Vivacare Privacy & Security PolicyDate of Last Revision: April 30, 2007
Vivacare owns and operates the Vivacare service. The policy described below applies to policies implemented and followed by Vivacare.
This Privacy and Security Statement ("Privacy Statement") applies to information collected by Vivacare ("Vivacare"). Vivacare is committed to protecting the privacy of its users ("Users") who register to receive information from the service ("the Service") and healthcare providers ("Providers") who use the service to provide health information to their patients. We have created the following Privacy Statement to give you an overview of the types of information we collect, how the information is used and how the information is safeguarded.
A. WHO COLLECTS INFORMATION THROUGH THE WEBSITE?
Vivacare collects information about Providers through the Vivacare Website (www.vivacare.com) and displays selected portions of the Provider information on portions of the FromYourDoctor Website (www.fromyourdoctor.com).
Vivacare collects information about Users at the Care Messages Website (www.caremessages.com).
The Websites that are used by Vivacare to collect User information are independent of the FromYour Doctor Websites that are used by Providers.
Information about Users is provided to Vivacare to allow the delivery of customized health-related information to Users. This Privacy Statement applies only to information collected by Vivacare through the Service.
B. WHAT INFORMATION IS COLLECTED?
In order to provide you with certain services through the Website, information is collected from Users and Providers in a variety of ways. In some cases, Vivacare asks Users and Providers directly for information in order for them to use our services, and, in other cases, information is collected automatically as Users and Providers are using the Service. The following is a summary of the kinds of information Vivacare collects:
1. Active Collection
At several places on the Website, Vivacare collects certain information that you provide to Vivacare either voluntarily or as required in order to register or use the Service. Such information includes:
- Contact information, such as name, mailing address, e-mail address and phone number
- Demographic information, such as gender and date of birth
- Health-related information, such as medical condition, medications, medical procedures, diagnostic tests, and recommended healthcare products
- Healthcare provider's name, specialty, address, e-mail address, and phone number
- Information you enter in forms or optional surveys
2. Passive Collection
Some information is collected automatically while you are using the Website. It is important to note that Vivacare must store this information in order to ensure its Users and Providers receive optimal service. This type of information includes:
a. Log Files: Log file information, such as IP addresses, browser type, domain names, number of page views, login frequency, page or section accesses. Log files are used to track usage and engagement and to gauge the effectiveness of our Service. We use your IP address to help diagnose problems with our server and to administer the website.
- Store session state information
- Authenticate Users
- Help customize content delivery
- Collect information on the origin of User registration
- Protect Web site security and login time-outs
c. Clear Gifs (Web Beacons/Web Bugs). We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that helps us better manage content by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. The main difference between the two is that clear gifs are invisible on the page and are much smaller, about the size of the period at the end of this sentence. Clear gifs are tied to a User's personally identifiable information. We use clear gifs in our HTML-based emails to let us know which emails the recipients have opened. This allows us to gauge the effectiveness of certain communications and the effectiveness of our communications. If Users would like to opt-out of these emails, they should see the Opt-out section.
C. WHY DO WE COLLECT CERTAIN INFORMATION?
The reason we collect certain information depends on the nature of the service a person is using. For instance, Vivacare must store information Users enter, such as the type of content they wish to receive, in order for Users to be able to later retrieve and change the information they have provided. Here is a brief explanation of why different types of information are collected from Users:
1. User information
Vivacare collects User information, such as personally identifiable health information to provide health related educational information and reminders back to the User. The information is stored on our secure servers and made accessible to Users to modify or select new types of educational information they wish to receive.
2. Provider information
Provider information, such as name, location, specialty and association affiliations are collected by Vivacare and stored to shape the service in a manner to best meet the particular needs of Providers. Provider information is also collected and used so Providers can receive updates regarding the Service.
D. HOW DOES VIVACARE USE THE INFORMATION COLLECTED?
Vivacare will use the information about Users and Providers in the following ways:
- To provide Users with educational information that is tailored to their diagnosis or treatment plan
- To enable Providers to send e-Newsletters to their patients to inform them of medical news or updates about the Provider's practice
- To contact Users and Providers about new features offered by the Service, or about their use of the Service
- To respond to your comments or requests
- To improve the Service
- For the specific purpose for which the information was provided
E. WHAT INFORMATION IS SHARED WITH THIRD PARTIES?
Vivacare will disclose information that Users or Providers give to us to independent contractors, service providers and consultants who assist us in our business or in providing goods or services. Such service providers will include, without limitation, credit card processors and shipping companies. However, we will only share such personally identifiable information, as we deem necessary for them to carry out their obligations to Vivacare and for no other purpose.
