Contact Us|Register|Login

Privacy Policy

Effective Date: May 6, 2016

  1. Introduction

    The Chiasm Network (“us,” “we,” or “Chiasm”) is committed to respecting the privacy rights of our Clients and other users of THE CHIASM NETWORK (the “Site”) and related websites, applications, services and mobile applications provided by THE CHIASM NETWORK and on/in which this Privacy Policy is posted or referenced (collectively, the “Services”). Our site uses 128-bit GCM encryption (the standard used by most banks to protect their customers information) and all data is transferred over SSL and TLS 1.2 (FIPS compliant security standards used by the U.S. Government for secured traffic) We created this Privacy Policy (“Privacy Policy”) to give Client confidence as Client uses the Services and to demonstrate our commitment to the protection of privacy. All data is stored in a physically and electronically secure facility behind firewalls. Data backups are protected by high-grade encryption (FIPS 140-2 certified) which means that your data stays secure and unreadable. Our intrusion detection system monitors our data 24/7 and alerts us to any unusual activity. We engage third party security experts to periodically test our service and processes and we run the SSAE-16 Type audit annually. This Privacy Policy is only applicable to the Services. This Privacy Policy does not apply to any other website or digital service that Client may be able to access through the Services or any website or digital services of THE CHIASM NETWORK business partners, each of which may have data collection, storage and use practices and policies that may materially differ from this Privacy Policy. Client’s use of the Services is governed by this Privacy Policy and the Agreement (as the term “Agreement” is defined in our Terms of Use). Any capitalized term used but not defined in this Privacy Policy shall have the meaning in the Agreement.

    BY USING THE SERVICES, CLIENT AGREES TO THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY POLICY AND CLIENT HEREBY CONSENTS TO THE COLLECTION, USE, AND SHARING OF CLIENT’S INFORMATION AS DESCRIBED IN THIS PRIVACY POLICY. IF CLIENT DOES NOT AGREE WITH THIS PRIVACY POLICY, CLIENT CANNOT USE THE SERVICES. IF CLIENT USES THE SERVICES ON BEHALF OF SOMEONE ELSE CLIENT’S PATIENT) OR AN ENTITY , CLIENT REPRESENTS THAT CLIENT IS AUTHORIZED BY SUCH INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY POLICY ON SUCH INDIVIDUAL’S OR ENTITY’S BEHALF.

  2. Information We Collect

    2.1 Personal Information
    2.1.1 Personal Information Generally
    We help you find and learn about nearby healthcare providers, booking appointments with the healthcare providers of your choice (each “Your Healthcare Provider”) and managing and forwarding your patient’s health history forms and other health-related information to share with other Healthcare Providers (the “Services”). As part of providing the Services we may collect, use, share and exchange health history forms and other health-related information with the selected Healthcare Providers. Some of the Services require us to know more about Client so that we can best meet Client’s needs. When Client accesses these Services, we may ask Client to voluntarily provide us certain information that personally identifies (or could be used to personally identify) Client (“Personal Information”). Personal Information includes (but is not limited to) the following categories of information: (1) contact data (such as Client’s e-mail address and phone number); (2) demographic data for Client (such as gender, date of birth and zip code); (3) insurance data (such as insurance carrier, insurance plan, member ID, group ID and payer ID); (4) medical data (such as the doctors, dentists or other health care providers (“Healthcare Providers”) to whom Client has referred its patients or been contacted by Client for an appointment, reasons for visit, dates of visit, patient’s medical history, and other medical and health information Client chooses to share with us), and (5) other information that Client voluntarily chooses to provide to us, including without limitation SSN, unique identifiers such as passwords, and Personal Information in emails or letters that Client sends to us. Client may still access and use some of the Services if Client choose not to provide us with any Personal Information, but the features of the Services that require Personal Information will not be accessible to Client.

    2.1.2 Billing, Collection and Payment Information [tbd]

    2.2 Traffic Data
    We also may automatically collect certain data when Client uses the Services, such as (1) IP address; (2) domain server; (3) type of device(s) used to access the Services; (4) web browser(s) used to access the Services; (5) referring webpage or other source through which Client accessed the Services; (6) geolocation information; and (7) other statistics and information associated with the interaction between Client’s browser or device and the Services (collectively “Traffic Data”). Depending on applicable law, some Traffic Data may be Personal Information.

