Effective Date: May 1, 2017
“Affiliates” an entity that directly or indirectly controls, is controlled by, or is under common control with the Customer.
“Clinician” means the medical professional providing medical care and information.
“Customer” means the institution or entity that has contracted HealthDecision to provide HealthDecision Technology and its affiliates.
“Data” means Protected Health Information (PHI) and other non-PHI that either the User enters into the HealthDecision Technology or the HealthDecision Technology collects, or receives from a connected EHR.
“Documentation” means the documentation, instructions, User guides, and other documents made available by HealthDecision that relate to the Services and Software.
“EHR” or “Electronic Health Record” means the software used for the electronic health record used by You.
“HealthDecision Technology” means the Services, Software, and Documentation.
“Patient” means the person seeking medical care and information.
“Services” means the Site and any hosted Software services made available via the Site, including without limitation any dashboards, reports, reporting tools, or other services.
“Site” means all websites and webpages hosted at the healthdecision.org or healthdecision.com domains, as well as any HealthDecision-branded mobile applications.
“Software” means any software that HealthDecision makes available.
“User” means the person or the Customer using the HealthDecision Technology and may include a Patient or a Clinician.
2. Information We Collect
A User’s privacy is important to us, and we are committed to keeping the User’s Data private. HealthDecision Technology receives Data entered by the User or passed to it by a connected Electronic Health Record.
Electronic Health Record (EHR). The encrypted links developed for connection to Electronic Health Record Software operate under the following general guidelines:
Protected Health Information and other information: When connected to an EHR, the HealthDecision Technology receives Data that are used for calculations and to recognize when individual Users return to the Site at different times. These Data are also used to understand User trends or trends in Patient characteristics over time. In addition, these Data become part of a session, which is stored on the HealthDecision secure servers, is used for billing purposes, and can become part of reports that are generated for the Customer.
Non-EHR use. When a User accesses the HealthDecision Technology without a connection through an EHR, Data are entered manually in the different tools. These Data are recorded and maintained by HealthDecision.
Identifiable Clinician data. A Clinician is given the option to enter their name and email address to help customize use of the HealthDecision Technology. Furthermore, this information allows HealthDecision to communicate with a subset of Clinicians and give those Clinicians early access to new tools and new features.
HealthDecision does not sell, lease, or distribute any email address or other information provided by Clinicians using the Site.
System logs. When the User accesses the HealthDecision Technology, these Data may be automatically collected and stored in system logs. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows. Certain information such as timestamps and internet protocol addresses are automatically collected and stored in system logs.
Analytics. The HealthDecision Technology sends transformed usage data to a third party for analysis of usage patterns. No identifiable Patient or Clinician data is passed outside of the Site in this way. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows.
Links to Other Sites. The Site contains links to other sites, such as PubMed for the convenience of Site Users. The Site does not transmit any of the above Data to other sites.
3. Information Security
HealthDecision works hard to protect our Users’ Data both online and offline. HealthDecision Technology is hosted on HIPAA-compliant servers using industry standards for data protection.
4. Contractor and Other Third Party Access
As noted above, HealthDecision compiles usage statistics from collected Data. HealthDecision may publish those statistics or share them with third parties, as long as there are no Data that might individually or collectively identify a specific User or Customer.
5. How to Contact Us
6. Usage of Collected Information for Quality and Research
HealthDecision may participate in quality and usability projects which use the Data collected by the HealthDecision Technology. In addition, HealthDecision may allow research groups to access Customer Data. These projects must be approved in writing by both the Customer and all applicable institutional review boards (IRBs) prior to data access. In these projects, HealthDecision will follow any additional security and privacy requirements required by the IRBs for the research project. For these projects, the data will be fully de-identified, aggregated and transformed such that there are no links from the data back to any Customers or Users from the data.