We are committed to protecting the privacy and security of our members' health information within our
control. These Terms and Conditions explain how we transmit and store health information, what choices we
give our members regarding the access to the information, what measures we take (and certain limitations on
our ability) to safeguard and protect the privacy and integrity of the stored information, and what
"cookies" are and how they are used.
Measures We Take to Safeguard Member Information
Peoplechart's security system provides a variety of rigorous information security features,
including: state-of-the-art firewall protection, stringent login credentials and verification process,
advanced encryption for all internet-based data communications, encryption within Peoplechart's systems
for "data at rest", and additional firewall protection between the user interface and system’s databases.
In addition, members can further protect their personal information by controlling who is authorized to
have access and using the Peoplechart access event log to monitor the details of each access event.
Peoplechart's system also gives members the ability to limit the scope of personal information and systems
features that they choose to make available to each authorized user (through intricate table of roles and
privileges). The system features also include the ability for the member to set or limit the time
period (start time and duration) during which authorized information access is allowed. Finally,
Peoplechart's patented "Dual Channel Lock" system provides an additional level of protection in the
event of any unauthorized access to Peoplechart’s systems.
Our "live" or production servers and database are guaranteed 99.9% uptime and protected by a professional
and secure data storage facility that is located in disaster-free zone state. The facility includes video
surveillance cameras, motion and temperature detectors, and continuously monitoring for online intrusions.
Peoplechart stores members' health information in dedicated web servers. Peoplechart will not disclose any of the
member's personal, identifiable health information to third parties without member authorization. Our system,
however, does provide members with the ability to register new users who are third parties (such as physicians
and agents), and if the member chooses, turn "on" the ability for these third party users to register other
users who will have access to the member's personal, identifiable health information.
Any time a new user is being registered to a member's account, Peoplechart sends a notification via email to
the member and to the person who is registering the new user (if not the member) about the registration of a
new user. The notification also provides instructions for the member and the person who is registering the
new user to void or change the terms of the registration.
It is very important for our members to understand the potential risks associated with users to whom members
have granted the privilege of registering a new user who, in turn, is able to access the personal information of
the member. In particular, when our members decide to grant to other users the privilege of registering new
users (by switching the "create-new-users" default setting from "off" to "on"),
Peoplechart is limited in its ability to control against intentional or unintentional breaches to
privacy. However, inside the privilege profile table of the new user, the member or the person registering the
new user can select for certain type of information to be kept private.
There may be times when we are legally required to release member information in order to comply with a
search warrant or court order, but in such cases we will notify our members that we are doing so unless it
would violate the law for us to do so.
We may give access to member's information on an as-needed basis from time to time to our employees and
contractors who are directly involved with the maintenance or upgrading of our servers and for the purpose
of handling and processing requests for medical record collection as authorized by our members. Our
employees and contractors with access to our databank must sign confidentiality clauses relating to the
disclosure and use of personal health information and are required to follow strict operating guidelines
to protect the confidentiality and security of the information.
Sharing of Information
Our members have the ability to limit user access to their personal health information or to exercise
the need for complete privacy when desired. Once a member decides to share information with another
person by registering the person as a new user, an email notification is sent out to both the member
and the user. This way, the member has a chance to void or edit the action associated with a particular
user. A member can exercise several methods of sharing information with registered users of the member's
account (part of the member’s designated "care community") or with people who are not registered as users
and only interact with our member outside of the Peoplechart system:
Internal-to-Internal Information Sharing (Within Same Server Computer)
Features are controlled by default settings that can be turned on/off by the member for each authorized user
at any time.
- Select which documents can and cannot be shared
- Create/add new users to the member's care community for online access
- Control type and scope of access by turning on or off certain features (privileges) for each authorized
user of each member's account
- Control start time and duration of account access for each authorized user of each member's account
- Create and assign specific documents, folders, and reports to specific user(s)
- Attach document/report to an internal message (within same server) sent to user
Internal-to-External Information Sharing (Server Computer to External Device)
Features are controlled by default settings that can be turned on/off by the member for each authorized
user at any time.
- Fax information directly from member's account to an external fax machine
- Download information into password-protected and encrypted file that can be zipped and stored in portable
device (CD-ROM or USB memory device)
- Pre-define scope of information disclosure for emergency situation when member cannot communicate
Limitations on Security and What Happens if Security Breach Occurs
Peoplechart has not experienced any security breach since the company was founded in 1999. However, there is
always some risk that an unauthorized third party may find a way to thwart our security systems and methods. Our
members must always weigh the advantages of convenience with the potential risks and compromise to systems
security. Should our members discover or suspect that a breach has occurred, we ask that they notify Peoplechart
immediately at our toll-free number (888) 779-8879.