    We may also collect additional information, which may be Personal Information, as otherwise described to Client at the point of collection or pursuant to Client’s consent.

    2.3 HIPAA and PHI
    Under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), some of the demographic, health and/or health-related information that THE CHIASM NETWORK collects as part of providing the Services may be considered “protected health information” or “PHI”. All of our staff is HIPAA trained to ensure that we remain focused on a patient’s privacy. All of our employees are required to regularly complete security training administered by a third party completely familiar with all HIPAA guidelines. Specifically, when THE CHIASM NETWORK receives identifiable information about Client or Client’s patient (severally and collectively referred to as “Client”) from or on behalf of Client’s Healthcare Providers, this information is PHI. HIPAA provides specific protections for the privacy and security of PHI and restricts how PHI is used and disclosed by Healthcare Providers and health plans (“Covered Entities”) as well as companies like THE CHIASM NETWORK, that provide certain types of assistance to Covered Entities (called “Business Associates”).. THE CHIASM NETWORK may only use and disclose Client’s PHI in the ways permitted by Client’s Healthcare Provider(s). In addition, Client have been or will be asked to e-sign the THE CHIASM NETWORK User Authorization (the “THE CHIASM NETWORK Authorization”). As a condition of creating this account, you are required to read and agree to our Privacy Policy. This Privacy Policy explains how we process and share information received by you that is not covered by HIPAA. Client’s decision to e-sign the THE CHIASM NETWORK Authorization is entirely voluntary. If Client chooses to e-sign the THE CHIASM NETWORK Authorization, Client agrees that THE CHIASM NETWORK may use and disclose Client’s PHI in the same way it uses and discloses Client’s Personal Information that is not PHI. These uses and disclosures are described in this Privacy Policy. To the extent any provision in the THE CHIASM NETWORK Authorization is inconsistent with this Privacy Policy or other provisions of the Agreement, then the provision in the THE CHIASM NETWORK Authorization only controls with respect to Client’s PHI. If Client do not e-sign the THE CHIASM NETWORK Authorization, then Client’s Personal Information that is not PHI is governed by this Privacy Policy and Client’s Personal Information that is PHI is used and disclosed only as permitted by Client’s Healthcare Provider(s)

    .
  3. How We Collect Information

    We collect information (including Personal Information and Traffic Data) when Client uses and interacts with the Services, and in some cases from third party sources. Such information includes:

    • When Client uses the Services’ interactive tools and services, such as searching for Healthcare Providers, searching for available appointments with Healthcare Providers and completing medical history forms (“Medical History Forms”) prior to Healthcare Provider appointments;
    • When Client voluntarily provides information in free-form text boxes through the Services and through responses to surveys, questionnaires and the like;
    • If Client downloads and installs certain applications and software we make available, we may receive and collect information transmitted from Client’s computing device for the purpose of providing Client the relevant Services, such as information that lets THE CHIASM NETWORK know when Client is logged on and available to receive update or alert notices;
    • If Client downloads our mobile application, we may receive information about Client’s location and mobile device;
    • Through cookies, web beacons, website analytics services and other tracking technology (collectively, “Tracking Tools”), as described below; and
    • When Client uses the “Contact Us” function on the Site, send us an email or otherwise contact us.
  4. [TBD 4. Tracking Tools and “Do Not Track”]
    4.1. Tracking Tools
    We may use tools outlined below in order to better understand users.
    • Cookies: “Cookies” are small computer files transferred to Client’s computing device that contain information such as user ID, user preferences, lists of pages visited and activities conducted while using the Services. We use Cookies to help us improve or tailor the Services by tracking Client’s navigation habits, storing Client’s authentication status so Client do not have to re-enter Client’s credentials each time Client use the Services, customizing Client’s experience with the Services and for analytics and fraud prevention.
    • We may use a type of advertising commonly known as interest-based or online behavioral advertising. This means that some of our business partners use Cookies to display THE CHIASM NETWORK ads on other websites and services based on information about Client’s use of the Services and on Client’s interests (as inferred from Client’s online activity). Other Cookies used by our business partners may collect information when Client use the Services, such as the IP address, mobile device ID, operating system, browser, web page interactions, the geographic location of Client’s internet service provider and demographic information, such as gender and age range. These Cookies help THE CHIASM NETWORK learn more about our users’ demographics and internet behaviors.
    • For more information on cookies, visit http://www.allaboutcookies.org.
    • Web Beacons: “Web Beacons” (a.k.a. clear GIFs or pixel tags) are tiny graphic image files imbedded in a web page or email that may be used to collect anonymous information about Client’s use of our Services, the websites of selected advertisers and the emails, special promotions or newsletters that we send Client. The information collected by Web Beacons allows us to analyze how many people are using the Services, using the selected advertisers’ websites or opening our emails, and for what purpose, and also allows us to enhance our interest-based advertising.
    • Website Analytics: We may use third-party website analytics services in connection with the Services, including, for example, to register mouse clicks, mouse movements, scrolling activity and text that Client type into the Site. These website analytics services generally do not collect Personal Information unless Client voluntarily provide it and generally do not track Client’s browsing habits across websites which do not use their services. We use the information collected from these services to help make the Services easier to use and as otherwise set forth in Section 6 (Use of Information).
    • Mobile Device Identifiers: Mobile device identifiers are data stored on Client’s mobile device that may track mobile device and data and activities occurring on and through it, as well as the applications installed on it. Mobile device identifiers enable collection of Personal Information (such as media access control, address and location) and Traffic Data. As with other Tracking Tools, mobile device identifiers help THE CHIASM NETWORK learn more about our users’ demographics and internet behaviors.

