Privacy Policy

Last modified: January 19, 2014

You may use our services either as an e-AWV authorized healthcare provider (each a “Provider”) who uses our Provider Services or as a patient (a “Patient”) of a Provider who uses our Provider Services.  As a Patient, you may use our Patient Services.

Our Privacy Policy explains:

  • What information we collect and why we collect it.
  • How we use that information.
  • The choices we offer, including how to access and update information.

If you are not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to e-AWV so whether you are new to e-AWV or a long-time user, please do take the time to get to know our practices.

If you are a Patient, then the Patient Privacy Policy applies to your use.  If you are a Patient, you should also read the Provider Privacy Policy to see how we use your Provider’s information.

If you are a Provider, then the Provider Privacy Policy applies to you. If you are a Provider, you should also read the Patient Privacy Policy to see how we use your Patient’s information.

Patient Privacy Policy

Confidentiality of Health Information

Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of a health care provider, we do so as its “business associate” (as also defined by HIPAA). As a business associate, we are prohibited from, among other things, using individually identifiable health information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such providers. We are also subject to laws and regulations governing the use of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.

Information we collect

We collect information that your Provider gives us to provide you with a personal medical record which you and anyone that you authorize may access by use of a Confidential Packet Number (your “Personal ID”) and additional identifying information.

We collect information in two ways:

  • Information your Provider gives us. When establishing and updating your personal health record, your Provider may give us personal information, like your name, date of birth, race/ethnicity, email address, telephone number, and your Personal Health Information including information such as your medical history, immunization history, healthcare providers, medications and family medical history.
  • Information we get from your use of our Patient Services or from the use of our Patient Services by someone authorized by you. We may collect information about the Patient Services that you use and how you use them when you access your personal medical record. This information includes:
  • Device information
  • For security purposes, we may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). e-AWV may associate your device identifiers with your e-AWV Account in order to monitor who has accessed your account information.
  • Log information
    When you use our services or view content provided by e-AWV, we may automatically collect and store certain information in server logs. This may include:
  • details of how you used our service.
  • Internet protocol address.
  • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • cookies that may uniquely identify your browser or your e-AWV Account.
  • Local storage
    We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
  • Cookies and anonymous identifiers
    We use various technologies to collect and store information when you visit an e-AWV service, and this may include sending one or more cookies or anonymous identifiers to your device. We may also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as  e-AWV features that may appear on other sites.

How we use information we collect

We use the information we collect from you and your Provider to provide, maintain, protect and improve our services, to develop new ones, and to protect e-AWV and our users.

e-AWV cannot access or change your Personal ID.  e-AWV cannot access your personally identifiable information.  If you lose your Personal ID, you must contact your Provider to obtain your Personal ID.

To prevent e-AWV from learning your personally identifiable information, you should contact your Provider if you have questions regarding your use of Patient Services, the Terms and Conditions of Use, or this Privacy Policy.  If you contact e-AWV, you will be providing us your name, email address and other personally identifiable information.  If you contact e-AWV, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about the resolution of those issues.

We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our services.

Your personal information is stored on an encrypted database on our secure server.  We will not share your information in any way that is personally identifiable to you.  We may share  your non-identifiable data, aggregated with the data of others, with third parties to assist in research for medical purposes, or other similar purposes, but you will not be identified for any of these purposes.  We will not share any information that will enable a third party to  identify or contact you .

We will provide notice on our Website and to your Provider before using information for a purpose other than those that are set out in this Privacy Policy.

Transparency and choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. As a Patient, your choices are limited.  For example, with your Personal ID and other identifying information, you or someone authorized by you, can:

  • Take information out of our Patient Services in the form of your personal health record which can be viewed online or downloaded as PDF documents.

You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled.

Information you share

Our services are designed so that you, the Patient, control who has access to your Personal Health Information.  Our Patient Services do not allow you to share information with others through our Website.  You may share information with those you authorize to access your Personal Health Information by providing them your Personal ID.   You are responsible for the security, safeguarding and release of your Personal ID.  Once you have released your Personal ID to another individual, e-AWV cannot retract or limit that person’s access to your information. e-AWV has no control over that individual sharing your Personal ID with others.  You assume all responsibility for the release of your Personal Health Information and release e-AWV and its affiliates for any liability related to the release of your Personal ID.

