HOME » PRIVACY AND SITE USAGE » PRIVACY POLICY

Shared Health Privacy Policy

As part of the day-to-day business operations of Shared Health, Inc. (Shared Health), including operation of the web site (www.sharedhealth.com), we receive and maintain certain information regarding Individuals. Information received from the web site depends in part on what you do when you visit or transact business on the web site. Shared Health respects the privacy of every Individual who visits our web site. Therefore, we would like to define the types of information we receive and describe how it is maintained in this privacy policy ("Privacy Policy"). This policy refers only to the information collected and maintained from www.sharedhealth.com.

For the purpose of this Privacy Policy, the following definitions describe the types of users who may access and use the information, products and services offered by Shared Health:

An Individual is any person visiting the public sections of www.sharedhealth.com.

A Member is an Individual who’s information is created, collected, used or stored in Shared Health’s products or services available on www.sharedhealth.com.

A Provider is a physician, facility, group practice and/or their authorized representatives that may access Shared Health’s products or servicesavailable on www.sharedhealth.com.

A Registered User (User) is any Member or Provider authorized to enter the secure sections of www.sharedhealth.com.

USING THIS WEB SITE CONFIRMS YOUR CONSENT AND AGREEMENT TO OUR PRIVACY POLICY, INCLUDING COLLECTION, USE AND DISCLOSURE OF INFORMATION BY SHARED HEALTH AS DESCRIBED HEREIN. YOUR USAGE ALSO SIGNIFIES YOUR COMPLIANCE WITH OUR APPLICABLE USER AGREEMENT.

Shared Health, through its products and services available to health plans, provides private and secure access to the Clinical Health Record™ (CHR) for health care providers (Providers). In addition, Shared Health provides private and secure access to Member information.

Registered Users

Providers and Members must register to access the secure areas of Shared Health. Privacy and security are top priorities at Shared Health. For that reason, Shared Health has implemented a process that helps protect Protected Health Information (PHI), as that term is defined by the Health Insurance Portability & Accountability Act of 1996 (HIPAA 45 C.F.R. § 160 &164), contained on our site from inappropriate access. Before a Member can access medical information available on our site, the Member must first obtain a PIN number that will be mailed to the address on file at Shared Health. This process allows Members to receive confirmation of the request to access their information before access is granted. Before Providers can gain access to medical information available on our site, the Provider must first obtain a PIN number that is mailed to the facilities address on file at Shared Health. Upon initial registration by a Provider, the Provider will only have access to demographic information. Before a Provider can increase their security level to access medical information, they must contact Shared Health for approval. Shared Health confirms the Provider has the authority to access medical information before a security upgrade will be approved.

E-Mail

Providers and Members: Do not send e-mail containing personal information to Shared Health. Shared Health cannot secure personal information sent by e-mail because such information can be accessed by other Internet users. If you send Shared Health a question by e-mail, Shared Health’s use or disclosure of that information will be limited to the minimum necessary for responding to your question. If you have submitted information about yourself through Shared Health’s web site and/or an e-mail message and would like for Shared Health to delete that information from its records, please send an e-mail to info@sharedhealth.com. Shared Health will make every effort to delete your personal information from its registration files.

Information Collected During Registration

Members can access our web site to utilize the Consumer View of their CHR. Before gaining access to these services Shared Health may ask for personal information (such as date of birth, member number, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. Shared Health, its employees or affiliates will not have access to your password that you create. If you receive notification by mail and did not register to access the services available on our web site, please contact Shared Health immediately at privacy@sharedhealth.com or (888) 283-6691.

Providers can access our web site to utilize the Clinical Health Record™ (CHR), an online, patient-centered health record. Before gaining access to these services, Shared Health may ask for personal information (such as date of birth, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. Shared Health, its employees or affiliates will not have access to your password that you create. If you receive this notification by mail and did not register to access the services available on our web site, please contact Shared Health immediately at privacy@sharedhealth.com or (888) 283-6691.

Statistical Data on Website Usage – Shared Health continually strives to enhance the features and services that are offered to our web site browsers. In an effort to determine the effectiveness and functionality of our web site, we monitor aggregated data regarding the use of our web site. For instance, we track the number of visits to a certain page; direct links from other web sites; and frequency of usage for independent services (i.e. access to Consumer View, CHR, etc). Although we reserve the right to share this information as indicated above, this statistical data, does not contain any personal information that could disclose the user’s identity.

