Privacy Policy
This Privacy Policy describes how Allscripts Healthcare, LLC ("Allscripts") protects your personal information when you use this web site, the Customa Patient Portal and all related products and services (collectively, the "Service"). Allscripts is located at Suite 23, 2 McCourt Street,West Leederville,WA 6007,Australia. All references to Allscripts include its subsidiaries or affiliates involved in providing the Service. All references to you include your Authorized Individuals, if any.
Your use of the Service is subject to this Privacy Policy as well as our Terms and Conditions. After reading this Privacy Policy, you will know:
A. Definitions
B. What information Allscripts Collects
C. How Allscripts Uses Your Information
D. How the Information is Shared with Third Parties
E. Choices You Have About How Allscripts Uses Your Information
F. What About Data from Children Under 18
G. Security and Confidentiality
H. How We Provide Required Notices of Security Breaches
I. How We May Change this Privacy Policy
J. How to Obtain More Information About this Privacy Policy
Please review this Privacy Policy and the Terms and Conditions carefully. If you do not agree with our practices, do not access or use any part of the Service.
A. Definitions
Activity Logs
Activity logs are Allscripts' and its Service Providers' records of when PHR Data is created, accessed, modified, deleted, released, or exported from and/or within the PHR.
Aggregate Data
Aggregate Data is PHR Data that is: (1) grouped so it does not identify, relate to, describe, be capable of being associated with, connected, or be linked, directly or indirectly, to you as an individual and (2) has names and other identifiers removed or altered. In other words, Aggregate Data cannot be used to identify you as an individual.
Authorized Individuals
An Authorized Individual is someone you authorize to access your Customa Patient Portal on your behalf.
De-identified Data
De-identified data is PHR Data in which personal identifiers are removed and do not allow someone to determine a person’s identity.
Dependent
A Dependent is a minor child or other individual over whom an Authorized Individual has legal authority.
PHR
"PHR" means Personal Health Record. A PHR is an electronic health data application that can help you collect, manage, and share your health information. The Customa Patient Portal is a PHR.
PHR Data
When you sign up for the Customa Patient Portal, you provide and/or you authorize all or some of your Providers to provide to the Customa Patient Portal information about you. This information makes up PHR Data. Any information in the Customa Patient Portal is considered PHR Data. PHR Data might include, but is not limited to the following: Your name and contact information, such as your address, phone number, or email address Your medical history, conditions, treatments, and medications Your healthcare claims, health plan account numbers, bills, and insurance information Demographic information, such as your age, birthdate, gender, ethnicity, and occupation Computer information, such as your IP address and "cookie" preferences PHR Data includes Personal Information, De-Identified Data and Aggregate Data.Allscripts may use your PHR Data as described below.
Personal Information
Personal Information means information about you that reasonably can be linked to you such as your name, health information, demographic information, and/or other identifiers as may be defined under state and federal law. Personal Information may also include but is not limited to your financial information or Social Security Number.
Provider
A healthcare provider, healthcare practice, or hospital that you authorize to provide information to your Customa PHR. When you sign up for the Customa Patient Portal, you may provide authorization for a healthcare practice or hospital, and associated authorized users to send Personal Information to your PHR.
Reporting
Allscripts and our Service Providers might report about business activities and customers (you) to others, such as investors, auditors, potential business partners, or public communities. Reports will not include Personal Information without your specific permission or as permitted or required by law.
Service Providers
A Service Provider is an entity that is hired to perform certain functions for Allscripts to support the development, maintenance, and implementation of Customa. Service Providers may include software or website designers and data storage providers.
Security Measures
Security measures can include computer safeguards, secured files, and employee security training. In addition, Allscripts may be required by law to notify you, your provider, and/or regulatory authorities about particular data breaches.
B. What Information Allscripts Collects
1. Before you register for the Service, Allscripts may collect your information in two ways: (1) if you contact Allscripts through the Internet and provide Allscripts with your contact information (e.g., name, mailing address, email address and other information); (2) Allscripts may obtain your contact information from a healthcare Provider with which Allscripts partners. In either case, Allscripts will use such information for the sole purpose of informing you about the Service and inviting you to register for the Service.
2. To use the Service, you must complete the registration process, which includes accepting the Terms and Conditions and in the case of connecting to a Provider practice, signing a Request for Access. As part of the registration process, you may be asked to provide certain information, such as your name, mailing address, and email address. You also may be asked to confirm the information that you or a partnering Provider has provided to Allscripts prior to registration, if any. Further, to register, you must agree to the Customa Terms and Conditions which incorporates this Privacy Policy. As part of the registration process, you will also have the opportunity to provide additional information to Allscripts, such as information regarding your health plan, home telephone number, etc. Providing such information, will enhance your use of the Service.
3. In general, Allscripts collects all information that you supply directly to the Service. Allscripts also may collect information from participating Providers whom you expressly authorize to use the Service with respect to you and your information (each, a "Provider" and collectively, the "Providers"). By authorizing a Provider, you also authorize Allscripts to collect information regarding you from your Provider's support staff and from other practitioners affiliated with your Provider or in your Provider's practice. Further, Allscripts may collect information from other third-party information providers that you expressly authorize to send information to your Customa account.
