PRIVACY NOTICE FOR PATIENT FACING APPLICATIONS
Table of Contents
- What information do we collect?
- How do we use your information?
- Sharing your information
- Data retention
- Security of information
- Electronic communications
- Third Party Platforms
- Contact information
- How to send us your feedback
Because the information we collect under this Privacy Notice is regulated by HIPAA, it may be exempt from certain U.S. state privacy laws like the California Consumer Privacy Act. You may contact us if you have questions about these exemptions.
Any unauthorized registration for, access or use of our Services, client accounts or Third Party Platforms is strictly prohibited.
What information do we collect?
In accordance with our agreements with your healthcare provider, we may collect your information in the following ways:
- We collect information you provide us if you access, voluntarily enter information into, or sign up for or request our Services. The information we collect directly from you may include your name, email address, date of birth, contact information, health insurance carrier and plan, phone number(s), information related to your healthcare provider, medical information you provide to us, information related to your payment, and information related to family members and other individuals who are associated with your account.
- You may also have the option in certain instances to enter additional information in free text fields so that, for example, your healthcare provider can manage your requested services or visit.
- When you visit the websites or interact with any mobile applications or use our Services, we may gather certain information about your visit/use of the Services and your device. The information we automatically collect includes data about your device (for example, device ID, browser type), language preferences, IP address, information about when you accessed or registered, modified, logged in/out of the Services information related to actions taken on the site and information related to your operating system. We may also collect information that allows us connect the devices that you use to connect to the Services (such as your cell phone and your computer).
- We may also collect information related to your use of the Services, including any permissions you set, authorizations you provide (including authorizations and information related to any third party platforms you use or access through your accounts), your language and communication preferences, security related information (such as your account credentials, of failed login attempts, timeouts, past passwords, security questions for identity or account validation, number and frequency of username or password resets, and access attempts), and geolocation information.
In addition, we may collect other information as permitted under applicable law or our agreements with your healthcare providers.
How do we use your information?
In general, we use your information only in accordance with HIPAA and our agreements with your healthcare provider. This includes, for example:
- To provide, enhance, secure, support and improve the Services we provide to you and your healthcare provider. This includes to communicate with you in connection with the Services as well as communications related to new features, feedback requests, technical notices and administrative messages;
- For data analysis, internal management/operations, audits, and compliance with all applicable laws, regulations, and law enforcement requirements;
- To enable cross-device/cross-context tracking for your log in with athena (“LWA”) account;
- To fulfill or meet the reason you provided the information, such as registering you for the Services; and
- To plan and execute security and risk control measures, like fraud and abuse detection and prevention for athenahealth or your healthcare provider.
We may also de-identify and/or aggregate your data for business purposes in accordance with our agreements with your healthcare providers. We de-identify protected health information in accordance with the HIPAA expert determination method and/or the safe harbor method.
Sharing your information
In general, we share your information only in accordance with HIPAA and our agreements with your healthcare provider. This includes, for example:
- With your healthcare provider in the context of providing the Services to your healthcare provider as well as to comply with the contractual obligations we may have to your healthcare provider;
- With our third-party vendors, consultants, agents, or other service providers or other third parties we use to help us provide or improve the Services;
- With third parties that your healthcare provider has directed us to share your information, such as in accordance with your authorization or request;
- That you consent to or direct us to send/receive information to/from pursuant to our agreements with your provider;
- When we are complying with laws or responding to lawful requests and legal processes or responding to an emergency situation;
- When we believe it is necessary to protect our rights and the security of the Services, to protect the rights and security of our customers or partners, to avoid liability, and to avoid violations of the law; or
- In connection with or during negotiation or consummation of any merger, divestiture, restructuring, reorganization, financing, acquisition, or bankruptcy transaction or proceeding involving sale or transfer of all or a portion of our business or assets to another company.
We may have the right under our agreements with your healthcare provider to de-identify data in accordance with HIPAA. We may sell or disclose such de-identified information to third parties.
Most internet browsers accept cookies by default. You can block cookies by activating the setting on your browser that allows you to reject all or some cookies. The help and support area on your internet browser should have instructions on how to block or delete cookies. Some web browsers (including some mobile web browsers) provide settings that allow you to control or reject cookies or to alert you to when a cookie is placed on your computer, tablet or mobile device. Our Services are not currently designed to recognize if your browser sends a “do not track” signal or similar mechanism to indicate you do not wish to be tracked or receive interest-based ads.
We retain your information for as long as permitted under our contracts with your healthcare providers or as needed to comply with our legal obligations, to resolve disputes, and to enforce our legal rights, policies, terms and agreements.
Security of information
We use technical, administrative, and physical safeguards designed to protect the security of your information from unauthorized disclosure. However, security cannot be guaranteed against all threats.
In connection with your accounts created through your use of the Services, athenahealth may need to send business, informational, support and security related messages (whether texts, alerts or calls) to all telephone numbers, including cellular numbers or mobile devices, you choose to provide on your accounts. You agree such texts or calls may be pre-recorded messages or placed with an automatic telephone dialing system. In addition, you agree that athenahealth may send service or account related text messages to cellular phone numbers you provide to athenahealth, and you agree to accept and pay all carrier message and data rates that apply to such text messages.
If you choose to provide an e-mail or other electronic address on your account, you acknowledge and consent to receive business and informational messages relating to your account at the address, and you represent and warrant that such address is your correct address and is not accessible or viewable by any other person.
Third Party Platforms
The Services may include links to or information about websites, applications, products, services, and solutions that are operated by third parties “Third-Party Platforms”). We do not control and are not responsible for Third Party Platforms or any information you may share with, or access from, any Third-Party Platforms.
We reserve the right to amend this Policy, including but not limited to the California Privacy Rights Notice above, at our discretion and at any time. When we make changes to this Policy, we will post the updated Policy on the website and update the Policy's effective date. Your continued use of our website following the posting of changes constitutes your acknowledgment of such changes.
You may contact us by:
- Calling us at 888-807-2076
- Completing the form at www.athenahealth.com/consumer-privacy-request
- Via mail at:
Attn: Chief Compliance Officer
311 Arsenal Street
Watertown, MA 02474
How to send us your feedback
Our goal is to respect your privacy and we encourage user feedback to help us improve our privacy policies. If you have any questions or suggestions about this privacy statement or our processing of your personal information, please contact us at the methods listed above.
LAST UPDATED: TBD