Welcome to the Chronic Care Advocates website (the “Website”).
“Authorized User” refers to any individual or entity (including, without limitation, any Care Recipient, Provider or Wisdom Caregiver) whom you authorize to receive a user ID (“User ID”) in order to access, use and/or upload information to your Care Circle Account. Any references to “you” and “your” in these Terms of Service shall be construed as including Authorized Users, based on the context and nature of the provision contained herein. Each Subscriber will be responsible and liable for all acts and omissions of his or her Authorized Users in connection with their use of the Services and compliance with the underlying Subscription.
1. Summary of Our Data Practices
Unless otherwise requested and authorized by you, the following summarizes our Data Practices:
|Do we release your PHR Data for the following purposes?||Personal Information||Aggregate Data|
|Marketing and Advertising||No||No|
|Medical and pharmaceutical research||No||No|
|Reporting about our company and our customer activity||No||Yes|
|To your insurer and employer||No||No|
|For developing software applications||No||No|
|Do we require limiting agreements that restrict what
CCA Service Contractors can do with your Personal
|Do we have Security Measures that are reasonable and
appropriate to protect PHR Data, in any form, from
unauthorized access, disclosure, or use?
|Do we store PHR Data in the U.S. only?||Yes||Yes|
|Do we keep Personal Information Activity Logs for your review?||Yes||N/A|
“Activity Logs” are the Company’s and its CCA Service Contractors’ records of when PHR Data is created, accessed, modified, deleted, released, or exported from and/or within your CCA PHR.
“Aggregate Data” is PHR Data that is: (1) grouped so it does not connect to you as an individual and (2) has names and other identifiers removed or altered. In other words, Aggregate Data is de-identified data and cannot be used to identify you as an individual.
“Authorized User” is any individual or entity authorized designated by you to receive a User ID in order to access and/or provide information to a Care Circle Account, including without limitation, any Subscriber, Care Recipient, Provider, or Wisdom Caregiver.
“Care Circle Account” is the account created by you in connection with your paid Subscription to the Service.
“Care Recipient” is a minor child or other individual over whom a Subscriber has legal authority or who has consented to the Subscriber’s caregiving and opening of a Care Circle Account on his or her behalf.
“CCA Platform” is the care management platform for which you may obtain a paid Subscription to use in connection with your Care Circle Account.
“CCA Service Contractor” is a person or entity that is hired to perform certain functions for us to support the development, maintenance, and implementation of the Service. CCA Service Contractors may include software or website designers and data storage providers.
“PHR” means Personal Health Record. A PHR is an electronic health data application that can help you collect, manage, and share health information. As a Subscriber, your Care Circle Account features a PHR, referred to herein as your “CCA PHR.”
“PHR Data” means information you provide and/or authorize all or some of your Authorized Users to provide to your CCA PHR. Any information in your CCA PHR is considered PHR Data. PHR Data might include, but is not limited to, the following:
- Your name and contact information, such as your address, phone number, or email address
- Your medical history, conditions, treatments, and medications
- Your healthcare claims, health plan account numbers, bills, and insurance information
- Demographic information, such as your age, gender, ethnicity, and occupation
- Computer information, such as your IP address and “cookie” preferences
As described further below, we may use your PHR Data to achieve the following:
- Operate and manage the CCA PHR platform, software, and website
- Maintain and protect our computer systems
- Comply with the law, such as responding to subpoenas and search warrants
PHR Data includes Personal Information and Aggregate Data.
“Personal Information” means information about you that reasonably can be linked to you such as your name, health information, and other identifiers. Personal Information may also include but is not limited to your health information, financial information or social security number.
“Provider” means a provider of Third Party Services, such as products, services or resources.
“Reporting” refers to any activity whereby CCA and our CCA Service Contractors might report about business activities and customers (you) to others, such as investors, auditors, potential business partners, or public communities. Reports will not include Personal Information without your specific permission or as permitted or required by law.
“Security Measures” may include computer safeguards, secured files, and employee security training. In addition, we may be required by law to notify you about particular data breaches.
“Third Party Services” are websites, services and Providers available on the Internet that are operated and controlled by organizations other than CCA, but may be linked to the CCA website.
“User Generated Content” is content that a Subscriber or Authorized User generates, and may include visual images, messages, posts, PHR Data, and Personal Information.
“Wisdom Caregiver” is a person that supports and assists one or more Subscribers in using the Services and with whom CCA has contracted to facilitate the provision of Services to Subscribers.
3. What Information We Collect
3.1 Before you become a Subscriber, we may collect your information in the following ways:
- (a) If you contact us through the Internet and provide us with your contact information (e.g., name, mailing address, email address and other information). We will use such information for the sole purpose of informing you about the Service and inviting you to register for the Service.
- You post and share User Generated Content with others at your own risk. Although we limit access to certain pages, you may set certain privacy settings and alerts for such information by logging into your account profile upon subscribing to the Service. Please be aware that no Security Measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Generated Content. Therefore, we cannot and do not guarantee that your User Generated Content will not be viewed by unauthorized persons.
3.2 In order to create a Care Circle Account, you must be a Subscriber. As part of the Subscription process, you may be asked to provide certain Personal Information. You also may be asked to confirm the information that you provided to CCA prior to your Subscription, if any. As part of the Subscription process, you will also have the opportunity to provide additional information to CCA that may enhance your use of the Service.