Our Provider Services do not allow your Provider to share your Personal ID with others through our Website.  Our Provider Services do not allow your Provider to share your information with others through our Website.  Our Privacy Policy does not cover information, including your Personal ID and information from your Personal Health Record, that your Provider may give others, such as other medical professionals, orally or in electronic or paper form.

Accessing and updating your personal information

Whenever you use our Patient Services, you will have limited access to your personal information.  Your access is limited to viewing and printing your Personal Health Records in PDF form.

Certain users – such as Providers –may be required under HIPAA and other applicable laws or regulations to retain your information for extended periods of time. This means that until our agreement with your Provider(s) terminate(s), we will continue to retain your information on their behalf. HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to their Providers.

If your Provider contacts us to handle requests that the Provider does not have access to provide, we may reject requests that require us to have access to your personally identifiable information or that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after your Provider deletes information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

You should also be aware that we store indefinitely non-personal information, including de-identified health information

Information we share

We do not share personally identifiable information with companies, organizations and individuals outside of e-AWV and its affiliates unless one of the following circumstances apply:

  • With your Provider’s consent
    We will share your personal information with companies, organizations or individuals outside of e-AWV and its affiliates when we have your Provider’s consent to do so.
  • For external processing or services requested by Patient or Provider
    We provide personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
  • For legal reasons
    We will share personal information, as required or permitted by law, with companies, organizations or individuals outside of e-AWV and its affiliates if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms and Conditions of Use, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of e-AWV, our users or the public.

We may share  your non-personally identifiable information, aggregated with the data of others, with third parties to assist in research for medical purposes, or other similar purposes,  and publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If e-AWV is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and give your Provider notice before personal information is transferred or becomes subject to a different privacy policy.

Information security

We work hard to protect e-AWV and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  • We encrypt many of our services using SSL.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to personal information to e-AWV employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

The security of our Services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices. Under our Terms and Conditions of Use and applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our Services. It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.

Steps You Can Take: If we learn of a security vulnerability or risk, we may attempt to notify your Provider and provide information on protective measures you or your Provider may take. There are, however, some precautions that you can proactively take to improve your system security and reduce the likelihood of unintended disclosure of personal information:

  • Install malware detection programs that regularly scan your system and incoming traffic for malicious code – such as computer viruses, worms, Trojan Horses and spyware. Because viruses and malware are continuously created and modified, regular malware protection software typically requires frequent updates.
  • Use a firewall to prevent unauthorized access to your Device.
  • Because malware often targets vulnerabilities in existing operating systems, browsers, plug-ins and other programs, software vendors frequently update their products with security patches to guard against known or commonly exploited vulnerabilities. Vendors often try to alert their users and recommend immediate installation of these security patches.
  • Use a strong password using a combination of letters and numbers that are not easily guessed. Do not share your password with others.
  • If you use a shared Device, always close all active programs and log out before leaving it unattended.
  • Avoid using a public wireless network, if possible. If you do use a public network, use the most restrictive wireless network settings on your Device.
  • If you use file-sharing programs, be sure to restrict all other folders or directories to “no share.”
  • Be very cautious with any email requesting you to share personal information. On websites, look for the lock symbol on or near your browser’s address bar which signifies a secure website before supplying personal information.
  • When participating in any communities, blogs, forums, surveys or other open communication platforms, exercise care in selecting what information you share, particularly personal or health information.

Application

Our Privacy Policy applies to all of the services offered by Innovative Health Media, LLC and its affiliates, including services offered on other sites.

Our Privacy Policy does not apply to services offered by other companies or individuals, including sites that may include e-AWV services, or other sites linked from our services.

Enforcement

We regularly review our compliance with our Privacy Policy. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Changes

Our Privacy Policy may change from time to time. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice. We will also keep prior versions of this Privacy Policy in an archive for your review.

 

Provider Privacy Policy

Confidentiality of Health Information

Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive. Included among them is the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. When we store, process or transmit “individually identifiable health information” (as such term is defined by HIPAA) on behalf of a health care provider, we do so as its “business associate” (as also defined by HIPAA). As a business associate, we are prohibited from, among other things, using individually identifiable health information in a manner that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of such providers. We are also subject to laws and regulations governing the use of certain personal and health information, including HIPAA, when we operate as a business associate of a healthcare provider.