    4.2. Options for Opting out of Cookies and Mobile Device Identifiers
    Some web browsers (including some mobile web browsers) allow Client to reject Cookies or to alert Client when a Cookie is placed on Client’s computer, tablet or mobile device. Client may be able to reject mobile device identifiers by activating the appropriate setting on Client’s mobile device. Although Client are not required to accept THE CHIASM NETWORK’s Cookies or mobile device identifiers, if Client block or reject them, Client may not have access to all features available through the Services.

    Client may opt out of receiving certain Cookies and certain trackers by visiting the Network Advertising Initiative (NAI) opt out page or the Digital Advertising Alliance (DAA) consumer opt-out page. When Client use these opt-out features, an “opt-out” Cookie will be placed on Client’s computer or tablet indicating that Client do not want to receive interest-based advertising from NAI or DAA member companies. If Client delete Cookies on Client’s computer or tablet, Client may need to opt out again. For information about how to opt out of interest-based advertising on mobile device identifiers, please visit http://www.applicationprivacy.org/expressing-Clientr-behavioral-advertising-choices-on-a-mobile-device. Please note that even after opting out of interest-based advertising, Client may still see THE CHIASM NETWORK’s advertisements that are not interest-based (i.e., not targeted toward Client). Also, opting out does not mean that THE CHIASM NETWORK is no longer using Tracking Tools — THE CHIASM NETWORK still may collect information about Client’s use of the Services even after Client have opted out of interest-based advertisements and may still serve advertisements to Client via the Services based on information it collects via the Services.

    4.3. How THE CHIASM NETWORK Responds to Browser “Do Not Track” Signals
    Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including THE CHIASM NETWORK, do not take action to respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.]

  5. Use of Information

    We use Client’s information, including Personal Health Information, to provide the Services to Client and to help improve them, including to:

      provide Client with the products, services and information Client requests and respond to correspondence that we receive from Client;
    • provide, maintain, administer or expand the Services, perform business analyses, or for other internal purposes to support, improve or enhance our business, the Services, and other products and services we offer;
    • notify Client about certain resources or Healthcare Providers we think Client may be interested in learning more about;
    • send Client information about THE CHIASM NETWORK or our products or Services;
    • contact Client when necessary or requested, including to remind Client of an upcoming appointment;
    • customize and tailor Client’s experience of the Services, which may include sending customized messages or showing Client Sponsored Results that may be of interest to Client based on information collected in accordance with this Privacy Policy;
    • send emails and other communications that display content that we think will interest Client and according to Client’s preferences;
    • combine information received from third parties with the information that we have from or about Client and use the combined information for any of the purposes described in this Privacy Policy;
    • use statistical information that we collect in any way permitted by law, including from third parties in connection with their commercial and marketing efforts; and
    • prevent, detect and investigate security breaches and potentially illegal or prohibited activities.
    • We may use information that is neither Personal Information nor PHI (including non-PHI Personal Information that has been de-identified and/or aggregated) to better understand who uses THE CHIASM NETWORK and how we can deliver a better healthcare experience (for example, testing different kinds of emails has helped us understand when and how patients prefer to get Wellness Reminders for preventive care), or otherwise at our discretion.
  6. Disclosure of Information