4. Allscripts passively collects information from you as you navigate through our Service. Allscripts may track IP addresses, use industry standard tracking devices (e.g., session and persistent cookies, flash cookies, web beacons), and electronically gather information about the technology you use to access the Service and the areas of the Service you utilize. Allscripts passively collects this information for operational purposes such as evaluating, updating and improving the Service.
5. Cookies help us in many ways to make your visit to our websites more enjoyable and meaningful to you. Cookies are text information files that your web browser places on your computer when you visit a website. Allscripts may use such "cookie" technology to obtain non-personal information from you as an online visitor. As an example, this might entail recognizing several web page requests coming from the same computer and therefore the same visitor. Most browsers accept cookies automatically, but can be configured not to accept them or to indicate when a cookie is being sent. If you do not wish Allscripts to collect cookies, you may set your browser to refuse cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Service may then be inaccessible and you may not receive the full benefits of the Service.
C. How Allscripts Uses Your Information
1. Allscripts uses your PHR Data to provide the Service as described on the web site and Terms and Conditions, as well as to operate, maintain, improve and enhance the performance of the Service and/or create new services.
2. If you choose to authorize a Provider to participate in the Service with you, then Allscripts may use your PHR Data to facilitate the exchange of information and communication between you and your Provider (e.g., the Service would enable you to schedule an appointment with your Provider and receive an appointment reminder in return).
3. If you elect to utilize any billing services features of the Service, Allscripts also may use and disclose your PHR Data to process payments, send invoices and conduct other billing-related activities as requested by you. PHR Data may be shared with third-parties for billing purposes as noted in Sharing Your Information With Third Parties below.
4. Allscripts may use your PHR Data to operate and manage the Customa Patient Portal platform, software, and website; maintain and protect its computer systems; and comply with the law, such as responding to subpoenas and search warrants.
5. Allscripts may de-identify your PHR Data.
6. Allscripts may use your PHR Data for marketing and advertising purposes, including sending you customized marketing and advertising communications whether on our behalf or on behalf of third party partners with whom we may engage. Allscripts will not sell any identifiable information about you to our third party partners without your consent.
D. Sharing Your Information With Third Parties
1. Allscripts may make your PHR Data available to third parties participating in the Service that are authorized by you or as necessary to complete transactions you authorize. Additionally, Allscripts may make your PHR Data available to third parties as directed by you. Allscripts may provide De-Identified Data to third parties and Service Providers that provide products and services to us, that help market or advertise to you, or that provide products or services to you. State laws may vary, and Allscripts may request an additional authorization from you. We may use third parties or Service Providers to perform any of the actions or activities allowed under this Privacy Policy and Terms and Conditions or pursuant to your valid authorization.
2. Allscripts may disclose your PHR Data to Allscripts' Service Providers that provide technical support or other services to Allscripts related to the Service. All such Service Providers are subject to confidentiality obligations and may only access and utilize your data for purposes of fulfilling their obligations to Allscripts.
3. Allscripts may provide or sell Aggregate Data or De-identified Data to third parties, however, Allscripts will not sell any identifiable information about you to our third party partners without your consent.
4. If a third party acquires the assets of Allscripts related to the Service and its products and services (whether by sale, merger, change of control, bankruptcy or otherwise), your PHR Data may be transferred to the new owner(s). In such case, your PHR Data would remain subject to the provisions of the Allscripts privacy policy that was in effect immediately prior to the transfer unless Allscripts provides you notice otherwise.
E. Choices You Have About How Allscripts Uses Your Information
1. Managing Your Account. You have the following choices regarding the Personal Information you provide to Allscripts for use:
2. Generally, you may change how your information is used and disclosed through the account setting and account management features. As explained more fully in the Terms and Conditions, modifications to your Customa record are not automatically communicated to your Providers or any third-party sources. If you want your Provider or a third party to know of changes within your Customa record, you must inform the Provider or third-party of such changes.
3. You may access your Customa account at any time to review your PHR Data. To request a change to any of your Personal Information, please contact your healthcare provider or the organization that provided the Personal Information for your Customa account. For technical questions related to the Customa product, please access the email support link on the Customa Support page.
4. You may opt out of receiving various communications with regard to the Service by changing your account settings or, if the account settings feature is unavailable, by notifying Allscripts at info@customa.com.au.
5. Authorized Individuals. You may grant access to your Customa account to one or more Authorized Individuals or Authorized Individual-Representatives. You may grant an Authorized Individual access to your Customa account by specifically authorizing Customa to permit access by such Authorized Individual to your Customa account. When you grant access to an Authorized Individual, you may permit the Authorized Individual to: (a) have the same level of access to your Customa account as you have, i.e., the Authorized Individual will be authorized to access your Customa health record and to communicate with your Providers and/or engage in other transactions with your Providers to the same extent that you are able using Customa; or (b) have "read-only" access to your Customa account, i.e., the Authorized Individual will be authorized to access and read your Customa health record ONLY, and will NOT be able to communicate with or otherwise engage in transactions with your Providers. Whether or not to grant an Authorized Individual full-access or read-only access to your Customa account is your decision. You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized Individual you select; and (b) Allscripts has no responsibility or liability in connection with any access to, or use of, your account and information by any Authorized Individual or Authorized Individual-Representative.
