Privacy Policy
We are committed to protecting the privacy and security of our members’ health information within our control.
These Terms and Conditions explain how we transmit and store health information, what choices we give our
members regarding the access to the information, what measures we take (and certain limitations on our
ability) to safeguard and protect the privacy and integrity of the information we store, and what “cookies
are and how they are used.
Access to Information We Collect
We give our members options for granting or limiting access to their health information based on a member’s
comfort level — balancing a member’s need for adequate disclosure in a medical emergency situation with the need
for full confidentiality when desired. Access levels range from a complete set of privileges typically assigned
to a member to very limited access. A member may change or discontinue access at any time for any user.
We store your health information on dedicated web servers. Peoplechart will not disclose your personal,
identifiable health information to third parties without your authorization. However, our system does provide
our members with the ability to create new users who are third parties (such as physicians and agents) and
give these users rights (privileges) to be able to create other users and grant them access to your personal
health information.
Though we do notify you through email notifications that such re-disclosure has occurred in the creation of
a new user, it is still important for you to recognize the potential risks associated with users whom you have
granted the privilege of creating new users to access your information. It’s also important for you to know that
when the setting for the privilege of creating new users are explicitly activated by you (from a default setting
of "off" to "on"), Peoplechart is unable to control re-disclosure risk.
There may be times when we are legally required to release your health information in order to comply with
a search warrant or court order, but in such cases we will notify you that we are doing so unless it would
violate the law for us to do so.
We may give access to your health information on an as needed basis from time to time to our employees and
contractors who are directly involved with the maintenance or upgrading of our servers and for the purpose of
handling and processing requests for medical records authorized by you. Our employees and contractors with
access to our databank must sign confidentiality clauses relating to the disclosure and use of personal health
information and are required to follow strict operating guidelines to protect the confidentiality and security
of the information.
Measures we take to safeguard and protect members’ information
Peoplechart has implemented security measures to protect against the loss, misuse and alteration of the
health information under its control. Peoplechart patent-approved method for security system is designed to
protect personal health information at all times. It combines the use of state-of-the-art firewall security
with SSL encryption technology, login credentials and user verification process, email notifications, an
extensive audit trail, multiple levels for assigning access rights to new users, and strict operational
policies.
Our web servers use encryption technology to ensure private and authenticated communication between
two parties. All members identifying data stored in our secured off-site database and in the web server
is value-level encrypted across all database fields. Also, all information transmitted to and from the
Peoplechart server to the user’s web browsers is encrypted by SSL and receives the highest level of
authentication issued by Thawte™. Our system is capable, depending on the member’s browser capability,
of up to 256 bit encryption for data transfers. The encrypted login credentials are not accessible by
our personnel. Access to our databases is protected by physical storage plant security including video
surveillance cameras, motion and temperature detectors. Our servers are continuously monitored for
intrusions. To minimize exposure to "hackers", two options are deployed by Peoplechart:
- First, the Session ID method enables a member’s records to be stored securely off-line until a
valid session ID is set by the user. Session ID specifies the start time and duration of access to our
web-based system by the user — where once verified, a patient’s records are then transferred from the
backend server to the on-line server for access. The Session ID is also a login credential, where the
number must be valid and accurately typed. Session ID is only good for a limited period of time. Once
a session ID expires, the records are no longer available on-line until the user secures a new Session
ID. This method is optional for organizations that prefer to minimize number of login credentials.
- The other method is Access Duration. This is a setting inside each member’s account (versus
system-wide). It sets the start time and duration of access between each user and a patient’s account.
This is a setting used to control the length of time for access to a specific patient’s account. Even
if a new or existing user correctly enters all of the login credentials, the user is only allowed to
access the account when the length of access is turned on and active (valid Access Duration) — by the
inviter or the patient. A member can override (or change) the length of access for any user assigned
to the patient’s Care Community (including organizational staff).
Limitations on Security
There is always some risk that an unauthorized third party may find a way to thwart our security systems
or that transmissions of your information over the internet will be intercepted. Our members must always
weigh the advantages of convenience against the potential risks of security breach.
Cookies
Cookies are small computer files we transfer to a user’s computer hard drive that allow us to label the
user (although it does not identify the user by name unless the user has provided our site with that
information or set up its browser preference to provide this information). The cookies let us know how often
someone visits our site and the activities they conduct while on our site. We suggest that you review the
privacy policies from other websites to better understand how information is collected through the use of
cookies.
We do not use permanently stored cookies on our members’ computers for many reasons, including our
members’ concerns about potential privacy misuse. Our server software uses temporary "per-session" cookies
on our members’ pages to ensure proper display of user interface features. Each of the many simultaneous
member and visitor sessions are correctly and securely handled without requiring members to log in multiple
times during an active session.
We track user requests, inquiries and traffic patterns as part of our own internal monitoring of patterns
or usage. During the period a user is logged onto our website, we document the activities through an Audit
Trail, a product feature we provide our members for tracking and reporting activities in their accounts.
Peoplechart provides links for software downloads (such as Acrobat Reader) to view the clinical record
pages and reports in PDF format (in our Member-Only website). We also provide an online Health Encyclopedia
from a certified third party.
External web site links provided on our site are only for the convenience of our members and do not
constitute an endorsement by us. Do not act or rely on any information on such sites, or linked to such
sites, without seeking the advice of an appropriate professional.
Destruction of Data
Peoplechart will continue to store the hard copy of the medical records for a period of three months after
posting them online. Peoplechart can mail the hard copy of the medical records at the member’s request. If no
request for the hard copy is received, Peoplechart will shred the medical records.
Contact with Members
Peoplechart occasionally contacts members about new products and services via e-mail for account management
and service related activities, such as registration confirmation, authorization form reminders, notification
about newly created users, deleted uses, or changes of privileges for existing users, folder assignments,
provider referrals, or responses to requests for forgotten passwords or user IDs. In the event a user forgets
their password, he or she will have to follow the ‘forgot password’ process, which includes providing the correct
answer to the security question that they chose during account registration. If the user has forgotten this
information, he or she is welcome to contact Peoplechart, and must be able to confirm their identity by answering
several other personal or account-related questions for a security check.
We occasionally collect demographic information about our members to help us identify which groups are
using our services and how we can best serve them. This information is always anonymous and is collected
in aggregate form or in groups, so no individual or specific information is shared. For example, we track
which age groups are subscribing to Peoplechart, and whether men or women are more likely to sign up. We
will not sell or rent our members’ identities and will not release a member’s password or user ID. Moreover,
our personnel who has authorization to access the database cannot recognize the real password information
because it is stored in encrypted format.
Each member is responsible for the security of his or her password and agrees to take reasonable measures
to ensure that no unauthorized person obtains it. Each member agrees to advise Peoplechart if he has reason
to believe his password or user ID has been obtained by an unauthorized person. In such cases, Peoplechart
will deactivate the member’s account until a new password and user ID is assigned.
Changes to Our Privacy and Security Policy
If we decide to change our privacy or security policy, we will post these changes on our public website
under the respective section headers (privacy or security policy). We will also inform you of our changes
via email notifications, so that you are always aware of how we collect, store and safeguard your information
and under what circumstances we disclose it.