Disclosure of Non-Public Personal Information, including PHI

We restrict access to nonpublic personal information, including PHI. Information may be shared with entities (i.e. providers and vendors) that assist Shared Health in providing services to our Registered Users. Information is provided to nonaffiliated third parties as required or allowed by federal and state law. Shared Health maintains physical, electronic, and procedural safeguards that comply with federal regulations to guard nonpublic personal information.

Disclosure to Providers: Shared Health discloses nonpublic personal information including PHI to Providers through their access to the CHR. This information is disclosed to Providers for treatment, payment or health care operations (TPO) as allowed under HIPAA. To ensure that Providers are only accessing the CHR for TPO, Shared Health has implemented the following safeguards:

An Entity Agreement requires coordinators at all authorized facilities to monitor use of the CHR within their organization.
A Provider Use Agreement outlines acceptable uses of the CHR.
Shared Health maintains audit trails of user activity.
Shared Health requires both a user name and password for access to PHI.
Role-based security levels control access to medical information.
Sensitive information that is protected by state or federal regulations is hidden from view.

Disclosures to Members: Shared Health discloses nonpublic personal information, including PHI, to Members through the Consumer View of the CHR. This information is disclosed directly to the Member or their designated representative. To ensure that PHI is disclosed to the appropriate Member, Shared Health has implemented the following safeguards:

Member based registration process requires each member to create a unique user name and password.
PIN based registration process that confirms request to access PHI before access is granted.
Shared Health must receive a written request before access will be granted to another individual, including spouses and dependents over 18 years of age (exception for access to minor dependent information).

Disclosure to Third Parties: Shared Health operations and maintenance employees and contractors sometimes have limited access to your nonpublic personal information, including PHI, while providing products or services to Shared Health. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of our Web site. Access to your nonpublic personal information, including PHI, by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for Shared Health. We also contractually require that our operations and maintenance contractors 1) protect the privacy of your nonpublic personal information, including PHI, consistent with this Privacy Policy, and 2) not use or disclose your nonpublic personal information, including PHI, for any purpose other than providing us with products and services as required by law.

Disclosure of Aggregate Information: Shared Health may disclose aggregate information to third parties. This information may contain medical information; however, it is not associated to a specific individual. For example, we might inform third parties regarding the number of users of our website and the activities they conduct while on our site. We might also inform a health insurance company that "30% of their members that were looked up during the month of May had diabetes” or that “the number of patients looked up during November accounted for 40% of their overall claims for congestive heart failure.” Depending on the circumstances, Shared Health may or may not charge third parties for this Aggregate Information. Shared Health requires parties with whom aggregate information is shared to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.

Retention of Information Collected

The non-public personal information collected and maintained from this web site will be retained for six years from the date of its creation or the date when it was last in effect, whichever is later.

Use of Cookies

A “cookie” is a mechanism that permits a web server to send small pieces of information or text through your browser to be stored on your hard drive. This information or text allows the server to identify frequent visitors of individual web sites. Shared Health may place a cookie on your computer that will allow us to identify users so that we may enhance their experience on our web site. Our cookies are not used to track your activity on any site other than sharedhealth.com nor will they be utilized to send unsolicited e-mail or provide us with the Users personally identifiable information.

Direct Access to Other Sites

Shared Health offers direct links to other separate and individual web sites that offer information, which could be beneficial to Individuals. Since these direct links are separate web sites independent of sharedhealth.com, they may not follow the same privacy guidelines set forth here. Shared Health assumes no responsibility or control over the acts or privacy policies of the third party web sites to which Shared Health provides direct links. We suggest that you contact the appropriate controlling authorities of these sites or review their privacy policy.

Security

Shared Health takes precautions to protect its Users’ nonpublic personal information. When Users submit sensitive information to Shared Health, the information is protected both online and off-line.

When the registration/login form asks Users to enter sensitive information, that information is encrypted and is protected with encryption software, specifically SSL 3.0, RC4 with 128 bit encryption (High) which may be updated from time to time. While on a secure page, such as the login page, the lock icon on the bottom of web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to unlocked, or open, when you are just ‘‘surfing’’.

