1. Personal Information
If you are a patient or legal representative, your medical provider’s use and disclosure of your PHR Data is subject to your medical provider’s Notice of Privacy Practices. We cannot control any medical provider’s use of a patient’s PHR Data. If you are a patient or legal representative of a patient, please contact your medical provider for a copy of their Notice of Privacy Practices. CGM provides this Portal on behalf of your medical provider and therefore protects PHR Data as required by the applicable agreement between CGM and your medical provider and in accordance with applicable law. If you have any issues with the PHR Data managed by your medical provider’s practice, please contact them directly, as we have no ability to change the information you have provided them.
3. Information Collection
CGM collects Personal Information from you through the Site to allow us and our business partners to provide marketing and promotional services that will most likely meet your needs and preferences. We only collect Personal Information about you that we consider necessary for achieving this purpose.
In general, you can browse the Site and decide to not provide us any Personal Information. Of course, you will not be able to view any PHR Data without providing us Personal Information. If you agree to provide us with Personal Information, you are no longer anonymous to us. If you choose to use certain services through this Site, we may require you to provide contact and identity information, and other Personal Information as indicated on the forms throughout the Site. Where possible, we indicate which fields are required and which are optional. You always have the option to not provide information by choosing not to use a particular service.
We may track certain information based upon your behavior on the Site. We use this information to do internal research on our users’ demographics, interests, and behavior to better understand our customers. This information may include the URL that you just came from, which URL you go to next, your computer browser information, and your IP address.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Site, we may collect and retain such information in a file specific to you.
4. PHR Data
When you register for the Patient Portal via the Site, the registration process requires you to choose a user name and password for your account, which you should keep and maintain as confidential. If you choose to share your user name and password you understand that those individuals to whom you share that information will have access to your PHR Data and will be able to add to your PHR Data as though they were you. You will be responsible for all activities by users resulting from sharing or not maintaining the confidentiality of your user name or password.
If you are a registered patient user of the Patient Portal, your PHR Data (or that of the patient for whom you are the legal representative) currently stored electronically in your medical provider records will become accessible to CGM in order to provide you access to such information through the Patient Portal. Your electronic health records are not permanently stored in the Patient Portal or Site, but a temporary copy of them is displayed via the Patient Portal when you are logged in with your user name and password.
5. Use and Disclosure of Your Personal Information
We use your Personal Information, including your email address, to facilitate our services. You agree that we may use Personal Information, including your email address, to improve our marketing and promotional efforts, to analyze site usage, to improve our content and service offerings, and to customize the Site’s content, layout, and services.
We will not disclose your Personal Information to third parties except to:
- Affiliated companies who may only use the Personal Information for the purposes described above.
- Service providers who are bound by law or contract to protect the Personal Information and are only allowed to use the Personal Information in accordance with the terms of our service agreements with them.
- Effect a merger, acquisition, or otherwise; to support the sale or transfer of business assets; to enforce our rights or protect our property; to protect the rights, property or safety of others, investigate fraud, respond to a government request; or as needed to support auditing, compliance, and corporate governance functions. We may also disclose Personal Information to defend ourselves in litigation or a regulatory action, and when required or advised to do so by law, such as in response to a subpoena, or similar legal process, including to law enforcement agencies, regulators, and courts in the United States and other countries where we operate.
- We encourage business partners to adopt and post privacy policies. However, the use of your Personal Information by such parties is governed by the privacy policies of such parties and is not subject to our control.
We may also disclose information about you that is not personally identifiable. For example, we may provide our business partners, or other third parties with reports that contain aggregated and statistical data about our users.
6. Aggregate Data
We may aggregate and de-identify in accordance with HIPAA PHR Data, either alone or with other data to create anonymous “aggregate data” regarding the users of our Site and Patient Portal. Aggregate and de-identified data is information that describes the habits, treatment plans, usage patterns, other medical record data and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you, but will be used as statistical information to determine such things as user demographics and usage patterns of our Site and Patient Portal. CGM may use aggregate data to understand the needs of our community of users and determine what kinds of programs and services we can help provide. Aggregate data may also be provided or sold to third parties, including for the purpose of getting targeted content to you by third party vendors, suppliers, business partners and/or affiliates a picture of our community and services and/or participation in surveys or receipt of emails from third parties.
