Our lawyers made us do it.
- What personally identifiable information is collected by HealthPrize or by any third party through our site or services
- How HealthPrize uses this information
- With whom HealthPrize may disclose this information
- What choices are available to you as a user of HealthPrize services with respect to collection, use and distribution of the information
- What types of security procedures are in place to protect the confidentiality and integrity of information under our control
- How you can correct any inaccuracies in the information.
Personal Health Information (“PHI”)
Personal Health Information (or PHI) is information that we collect about you that can be used to identify or contact you, as well as other personal data, including, but not limited to, your medical condition and prescription medications. While some of the PHI provided by you or collected by us in this Site may be health information, HealthPrize is not subject to the Privacy and Security Rules applicable to a “covered entity,” as defined at 45 C.F.R. § 160.103, under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HealthPrize may, however, be subject to some of the HIPAA rules and regulations as a “business associate” of a covered entity and will comply with such rules and regulations under those circumstances. Even though HealthPrize may not be subject to the HIPAA Privacy and Security Rules, it is our policy to maintain the privacy and security of your PHI in accordance with industry best practices and the mandates of HIPAA.
Information Collection and Use
HealthPrize collects information on the Site at three different stages: anonymous information, subscription and registration profile, and through surveys and quizzes.
- A. Anonymous InformationWe collect anonymous, aggregate information (such as domain name or IP address) from all visitors to the Site. This type of information is never linked to any personally identifiable information and is only used for internal Purposes to help us improve your user experience, including generating statistical reports about the use of our Site.
As an example, HealthPrize may use “cookies” and/or “web beacons” to collect non-personal information about your use of our website or emails we send you. Cookies are small computer files that we transfer to your computer’s hard drive that allow us to know how often someone visits a website and the activities they conduct while on that website. Your Internet browser software can be set to reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies. If you reject our cookie, certain functions and conveniences of our website may not work properly but you do not have to accept our cookie in order to productively use our website. Web beacons are tiny graphic image files imbedded in a web page or email that provide a presence on the web page or email and send back information from the user’s browser to its home server. The information collected by cookies and web beacons allows us to statistically monitor how many people are using our website or opening our emails.
- C. Surveys and QuizzesOn a regular basis HealthPrize may request information from you via surveys and quizzes. Participation in these surveys is completely voluntary, and it is your choice whether or not to disclose your information. The requested information typically includes contact information (such as name and email address) and demographic information (such as gender and age).
Personal information is not shared with third parties, unless we give you prior notice and you are given the opportunity to
opt out of such information sharing programs.
Personal Information of Children Under 18
HealthPrize complies with the requirements of the Children’s Online Privacy Protection Act (COPPA) and the FTC’s Rule interpreting COPPA (16 CFR § 512). This Site is not directed to children, and we do not knowingly collect any personally identifiable information from children under 18 years of age through this Site.
Disclosure of Your Personal Information
Unless we receive your permission, HealthPrize will not sell, rent, or share PHI or other personal information to or with any third party not affiliated with or owned by HealthPrize, with the following exceptions:
- Provision of Service: HealthPrize may disclose your PHI or other personal information with third parties to provide you with a product or service that you have requested from us.
- Covered Entities: HealthPrize may disclose your PHI or other personal information to a “covered entity,” as defined at 45 C.F.R. § 160.103, under HIPAA, if necessary to comply with a business associate agreement, as defined at 45 C.F.R. § 160.103, entered into by HealthPrize with a covered entity.
- Use and Disclosure of Aggregate Information:We may store information that we collect through log files to create a profile of our users. Log files record Internet protocol (IP) addresses, browser types, Internet service provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks to analyze trends, administer the Site, track a customer’s movement in the aggregate, and gather broad demographic information for aggregate use. IP addresses, etc., are not linked to personally identifiable information. A profile is stored information detailing how individual customers use the Site.
HealthPrize may provide to third parties, including to our corporate sponsors, nonpersonal information about you in a profile that does not allow you to be identified or contacted and that is combined with the nonpersonal information of other users (“Aggregate Information”). For example, we might inform third parties regarding the number of users of our website and the services they utilize while on our website. Depending on the circumstances of each instance, we may or may not charge third parties for this Aggregate Information. We also may not limit the third parties’ use of the Aggregate Information, except that we do require third parties to whom we disclose Aggregate Information to agree that they will not attempt to make this information personally identifiable by combining it with other databases or otherwise.
Disclosure of Personal Information As Required By Law: We will disclose PHI or other personal information when required by law, or if we have a good-faith belief that such action is necessary to (a) comply with a current judicial proceeding, a court order or legal process served on us, (b) protect and defend our rights, (c) protect the rights, property, and other interests of our users or others, or (d) if necessary to avert a serious threat to a user’s or another’s health or safety.
HealthPrize maintains administrative, physical, and technical safeguards to reasonably and appropriately protect the confidentiality, availability, and integrity of your PHI and other personal information. HealthPrize is fully compliant with all of the security requirements of HIPAA and conforms to the HCFA Internet Security Policy. For example, we maintain data in secure locations with access limited to authorized personnel, and all of our employees are kept up-to-date on our security practices. We delegate the task of physically safeguarding our repository of user data to our outsourced data center. Although we encrypt sensitive data, such as PHI and other personal information, using SSL or VPN whenever it is transmitted over the Internet, we cannot completely ensure the privacy of email communications to and from our Site because they are not encrypted and, therefore, not secure.
Given the nature of the Internet and the fact that network security measures are not infallible, we cannot guarantee the security of your information. We maintain notification procedures as part of our information security policy, to be used in the event we become aware of a material data security breach. If we are required to provide notice to you of a data security breach, the notice will be provided in electronic form at the email address you have provided to HealthPrize.
Compliance with our security policies is periodically audited, and we continually assess the adequacy of, and where appropriate improve, our security controls and procedures. HealthPrize employees and our third-party service providers must abide by this policy, and those who violate it are subject to corrective action, up to and including termination of employment or other legal action as permitted by law.
When registering for access to a secure area of the Site, we will ask you to select a username and password. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, remember to sign out of the registered Site and close your browser window when you have finished your work. This is to ensure that others cannot access your personal information and correspondence when accessing your computer.
If you have any questions about the security at our Site, you can send a message to member support at firstname.lastname@example.org.
Correcting, Updating, and Deleting Personal Information
Users are able to self-administer key privacy settings via the website in order to keep their PHI and other personal information private. You can always contact us to delete any of your PHI or personal information from our systems (which may result in a termination of service) or if your personal information on the website is incorrect. We will make the requested correction or deletion within two (2) business days.
Notification of Changes
HealthPrize Technologies, LLC,
20 Marshall Street, Suite 220,
Norwalk, CT 06854