While Shared Health uses SSL encryption to protect sensitive information online, Shared Health protects User-information off-line. Only employees who need the information to perform their jobs are granted access to personally identifiable information. SharedHealth employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, all employees are kept up-to-date on Shared Health security and privacy practices. Finally, the servers that store personally identifiable information are kept in a secure environment.

Despite our efforts to protect your nonpublic personal information, including PHI, there is always some risk that an unauthorized third party may illegally gain access to systems or that transmissions of your information over the Internet may be intercepted. If you believe someone has accessed your information without authorization, please contact Shared Health immediately at 1-888-283-6691 or privacy@sharedhealth.com.

Opt Out of Registration/Correcting/Updating Personal Information

If the personally identifiable information of a User of our services changes or if the User no longer desires to use the services on this web site, Shared Health will endeavor to provide a way to correct, update or remove that User’s personal data from our registration files. To correct or update personal information, contact Shared Health at info@sharedhealth.com.

Opt Out of the CHR

Shared Health provides a process for contracted payers to allow their members to opt out of the CHR by not having their information shared among Providers. Not all contracted payers may choose to provide this process for their members. When a Member opts out of the CHR, they are choosing not to have their information shared among Providers and a similar message will be presented to any Provider that attempts to access their record in the CHR. Aggregate, analytical reporting as well as fraud and abuse review by Shared Health may include nonpublic personal information, including PHI, of all Members, including anyone that has opted out of the CHR.

Opt In of the Consumer View

The Consumer View of the CHR is available to contracted payers who choose to provide this product to their members. Members must register for the Consumer View before their information will be available on the website. Completing the registration process exercises the member’s choice to opt into this product. Members remain opted into this product until Shared Health receives a written request to be removed (opt out) as stated above or until the contractual arrangement with the contracted payer terminates.

Shared Health Reserves The Right To Modify Its Privacy Policy

Shared Health reserves the right to change or update this Privacy Policy at any time. Any changes made to our privacy policy will be posted on this site in a manner that is easily identifiable. Please review our privacy policy on a regular basis to review any changes.