 

Information we collect

We collect information to provide better services to all of our users – from learning basic information to more complex information .

We collect information in two ways:

  • Information you give us. Our Provider Services require you to sign up for an e-AWV Account. When you do, we’ll ask for your personal information, like your name, email address, telephone number or credit card. When you establish and update a Personal Health Record for your Patient, you may give us your Patient’s personal information, like your Patient’s name, email address, telephone number, and your Patient’s Personal Health Information.
  • Information we get from your use of our Provider Services. We may collect information about the services that you use and how you use them when you access your account and when you access a Patient’s personal medical record. This information includes:
  • Device information

We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). e-AWV may associate your device identifiers or phone number with your e-AWV Account.

  • Log information

When you use our services or view content provided by e-AWV, we may automatically collect and store certain information in server logs. This may include:

  • details of how you used our service, such as your search queries.
  • Internet protocol address.
  • device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • cookies that may uniquely identify your browser or your e-AWV Account.
  • Unique application numbers

Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to e-AWV when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

  • Local storage

We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.

  • Cookies and anonymous identifiers

We use various technologies to collect and store information when you visit an e-AWV service, and this may include sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as e-AWV features that may appear on other sites.

How we use information we collect

We use the information we collect from you and your Patient to provide, maintain, protect and improve our services, to develop new ones, and to protect e-AWV and our users.

e-AWV cannot access your Patient’s Personal ID.  e-AWV cannot access your Patient’s personally identifiable information.  If your Patient loses his or her Personal ID, he or she must contact you.  The Personal ID is permanent and cannot be changed.

We may use the name you provide for your e-AWV Account across all of the services we offer that require an e-AWV Account. In addition, we may replace past names associated with your e-AWV Account so that you are represented consistently across all our services.

When you contact e-AWV, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies, to improve your user experience and the overall quality of our services.

Your Patient’s personal information is stored on an encrypted database on our secure server.  We will not share your Patient’s personal information in any way that is identifiable to them.  We may share your Patient’s non-identifiable data, aggregated with the data of others, with third parties to assist in research for medical purposes, or other similar purposes, but the Patient will never be identified for any of these purposes.  We will not share any information that will enable a third party to identify or contact a Patient.

We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Transparency and choice

People have different privacy concerns. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. For example, you can:

  • Create and alter patient records within your own Provider Account
  • Take information out of our Provider Services in the form of your Patient’s Personal Health Record as PDF documents, in either printed or electronic format, or as data uploaded into your Electronic Medical Record.
  • Take information out of our Provider Services in the form of a Provider record as PDF documents, in either printed or electronic format, or as data uploaded into your Electronic Medical Record.

You may also set your browser to block all cookies, including cookies associated with our services, or to indicate when a cookie is being set by us. However, it’s important to remember that many of our services may not function properly if your cookies are disabled.

Information you share

Our Provider Services do not allow you to share information with others through our Website.  Our Patient Services do not allow your Patient to share information with others except those your Patient authorizes to access his or her information by providing them with his or her Personal ID.  Our Privacy Policy does not cover information, including your Patient’s Personal ID and information from your Patient’s Personal Health Record, that you may give others, such as other medical professionals, orally or in paper or electronic form.

Accessing and updating your personal information

Whenever you use our Provider Services, we aim to provide you with access to your and your Patient’s personal information. If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

Certain users – such as Providers –may be required under HIPAA and other applicable laws or regulations to retain a Patient’s information for extended periods of time. This means that until our agreement with you terminate(s), we will continue to retain your Patient’s information on your behalf. HIPAA grants patients certain rights to access and correct certain health information their healthcare providers retain about them. Patients should submit requests to access or correct their health information directly to you.

We may reject requests that would require us to have access to a Patient’s personally identifiable information or that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

You should also be aware that we store indefinitely non-personal information of Patients, including de-identified health information.

