Updated and effective as of July, 2016
1. Protection of Your Medical Privacy
CareDox does not provide any medical data that you enter on the site or that we obtain from your medical providers to third parties without your authorization. Your account features security measures that include encryption of your health data and password protection for access. You are responsible for managing the sharing of your user name and password. CareDox will not provide access to your account to any third party, except where you have authorized such access by providing the third party a user name and password. Any third party to whom you provide access will have the ability to read and/or manage the data in your account. It is your responsibility to manage the creation and sharing of passwords to insure only authorized users have access to your account.
As a Member of CareDox.com, you grant us access to your account, including the ability to manage and view medical data to maintain your account. CareDox requires this access in order to update your account with medical records or to make changes to correct issues you may report to us.
2. Information Collection and Use
- Personal Information. When you register with us through the Site, we will ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). Personal Information includes, but is not limited to your name and email address. We will use your Personal Information to create a CareDox account (“Account”) and you will become a member of CareDox (“Member”). We use your Personal Information mainly to provide the Service and to administer your Account and inquiries. Some “Members” have free accounts that are updated by the user, others have accounts, where some data is updated by CareDox. (Members with this service may be referred to as “Subscribers”.)
- As a CareDox Member or Subscriber who has registered for the Service, we collect your Personal Information to associate your personal accounts with medical records that you upload or transmit or we obtain on your behalf from third party health providers (e.g. your doctor or hospital). By providing CareDox with the Personal Information required to identify you and/or members of your family, you understand that CareDox will access, retrieve and store content from your medical providers (“Healthcare Information”) in order to make it available and viewable through the Service.
- We may publicly display on the Site certain information that does not, and cannot be used to, identify you (“De-Identified Information”).
- We use your Personal Information (in some cases, in conjunction with your De-Identified Information) to provide the Service to you and administer your inquiries.
- We also use your Personal Information to contact you with health and educational information about CareDox and its third party suppliers. We use feedback you provide to us to develop better health and educational products and services. We do not, however, engage in online targeted advertising (also known as online behavioral advertising), which is commonly described as collecting information about users based on the users’ website activity over multiple websites and delivering advertisements based on that activity. We do not share behavior tracking information with any third parties.
- Choice / Opt-Out. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications or update your preferences via the “Settings” section of the Site. (See “Changing or Deleting Information,” below.) Active Members and Subscribers may not opt out of email and phone communication needed to maintain your account. If you wish not to receive them, you have the option to deactivate your account by emailing email@example.com with “cancellation” in the subject line.
- De-Identified Information. Certain information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered De-Identified Information when they are taken alone or combined only with other de-identified information (for example, your preferences) in a manner that does not, and cannot be used to, identify you. When we de-identify information we do so in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA). We may use your De-Identified Information to improve our products and services, and to demonstrate the effectiveness of our products or services, including in our marketing materials. We may also aggregate your De-Identified Information with De-Identified Information of other users of the Site, and share that aggregated De-Identified Information with third parties for the development and improvement of educational sites, services and applications.
3. Log Data
When you visit the Site, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site and the Service and for the Site’s technical administration, to increase our Site’s functionality and user-friendliness, and to better tailor it to our visitors’ needs. We also use this information to verify that visitors to the Site meet the criteria required to process their requests. We do not treat Log Data as Personal Information or use it in association with other Personal Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other De-Identified Information. We do not share Log Data with any third parties.
5. Third Party Cookies
From time to time we may provide you the opportunity to participate in surveys, contests or offers (collectively, “Promotions”) on our Site or via newsletters. If you decide to participate, we may request certain Personal Information from you. Participation in these Promotions is completely voluntary and you have a choice whether or not to disclose this information. We use this information to administer your participation in each Promotion.
7. CareDox Blog- Community features and “Sharing”
We may post customer testimonials and feedback on the Site which may contain Personal Information. We will attempt to obtain a Member’s consent via email prior to posting the testimonial or feedback in conjunction with such Member’s Personal Information.
Identity theft and the practice currently known as “phishing” are concerning to CareDox. Safeguarding information to help protect you from identity theft is of great importance to us. We do not and will not, at any time, request your credit card information, your login information or national identification numbers in a non-secure or unsolicited e-mail or telephone communication. All email or phone communication regarding payments for your account will direct you to the secure site CareDox.com for payment- unless you elect to confirm payment by phone. For more information about phishing, visit the Federal Trade Commission’s website.