	HOME » PRIVACY AND SITE USAGE » PRIVACY POLICY Shared Health Privacy Policy As part of the day-to-day business operations of Shared Health, Inc. (Shared Health), including operation of the web site (www.sharedhealth.com), we receive and maintain certain information regarding Individuals. Information received from the web site depends in part on what you do when you visit or transact business on the web site. Shared Health respects the privacy of every Individual who visits our web site. Therefore, we would like to define the types of information we receive and describe how it is maintained in this privacy policy ("Privacy Policy"). This policy refers only to the information collected and maintained from www.sharedhealth.com. For the purpose of this Privacy Policy, the following definitions describe the types of users who may access and use the information, products and services offered by Shared Health: An Individual is any person visiting the public sections of www.sharedhealth.com. A Member is an Individual who’s information is created, collected, used or stored in Shared Health’s products or services available on www.sharedhealth.com. A Provider is a physician, facility, group practice and/or their authorized representatives that may access Shared Health’s products or servicesavailable on www.sharedhealth.com. A Registered User (User) is any Member or Provider authorized to enter the secure sections of www.sharedhealth.com. USING THIS WEB SITE CONFIRMS YOUR CONSENT AND AGREEMENT TO OUR PRIVACY POLICY, INCLUDING COLLECTION, USE AND DISCLOSURE OF INFORMATION BY SHARED HEALTH AS DESCRIBED HEREIN. YOUR USAGE ALSO SIGNIFIES YOUR COMPLIANCE WITH OUR APPLICABLE USER AGREEMENT. Shared Health, through its products and services available to health plans, provides private and secure access to the Clinical Health Record™ (CHR) for health care providers (Providers). In addition, Shared Health provides private and secure access to Member information. Registered Users Providers and Members must register to access the secure areas of Shared Health. Privacy and security are top priorities at Shared Health. For that reason, Shared Health has implemented a process that helps protect Protected Health Information (PHI), as that term is defined by the Health Insurance Portability & Accountability Act of 1996 (HIPAA 45 C.F.R. § 160 &164), contained on our site from inappropriate access. Before a Member can access medical information available on our site, the Member must first obtain a PIN number that will be mailed to the address on file at Shared Health. This process allows Members to receive confirmation of the request to access their information before access is granted. Before Providers can gain access to medical information available on our site, the Provider must first obtain a PIN number that is mailed to the facilities address on file at Shared Health. Upon initial registration by a Provider, the Provider will only have access to demographic information. Before a Provider can increase their security level to access medical information, they must contact Shared Health for approval. Shared Health confirms the Provider has the authority to access medical information before a security upgrade will be approved. E-Mail Providers and Members: Do not send e-mail containing personal information to Shared Health. Shared Health cannot secure personal information sent by e-mail because such information can be accessed by other Internet users. If you send Shared Health a question by e-mail, Shared Health’s use or disclosure of that information will be limited to the minimum necessary for responding to your question. If you have submitted information about yourself through Shared Health’s web site and/or an e-mail message and would like for Shared Health to delete that information from its records, please send an e-mail to info@sharedhealth.com. Shared Health will make every effort to delete your personal information from its registration files. Information Collected During Registration Members can access our web site to utilize the Consumer View of their CHR. Before gaining access to these services Shared Health may ask for personal information (such as date of birth, member number, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. Shared Health, its employees or affiliates will not have access to your password that you create. If you receive notification by mail and did not register to access the services available on our web site, please contact Shared Health immediately at privacy@sharedhealth.com or (888) 283-6691. Providers can access our web site to utilize the Clinical Health Record™ (CHR), an online, patient-centered health record. Before gaining access to these services, Shared Health may ask for personal information (such as date of birth, social security number, name, address with zip code, telephone number and e-mail address) to verify appropriate usage. Shared Health, its employees or affiliates will not have access to your password that you create. If you receive this notification by mail and did not register to access the services available on our web site, please contact Shared Health immediately at privacy@sharedhealth.com or (888) 283-6691. Statistical Data on Website Usage – Shared Health continually strives to enhance the features and services that are offered to our web site browsers. In an effort to determine the effectiveness and functionality of our web site, we monitor aggregated data regarding the use of our web site. For instance, we track the number of visits to a certain page; direct links from other web sites; and frequency of usage for independent services (i.e. access to Consumer View, CHR, etc). Although we reserve the right to share this information as indicated above, this statistical data, does not contain any personal information that could disclose the user’s identity. Disclosure of Non-Public Personal Information, including PHI We restrict access to nonpublic personal information, including PHI. Information may be shared with entities (i.e. providers and vendors) that assist Shared Health in providing services to our Registered Users. Information is provided to nonaffiliated third parties as required or allowed by federal and state law. Shared Health maintains physical, electronic, and procedural safeguards that comply with federal regulations to guard nonpublic personal information. Disclosure to Providers: Shared Health discloses nonpublic personal information including PHI to Providers through their access to the CHR. This information is disclosed to Providers for treatment, payment or health care operations (TPO) as allowed under HIPAA. To ensure that Providers are only accessing the CHR for TPO, Shared Health has implemented the following safeguards: An Entity Agreement requires coordinators at all authorized facilities to monitor use of the CHR within their organization. A Provider Use Agreement outlines acceptable uses of the CHR. Shared Health maintains audit trails of user activity. Shared Health requires both a user name and password for access to PHI. Role-based security levels control access to medical information. Sensitive information that is protected by state or federal regulations is hidden from view. Disclosures to Members: Shared Health discloses nonpublic personal information, including PHI, to Members through the Consumer View of the CHR. This information is disclosed directly to the Member or their designated representative. To ensure that PHI is disclosed to the appropriate Member, Shared Health has implemented the following safeguards: Member based registration process requires each member to create a unique user name and password. PIN based registration process that confirms request to access PHI before access is granted. Shared Health must receive a written request before access will be granted to another individual, including spouses and dependents over 18 years of age (exception for access to minor dependent information). Disclosure to Third Parties: Shared Health operations and maintenance employees and contractors sometimes have limited access to your nonpublic personal information, including PHI, while providing products or services to Shared Health. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of our Web site. Access to your nonpublic personal information, including PHI, by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for Shared Health. We also contractually require that our operations and maintenance contractors 1) protect the privacy of your nonpublic personal information, including PHI, consistent with this Privacy Policy, and 2) not use or disclose your nonpublic personal information, including PHI, for any purpose other than providing us with products and services as required by law. Disclosure of Aggregate Information: Shared Health may disclose aggregate information to third parties. This information may contain medical information; however, it is not associated to a specific individual. For example, we might inform third parties regarding the number of users of our website and the activities they conduct while on our site. We might also inform a health insurance company that "30% of their members that were looked up during the month of May had diabetes” or that “the number of patients looked up during November accounted for 40% of their overall claims for congestive heart failure.” Depending on the circumstances, Shared Health may or may not charge third parties for this Aggregate Information. Shared Health requires parties with whom aggregate information is shared to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases. Retention of Information Collected The non-public personal information collected and maintained from this web site will be retained for six years from the date of its creation or the date when it was last in effect, whichever is later. Use of Cookies A “cookie” is a mechanism that permits a web server to send small pieces of information or text through your browser to be stored on your hard drive. This information or text allows the server to identify frequent visitors of individual web sites. Shared Health may place a cookie on your computer that will allow us to identify users so that we may enhance their experience on our web site. Our cookies are not used to track your activity on any site other than sharedhealth.com nor will they be utilized to send unsolicited e-mail or provide us with the Users personally identifiable information. Direct Access to Other Sites Shared Health offers direct links to other separate and individual web sites that offer information, which could be beneficial to Individuals. Since these direct links are separate web sites independent of sharedhealth.com, they may not follow the same privacy guidelines set forth here. Shared Health assumes no responsibility or control over the acts or privacy policies of the third party web sites to which Shared Health provides direct links. We suggest that you contact the appropriate controlling authorities of these sites or review their privacy policy. Security Shared Health takes precautions to protect its Users’ nonpublic personal information. When Users submit sensitive information to Shared Health, the information is protected both online and off-line. When the registration/login form asks Users to enter sensitive information, that information is encrypted and is protected with encryption software, specifically SSL 3.0, RC4 with 128 bit encryption (High) which may be updated from time to time. While on a secure page, such as the login page, the lock icon on the bottom of web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to unlocked, or open, when you are just ‘‘surfing’’. While Shared Health uses SSL encryption to protect sensitive information online, Shared Health protects User-information off-line. Only employees who need the information to perform their jobs are granted access to personally identifiable information. SharedHealth employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, all employees are kept up-to-date on Shared Health security and privacy practices. Finally, the servers that store personally identifiable information are kept in a secure environment. Despite our efforts to protect your nonpublic personal information, including PHI, there is always some risk that an unauthorized third party may illegally gain access to systems or that transmissions of your information over the Internet may be intercepted. If you believe someone has accessed your information without authorization, please contact Shared Health immediately at 1-888-283-6691 or privacy@sharedhealth.com. Opt Out of Registration/Correcting/Updating Personal Information If the personally identifiable information of a User of our services changes or if the User no longer desires to use the services on this web site, Shared Health will endeavor to provide a way to correct, update or remove that User’s personal data from our registration files. To correct or update personal information, contact Shared Health at info@sharedhealth.com. Opt Out of the CHR Shared Health provides a process for contracted payers to allow their members to opt out of the CHR by not having their information shared among Providers. Not all contracted payers may choose to provide this process for their members. When a Member opts out of the CHR, they are choosing not to have their information shared among Providers and a similar message will be presented to any Provider that attempts to access their record in the CHR. Aggregate, analytical reporting as well as fraud and abuse review by Shared Health may include nonpublic personal information, including PHI, of all Members, including anyone that has opted out of the CHR. Opt In of the Consumer View The Consumer View of the CHR is available to contracted payers who choose to provide this product to their members. Members must register for the Consumer View before their information will be available on the website. Completing the registration process exercises the member’s choice to opt into this product. Members remain opted into this product until Shared Health receives a written request to be removed (opt out) as stated above or until the contractual arrangement with the contracted payer terminates. Shared Health Reserves The Right To Modify Its Privacy Policy Shared Health reserves the right to change or update this Privacy Policy at any time. Any changes made to our privacy policy will be posted on this site in a manner that is easily identifiable. Please review our privacy policy on a regular basis to review any changes.
Home\|About Us\|Partners Network\|Our Solutions\|Contact Us Privacy Policy\|Privacy & Security Safeguards\|Site Usage Info\|Site Map © 2007 Shared Health