WEBSITE PRIVACY POLICY
Protecting What Matters to You
Patient Portal - Privacy Policy: Your Privacy Rights
Table of Contents
Scope and purpose of this policy
What information do we collect?
How do we use your information?
Sharing your information
California Residents
Updates to this privacy policy
Our data protection and security policy
Key terms
Our Contact Information
Date Last Updated: January 1, 2020
Scope and purpose of this policyThis privacy policy (the “Policy”) describes the practices of the Patient Portal (the “Portal”) with regard to information about you that we obtain through your use of the Portal, in our capacity as a Business Associate to your health care provider, which is a Covered Entity under the Health Insurance Portability and Accountability Act (“HIPAA”). The Portal is an Internet service, powered by athenahealth, Inc. (“athenahealth,” “us,” or “we”), which allows patients and other authorized users to coordinate and manage their medical care with their health care providers, including, for example through electronic communications, access to health records, appointment scheduling, prescription requests, and bill payment processes.
This Policy applies to information we collect through the Portal and how it is used.
Our Portal Terms of Use also apply to your use of the Portal. Additional specific privacy policies, terms and agreements may also apply to any particular websites, applications, products, services, and solutions you use, whether through the Portal or otherwise, including policies, terms and agreements for: our main website www.athenahealth.com; our athenahealth platforms (e.g., athenaCollector, athenaClinicals, athenaCommunicator, athenaCoordinator, athenaNet etc.); our athenahealth product offerings (e.g., Epocrates); and any of our other websites, products, services, solutions or applications, collectively, our “Services”. If you use the Portal to access or share data with such Services or any websites, applications, platforms, services, solutions or portals of any third parties (including, but not limited to, any other patient portals offered by any healthcare provider(s)) (each, a “Third Party Platform”), the privacy policies, terms and agreements of such other Services and Third Party Platforms will apply to your use of such Third Party Platform. We do not control and are not responsible for Third Party Platforms or any information you may share with, or access from, any Third Party Platforms, whether using the Portal or otherwise. This Policy also does not apply to the data sharing and privacy practices of your health care provider; when you use the Portal, you are also subject to the separate privacy notices and policies of your health care provider. We do not control and are not responsible for the privacy practices of your health care provider.
The Portal is not intended for use by anyone outside of the United States.
Any unauthorized registration for, access or use of the Portal, our Services, client accounts or Third Party Platforms is strictly prohibited.
Return to top
What information do we collect?Information you provide us:When you register for the Portal, we may ask you to provide the following information on behalf of your health care provider:
First name, Last name, Date of Birth, gender, email address, and phone number(s). If you are a caregiver registering for the Portal, we may also ask for your first and last name, identification of the nature of your relationship with the patient and information regarding access to the Portal
Information we automatically collect from your use of the Portal:
We access cookie technologies on your computer to improve Portal users' experience, including but not limited to: storing user session IDs and enabling "remember me" functionalities for simplified log-in procedures on trusted devices as well as language preference details to facilitate viewing of the Portal.
We may automatically collect information (and may store it in our server logs) regarding your use of our services and the content you viewed. This information may include: your IP address; device specific information about the device you used to access the Portal; the patterns of searching and browsing that preceded access to the Portal; and the patterns of searching and browsing on the Portal in order to improve our services and for security purposes.
The Portal does not respond to web browsers' Do Not Track signals.
Return to top
How do we use your information:We may use your information for the following purposes on behalf of your health care provider, including but not limited to:
For purposes of making the Portal available for your use;
To allow you and any other users you authorize to coordinate and manage your medical care with your health care providers, including, for example through electronic communications, access to health records, appointment scheduling, prescription requests, and bill payment processes;
To respond to your inquiries and fulfill your requests;
To inform you about relevant and important information about the Portal, communications from your provider, updates to terms, conditions, and policies, and other relevant administrative changes and information relating to the Portal;
To share information with you or authorize our customers and partners to share information with you, about relevant services or products we think benefit to you;
For athenahealth's business purposes on behalf of your health provider, including but not limited to, enhancing the functionality of the Portal, data analysis, audits, and to comply with all laws, regulations, and law enforcement requirements;
To pull requisite data to adhere to government incentive programs, including but not limited to, your health care provider's achievement of government quality programs through their engagement with the Portal.