Once the breach is determined to be valid, Peoplechart will notify the members-at-risk of the investigation's
findings including the source, scope, and nature of the breach. With member permission and help, Peoplechart will
take action steps to limit the damage from the breach; to address the issues at hand; and to set up preventive
measures for reducing the reoccurrences of such risks in the future.
Please review more details about our efforts to investigate and address security issues in section "What
Happens if a Security Breach Occurs" as part of the Security Overview link provided on the bottom of each page
of our public website.
Cookies are small computer files we transfer to a user's computer hard drive that allow us to label the
user (although it does not identify the user by name unless the user has provided our site with that
information or set up its browser preference to provide this information). The cookies let us know how
often someone visits our site and the activities they conduct while on our site.
We do not use permanently stored cookies on our members' computers for many reasons, including our
members' concerns about potential privacy misuse. Our server software uses temporary "per-session" cookies
on our members' pages to ensure proper display of user interface features. Each of the many simultaneous
member and visitor sessions are correctly and securely handled without requiring members to log in multiple
times during an active session.
We track user requests, inquiries and traffic patterns as part of our own internal monitoring of patterns
or usage. During the period a user is logged onto our website, we document the activities through an Audit Trail, a
product feature we provide our members for tracking and reporting activities in their accounts.
Peoplechart provides links for software downloads (such as Acrobat Reader) to view the clinical record
pages and reports in PDF format (in our Member-Only website). We also provide an online Health Encyclopedia
from a certified third party.
External web site links provided on our site are only for the convenience of our members and do not constitute
an endorsement by us. Do not act or rely on any information on such sites, or linked to such sites, without seeking
the advice of a professional.
Destruction of Hard Copies of Medical Records
Peoplechart will continue to store the paper copies of the medical records received from our members or
their healthcare providers for a period of three months after posting them to your account online. Peoplechart
can also mail the hard copy of the medical records to the member at the member's request. If no request for the
hard copy is received, Peoplechart will shred the medical records.
Membership Discontinuation and Destruction of Medical Record Electronic Copies
When a member decides to discontinue subscription with Peoplechart, we will continue to store
electronic copies of the member's information in our system archives until explicitly instructed by the member
in writing to delete all traces of information from archive files. Note that at any time, our members can
download a password-protected and encrypted copy of their medical records and personal health information
onto a portable device (such as a memory stick or CD-ROM) so that they can take the information with them
wherever they go. Of course, members can also choose to store a copy directly in the hard drive of their
personal computer and/or print a hard copy directly from their account at any time.
Communications with Members
Peoplechart will occasionally send its members general, unsecured, and unencrypted emails
to notify and verify certain changes in their account made either by the members themselves
or by other authorized users. We will keep disclosure of personal identifiable information
in these emails to a minimum. Sometimes, however, the purpose of the email might require
certain identifiable information to be disclosed in order for the content to be helpful or
actionable to the recipient. Peoplechart may send email notifications or alerts to our members
for the following reasons:
- Confirmation of successful registration
- Status update on medical record collection process
- Users added or removed in care community
- Folder access privilege turned-on
- Provider referrals made
- Incoming message received in account
- Reset of password or security question & answer
- Reminders for user action or response
- Alerts when certain clinical parameters or conditions are met
Under no circumstance would Peoplechart communicate or confirm user
login and password credentials via unencrypted email.
Information Collected About Our Members
We occasionally collect demographic information about our members to help us identify which groups
are using our services and how we can best serve them. This information is always anonymous and is collected
in aggregate or in groups, so no individual or specific information is shared. For example, we track which
age groups are subscribing to Peoplechart, and whether men or women are more likely to sign up. We will not
sell or rent our member identities and will not release a member’s password or user ID. Moreover, any of our
personnel who have authorization to access the database cannot recognize the real password information
because it is stored in encrypted format.
Each member is responsible for the security of his or her password and agrees to take reasonable
measures to ensure that no unauthorized person obtains it. Each member agrees to advise Peoplechart
if he has reason to believe his password or user ID has been obtained by an unauthorized person. In
such cases, Peoplechart will deactivate the member’s account until a new password and user ID is assigned.
In the event a user forgets their password, they are advised to follow the 'forgot password' process,
which includes providing the correct answer to the security question that they chose during account
registration. If the user has forgotten the answer to their security question, they could contact
Peoplechart to reset their security question. When they call, they must be able to confirm their
identity by answering several personal or account-related questions for a security check.
Changes to Our Privacy and Security Policy
When we change our privacy or security policy, we will post these changes on our public website under
the respective section headers (privacy or security policy). We will also inform members of our changes
via email notifications, so that members are always aware of how we collect, store and safeguard their
information and under what circumstances
we disclose it.