3.3 In general, we collect all your User Generated Content. As a Subscriber, you can add information to your Care Circle Account. You may choose to provide Personal Information, and you may opt to upload PHR Data to your CCA PHR. You may also choose to include
Personal Information about others in your profile by providing us with names and contact information for emergency contacts and Authorized Users. You must have legal authority or have obtained authorization from the Care Recipient in order to share his or her data and User Generated Content with CCA and other Authorized Users. You represent and warrant that you have such legal authority or authorization. We also may collect User Generated Content from any Authorized User whom you expressly authorize to access or send information (including PHR Data and Personal Information) to your Care Circle Account. If you choose to request that an Authorized User add or upload health records or other PHR Data, it is your responsibility to obtain authorization from the Care Recipient that complies with the requirements of the Health Insurance Portability and Accountability Act of 1996, as amended.
3.4 We passively collect information from you as you navigate through our Service. We may track IP addresses, use industry standard tracking devices (e.g., session and persistent cookies, flash cookies, web beacons), and electronically gather information about the technology you use to access the Service and the areas of the Service you utilize. We passively collect this information for operational purposes such as evaluating, updating and improving the Service.
4. How We Use Your Information
4.1 We use your information to provide the Service as described on the Website and Terms of Service, as well as to enhance the performance of the Service and/or to create new services. We may use Personal Information for product development or product enhancement.
4.2 If you choose to designate any Authorized User to participate in the Service with you, then we may use your information to facilitate the exchange of information and communication between you and such Authorized User.
5. Sharing Your Information With Third Parties
5.1 We may make your Personal Information available to Authorized Users or as necessary to complete transactions you authorize.
5.2 We may disclose your Personal Information to our CCA Service Contractors that provide technical support or other services to us related to the Service. All such CCA Service Contractors are subject to confidentiality obligations and may only access and utilize your data for purposes of fulfilling their obligations to CCA.
5.3 We may provide or sell Aggregate Data that is de-identified to third parties. However, Aggregate Data will not include any of your Personal Information or be individually identifiable.
5.4 We may access, preserve and disclose your Personal Information, other account information, and User Generated Content if we believe doing so is required or appropriate in order to comply with law enforcement requests and legal process, such as a court order or subpoena; defend against legal claims; respond to your requests; protect the rights, property and safety of you, CCA, or others; or as otherwise required by law.
6. Choices You Have About How We Use Your Information
CCA offers you a number of ways to control collection and use of your information when you use the Service. Your options include:
6.1 Managing Your Account. You can review User Generated Content that has been shared with Authorized Users by logging into your Care Circle Account. You can modify or delete any User Generated Content at any time. You may also choose to modify or delete User Generated Content that others have shared with you. Modifications to your CCA PHR are not automatically communicated to your Authorized Users. If you want your Authorized User to know of changes or additions within your CCA PHR, you must inform the Provider or third-party of such changes or set alerts in your account to notify them of changes and additions.
6.2 Modifying Your Account Settings. Your Care Circle Account settings are designed to provide you with control over the information that you share. We encourage you to review your Account settings and adjust them in accordance with your preferences. You may customize and control each Authorized User’s scope of access to your Care Circle Account, as well as the information and data available to such Authorized User. You may permit each Authorized User to: (a) have the same level of access to your Care Circle Account as you have, i.e., the Authorized User will be authorized to access your Care Circle Account (including your CCA PHR) and to communicate with you and other Authorized Users to the same extent that you are able using the Service; and/or (b) have “read-only” access to all or certain types of information in your Care Circle Account, i.e., the Authorized User will be authorized only to access and read those types of information that you allow, but will NOT be authorized to communicate with other Authorized Users or to upload information to your Care Circle Account. You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized User you designate to receive a User ID and password; and (b) CCA has no responsibility or liability in connection with any access to, or use of, your Care Circle Account and information by any such Authorized User or by a person to whom the Authorized User has provided his username and password.
6.3 Deactivating an Authorized User. You may revoke any Authorized User’s authorization to access your Care Circle Account through your account settings. Once revoked, such Authorized User may no longer access and use the Service with respect to you and your User Generated Content including, but not limited to, Personal Information and PHR Data. Any disclosure of your PHR Data or Personal Information made prior to the revocation cannot be recalled, removed, or retrieved by us. By using the Service, you agree that we cannot, and have no obligation to, remove User Generated Content, including but not limited to Personal Information or PHR Data from the records of an Authorized User previously disclosed.
7. Data from Care Recipients Under the Age of 18
7.2 A Care Recipient’s CCA PHR will be linked to a Subscriber’s Care Circle Account until the earlier of the following to occur: (i) CCA receives written instruction from a Care Recipient who is at least 18 years old to remove the information, or (ii) CCA receives formal instruction from a court of law or agency or as otherwise required by law to remove the Care Recipient’s CCA PHR from the Subscriber’s account.
8. How We Protect Your Information
8.1 We use both technical and procedural Security Measures to maintain the integrity and security of the Service and other databases, including the use of firewalls. The Service encrypts all PHR Data during transmission between you or your Authorized User and CCA. Within your Care Circle Account, all Personal Information and PHR Data is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted.
8.2 The safety and security of your Personal Information and PHR Data also depends on you. Never share your password with anyone else. Notify us immediately if you believe your password has been breached. Also, remember to log off of the Website before you leave your computer.
9. Security Breach Notification Requirements
Pursuant to applicable law, we may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information. In the unlikely event that we must provide you a notice of a security breach, we will send you security breach notices to the e-mail address contained in your account information, unless we are otherwise required by law. Please note: many e-mail systems have built in SPAM filters. If you have one in place, you should check with your system administrator or the available instructions to confirm that e- mails from CCA are not blocked by the filter e.g., by confirming that the service domain names www.ccadvocates.org, and www.myhana.org. are permitted domain names.
If you have additional questions, please contact CCA any time. Or email us at:
Date last modified: February 15th 2018.