We will also share aggregated demographic information about Users with independent contractors, service providers, investors, consultants, sponsors, medical publishers (e.g., to inform them of the number of Users accessing their licensed content), and patient support groups (e.g., the number of Users with a specific condition to obtain new health related articles and information), and other partners that may include pharmaceutical and medical device firms. This is not linked to any personal information that can identify any individual User. Additionally:
- Business partners will receive aggregate reports on the number of Users and Providers, service use by Users and Providers, page views, logins, etc.
- Business transitions. In the event that Vivacare goes through a business transition, such as a merger, being acquired by another company, or selling a portion of its assets, all data including User and Provider personal information generally is one of the transferred business assets. For more information see our notification of changes and choice/opt-out sections below.
- Personal mailing and e-mail addresses of Users are not shared with third parties unless the User requests disclosure to participate in products and services offered by a third party. For example, Users may request that Vivacare disclose the UserŐs email address to their Provider so that the Provider may use that email address to communicate with the User. Similarly, Users may request a medication rebate coupon that requires that Vivacare provide the UserŐs mailing address or email address to the manufacturer of the requested medication.
INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION ABOUT USERS IS NOT SOLD TO THIRD PARTIES.
Vivacare will also disclose personal information it has collected if necessary to fulfill our service obligations or if we are required to do so by law or if in our good faith judgment, such action is reasonably necessary to comply with legal process, to respond to any claims, or protect the rights of Vivacare and the public.
The following outlines different types of security procedures Vivacare has in place to protect the loss, misuse or alteration of the information collected.
1. Identification and Authentication
Access to the data is assigned to specific individuals in order to maintain strict control over access. We do not grant general access to data within Vivacare and, except as set forth in this Privacy Statement, access to data is not granted to parties outside Vivacare. We also verify the identity of the persons accessing the data by using a login name and password. Passwords are required to be six characters and include a non-alphabetic character and login session times-out after a period of time to prevent unauthorized use.
2. Authorization and Access Control
Only authorized personnel have access to restricted data. Access to sensitive data is revoked in a timely manner for employees who change function or are no longer employed by or working on behalf of Vivacare.
3. Data Confidentiality
Vivacare uses 128-bit encryption and a security firewall to protect the confidentiality of User and Provider information. The User Account and Provider Account established by Vivacare is protected by encryption and the firewall and is private.
4. Data Integrity and Retention
We implement full database backups to establish data consistency and integrity. We also grant Users access to their information in order to verify that the data is still accurate and has not been modified or corrupted. Our Web servers are located in a secure and environmentally controlled room/location. Backups are automated and scheduled routinely.
5. Data Management and Monitoring
All employees of Vivacare are informed of the company's security policies. Vivacare new hires are briefed on security and privacy issues and security measures are reviewed regularly. Security and privacy threats, operational and technical vulnerabilities have been assessed and countermeasures have been taken to reduce these vulnerabilities. New threats are consistently evaluated and measures are taken to prevent them from occurring at Vivacare. In addition, a security firewall screens access events and non-valid attempts are denied and logged.
Vivacare will offer links to other websites. Please be aware that Vivacare is not responsible for the privacy practices of such linked sites, including sites of our partners. We encourage our users to be aware when they leave the Vivacare Service and use other websites and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies solely to information collected by Vivacare.
H. CHOICE/OPT OUT
Vivacare gives Users the ability to opt-out of receiving future communications from Vivacare by logging into the service and selecting the "Account" option.
The User or Provider may, at any time, delete their account with Vivacare.
I. ACCESSING AND CHANGING INFORMATION
To assure that the information collected is accurate and up-to-date, the Service allows Users to edit and update their personal information via the Service.
J. NOTIFICATION OF CHANGES
Vivacare reserves the right to make changes to the Privacy Statement at any time. If we plan to make significant changes to any of our privacy policies or practices with respect to how we use personally identifiable information, we will post those changes to this Web site 30 days before they take effect. Vivacare will post those changes on our website so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please review our Privacy Statement periodically to see recent changes.
K. ADDRESSING PRIVACY & SECURITY CONCERNS
If you have any questions about this Privacy Statement, the practices or your dealings with the website, or wish to receive a printed version of this Privacy Statement, please contact us:
1810 6th Street
Berkeley, CA 94710