Safeguarding consumer privacy on our Web sites is one of the highest priorities for us. We understand that health is a very personal, private subject, and we want you to feel as comfortable as possible when visiting our Web sites and using our services. We operate under a strict set of privacy principles:
- We will only ask you for personal information that is necessary to provide you with health care services, products and programs. As most of our services and programs are interactive, the personal information you provide is needed so that you may get the most out of your participation in and use of our services or programs.
- We will not disclose your personal or health information to anyone without your prior consent. We employ strict security measures, including Secure Sockets Layer (SSL) encryption technology, to protect your online interactions. Our internal security measures are audited regularly by an independent third party for compliance with industry best practices and government regulations.
- We may share only statistical information about our members as a group (e.g., demographics, usage habits) with our third party business partners for a fee. An example of this type of information could include the number of members who are women over age 40.
- We will notify our members of any significant changes to our privacy statement that may affect the use of personal or health information.
These privacy principles are explained in detail in this privacy statement. Our privacy statement describes the information privacy practices that we follow to protect the privacy of your personally identifiable and personal health information ("personal information"). If you have questions or concerns regarding this statement or our practices, please contact us by e-mail.
So that we may keep your personal information confidential and secure, we have developed information privacy practices that are described in detail in this statement. We understand that you have questions and concerns regarding how your personal information is kept private when you use our interactive health care services and health information Web sites. Here are some of those questions and our answers:
What personal information is being collected from or about me? How and when is the personal information collected? For what purpose?
A. Personal information
All personal information provided by you when you register as a registrant of our Web sites is collected. We ask you only for personal information that is necessary to provide you with the health care services and information you requested. Although we require you to register with our Web sites to use our health care services, there are informational areas of our Web sites that can be accessed without providing any personal information.
1. Personally identifiable information.
Personally identifiable information may include any or all such information as your name, address, e-mail address, telephone number, Social Security number and your birth date. Your e-mail address is collected at the new member registration area of our Web sites and will be used to ask you how we can improve our features and services. We may also use your e-mail address to send you:
- A password reminder if you have lost or forgotten your password.
- Information about preventive health activities.
- Information about programs, products, services or content, or third-party programs, products, services or content that you have indicated to us are of interest to you. All personally identifiable information you provide during registration can be updated or corrected by accessing your user information, which is located in the "user information" area of our Web sites.
- Provide you with access to personal information you previously provided to our Web sites.
- Enable you to use our health care information, services, and products Participation in message boards requires that you select and provide us with a separate name and password combination.
2. Personal health information.
Personal health information, which is collected in your Health Record, may include health problems, medical conditions, medications, surgeries, allergies, immunizations, hospitalizations and family history. You determine what personal health information you want to include in your Health Record. Personal health information collected by our Web sites will only be used to proactively assist you to manage your health care needs and to provide you with access to our Web sites' health care information and services. We do not, without your consent, use your personal health information for other purposes. As a registrant with our Web sites, you may also enter health information about individuals other than yourself if you elect to complete a family history or contact sections of your Health Record. For example, you may provide a family member's name or medical information as part of your family history. Prior to entering such information, we encourage you to obtain that person's consent, as they will not be able to access this information.
B. Other information
1. Demographic information. We may collect your gender and ethnicity. Demographic information, which has been aggregated with other members' demographic information and does not contain any personally identifiable or personal health information, may be shared with third parties as described below.
- Collect general information related to how many people are using our Web sites. This information may be used for internal purposes and may be shared with third parties.
- Make logging in easier by remembering your e-mail address in encrypted form for you if you choose to have it saved.
- Record that you have participated in online quizzes or surveys. The cookie notes that you have responded and are ready to see the answers. Your specific response is not stored in the cookie. Our cookies do not contain any personal information. You are always free to decline our cookies if your browser permits, but some parts of our site may not work properly for you if you do so.
- Create reports for internal use to determine and develop programs, products, services or content that may be of interest to our members.
- Customize the health care information or services that are of interest to you.
- Provide aggregate, de-identified information to third parties, including advertisers, for a fee to develop programs, products, services and content that may be of interest to you.
- Provide aggregated "traffic statistics" and "response rates" to third parties, including advertisers, for a fee Here are examples of the types of aggregated reports that we provide to third parties for a fee:
- How many individuals used certain charts?
- How many individuals downloaded information on a particular disease or condition?
- How many men or women between specific ages have a particular disease or condition?
- How many individuals viewed a specific medication advertisement? In addition, quizzes and surveys offered on our Web sites may be sponsored by other companies or organizations.
Do you share my personal information with third parties? If so, with whom? What personal information is shared? For what purpose?
We do not share personally identifiable or personal health information with advertisers, without your prior consent. As mentioned above, we do share aggregated, de-identified information with third parties, including advertisers, for a fee.
B. Third-party service providers
We may provide such information to non-affiliated third parties, as necessary, to perform services or functions on our behalf ("service providers").
C. Other personal information disclosures
In addition, we may disclose personal information as required by law, such as at the request of a law enforcement agency or when presented with a court order or subpoena.
What control do I have over you sharing my personal information with third parties?
We do not share your personally identifiable or personal health information with third parties without your prior consent. Therefore, you control the disclosure of such information by providing or withholding your consent.
Does your privacy statement cover other sites that provide programs, products, services or content to your members?
