HEALTH INFORMATION PRIVACY NOTICE
(Last revised: April 28, 2017)
- Purpose of this Notice. CanSurround offers the Services, a mobile and Web-based platform that provides integrated services to support the reduction of psychosocial distress in the cancer experience for both patients and those caring for patients. The Services are available on-line at the CanSurround Website (the “Website”), as well as through a mobile browser on a phone or tablet (the “Mobile Site” and together with the Website, the “Site”). Through the Site, CanSurround may maintain health information about you that includes your name and information about your condition and treatment that you choose to provide on the Site (“Health Information”). Such Health Information may be obtained from you when you register as well as from your authorized Supporter Users. As used herein a User may be (1) a patient (“Patient”) or (2) another individual who is a caregiver or supporter of a patient (each, a “Caregiver” or “Supporter” and together with a Patient, each a “User”).
When you use the Site our servers automatically record information that the Site collects or that the Mobile Site sends from your device. The information automatically collected by the Website and sent by the Mobile Site is referred to as “Usage Data.” Usage Data may include information such as the manufacturer and model of your mobile device; your Internet Service Provider (ISP); your device’s Internet Protocol (IP) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; portions of the Website or Mobile Site you use, the time spent interacting with certain portions of the Website or Mobile Site, information you search for using the Website or Mobile Site, access times and dates; and other statistics. Usage Data may be non-identifying or it may be associated with you. Whenever we associate Usage Data with Health Information, we will treat it as Health Information.
This Notice applies only to the Site. This Notice does not apply to any products or services (including websites and software) managed, maintained, or hosted by third parties not directly affiliated with CanSurround that you may visit, e.g., via a link provided through the Site. CanSurround does not control the privacy policies of other products or services to which we may provide hyperlinks. We encourage you to learn more about the online privacy and data security policies of third party websites directly from such third parties, as their policies may differ from ours.
- Collection of Health Information and Usage Data.
Please note that if you use any bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered by CanSurround , or post any information available for viewing by other Supporter Users that you invite, any of the information that you share will be visible to other Supporter Users that you invite. The information that you make available can be read, used, and collected by other Supporter Users to send you unsolicited messages outside of the Site. CanSurround is not responsible for the manner in which the information that you decide to share will be used by other Supporter Users.
Collection of Usage Data. Usage Data are collected automatically by the Website and Mobile Site. You agree that we may collect and use technical data and related information, including technical information about your device, system and application software, and peripherals, to facilitate the provision of software updates, product support and other services to you related to CanSurround.
Additionally, in some of our email messages, CanSurround may use a “click-through URL” linked to content on a server operated by or on behalf of CanSurround. When a User clicks onto one of these URLs, the User will pass through our server before arriving at the destination Web page. CanSurround tracks this click-through data to help us determine User interest in certain subject matter and measure the effectiveness of these User communications. You can avoid being tracked in this way by not clicking text or graphic links in emails from CanSurround.
Finally, we may use clear gifs or pixel tags, which are tiny graphic images, in order: (i) to advise us of what parts of the Site Users have visited, (ii) to measure the effectiveness of any searches Users perform, and (iii) to enable us to send emails in a format that Users can read and tell us whether such emails have been opened in order to ensure us that we are sending messages that are of interest to Users.
Tracking. Some browsers may be configured to send Do Not Track signals to websites, or Users may use similar mechanisms, to indicate a User’s preference that certain web technologies not be used to track the User’s online activity. The Site does not accept or process such Do Not Track signals or similar mechanisms. Additionally, CanSurround does not “track” Users online activity across different websites when accessing the Website.
- The Use and Disclosure of Health Information for Treatment. We will not disclose your Personal or Health Information to any third party for purposes related to your medical treatment. The Site may provide you with information regarding health-related benefits and services that may be of interest to you.
