Who does this policy affect?
Why did we create this policy?
The information we collect about you includes information about your health such as your medical history, age, health conditions you have, and laboratory test results (Protected Health Information or PHI). It also includes personal information such as your name, phone number, and home address (Personally Identifiable Information or PII). Please read the complete definitions of PHI and PII in the Terms and Definitions section at the end of this document.
It’s up to you to read and understand this policy. If you have questions, contact us and we will answer them.
If you have questions, email us at email@example.com or call us at (602) 904-6108.
What kinds of data and information do we collect, and how do we collect it?
When you use Solera products and services, we may collect and use or share your PHI and PII, but only to the extent minimally necessary and in line with our Notice of Privacy Practices. You accept that we may collect this PHI and PII from you directly, or from third parties that share your PHI or PII with Solera. It is fully your choice whether to give PHI and PII through Solera products and services. If you choose not to give PHI or PII we need, you may not be able to use some features of Solera products and services.
Protected Health Information (PHI)
- Your medical history, family history, medical diagnosis, health background, and current health status
- Age, gender, sexual behavior and sexual orientation
- Demographic information, including race, ethnicity, marital status, salary, education, political, religious, and trade union information
- Information related to the diagnosis and treatment of health conditions, over-the-counter and prescription medications, laboratory test results, and payments for treatment and health insurance information
- Other information under an applicable law such as HIPAA or an equal State law covering the use or sharing of PHI and as defined by HIPAA
Personally Identifiable Information (PII)
- First and last name, age, and gender
- Postal address, email address, telephone number, and other contact information
- Certain health information
- Other personally identifiable information under any law that applies, such as HIPAA or an equivalent State law covering the use or sharing of health information
We may collect and use technical data (data from your device hardware or software) and related information (“Technical Information”), including but not limited to:
- Technical information about devices you may receive such as manufacturer, service provider, IP address, operating system, browser type, and mobile number
- System and application software and peripherals
- Your interactions with Solera products and services, including automatically recording the dates and times of visits to Solera products and services, traffic data, and your search queries
- Help software updates and product support
- Improve products and services to you that are related to Solera
- Measure the number of our users and how they use Solera products and services
- Store information about your preferences, allowing us to customize our products and services to your interests
- Speed up your searches and recognize when you return to our website and use Solera products and services
We sometimes gather Technical Information to:
We may also automatically receive and record information on our server logs from your browser or mobile device, which could include your IP address, cookie information, browser information, and the pages you visit/request. Solera does not consider nor intend Technical Information to constitute PHI or PII. Solera may use Technical Information in any way it believes is proper and lawful.
- On our website
- Through email, text, video, and voice communications between you and us
- Through offline community activities and communications
- From physicians, hospitals, clinics, schools, and any other organizations or groups that you give permission to share information with Solera
- Through any or all of Solera’s products and services
Why does Solera need to collect my data and information?
Solera products and services exist to simplify your healthcare experience and help our business partners (health plans, direct service providers, and community partners) find qualifying participants. Solera’s exclusive software platform connects a nationwide network of community organizations and digital solutions for chronic disease prevention programs (including the Centers for Disease Controls’ National Diabetes Prevention Program) with technology that manages service referrals, reimbursements and payments, collects data, and simplifies enrollment while supporting greater participant engagement and choice.
To support this, we need to ensure that each user who gives Information, clearly allows it to be used or shared. For this reason, we need a license from you to use or share your Information, whether we get it directly from you or, if applicable, from third parties you name.
How do we use your data and information?
We use your data and information:
- To help give Solera products and services to you and on your behalf
- To give you information, products, or services that you request from us
- To give you notices and communications found suitable by us or your physician
- To fulfill any other purpose that you may give the Information
- To carry out our duties from any contracts we have entered related to you
- To allow you to join in interactive or educational features on our website
- To obey any court order, law, or legal process, including responding to any government or regulatory request
- If we believe sharing Information is needed to protect Solera’s rights, privacy, security, property, and access to information
- In any other way we may define when you give Information
- For any other purpose with your lawful consent
We collect and share only the data we need
At all times, we will only use or share your PHI and PII to the extent minimally necessary for the intended use or disclosure. The Solera minimum necessary policy follows the current industry standard that PHI and PII shouldn’t be used or shared when it is not necessary to satisfy a certain purpose or carry out a function. Read the full definition of “minimum necessary” in the Terms and Definitions section at the end of this document.
What are you agreeing to in this policy?
When we have your consent, you accept that we may collect this PHI from you directly or from third parties that you may allow to share PHI with Solera. We may ask you or allowed third parties to give PHI about you that will allow us to enhance how we serve your needs and your use of Solera products and services. It is fully your choice whether you give PHI through Solera products and services. If you choose not to give the PHI we need, you may not be able to use some parts of Solera products and services.
You also give Solera a lasting, non-exclusive, transferable, sub-licensable, royalty-free license to use your Information and other data we collect to develop, create, and extract statistics and other information, and to use this information and de-identified data known as “blind data”.
What control do you have over your data and information?
Accessing and correcting your PHI and PII
- You can review and, subject to applicable laws, change your PHI and PII by accessing Solera products and services using your user name and password.
- You may also send us an email to firstname.lastname@example.org or call us at (602) 904-6108 to request access if you want to correct or delete any PII and PHI (subject to applicable laws).
