Updated and effective: July 15, 2017
Information You Provide. When you agree to become a member of CareDox, you provide us with the first name, last name and email address of the individual who will act as your System Administrator. The System Administrator may then enter the first names, last names and email addresses of authorized employees, who may then access the system and create their passwords. In addition, the school name, grade(s), parent first and last names and email addresses, and student first and last names and dates of birth must be entered in order to use the services.
In order to use CareDox, school customers provide the following minimally required information:
- School name and grade(s)
- First and last names and email addresses of authorized users
- Student first and last names and dates of birth
- Parent first and last names and email addresses
We use this information to create your account, administer the services and respond to your inquiries. We also use this information to create access credentials for your authorized employees (“Users”).
Administering the services includes creating the electronic student health record and emailing parents to invite them to sign up for an account within CareDox, and facilitating communication between schools and parents. With an account, parents may also view their child’s health record and sign up to receive general health education material. Parents may opt out of receiving the health education material by clicking on the “unsubscribe” button that appears at the bottom of each email or by accessing the “profile” section of CareDox and setting the preferences to stop receipt of such information.
At your option, you may upload additional student health information, including, but not limited to, conditions, allergies and medications, to facilitate management and delivery of care to your students. We may also use the information you provide at registration to associate your account with medical records that you upload or transmit, or those that you may direct us to upload on your behalf from third party health providers (e.g., a doctor or hospital), in order to make such information available and viewable to you through the Services, and provided that you have received all applicable consents for such data upload.
School customers may also choose to use the services to send one-way email communications to parents. Student personal information may not be included in such communications. The messages are not encrypted in transit.
Information We Collect Automatically. When you visit CareDox, our servers automatically record information sent from your browser (“Log Data”). Log Data may include information such as your computer’s Internet Protocol (“IP”) address, pages of CareDox that you visit, the time spent on those pages and access times and dates. We use this information to monitor, analyze use of and administer CareDox and to better tailor it to your needs.
To collect this information, we use technological tools including:
Cookies. A cookie is a small data file sent from a Web site or application and stored on your computer or device. Cookies allow us to recognize your browser and recognize it when you return to CareDox, and to remember your login information. Cookies also allow us to serve certain CareDox features, to better understand how you interact with CareDox, and to monitor aggregated usage by Members. You can set your browser to detect some cookies, to stop accepting cookies or to prompt you before accepting a cookie. If you do not accept cookies, however, you may not be able to use all features of CareDox. To learn more about browser cookies, including how to manage or delete them, look in the Tools, Help or similar section of your Web browser, or visit allaboutcookies.org.
Pixel Tags. A pixel tag (also known as a “clear GIF” or “web beacon”) is a tiny image – typically just one-pixel – that can be placed on a Web page or in an email to you, to tell us when you have displayed that page or opened that email.
We use third party service providers to assist us in collecting and understanding Log Data.
By using CareDox, you agree to our use of these tracking technologies.
How We May Use Your Information. We do not sell or rent personally identifiable information.
We use and disclose your personal information only for the purposes described above and for the following:
- Delivery of health data insights and reports to school districts, public health organizations and other healthcare agencies, developed by CareDox or its third party partners, derived from identified and de-identified Customer student data and developed, provided, however, that such partners may use the data only to develop and provide this part of the Services to Customer on behalf of CareDox
- Facilitation of healthcare coordination and health interventions developed by CareDox or its third party partners, and derived from identified and deidentified Customer student data, provided, however, that we have receive applicable consents from the Customer and parents, and that such partners may use the data only to develop and provide this part of the Services to Customer on behalf of CareDox.
- Delivery of deidentified student data to state public health agencies to facilitate a school or district Customer’s required reporting and for state public health agency interventions;
- To protect our rights, including rights related to our property, and the rights, property, and safety of others;
- To investigate a suspected violation of our Terms of Service, suspected fraud or other unlawful activity;
- As may be required by law or by a court order, in which case we shall attempt to notify you and work with you to seek to limit the scope of the required disclosure;
- To our third party service providers to allow them to provide CareDox features on our behalf;
- With your consent and as permissible under applicable laws and regulations.
We deidentify information in accordance with the requirements of applicable law, including the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA). We may use deidentified information, including aggregated deidentified information as described above and to improve CareDox, to demonstrate the effectiveness of CareDox, including in our marketing materials, and to develop and improve educational products and services.
Third Party Service Providers. We may employ third party companies and individuals to facilitate delivery of CareDox, to provide certain features on our behalf, such as customer service, maintenance services, email management, database management, web analytics and improvement of the Site’s features, or to assist us in analyzing how CareDox is used.
How You Can Access and Modify Your Information. You may review, update, correct or delete personal information in your account at any time by accessing the “profile” section of CareDox, or by contacting us at firstname.lastname@example.org. If you delete all of your profile information, your Account may become deactivated. You may review, update, correct or delete information that you have uploaded about your students by accessing your CareDox dashboard.
Data Retention. We may retain your information for as long as your account is active or as needed to provide you the Service and comply with applicable law and/or our contractual obligations. If you would like us to delete your records in our system prior to termination of your agreement, please send a written request to email@example.com. We will delete your records within 30 days of receipt of your written request.
We will retain aggregated, deidentified information for the purposes described above. In addition, should a parent/legal guardian choose to maintain an account with CareDox after termination of Customer agreement, CareDox will retain a copy of their child’s records in their account.
Security. CareDox is concerned with safeguarding your information. We strive to provide commercially reasonable practices, including administrative, technical, and physical safeguards, including encryption of data in transit, firewalls, access controls and additional measures to protect the confidentiality, availability, and integrity of your data and in alignment with requirements of applicable regulation.
Notwithstanding the above, the optional, one-way email communications sent from schools to parents as described in the section, “Information You Provide,” are not encrypted in transit.
No method of transmission over the Internet, or method of electronic storage, is 100% secure, and we are not responsible for security incidents not reasonably within our control. You are responsible for managing the sharing of your user name and password, and for notifying us in the event that you know or suspect that your account credentials are no longer secure.
Links. CareDox contains links to websites belonging to third party health partners. If you click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
Contact Information. For additional information regarding our privacy practices, please contact us at:
104 West 40th Street, Suite 1030
New York, NY 10018