Effective Date: April 22, 2019

EBSCO Health Decision, LLC (“HealthDecision”) collects certain information through the HealthDecision Technology (defined below). This page (this “Privacy Policy”) lays out our policies, practices, and procedures surrounding the collection and handling of any such information. This Privacy Policy applies to all personal and non-personal information received by HealthDecision whether in electronic, written, or verbal format.

This Privacy Policy does not apply to any third-party site or service linked from the HealthDecision Technology or recommended or referred by it or by the HealthDecision staff. These third-party sites or services are governed by their own privacy policies. Please check the privacy policy of any entity you interact with on or off the HealthDecision Technology. HealthDecision has no responsibility or liability for the content and activities of these linked or recommended sites.

1. Definitions

In addition to terms defined elsewhere in this Privacy Policy, the terms set forth immediately below have the following meanings.
“Affiliates” means an entity that directly or indirectly controls, is controlled by, or is under common control with the Customer.

“Clinician” means the medical professional providing medical care and information.

“Customer” means the institution or entity that has contracted HealthDecision to provide HealthDecision Technology and its affiliates.

“Data” means the information that either the User enters into the HealthDecision Technology or the HealthDecision Technology collects or receives from a connected EHR.

“Documentation” means the documentation, instructions, User guides, and other documents made available by HealthDecision that relate to the Services and Software.

“EHR” or “Electronic Health Record” means the software used for the electronic health record used by You.

“HealthDecision Technology” means the Services, Software, and Documentation.

“HIPAA” means, collectively, the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and the implementing regulations set forth in 45 C.F.R. Parts 160, 162 and 164.

“Patient” means the person seeking medical care and information.

“Protected Health Information (PHI)” means any individually identifiable health information relating to health, health care, or payment for health care. PHI has the same meaning generally in this Privacy Policy as defined under “Protected Health Information” in 45 C.F.R. § 160.103.

“Services” means the Site and any hosted Software services made available via the Site, including without limitation any dashboards, reports, reporting tools, or other services.

“Site” means all websites and webpages hosted at the healthdecision.org or healthdecision.com domains, as well as any HealthDecision-branded mobile applications.

“Software” means any software that HealthDecision makes available.

“User” means the person or the Customer using the HealthDecision Technology and may include a Patient or a Clinician.

2. Information We Collect

A User’s privacy is important to us, and we are committed to keeping the User’s Data private. HealthDecision Technology receives Data entered by the User or passed to it by a connected Electronic Health Record.

Electronic Health Record (EHR). The encrypted links developed for connection to Electronic Health Record Software operate under the following general guidelines:

EHR Data: When connected to an EHR, the HealthDecision Technology receives Data that are used for calculations and to recognize when individual Users return to the Site at different times. These Data are also used to understand User trends or trends in Patient characteristics over time. In addition, these Data become part of a session, which is stored on the HealthDecision secure servers, is used for billing purposes, and can become part of reports that are generated for the Customer.

HIPAA Compliance: Because the HealthDecision Technology does not currently receive any PHI, HealthDecision and the HealthDecision Technology are not, and are not required to be, HIPAA compliant. However, we are preparing for future HIPAA compliance. The HealthDecision Technology will not receive any PHI until HealthDecision and the HealthDecision Technology complies with all applicable provisions of HIPAA.

Non-EHR use. When a User accesses the HealthDecision Technology without a connection through an EHR, Data is entered manually in the different tools. These Data are recorded and maintained by HealthDecision.

Identifiable Clinician data. A Clinician is given the option to enter their name and email address to help customize use of the HealthDecision Technology. Furthermore, this information allows HealthDecision to communicate with a subset of Clinicians and give those Clinicians early access to new tools and new features.

HealthDecision does not sell, lease, or distribute any email address or other information provided by Clinicians using the Site.

System logs. When the User accesses the HealthDecision Technology, Data may be automatically collected and stored in system logs. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows. Certain information such as timestamps and internet protocol addresses are automatically collected and stored in system logs.

Cookies. When using the HealthDecision Technology without a connection through an EHR, the HealthDecision Technology may use cookies for identifying returning Users. For EHR connected sessions, no cookies are used.

Analytics. The HealthDecision Technology sends transformed usage data to a third party for analysis of usage patterns, but such data does not contain identifiable Patient or Clinician Data. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows.

Links to Other Sites. The Site contains links to other sites, such as PubMed, for the convenience of Site Users. The Site does not transmit any of the above Data to other sites.

3. Information Security

HealthDecision takes appropriate technical and organizational measures to ensure that our Users’ Data is secure. For example, we limit the number of people who have access to Data by using electronic security systems and password protections that guard against unauthorized access. HealthDecision Technology is hosted on servers that use industry-standard technologies designed to protect against the loss, misuse or alteration of the Data collected by the HealthDecision Technology.

4. Contractor and Other Third Party Access

HealthDecision gives certain independent contractors access to the Data mentioned in this Policy. Those contractors assist with operations, software development, maintenance and other activities. All contractors are required to sign contracts in which they agree to protect such Data using procedures reasonably similar to ours. HealthDecision also may disclose such Data to attorneys, collection agencies, or law enforcement authorities to address potential terms of use violations, other contract violations, or illegal behavior. HealthDecision also discloses any Data demanded in a court order or otherwise required by law or to prevent imminent harm to persons or property. Finally, HealthDecision may share Data in connection with a corporate transaction, like a merger or sale of our company, or a sale of all or substantially all of its assets or of the product or service line received from HealthDecision, or a bankruptcy.

As noted above, HealthDecision compiles usage statistics from collected Data. HealthDecision may publish those statistics or share them with third parties, as long as the statistics do not contain any Data that might individually or collectively identify a specific User or Customer.

5. How to Contact Us

Should you have any questions or concerns about this Privacy Policy, please email feedback@healthdecision.com.

6. Usage of Collected Information for Quality and Research

HealthDecision may participate in quality and usability projects which use the Data collected by the HealthDecision Technology. In addition, HealthDecision may allow research groups to access Customer Data. These projects must be approved in writing by both the Customer and all applicable institutional review boards (IRBs) prior to data access. In these projects, HealthDecision will follow any additional security and privacy requirements required by the IRBs for the research project. The data used or accessed in connection with these projects will be de-identified, aggregated and transformed such that the data will not contain any identifiable Customer or User Data.

7. Amendment of This Privacy Policy

HealthDecision reserves the right to change this Privacy Policy at any time by posting a new version on this page. The new version will become effective on the date it is posted, which will be listed at the top of the page as the new Effective Date. You acknowledge that any use of the HealthDecision Technology is based on this Privacy Policy, current at the time of use. If we make any material changes to this Privacy Policy, we will notify you by means of a notice via the HealthDecision Technology prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.