To inform you of the opportunity to participate in online surveys, other forms of market research, sweepstakes, and other similar promotions, and to administer these activities;
To plan and execute security and risk control measures, like fraud and abuse detection and prevention for athena or your health care provider;
We may de-identify and aggregate your data, for business purposes in accordance with our agreements with our HIPAA Covered Entity Clients (healthcare providers);
We track the number of visitors using certain portions and features of the Portal to make any necessary changes to improve the proper management and administration and functionality of the Portal;
Return to top
Sharing your information:We share your information with our HIPAA Covered Entity clients who provide you with services, including medical groups, practices, hospitals, health systems, and physicians, specialists and staff;
We share your information with third parties that you consent to or direct us to send/receive information to/from;
We may share your information with our third party vendors, consultants, agents, and other service providers with whom we contract as a Business Associates under HIPAA to help us provide or improve the Portal. For example, we may work with companies to host and maintain our data, website or mobile application properties, analyze our data or provide marketing assistance;
We may disclose your health information to third party vendors in accordance with HIPAA requirements and your providers' internal privacy practices. For further details regarding these requirements, refer to the HIPAA Privacy Rule at 45 C.F.R. section 164.506;
We will disclose your information when:
You have given us your consent to share or use information about you;
We believe that we need to share information about you to provide a service that you have requested from us or from your provider;
We are complying with laws or responding to lawful requests and legal process or responding in an emergency situation;
We believe it is necessary to protect our rights and the security of our Portal, or the rights of our customers or partners, or to avoid liability or violations of the law; or
We may also disclose your information in connection with or during negotiation of any merger, financing, acquisition or bankruptcy transaction or proceeding involving sale or transfer of all or a portion of our business or assets to another company.
Return to top
California ResidentsAs described above, the information we collect through the Portal is HIPAA protected health information or otherwise covered by the California Confidentiality of Medical Information Act. Therefore, our practices with respect to the Portal are exempt from the California Consumer Privacy Act (the CCPA).
Updates to this privacy policy:athenahealth reserves the right to make periodic updates and revisions to this Policy. Your use of the Portal after we make changes is deemed to be acceptance of those changes. Please check periodically for updates. To the extent required by applicable law, we will also attempt to notify you by email or other method when we make material changes to this Policy.
If you have any specific questions about the Patient Portal website privacy policy, please contact us at portalprivacypolicy@athenahealth.com. Patient Portal support requests (e.g. trouble logging in, password assistance, access to family members information etc.) or general questions about the Portal should be directed to your medical provider or their office staff by signing into the Patient Portal and sending a secure message or calling your medical provider's office. athenahealth is unable to respond to general support inquiries sent to this email address.
Return to top
Data protection and security policy:We have implemented technical, administrative, and physical safeguards, which are designed to protect your information from unauthorized use and access. These safeguards are intended to secure our system and meet our obligations under the HIPAA Security Standards Final Rule, as well as CCHIT Meaningful Use Security Requirements to specifically protect electronic health information created or maintained by our certified Electronic Health Record technology, and other applicable laws and regulations.
You may not assign or transfer your Portal account or share your Portal login, password or any other credentials with any other person without our consent. Please notify us immediately if you believe the security of your Portal account may have been compromised.
Return to top
Key Terms:COOKIES: Cookies are small amounts of text files that are sent from a website to your computer's browser when you visit the site. These cookies are then stored in files within your computer's browser. Web sites can access only the cookies that they have stored on your computer. For example, if the Acme Computer Company stores a cookie on your browser, Acme may access its own cookie to improve the user online experience, but it could not access any cookies belonging to another company. For every future time you access the website, your browser sends the cookie back to the server, which notifies the website of the user's previous activities on the website. Thus, cookies serve several useful purposes, like letting you navigate between pages more efficiently, saving your preferences, and enhancing your user experience with the website.
INTERNET PROTOCOL (IP) ADDRESS: An IP Address is a numerical label separated by periods that identifies every device (e.g., computer, printer) that participates in a network. IP addresses allow these devices to communicate with one another and transmit relevant information.
Return to top
Our contact information:If you have any questions about this Policy or any other aspects of your privacy with respect to athenahealth (including our processing of your personal information), please contact us at: athenahealth, Inc., Attn: Chief Compliance Officer, 311 Arsenal Street, Watertown, MA 02472.
Close