No. Featured programs and other content on our Web sites may link you to third-party Web sites that are not owned, operated or maintained by us. For example, when you access the shopping area of our sites and request information, you may be directed to a third-party shopping Web site. This privacy statement does not apply to such third-party Web sites. We do not guarantee the information privacy practices of our business partners, or any other third parties' compliance with their respective privacy policies. Therefore, whenever you leave our sites we recommend that you review each site's privacy practices and make your own conclusions regarding the adequacy of these practices.
What communications should I expect to receive from you?
We want to provide our registrants with programs, products, services and content that are valuable to them. For that reason, we may contact you periodically through e-mail, mail or by telephone if you:
- Subscribe to a newsletter.
- Request a new password because the old one had been lost or forgotten
- Submit a question or suggestion via the "Contact Us" page or other e-mail links located throughout the sites
- Indicate that you want to be informed about any new programs, products, services or content of interest to you
- To provide information regarding programs, products, services and content currently offered that may be of interest to you
- To collect suggestions, through surveys, on how to improve our programs, products, services or content, and to evaluate our Web sites
How do I correct, update or delete my personal information that is maintained on your Web sites?
As a registrant with our Web sites, you can correct or update your personal information in the following areas of our Web sites:
You can correct or update personal information you provided during registration in the user information, or "change password" sections. You can select or de-select topics of interest to reflect your preferences so that we may tailor our newsletters to meet your interests. By selecting the user information option, you can change personally identifiable information-including first and last names, ZIP code and your e-mail address.
A. Termination of registration. You may terminate you registration with our Web sites. If you choose to do so, you will no longer have access to any programs, products, services or content offered through our Web sites. In addition, by terminating your registration, you are also deleting your personal information from our Web sites. Please note that although you have deleted this information, we perform regular tape backups of our systems to recover such information in the event of a system failure. Therefore, your personal information will continue to be stored in a secured off-site facility for up to three months after termination of your registration.
B. Deletion of specific personal information. As a registrant with our Web sites you may delete personal information contained in user information at any time. Please note that although you have deleted this information, we perform regular tape backups of our systems to recover such information in the event of a system failure. Therefore, personal information that you delete will continue to be stored in a secured off-site facility for up to three months after it has been deleted.
How do you protect my personal information from unauthorized access? How is my personal information stored and where is it stored?
We are committed to keeping your personal information secure and confidential. Our systems are located in a physically secure data center that is monitored by security guards and surveillance cameras 24 hours a day, seven days a week.
Our Web servers have been configured with Secure Sockets Layer (SSL), a leading encryption technology. SSL protects your personal information when it is being transmitted to or from our Web sites. We also use an industry standard firewall to further protect personal information transmitted to or from our Web sites from being accessed by an unauthorized party.
We have also obtained a digital certificate from RSA Data Security Inc. To view this site certificate on each secured page, click on the image of the closed lock or the solid key on the bottom bar of your browser window. A small frame displaying site security information will pop up.
Currently, our employees are only given access to your personal information to perform a specific job. In addition, we require all employees who access member information to sign non-disclosure agreements as a condition of employment. Furthermore, all employees are kept up-to-date on our security and privacy practices, and are informed about the importance we place on privacy and what they can do to protect your personal information.
When registering with our Web sites, we ask that you create a password to be used with your login ID. This login ID and password combination is required to access personal information previously provided to our Web sites and to access our health care services and information. By verifying the identity of our registrants, our Web sites further protect against unauthorized access to your personal information stored in our systems. For your protection, our Web sites have an "account lockout" feature. Any account that has greater than 15 consecutive unsuccessful attempts at login will be inactivated for 24 hours. Additionally, if you are logged onto our Web sites you will automatically be logged off of the site if you are inactive after 30 minutes.
What is co-branding and how does it affect the privacy of your personal information?
We may collaborate with a non-affiliated third party to provide programs, products, services or content, including advertisements, to members. These areas of our Web sites are considered to be co-branded. These sections of our Web sites will be clearly labeled as co-branded sections by use of the third party's logo, and the pages will look different from the other pages on our Web sites (different color and text size). Any personal information you provide on a co-branded version of our Web sites will be stored and controlled and will be maintained in accordance with this privacy statement. Third parties will not be allowed access to your personal information without your prior consent.
What is your policy regarding children and use of and access to your Web sites?
Our Web sites are not intended for use by children under age 13. We do not collect or disclose personal information about any person whom we know to be under age 13.
Where can I find out more information about privacy?
For more information about privacy, reference the following sources:
Health on the Net (HON) Foundation
Online Privacy Alliance
Health Privacy Project
Report onthe Privacy Policies and Practices of Health Web Sites
How do I contact you to find out more about information privacy practices?
You may contact us with your questions or comments by using the e-mail links on the "Contact Us" page and throughout the site. We will do our best to respond promptly at the e-mail address you provided when you contacted us. We welcome your comments and suggestions on how we can improve our privacy procedures.
How do I find out about changes to your information privacy practices?
We reserves the right to modify or amend our Privacy Statement at any time and for any reason. If we make a significant change to our information privacy practices or this statement, we will notify you by e-mail of any significant changes to this statement and the implementation date of these changes.
We will abide by the information privacy practices described in this Privacy Statement. If we make a significant change to this statement, we will not use or disclose the information you submit under this current statement in a new way without first providing you with an opportunity to opt-out or otherwise prevent that use or disclosure.