    We may disclose certain information that we collect from Client:

    • We may share Client’s and its Patient’s Personal Information with selected Healthcare Providers with which Client choose to schedule through the Services. For example, if Client complete a Medical History Form using the Services in advance of an appointment, we may share the Medical History Form with Client’s selected Healthcare Providers. Client also may choose to store but not share Client’s Medical History Form.
    • We may share Client’s and its patient’s Personal Information with Client’s selected Healthcare Providers to enable them to refer patients to and make appointments with other Healthcare Providers on Client’s behalf or to perform analyses on potential health issues or treatments, provided that Client choose to use the applicable Services.
    • We may share Client’s and its Patient’s Personal Information with selected Healthcare Providers in the event of an emergency.
    • We may also share Client’s and its Patient’s Personal Information with organizations that collect, aggregate and organize Client’s information so they can make it more easily accessible to Client’s selected Healthcare Providers.
    • We do not sell email addresses to third parties. We may share Client’s email address with our business partners to enable them to help THE CHIASM NETWORK customize our advertising.
    • We may share Client’s Personal Information and Traffic Data with our business partners who perform core operational services (such as hosting, billing, fulfillment, data storage, security, insurance verification, or Website analytics set forth in Section 4.1 (Tracking Tools)) and/or by making certain features available to our users.
    • For the purposes of determining eligibility and cost-sharing obligations, and otherwise obtaining benefit plan information, we may share with the insurance provider Client identify to us (via our business partners) Client’s insurance-related Personal Information.
    • We may transfer Client’s information to another company in connection with a merger, sale, acquisition or other change of ownership or control by or of THE CHIASM NETWORK (whether in whole or in part). Should one of these events occur, we will make reasonable efforts to notify Client before Client’s information becomes subject to different privacy and security policies and practices.

    You expressly agree that we may use your PHI to:

    • enable and customize your use of the THE CHIASM NETWORK Services
    • provide you with alerts or other THE CHIASM NETWORK Services regarding future appointments
    • notify you regarding Healthcare Providers about whom we think you may be interested in learning more
    • share information with you regarding services, products or resources about which we think you may be interested in learning more
    • provide you with updates and information about the THE CHIASM NETWORK Services
    • market to you about THE CHIASM NETWORK and third party products and services
    • conduct analysis for THE CHIASM NETWORK’s business purposes
    • support development of the THE CHIASM NETWORK Services; and
    • create de-identified information and then use and disclose this information in any way permitted by law, including to third parties in connection with their commercial and marketing efforts

    You also agree that THE CHIASM NETWORK can disclose your PHI to:

    • third parties assisting THE CHIASM NETWORK with any of the uses described above
    • Your Healthcare Providers to enable them to refer you to, and make appointments with, other providers on your behalf, or to perform an analysis on potential health issues or treatments, provided that you choose the applicable THE CHIASM NETWORK Services
    • a third party as a part of potential merger, sale or acquisition of THE CHIASM NETWORK
    • our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to the operation or provision of our services, even when THE CHIASM NETWORK is no longer working on behalf of Your Healthcare Providers
    • a provider of medical services, in the event of an emergency
    • organizations that collect, aggregate and organize your information so they can make it more easily accessible to your providers

    If THE CHIASM NETWORK discloses your PHI, THE CHIASM NETWORK will require that the person or entity receiving you PHI agrees to only use and disclose your PHI to carry out its specific business obligations to THE CHIASM NETWORK or for the permitted purpose of the disclosure (as described above). THE CHIASM NETWORK cannot, however, guarantee that any such person or entity to which THE CHIASM NETWORK discloses your PHI or other information will not re-disclose it in ways that you or we did not intend or permit.