6. Deactivating a Provider, Other Third-Party or Authorized Individual. You may revoke any Provider's, third-party's, or Authorized Individual's authorization to communicate with you, or request information from you or your Customa Patient Portal through the Service by utilizing the account management tool of the Service. Once revoked, the Provider, third-party, or Authorized Individual may no longer access and use the Service with respect to you and your Personal Information. Any disclosure of your PHR Data or Personal Information made prior to the authorization revocation cannot be recalled, removed, or retrieved by Allscripts. By using the Service, you agree that Allscripts cannot, and has no obligation to, remove Personal Information from your Provider's, other third-party's or Authorized Individual's records once properly disclosed.
7. Terminating Your Account. You may terminate your Allscripts account at any time by notifying us at info@customa.com.au. In addition, except with respect to an Authorized Individual-Representative who establishes an account on behalf of a Dependent, Allscripts will terminate your account within thirty (30) days of its receipt of a death certificate certifying your death. With respect to an Authorized Individual-Representative, Allscripts will terminate all accounts associated with such Authorized Individual-Representative within thirty (30) days of its receipt of a death certificate certifying the death of such Authorized Individual-Representative unless a Dependent also has a living Authorized Individual-Representative associated with the account. Otherwise, Allscripts will maintain and/or destroy all PHR Data and Personal Information associated with your account in accordance with its then current document retention and destruction policies. Please note that copies of your Personal Information may remain in your Providers', other third-parties' and Authorized Individual-Representative's and/or Authorized Individual's records, as described in Section F.3, above.
F. Data from Children Under the Age of 18
The Service is not intended for use by children younger than 18 years old. Allscripts will not knowingly collect information from site visitors younger than 18 years. However, parents or guardians may elect to establish Customa Patient Portals for their children through the Service as Authorized Individuals-Representative and, in doing so, expressly consent to Allscripts utilizing such information as set forth in this Privacy Policy and the Terms and Conditions.
An Authorized Individual-Representative may authorize and/or have access to a Customa Patient Portal for a Dependent. Through the account, the Authorized Individual-Representative may: (a) review and update the Dependent's personal health record as maintained on Customa; and (b) engage in such communications and transactions as permitted between the Authorized Individual-Representative and the Dependent's Providers through the Customa Patient Portal. Accounts created for Dependents are specific to each healthcare Provider. Thus, an Authorized Individual-Representative will have to specifically authorize each Provider to establish a Customa account in the name of the Dependent. A Dependent's Customa account will be linked to an Authorized Individual-Representative's Customa Patient Portal account until the earlier of the date: (i) the Dependent reaches the age of 18; (ii) the Authorized Individual-Representative is no longer the legal representative of the Dependent; or, (iii) Customa is notified by the Dependent's Provider or a court of law or agency with appropriate authority that the Dependent has been emancipated, attained legal custody of his or her own health information, or that a different Authorized Individual-Representative has been named. Each Authorized Individual-Representative agrees that a Dependent's Customa account also may be linked to the Customa account of another Authorized Individual-Representative, and each Authorized Individual-Representative will have the same rights to access and communicate through the Dependent's Customa account.
G. Security and Confidentiality
Allscripts uses both technical and procedural Security Measures to maintain the confidentiality, integrity, and security of the Customa Patient Portal and other databases, including the use of firewalls, complex passwords, dual-factor authentication, various audit trails, data loss prevention, regular penetration testing, risk assessments, and anti-virus software. Customa encrypts all PHR Data during transmission between your Provider and Customa. Within Customa, all PHR Data is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted.
The safety and security of your Personal Information and PHR Data also depends on you. You are solely responsible for deciding to disclose or transmit PHR Data in your FMH account to any external third party and whether to do so via encrypted or unencrypted mechanisms. To further protect the confidentiality of your Personal Information and PHR Data, change your password on a regular basis and keep your password confidential. Notify Allscripts immediately if you believe your password has been breached. Also, remember to log off the Customa site before you leave your computer.
H. Security Breach Notification Requirements
Pursuant to applicable law, Allscripts may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information and PHR Data.
I. Changes to this Privacy Policy
Allscripts reserves the right to change the Privacy Policy in its sole discretion. In such case, Allscripts will post the new Privacy Policy on the web site and the effective date of the new Privacy Policy will be clearly marked. When Allscripts makes material changes to this Privacy Policy, we will notify you within a reasonable period of time prior to the change.
J. More information
If you have additional questions, please contact Allscripts any time. Or write to the company at:
Allscripts
Privacy Matters
Customa Pty Ltd
Suite 23, 2 McCourt Street
West Leederville
WA 6007
Australia
info@customa.com.au