9. Service Providers
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, customer service, transcribing health records to your account, maintenance services, email management, database management, web analytics and improvement of the Site’s features) or to assist us in analyzing how our Site and Service are used. We may disclose Personal Information, such as name and contact information, to any person performing audit, legal, operational, or other services for us. We will use information which does not identify the individual for these activities whenever feasible. Information disclosed to vendors or contractors for operational purposes will be limited to the minimum necessary to perform their task and may not be re-disclosed to others by such a vendor or contractor. These third parties have access to your Personal Information and health records only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
10. Compliance with Laws and Law Enforcement
CareDox cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of CareDox or an individual or third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity. We may disclose personal information to protect the security and reliability of this Site and to take precautions against liability.
11. Business Transfers
12. Changing or Deleting Your Information and Data Retention
All Members may review, update, correct or delete the Personal Information in their Account by contacting us at firstname.lastname@example.org or by making edits via the “profile” section of the Site. If you completely delete all such information, then your Account may become deactivated.
We may retain your information, including Personal Information, for as long as your Account is active or as needed to provide you the Service. If you would like us to delete your record in our system, please contact us at email@example.com with a request that we delete your Personal Information from our database. We will use commercially reasonable efforts to honor your request. We may retain an archived copy of your records as required by law or as part of our offline archive.
CareDox is very concerned with safeguarding your information. The security of your personal information is important to us. But remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. When you enter Personal Information or otherwise provide CareDox with access to information (such as login information), and we encrypt that information using secure socket layer technology (SSL). In some cases, we also encrypt Personal Information where it is stored on our systems.
Our Site contains links to other websites and offers for third party products or services that may be complementary to your use of the Site. If you click on a third party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third party websites. These other websites may place their own cookies or other files on your computer, collect data or solicit personal information from you. Other sites follow different rules regarding the use or disclosure of the personal information you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.
16.Our Policy Towards Children and Others
This Site is not directed to individuals under 13. The Site is intended to be used by parents and legal guardians. If you are acting for another person, you hereby affirm that you have the legal right to do so such that as you are the parent, legal guardian or otherwise have a valid power of attorney to act on behalf of that person. Your use of the Site and the creation of Profiles within the site constitute your agreement to include personally identifiable data of your children or children for whom you are the legal guardian. Further you may utilize the Site only for children for whom you are the parent or legal guardian your establishment of child profiles is your confirmation of your status as a parent or legal guardian of the children included in your account. If we learn that an under 13 user has volunteered personally identifiable information on the Site, we will delete such information from our active databases in accordance with our deletion policy, described above.
17. Unsubscribe or Opt-Out
CareDox offers you the opportunity to opt out from receiving promotional email or mail from us and our third-party suppliers about our Site, Products and Services.
- For email, users may opt-out at any time by using the unsubscribe mechanism within the email. The unsubscribe mechanism allows Site users to manage other subscription preferences to email alerts and special offers but does not allow a user to opt-out of receiving transactional email, such as subscription confirmation and responses to direct requests.
- For calls or direct mail, a Site user may opt out by calling 1-260-227-3369.
- If the information you have provided will be available to third parties, you will also be given the opportunity to opt out from this practice by calling 1-260-227-3369.
- You may write us directly if you wish to: (a) update or delete your contact information (b) ask that we not share your Personal Information with third parties; (c) opt-out or request that we cease sending you promotional or other information via mail or email; or (d) address any other question or concern you may have such written requests should be sent to firstname.lastname@example.org.
- In those instances, we will retain your information in a “do not promote” file in our database, and you will receive no further communications from us unless you consent otherwise.
- If you have opted out of receiving future emails from us, we will implement your opt-out request within ten (10) business days of receipt. If you have opted-out of receiving future promotional materials by regular mail, we will implement your opt-out request within a commercially reasonable time.
18. California Privacy Rights Disclosure
Under California Civil Code Section 1798.83, also known as Senate Bill 27, or Shine the Light you are entitled to request and receive, free of charge, a copy of CareDox’ California Information Sharing Disclosure Notice for the previous calendar year. You may print this page, or call 1-260-227-3369, to request a copy or email us at email@example.com. We will provide the requested information to you at your email address in response. Please be aware that not all information sharing is covered by the “Shine the Light” requirements and only information on covered sharing will be included in our response.
19. Notification of Privacy Statement Changes
Contact us at
35 West 35th Street,
10th floor, Suite 1001,
New York, NY 10001 or at