We may not be able to carry out a request to change PHI and PII if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Choices you can make about how we may use or disclose your Information
We may use your PHI and PII to contact you about our own and third-party products and services that may interest you. The technologies we use for this automatic data collection may include:
- Flash Cookies. A Flash cookie is similar to a browser cookie, but a program uses it instead of the browser. Certain features of our website may use Flash cookies to collect and store information about your preferences and navigation to, from, and on our website. Flash cookies are not managed by the same browser settings that are used for browser cookies.
We do not respond to Do Not Track signals in web browser software
Some web browsers (including Safari, Internet Explorer, Firefox, and Chrome) include a “Do Not Track” (“DNT”) or similar feature that signals to digital services that a visitor does not want to have any online activity tracked. This can block the digital service from collecting certain Information about the browser’s user. Not all browsers offer a DNT choice, and there isn’t a standard yet for DNT signals. For these reasons, we, and many other digital service operators, don’t respond to DNT signals.
Keeping your data and information secure
How we secure your information
We have applied reasonable and suitable administrative, technical, and physical safeguards designed to protect your Information from illegal access, use or sharing. All Information you provide to us is stored with an approved cloud services provider. These safeguards include, without limitation, encrypting all PHI and PII.
What you can do to help secure your information
The safety and security of your Information also depends upon you. Where we have given you (or where you have selected) a user name and password to access Solera products and services, you are responsible for keeping this information private. It is in your best interest to not share your user name or password with anyone.
Please keep in mind that whenever you willingly share Information on message boards or other public forums and features, or through email or group messaging, that Information can be collected and used by others who you may or may not have given consent. By posting Information online that is publicly accessible, you may receive unwanted messages from other parties or reveal your location. We are not responsible for the security or privacy of any Information you choose to send outside the scope of Solera products and services.
Where is your data and information stored?
Information collected from you may be stored and processed in the United States only.
Who is not covered by this policy?
Children under the age of 13
Solera neither designed nor intended its products and services to be accessed by children under the age of 13. No one under age 13 may provide any information to or through Solera products and services. If you are under age 13, do not give any information through Solera products and services. We do not intentionally collect Information directly from children under the age of 13 for Solera products or services.
We also do not collect any PHI from anyone under 18 unless clearly authorized under Federal and equivalent State law. No one under age 18 may give any health-related information through Solera products and services unless Solera confirms that sharing would follow applicable Federal or State laws.
If we learn we have collected or received PII or PHI from a child under age 13, we will delete that Information and take other appropriate measures. If you believe that we may have collected any Information, including PII or PHI directly from a child under age 13, please contact our Privacy Officer immediately at email@example.com or (602) 904-6108.
Third-Party Products, Services and Technologies
Physicians or other health care providers
Physicians or other health care providers, to the extent they are “Covered Entities” under HIPAA (as such term is defined in HIPAA), likely have their own privacy and security policies with respect to your PHI and PII. For more information about your rights under HIPAA, see www.hhs.gov/ocr/privacy/.
How do we manage this policy?
This policy may change. We will do our best to let you know if it does.
Who is in charge of this policy?
Terms and definitions
- Disclosures by a health care provider for treatment (students and trainees are included as health care providers for this purpose).
- Uses and disclosures based upon a valid consent to use and disclose PHI and/or PII or treatment, payment and health care operations or a valid authorization to use and disclose PHI and/or PII.
- Disclosures made to the Secretary (or designee) of the United States Department of Health and Human Services, or any other State or Federal agency requesting disclosure under prevailing law.
- Uses and disclosures required by law or regulatory guidance.
- Uses and disclosures required by other sections of the HIPAA privacy regulations.
- Disclosure – The sharing, release, transfer, provision of access to, or divulging in any other manner of information to others outside the entity holding the information.
- HIPAA – (United States Health Insurance Portability and Accountability Act of 1996) - two sections: HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs; HIPAA Title II includes an administrative simplification section which deals with the standardization of healthcare-related information systems. For more information, visit www.hhs.gov/ocr/privacy/.
- HITECH Act (Health Information Technology for Economic and Clinical Health Act) – The HITECH (Health Information Technology for Economic and Clinical Health) Act of 2009 is legislation that was created to stimulate the adoption of electronic health records (EHR) and the supporting technology in the United States. The HITECH Act also expands the standards that aid in electronic exchange of health information nationally and provides incentives for covered entities that adopt Electronic Health Records (EHR).
- Individual – shall mean the person who is the subject of the Protected Health Information or Personally Identifiable Information.
- Information – All aspects of Protected Health Information, Personally Identifiable Information, Technical Information, Location-Based Information, and Behavior Tracking Information (collectively known as “Information”)
- Minimum Necessary (Need to Know) – Minimum necessary , (or informally, need to know rule), is a key protection of the HIPAA Privacy Rule. The Solera minimum necessary policy adheres to the current industry standard that PHI and PII should not be used or disclosed when it is not necessary to satisfy a particular purpose or carry out a function. The minimum necessary standard requires covered entities to evaluate their practices, and enhance safeguards as needed to limit unnecessary or inappropriate access to, and disclosure of, PHI and/or PII. When using or disclosing PHI and/or PII, or when requesting PHI and/or PII from another health care provider or health organization, Solera will limit the request to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request. Minimum Necessary does not apply in the following circumstances:
- Privacy and Security Officials (PSOs) – The Solera Privacy Officer and the Solera Security Officer are responsible for HIPAA privacy and security compliance issues.
- Personally Identifiable Information (PII)/ Protected Health Information (PHI) – Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context including health information transmitted or maintained in any form or medium, including oral, written, and electronic. PHI relates to an individual’s health status or condition, furnishing health services to an individual or paying or administering health care benefits to an individual. Information is considered PII where there is a reasonable basis to believe the information can be used to identify an individual.