Privacy & Legal

Privacy & Legal

March 17, 2021

Last Update March 8, 2019

At ChartWise Medical Systems, Inc. (“ChartWise”) we recognize that user privacy is important. This privacy policy applies to all of the products, services and websites offered by ChartWise or its subsidiaries or affiliated companies (collectively, the “Services”), including the ChartWise 2.0 application and ChartWise Advisory Services.

Other agreements with ChartWise include the Subscription License Agreement and End User License Agreement which govern Customer access to and use of the Services, and the Business Associate Agreement which governs ChartWise use and disclosure of Private Health Information of third parties disclosed by you or created by ChartWise on your behalf.

If you have any questions about this Privacy Policy, please feel free to contact us through our website, email, or write to us at:

ChartWise Medical Systems, Inc. Attn: Privacy Officer
1174 Kingstown Road #201
Wakefield, Rhode Island 02879

I. Information ChartWise gathers
ChartWise collects and uses certain user information in its business. ChartWise recognizes three types of user information, and collects only that information considered relevant to the type of user:

  1. Customer User Information: may include, but is not limited to, a user’s email address and Services access configuration, IP address, browser information, computer information and Internet Service Provider information.
  2. Website Visitor Information: may include, but is not limited to, an IP address, browser information, computer information, and Internet Service Provider information. In addition, ChartWise may collect information about users through various web forms. If a user supplies any personally identifiable information to us on these forms (e.g. name, address, e-mail address, etc.), ChartWise reserves the right to use this information to contact that user unless that user has specifically stated that we may not do so.
  3. Event Attendee Information: may include, but is not limited to information provided by the user at a trade show, event or web meeting, and may include name, email address, employer, address and telephone number. ChartWise reserves the right to use this information to contact that user unless that user has specifically stated that we may not do so.


A Customer’s Users may also provide certain patient Protected Health Information (PHI) in the course of using the Services for the intended purpose of the Services, including patient demographics and medical information. This data is gathered over a secure transmission established between the Customer and ChartWise data center. Customer data is encrypted both while in motion and while at rest, using industry standard encryption methods. ChartWise will not use this information to contact patients. The data may be used to calculate various hospital metrics including reimbursement data. ChartWise does not obtain Customer PHI from any source other than the Customer’s Users.

ChartWise may occasionally obtain names and e-mail addresses from third party providers and trade organizations and store the information in our marketing database for the purpose of contacting users. Users may at any time request that their information be removed.

II. Choice and Consent
By using the Services or providing your User Information, you are permitting ChartWise to gather and share data as explained in this Privacy Policy.

Customer User: A Customer may decline to provide personal or patient data, but that data is necessary to provide the Services, and will prevent ChartWise from providing the required and requested functionality of Services.

Website User: When asked to provide personal data on our website, you may decline, but that may prevent you from accessing certain information available on the site.

III. How the information is used
ChartWise collects personal information only for the purposes identified, and may use or disclose the User Information to aid ChartWise in improving the Services or for any other Service-related purpose including sales and marketing efforts. You will be notified if there are any changes in the use of your information, or if ChartWise needs to obtain additional information from you.

Customer User Information is provided to ChartWise by the Customer and permits the User access to the application. Customer data including PHI is used to provide the underlying information, clinical documentation workflow and reports essential to the application.

IV. With whom information is shared
ChartWise is the sole owner and user of all of the User Information collected through the Services. Except as set forth in the following paragraph, ChartWise does not sell, give, or disclose personally-identifiable User Information gathered through the Services to any third party.

Customer PHI data may be shared with third parties that provide services essential to the Services as permitted by an executed Business Associates Agreement and HIPAA regulations. If a third party is added or deleted in the course of business, you consent to the change.

V. Cookies
A cookie is a small data file that is automatically and without notice written on your device’s hard drive when you visit certain websites. A cookie allows the website to recognize you each time you visit the website and to personalize the website for you. The only personal information a cookie can contain is information you voluntarily supply yourself on the website. A cookie cannot read data from your hard drive or read cookie files created by other websites. The use of cookies is widespread on the internet. Please be aware that the Services may use cookies which can be accessed by ChartWise staff.