Information we share

We do not share a Provider’s personal information with companies, organizations and individuals outside of e-AWV and its affiliates unless one of the following circumstances apply:

  • With your consent
    We will share your and your Patient’s personal information with companies, organizations or individuals outside of e-AWV and its affiliates when we have your consent to do so.
  • With domain administrators
    If your e-AWV Account is managed for you by an outside administrator or reseller, then your outside administrator and resellers who provide user support to your organization may have access to your e-AWV Account information (including your email and other data). Your outside administrator or reseller may be able to:
  • view statistics regarding your account, like statistics regarding applications you install.
  • change your account password.
  • suspend or terminate your account access.
  • access or retain information stored as part of your account.
  • receive your account information in order to satisfy applicable law, regulation, legal process or enforceable governmental request.
  • restrict your ability to delete or edit information or privacy settings.

Please refer to your outside administrator or reseller’s privacy policy for more information.

  • For external processing or services requested by Patient or Provider
    We provide your and your Patient’s personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.
  • For legal reasons
    We will share your personal information, as required or permitted by law, with companies, organizations or individuals outside of e-AWV and its affiliates if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
  • meet any applicable law, regulation, legal process or enforceable governmental request.
  • enforce applicable Terms and Conditions of Use, including investigation of potential violations.
  • detect, prevent, or otherwise address fraud, security or technical issues.
  • protect against harm to the rights, property or safety of e-AWV, our users or the public.

We do not share a Patient’s personal information with companies, organizations and individuals outside of e-AWV and its affiliates unless one of the following circumstances apply:

We may share your and your Patient’s non-personally identifiable information, aggregated with the data of others, with third parties to assist in research for medical purposes, or other similar purposes, and publicly and with our partners – like publishers, advertisers or connected sites. For example, we may share information publicly to show trends about the general use of our services.

If e-AWV is involved in a merger, acquisition or asset sale, we will continue to ensure the confidentiality of any personal information and Patient Information and give you notice before personal information is transferred or becomes subject to a different privacy policy.

Information security

We work hard to protect e-AWV and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. In particular:

  • We encrypt many of our services using SSL.
  • We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
  • We restrict access to personal information to e-AWV employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

The security of our Services and the information they store, process and transmit is a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical and administrative safeguards, including: Secure Socket Layer (SSL) encryption, firewalls, system alerts and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage and processing practices. Under our ToC and applicable law, we are required to apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information (as such term is defined by HIPAA) residing on and processed by our Services. It is important to remember, however, that no system can guarantee 100% security at all times. Accordingly, we cannot guarantee the security of information stored on or transmitted to or from our Services.

Steps You Can Take: If we learn of a security vulnerability or risk, we may attempt to notify you and provide information on protective measures you may take. There are, however, some precautions that you can proactively take to improve your system security and reduce the likelihood of unintended disclosure of personal information:

  • Install malware detection programs that regularly scan your system and incoming traffic for malicious code – such as computer viruses, worms, Trojan Horses and spyware. Because viruses and malware are continuously created and modified, regular malware protection software typically requires frequent updates.
  • Use a firewall to prevent unauthorized access to your Device.
  • Because malware often targets vulnerabilities in existing operating systems, browsers, plug-ins and other programs, software vendors frequently update their products with security patches to guard against known or commonly exploited vulnerabilities. Vendors often try to alert their users and recommend immediate installation of these security patches.
  • Use a strong password using a combination of letters and numbers that are not easily guessed. Do not share your password with others.
  • If you use a shared Device, always close all active programs and log out before leaving it unattended.
  • Avoid using a public wireless network, if possible. If you do use a public network, use the most restrictive wireless network settings on your Device.
  • If you use file-sharing programs, be sure to restrict all other folders or directories to “no share.”
  • Be very cautious with any email requesting you to share personal information. On websites, look for the lock symbol on or near your browser’s address bar which signifies a secure website before supplying personal information.
  • When participating in any communities, blogs, forums, surveys or other open communication platforms, exercise care in selecting what information you share, particularly personal or health information.

Application

Our Privacy Policy applies to all of the services offered by Innovative Health Media, LLC and its affiliates, including services offered on other sites.

Our Privacy Policy does not apply to services offered by other companies or individuals, including sites that may include e-AWV services, or other sites linked from our services.

Enforcement

We regularly review our compliance with our Privacy Policy. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.

Changes

Our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We will also keep prior versions of this Privacy Policy in an archive for your review.