Effective Date: April 22, 2019
“Affiliates” means an entity that directly or indirectly controls, is controlled by, or is under common control with the Customer.
“Clinician” means the medical professional providing medical care and information.
“Customer” means the institution or entity that has contracted HealthDecision to provide HealthDecision Technology and its affiliates.
“Data” means the information that either the User enters into the HealthDecision Technology or the HealthDecision Technology collects or receives from a connected EHR.
“Documentation” means the documentation, instructions, User guides, and other documents made available by HealthDecision that relate to the Services and Software.
“EHR” or “Electronic Health Record” means the software used for the electronic health record used by You.
“HealthDecision Technology” means the Services, Software, and Documentation.
“HIPAA” means, collectively, the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act, and the implementing regulations set forth in 45 C.F.R. Parts 160, 162 and 164.
“Patient” means the person seeking medical care and information.
“Services” means the Site and any hosted Software services made available via the Site, including without limitation any dashboards, reports, reporting tools, or other services.
“Site” means all websites and webpages hosted at the healthdecision.org or healthdecision.com domains, as well as any HealthDecision-branded mobile applications.
“Software” means any software that HealthDecision makes available.
“User” means the person or the Customer using the HealthDecision Technology and may include a Patient or a Clinician.
2. Information We Collect
A User’s privacy is important to us, and we are committed to keeping the User’s Data private. HealthDecision Technology receives Data entered by the User or passed to it by a connected Electronic Health Record.
Electronic Health Record (EHR). The encrypted links developed for connection to Electronic Health Record Software operate under the following general guidelines:
EHR Data: When connected to an EHR, the HealthDecision Technology receives Data that are used for calculations and to recognize when individual Users return to the Site at different times. These Data are also used to understand User trends or trends in Patient characteristics over time. In addition, these Data become part of a session, which is stored on the HealthDecision secure servers, is used for billing purposes, and can become part of reports that are generated for the Customer.
HIPAA Compliance: Because the HealthDecision Technology does not currently receive any PHI, HealthDecision and the HealthDecision Technology are not, and are not required to be, HIPAA compliant. However, we are preparing for future HIPAA compliance. The HealthDecision Technology will not receive any PHI until HealthDecision and the HealthDecision Technology complies with all applicable provisions of HIPAA.
Non-EHR use. When a User accesses the HealthDecision Technology without a connection through an EHR, Data is entered manually in the different tools. These Data are recorded and maintained by HealthDecision.
Identifiable Clinician data. A Clinician is given the option to enter their name and email address to help customize use of the HealthDecision Technology. Furthermore, this information allows HealthDecision to communicate with a subset of Clinicians and give those Clinicians early access to new tools and new features.
HealthDecision does not sell, lease, or distribute any email address or other information provided by Clinicians using the Site.
System logs. When the User accesses the HealthDecision Technology, Data may be automatically collected and stored in system logs. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows. Certain information such as timestamps and internet protocol addresses are automatically collected and stored in system logs.
Analytics. The HealthDecision Technology sends transformed usage data to a third party for analysis of usage patterns, but such data does not contain identifiable Patient or Clinician Data. The HealthDecision Technology may use a third party to generate statistics, conduct evaluations, and streamline workflows.
Links to Other Sites. The Site contains links to other sites, such as PubMed, for the convenience of Site Users. The Site does not transmit any of the above Data to other sites.
3. Information Security
HealthDecision takes appropriate technical and organizational measures to ensure that our Users’ Data is secure. For example, we limit the number of people who have access to Data by using electronic security systems and password protections that guard against unauthorized access. HealthDecision Technology is hosted on servers that use industry-standard technologies designed to protect against the loss, misuse or alteration of the Data collected by the HealthDecision Technology.
4. Contractor and Other Third Party Access
As noted above, HealthDecision compiles usage statistics from collected Data. HealthDecision may publish those statistics or share them with third parties, as long as the statistics do not contain any Data that might individually or collectively identify a specific User or Customer.
5. How to Contact Us
6. Usage of Collected Information for Quality and Research
HealthDecision may participate in quality and usability projects which use the Data collected by the HealthDecision Technology. In addition, HealthDecision may allow research groups to access Customer Data. These projects must be approved in writing by both the Customer and all applicable institutional review boards (IRBs) prior to data access. In these projects, HealthDecision will follow any additional security and privacy requirements required by the IRBs for the research project. The data used or accessed in connection with these projects will be de-identified, aggregated and transformed such that the data will not contain any identifiable Customer or User Data.