VI. Security measures
Customer User Information: ChartWise employs a variety of methods to help ensure that personally identifiable Customer User Information is not at risk for disclosure. Methods include encryption, segregation of ChartWise employee roles, data anonymization, and employee training and awareness. When Customer Users submit personally identifiable User Information or PHI, it is protected both on-line and off-line. All electronic User Information and PHI is protected behind a firewall and only authorized individuals have access to those servers. All PHI data is further protected in a secure data center, and is encrypted in motion during transmission to and from the Customer’s facility and the ChartWise data center, and is encrypted at rest in the databases within the data center using industry standard encryption techniques. Whenever possible, aggregated or anonymized data will be used by ChartWise employees to provide Services. Only employees who need personally identifiable User Information or PHI to perform a task are granted access to such information. The Customer Information may be used by our product development team to improve the products and services. It may be used by our clinical applications team to provide User training. It may be used by our advisory services team to provide Services. ChartWise business associates are required to have similar or more stringent security requirements in place to safeguard PHI that they may receive in the course of providing the Services.

Website Visitor and Event Attendee Information: ChartWise takes reasonable precautions to protect personally identifiable Website Visitor and Event Attendee Information. When Website and Event Users submit personally identifiable information, it is protected both on-line and off-line. All electronic User Information and PHI is protected behind a firewall and only authorized individuals have access to those servers. Only employees who need personally identifiable User Information to perform a task are granted access to such information.

Website and Event Users are not able to access the information held by ChartWise. Customer Users are able to access their own information within the Services, and they may be able to access their Customer data based on their permissions within the Services. If Customer Users attempt to access data for which they do not have authority, they will be denied access.

VII. Correcting, updating and deleting information
The User is solely responsible for the quality and accuracy of the information provided to ChartWise. If, at any time, a correction needs to be made to existing Information that you have voluntarily provided through the Services, you may update your information via the Services or by contacting ChartWise and requesting that the information be changed or deleted.

Customer User Information including PHI stored in the Services relies on the accuracy of the User to properly input and update the information. The quality of the data is the responsibility of the Customer and the Customer’s Users. If, at any time, a correction needs to be made to Customer data, including PHI that has been entered by the User into the Services, the User will update, change or delete the information as appropriate. Should the User not be able to perform the correction, a request should be made for ChartWise Support to do so, either via the Services, via email at or by telephone at 888-493-4502.

Website and Event User data can be changed or deleted by contacting ChartWise at

VIII. Information retention
Website and Event User data will be deleted at the request of the User.

ChartWise retains Customer User Information for as long as necessary to provide the Services and to comply with our legal obligations and to enforce our Customer agreements. Certain Customer PHI information retention periods are based on medical records retention laws and regulations. Upon termination of a Customer agreement, data may continue to be stored in fully-encrypted backup files. Customer User information is deleted using industry-standard secure methods.

IX. Links to third party websites
The Services may contain links to third party websites. Once you leave our website, our privacy policy no longer controls, and you will be subject to the privacy policies, if any, of the third party website to which you have linked. You should review the privacy policies of the third party website to which you have linked prior to providing any Website Visitor Information to them. We are not responsible for the privacy of your information once you leave our website.

X. Notice
We will update this privacy statement when necessary to reflect changes in our products and regulatory requirements. When we post changes to this statement, we will revise the “last updated” date at the top of the statement. For Customers, if there are material changes to the statement or in how ChartWise uses your information including PHI, we will notify you by sending a notification to the address of record. We encourage you to periodically review this privacy statement to learn how ChartWise is protecting your information.

XI. Monitoring and enforcement
ChartWise has methods in place to monitor and enforce the proper use of User Information by employees and third parties. Those found to be in violation are subject to disciplinary action up to and including termination, and may be subject to the imposition of HIPAA civil and criminal penalties. Employees are reminded of the Privacy Policy when changes are made and are encouraged to report any violations. Third parties are reviewed at least annually to confirm compliance. If a violation is found, an incident response with appropriate remediation plan is developed and implemented. If you believe your Information was used in a manner inconsistent with this privacy policy, please contact us immediately.