7. Other Use and Ownership
We also reserve the right to share your information collected from this Site or Patient Portal with third parties to the extent permitted by applicable law including but not limited to the requirements under HIPAA, and, in the case of PHR Data, pursuant to CGM’s business associate agreement with the applicable medical provider.
You will be notified when your Personal Information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
The security of your Personal Information is important to us. We follow generally accepted industry standards to protect personal information, including your email address, submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. Accordingly, and while no web site can guarantee security, we maintain physical, administrative, electronic, technical and procedural safeguards to help protect your personal information collected via the Patient Portal as required by applicable law. While we cannot guarantee that loss, misuse or alteration to data will not occur, we use industry standards, such as Secure Socket Layers (“SSL”) technology, to help safeguard against such occurrences. In certain areas, the information passed between your browser and our system is encrypted with SSL technology (which covers any messages, PII or communications a person directs to CGM or the clinician team) to create a protected connection between you and our website to ensure confidentiality.
Our data center is both physically and electronically secured. Our servers are protected from open access to the Internet by using firewall and encryption technology. We limit access to personally identifiable information about you to our employees and third-party agents, who we reasonably believe need to have access to your information to provide you with the information or services you request via the Patient Portal.
In the event that a breach in our security systems occurs and there is a possibility that an unauthorized person acquires your personal information, we will notify you of such a breach as may be required by applicable law.
In order to help maintain security, you should never share your user ID or password and should always sign out when you are finished using the Patient Portal.
We will maintain your information and allow you to request updates at any time by logging into your Patient Portal account to access your information. We will also take steps to make sure that any updates that you provide are processed in a timely and complete manner.
11. Log Files
As is true of most websites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site, and to gather demographic information about our user base as a whole. We do not link this automatically-collected data to personally identifiable information. We track trends in users’ usage and volume statistics to create a more efficient and usable site and product offerings, and to determine areas of the site or our services that could be improved to enhance the user and customer experience. Log files are used on the Site, and in any link to the Site from an email.
12. Cookies and Related Technologies
When you use this Site, we collect certain information by automated or electronic means, using technologies such as cookies, browser analysis tools, and web server logs. As you use this Site, or our applications, your browser and other electronic devices communicate with servers operated by us and our services providers to coordinate and record the interactivity and fill your requests for services and information.
The information from cookies and related technology is stored in web server logs and also in web cookies kept on your computers or mobile devices, which are then transmitted back to this Site by your computers or mobile devices. These servers are operated and the cookies managed by us or our service providers.
For example, when you visit this Site, CGM and our service providers and business partners may place cookies on your computers or mobile devices. Cookies allow us to recognize you when you return, and track and target your interests in order to provide a customized experience. They also help us provide a customized experience and help us to detect certain kinds of fraud. A “cookie” is a small amount of information that a web server sends to your browser that stores information about your account and preferences.
Some cookies are temporary, whereas others may be configured to last longer. “Session” cookies are temporary cookies used for various reasons, such as to manage page views. Your browser usually erases session cookies once you exit your browser. “Persistent” cookies are more permanent cookies that are stored on your computers or mobile devices even beyond when you exit your browser. We use persistent cookies for a number of purposes, such as retrieving certain information you have previously provided, and storing your preferences.
13. Manage Your Security Settings
You may manage how your browser handles cookies and related technologies by adjusting its privacy and security settings. Browsers are different, so refer to instructions related to your browser to learn about cookie-related and other privacy and security settings that may be available. You can opt-out of being targeted by certain third party advertising companies online at www.networkadvertising.org/consumer/opt_out.asp or http://preferences.truste.com/truste/.
You may manage how your mobile browser handles cookies and related technologies by adjusting your mobile device privacy and security settings. Please refer to instructions provided by your mobile service provider or the manufacturer of your device to learn how to adjust your settings.
14. Links to Other Sites
This Site may contain links to other sites that are not owned or controlled by CGM. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our Site and to read the privacy statements of each and every website that collects personally identifiable information. This privacy statement applies only to information collected by this Site.
15. Notice to Residents of Countries outside the United States of America
16. Changes in this Privacy Statement
17. Important Note Regarding Children
This Site and Patient Portal is not directed toward children under 18 years of age and CGM does not knowingly collect or use information from children under 18 through this Site or Patient Portal. Any information submitted via the Patient Portal regarding a minor under the age of 18 must be submitted by the minor’s legal representative. To the extent permitted by applicable state law, minors may access their PHR Data through their medical provider.