- Use and Disclosure of Health Information Without Your Permission. In some situations, we are required or permitted to use or disclose your Health Information without obtaining your consent or authorization. Here is a list of some of these situations:
In a form that does not identify you. We may use or disclose information about you if it is in an anonymized statistical or summary form that does not identify you.
To our subcontractors. We may disclose your Health Information to our subcontractors, such as those that assist us with our Site. We have contracts with each of our subcontractors that require that they protect your information.
As required by law. State, federal and local laws permit or require certain uses and disclosures of Health Information such as to track events. We will only use or disclose your Health Information to the extent the law requires.
To the government for public health activities, health oversight activities and law enforcement. We may be asked or required by law to divulge Health Information to a public health authority such as to track product usage or for health oversight activities such as government inspections. Police and other law enforcement agencies may seek Health Information from us for law enforcement purposes. We may release this information to law enforcement under limited circumstances, for example, when the request is accompanied by a subpoena.
For judicial and administrative proceedings. We may disclose Health Information as required by a court or administrative order, or in some instances pursuant to a subpoena, discovery request or other legal process.
For research purposes. We may be approached by researchers to provide Health Information for research purposes. On some occasions, we may only provide such information with special waivers and permissions from you.
To avert a serious threat to health and safety or for disaster relief efforts. We may use or disclose your Health Information to avert a serious and imminent threat to the health and safety of an individual or for disaster relief efforts.
Included in business transfers. CanSurround may buy, sell, or share assets in connection with, for example, a merger, acquisition, reorganization, sale of assets, or bankruptcy. In such transactions, information about Users generally is often a transferred business asset. In the event that CanSurround itself or substantially all of CanSurround’s assets are acquired, information about our Users may be one of the transferred assets.
- Individual Rights. You have certain rights with respect to your Health Information. If we do not agree to a request by you with respect to your Health Information, please consult the Privacy Officer whose contact information is at the end of this Notice.
Restrictions. You have the right to request in writing that we do not disclose certain information about you. We do not have to agree to any restriction that you request. To request a restriction, please contact the Privacy Officer.
Confidential Communications. You have the right to request in writing that we restrict the way in which we communicate information regarding your health and health care services, such as sharing your Health Information with Users authorized by you. We will use reasonable efforts to accommodate your request.
Access. You have the right to inspect and copy most of your Health Information maintained by us. Normally, we will provide you with access within 30 days of your request. We may charge a reasonable copying fee. In certain limited instances, we may deny you access.
Amendment. You have the right to request that we amend your written Health Information. For instance, you can request that we correct an incorrect delivery date in your records. We will generally amend your information within 60 days of your request, and will notify you when we have amended your information. We can deny your request in certain circumstances, such as when we believe that your information is accurate and complete.
Accounting. You have the right to request an accounting from us of certain disclosures made by us. We will generally provide you with your accounting within 60 days of your request.
Paper Notice. You may obtain a paper copy by contacting the Privacy Officer.
- Our Obligation to You; Breach. We will maintain your Health Information based on best industry practices, as required by law, and in compliance with this Notice. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. For example, we use security measures such as encryption, firewalls, and secure socket layers (SSL) to protect User information. If your Health Information is breached (hacked or disclosed as a result of a transmission error) we will notify you as required by law.
- Complaints. If you believe that any of your rights with respect to your Health Information have been violated by us, our employees or agents, please communicate with the CanSurround Privacy Officer at:
Chief Privacy Officer
If we are subject to the Health Insurance Portability and Accountability Act (“HIPAA”), you may also contact the Secretary of the U.S. Department of Health and Human Services. Under no circumstances will we take any retaliation against you for filing a complaint.
- Amending this Notice. We reserve the right to revise this Notice and to make the revised Notice effective for all Health Information that we created or received prior to the effective date of the revised Notice, but in the event we do so, we will request your consent to any such revisions. Copies of a revised Notice will be available at our offices, and questions may be addressed to the Privacy Officer whose contact information is above. This Notice will be promptly revised if there is a material change to a policy described herein.