List of Terms
"PHR" stands for a web-based Personal Health Record. A web-based PHR is an electronic health data application that can help you collect, manage, and share your
health information. Web-based PHRs may be offered by a hospital, insurance company, employer, or a commercial vendor.
When you sign up for a PHR, you provide, or the PHR company or its service providers, import information about you that becomes the PHR Data. Any information in
your PHR is considered PHR Data. PHR Data might include, but is not limited to:
- Your name and contact information, such as your address, phone number, or email address
- Your medical history, conditions, treatments, and medications
- Your healthcare claims, health plan account numbers, bills, and insurance information
- Demographic information, such as your age, gender, ethnicity, and occupation
- Computer information, such as your IP address and “cookie” preferences
A PHR company (and its service providers) may use your PHR Data to:
- Operate and manage its PHR platform, software, and website
- Maintain and protect its computer systems
- Comply with the law, such as responding to subpoenas and search warrants
- Personal Data and Statistical Data are the two types of PHR Data.
Personal Data is any PHR Data that connects to you as an individual such as names, health conditions, and other identifiers.
Statistical Data is PHR Data that is 1) grouped so it does not connect to you as an individual and 2) has names and other identifiers removed or altered.
Personal Information includes your PHR Data, as well as any other information about you that can be reasonably linked to you. Personal Information can also
include but is not limited to your financial information or social security number.
Companies and their services providers might report about their business activities and their customers (you) to others, such as investors, auditors, potential
business partners, or public communities.
Limiting Agreements are legally binding agreements that prohibit certain third parties, which are not the PHR Company’s service providers, from releasing your
Personal Data or re-identifying individuals. Third parties can include advertisers, researchers, and others who receive PHR Data.
service provider is an entity that is hired to perform certain functions for and operate under the direction and control of the PHR company. Service providers may
include software or website designers and data storage providers.
Security measures can include computer safeguards, secured files, and employee security training. PHR companies may be required by law to notify you about
particular data breaches.
When PHR Data is stored in the United States, U.S. law enforcement agencies may be able to prosecute if the data is stolen or breached.
Activity logs are the PHR Company and its service providers’ records of when PHR Data is created, accessed, modified, deleted, released, or exported in the PHR
program. The practices described in this notice only apply to [Company Name] and its service providers. These practices do not apply to any other organizations,
links, web sites, programs, or applications that may be available through [Company Name] or its service providers. Always read the policies of any company,
web site, application, or service where you provide your Personal Information. This notice is not intended to be a substitute for communicating the full privacy
and security policies of [Company Name]. We encourage you to learn more about our privacy and security policies (including options that may allow you to opt out),