Last Update March 8, 2019
Other agreements with ChartWise include the Subscription License Agreement and End User License Agreement which govern Customer access to and use of the Services, and the Business Associate Agreement which governs ChartWise use and disclosure of Private Health Information of third parties disclosed by you or created by ChartWise on your behalf.
ChartWise Medical Systems, Inc. Attn: Privacy Officer
1174 Kingstown Road #201
Wakefield, Rhode Island 02879
I. Information ChartWise gathers
ChartWise collects and uses certain user information in its business. ChartWise recognizes three types of user information, and collects only that information considered relevant to the type of user:
A Customer’s Users may also provide certain patient Protected Health Information (PHI) in the course of using the Services for the intended purpose of the Services, including patient demographics and medical information. This data is gathered over a secure transmission established between the Customer and ChartWise data center. Customer data is encrypted both while in motion and while at rest, using industry standard encryption methods. ChartWise will not use this information to contact patients. The data may be used to calculate various hospital metrics including reimbursement data. ChartWise does not obtain Customer PHI from any source other than the Customer’s Users.
ChartWise may occasionally obtain names and e-mail addresses from third party providers and trade organizations and store the information in our marketing database for the purpose of contacting users. Users may at any time request that their information be removed.
II. Choice and Consent
Customer User: A Customer may decline to provide personal or patient data, but that data is necessary to provide the Services, and will prevent ChartWise from providing the required and requested functionality of Services.
Website User: When asked to provide personal data on our website, you may decline, but that may prevent you from accessing certain information available on the site.
III. How the information is used
ChartWise collects personal information only for the purposes identified, and may use or disclose the User Information to aid ChartWise in improving the Services or for any other Service-related purpose including sales and marketing efforts. You will be notified if there are any changes in the use of your information, or if ChartWise needs to obtain additional information from you.
Customer User Information is provided to ChartWise by the Customer and permits the User access to the application. Customer data including PHI is used to provide the underlying information, clinical documentation workflow and reports essential to the application.
IV. With whom information is shared
ChartWise is the sole owner and user of all of the User Information collected through the Services. Except as set forth in the following paragraph, ChartWise does not sell, give, or disclose personally-identifiable User Information gathered through the Services to any third party.
Customer PHI data may be shared with third parties that provide services essential to the Services as permitted by an executed Business Associates Agreement and HIPAA regulations. If a third party is added or deleted in the course of business, you consent to the change.
VI. Security measures
Customer User Information: ChartWise employs a variety of methods to help ensure that personally identifiable Customer User Information is not at risk for disclosure. Methods include encryption, segregation of ChartWise employee roles, data anonymization, and employee training and awareness. When Customer Users submit personally identifiable User Information or PHI, it is protected both on-line and off-line. All electronic User Information and PHI is protected behind a firewall and only authorized individuals have access to those servers. All PHI data is further protected in a secure data center, and is encrypted in motion during transmission to and from the Customer’s facility and the ChartWise data center, and is encrypted at rest in the databases within the data center using industry standard encryption techniques. Whenever possible, aggregated or anonymized data will be used by ChartWise employees to provide Services. Only employees who need personally identifiable User Information or PHI to perform a task are granted access to such information. The Customer Information may be used by our product development team to improve the products and services. It may be used by our clinical applications team to provide User training. It may be used by our advisory services team to provide Services. ChartWise business associates are required to have similar or more stringent security requirements in place to safeguard PHI that they may receive in the course of providing the Services.
Website Visitor and Event Attendee Information: ChartWise takes reasonable precautions to protect personally identifiable Website Visitor and Event Attendee Information. When Website and Event Users submit personally identifiable information, it is protected both on-line and off-line. All electronic User Information and PHI is protected behind a firewall and only authorized individuals have access to those servers. Only employees who need personally identifiable User Information to perform a task are granted access to such information.
Website and Event Users are not able to access the information held by ChartWise. Customer Users are able to access their own information within the Services, and they may be able to access their Customer data based on their permissions within the Services. If Customer Users attempt to access data for which they do not have authority, they will be denied access.
VII. Correcting, updating and deleting information
The User is solely responsible for the quality and accuracy of the information provided to ChartWise. If, at any time, a correction needs to be made to existing Information that you have voluntarily provided through the Services, you may update your information via the Services or by contacting ChartWise and requesting that the information be changed or deleted.
Customer User Information including PHI stored in the Services relies on the accuracy of the User to properly input and update the information. The quality of the data is the responsibility of the Customer and the Customer’s Users. If, at any time, a correction needs to be made to Customer data, including PHI that has been entered by the User into the Services, the User will update, change or delete the information as appropriate. Should the User not be able to perform the correction, a request should be made for ChartWise Support to do so, either via the Services, via email at firstname.lastname@example.org or by telephone at 888-493-4502.
Website and Event User data can be changed or deleted by contacting ChartWise at email@example.com.
VIII. Information retention
Website and Event User data will be deleted at the request of the User.
ChartWise retains Customer User Information for as long as necessary to provide the Services and to comply with our legal obligations and to enforce our Customer agreements. Certain Customer PHI information retention periods are based on medical records retention laws and regulations. Upon termination of a Customer agreement, data may continue to be stored in fully-encrypted backup files. Customer User information is deleted using industry-standard secure methods.
IX. Links to third party websites
We will update this privacy statement when necessary to reflect changes in our products and regulatory requirements. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. For Customers, if there are material changes to the statement or in how ChartWise uses your information including PHI, we will notify you by sending a notification to the address of record. We encourage you to periodically review this privacy statement to learn how ChartWise is protecting your information.
XI. Monitoring and enforcement