password. It is your sole responsibility to (1) control the dissemination and use of any activation codes and/or user-generated passwords; and (2) authorize, monitor, and control access to and use of your user name, password, and User PHR by third parties. Company will provide you with email notification every time your User PHR is accessed by a Provider.
Your information will be stored on a separate server as an additional security precaution. The servers we use to store information are located in a professionally managed co-location facility with standard commercial security measures. Although we make good faith efforts to store the information collected on the Site in a secure operating environment that is not available to the public, we cannot guarantee the absolute security of that information during its transmission or its storage on our systems. Further, while we make every effort to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from illegally obtaining access to this information. We do not warrant or represent that your information will be protected against loss, misuse, or alteration by third parties.
7. Google health™ Services.
We provide you with the ability to share your information between Google Health and the Site. In order to take advantage of this feature , you must separately register for the Google Health services. Your use of the Google Health services is at your own risk, and we advise you to review the program’s terms of service and privacy policy. Once you have opted to share information between Goggle Health and the Site, you control what information is passed between the two services.
8. Site not for Use by Children
The Site is a general audience website and is intended to be used by adults interested in the Services. Company does not knowingly solicit, collect, or attract personal information from or about children. This Site is not intended for children and Company does not want to collect any personally identifiable information from users who are under the age of 13. The safety of children is very important to Company, and Company strongly recommends that parents review this Privacy Policy and understand its terms and conditions, so that this Site is used only by persons age 13 and over.
9. Blogs, Message Boards and Chat Rooms
Through the Health Forums, Company may at times offer you the ability to post information to a blog, message board or chat room (“Blog Space”). In order to do so, you may be required to provide personally identifiable information. You should be aware that any visitor to the Blog Space may read your postings on the Blog Space. Furthermore, any information which you may post to a Blog Space, including your user name or other profile information, will be disclosed and available to all users of that Blog Space, and is therefore no longer private. Company cannot guarantee the security of such information that is disclosed or communicated online in public areas such as Blog Spaces, and you provide such information at your own risk. Company does not author, edit, endorse, or monitor any Blog Space. You acknowledge and agree that Company has no responsibility for the accuracy or availability of information provided on any Blog Space, including any Linked Sites that may be provided in any Blog Space, and that Company does not control or endorse any Linked Sites or other content, products, advertising, advice or other materials presented on any Blog Space. Company reserves the right at any time, in its sole discretion, to remove any content that a user may post on any Blog Space and restrict their access to any Blog Space.
10. Email Communications
Company may use email links located on various pages of the Site to allow you to contact us with questions or comments you may have. We welcome these email communications and make efforts to respond to these communications when appropriate. Once Company receives an email communication from you, we may send you future email communications relating to Company products or services. If you choose to not receive such future email communications at any time, you may “opt-out” by contacting us as indicated below or by following the “opt-out” procedure set forth in each email communication.
Contact Information
https://www.healthatm.com/contact/index.htm or (ii) sending an email to privacy@healthatm.com . Company welcomes any questions and suggestions about this Privacy Policy.