This privacy statement provides information required by law about privacy, confidentiality and related policies for Users of the Pharmalto Medicine-Vault® Personal Health Record Application (the “Medicine-Vault App”) and the other applications and services, including the Medlife® Health Portal (the “Medlife Portal”) and PharmaltoID™ Application (the “PharmaltoID App”), available through the digital ecosystem supporting the Medicine-Vault App. The services provide through the Medicine-Vault App, the Medlife Portal and the PharmaltoID App are collectively referred to as the “Services.” Web sites not managed or operated by Pharmalto, User agreements for other programs and applications, healthcare provider consent or authorization forms, and any associated agreements may provide additional information about privacy.
This Statement applies to all information collected by or submitted to Pharmalto, to create a personal health record maintained in the Medicine-Vault® ecosystem. Pharmalto websites may contain links to external websites and through the existence of these links does not endorse or take any responsibility for their privacy practices or policies.
The Medicine-Vault App is a personal health platform that lets you gather, edit, add to, store, and share health information, pursuant to your authorization, on internet resources that, collectively, are called “your Medicine-Vault.” With your Medicine-Vault, you can generate, maintain, control and have ready access to your own personal health records. You can also share some or all of your Personal Information (as defined below) with other persons whom you authorize to receive it, such as family, friends, health care professionals, mobile phone applications, health-related devices, and online tools; likewise, those persons may be able to share their own information with you.
Your Medicine-Vault can be shared with separate programs and systems that are part of the Medicine-Vault App digital ecosystem and can connect with the Services (the “Programs”) to use, edit and add to your Medicine-Vault. The Programs can help you manage your Medicine-Vault and find relevant health information.
You can choose to share specific information (or all information) stored in your Medicine-Vault with:
- Other people (such as friends and family)
- Programs (such as Programs that add data to your PHR, provide information to your healthcare provider, or use some of your PHR to provide information to you about managing your health)
When registering with Pharmalto to become a User of the Services, you will be asked to enter an identifier and password to sign in and provide some other information (but no health information) about you to the Pharmalto account system.
When you register, you will be asked to create your Medicine-Vault account. To create your Medicine-Vault account, you must provide personal information such as name, date of birth, e-mail address, postal code and country/region. Depending on which features you use, you may be asked for additional information. Any information you provide for these purposes is considered “Personal Information.”
Pharmalto will use the e-mail address you provide when you create your Medicine-Vault account to send you an e-mail requesting that you validate your email address, to include in sharing invitations you send through the Service and to send you Service notifications, such as e-mail notifications which notify you that information is available to add to your Medicine-Vault. As described in their privacy statements, the Programs you authorize may also use your e-mail address.
Your Medicine-Vault account allows you to create and manage one or more web-based personal health records (“PHRs”), such as the ones you create for yourself and your family members (such as your minor children). You choose the information to put in the PHRs in your Medicine-Vault. Examples of the data you can store in you Medicine-Vault (“PHR Data”) include:
- Your name and contact information, such as your address, phone number or email address and
- other computer information including “cookie” preferences.
- Your age, gender, ethnicity and occupation.
- Your medical condition and history, including current conditions, treatment and medications.
- Your healthcare claims, health plan account numbers, health-related bills and insurance
- Your measurements such as blood glucose and blood pressure.
- Your discharge summaries from hospitalizations.
- Your lab results.
- Your fitness or other wellness related activities.
This information is important to you and your security. You will use the Programs to enter a wide range of health information into your Medicine-Vault. Also, you can give the Programs permission to view, add, modify, or delete information in a PHR in your Medicine-Vault. Some Programs store their own copy of the information they access.
If you have created a Medicine-Vault account or sub-profile PHR as a parent, guardian, or personal representative, on behalf of a minor User or another User for whom you make some or all medical decisions (collectively, the “non-contracting User”), certain Personal Information or PHR Data pertaining to the non-contracting User may be withheld by the healthcare provider of the non-contracting User from Medicine-Vault or PHR pursuant to state or federal law and within the discretion of the health care provider. If you require access to that information, you must request, in writing, that healthcare provider to add the withheld information to the non-contracting User’s PHR. In his or her discretion, the healthcare provider may deny such access and will so advise you directly.
If you are a non-contracting User, please consult your healthcare provider, legal counsel, or applicable laws regarding health services you may or are required to consent to and regarding authorization for others to gain access to such information.
Pharmalto does not obtain your Personal Information unless you provide it to Pharmalto voluntarily or authorize a third party to provide it to Pharmalto. However, Pharmalto may obtain other information regarding your use of its Services or its webpages (collectively, “Statistical Data”), examples of which are:
- Internet address of the computer being used
- Webpages requested
- Network software access
- Referring Web page
- Browser used
- Date, time and duration of activity
- Passwords and accounts accessed
- Volume of data storage and transfers
Statistical Data does not include your names and other information that may identify it with you and is grouped or aggregated so it cannot be attributed to you as an individual.
You are the custodian of your Medicine-Vault. You may create sub-profiles for other individuals or Programs to access and view your Medicine-Vault, but you must invite them before they may gain access to the sub-profile you created. Some of the information stored in your Medicine-Vault may be highly sensitive, so you need to consider carefully with whom you choose to share your PHRs and other information. So, if you so choose, your Medicine-Vault may have multiple profiles within it.
The Medicine-Vault App and the other Services enable you to share your health information with people and programs who can help you meet your health-related goals. For example, you can share information in your Medicine-Vault:
- to co-manage the health of a family member
- to use it with other health-related products and services
- to consult with your health care provider
- to provide fitness information to coaches and trainers.
The Programs you elect to use will likewise gain access to your information. The access request will include: (a) the type of information the Program will access; (b) the function the Program will perform using your information (view, add, modify); and (c) links to more detailed information from the Program about its legal terms and privacy practices. You can find some Programs listed at https://pharmalto.com and you can access Programs directly through their own websites. You must affirmatively authorize a Program’s access to any PHR in your Medicine-Vault account. Pharmalto requires Program providers to agree to provide accurate information about their privacy practices and comply with applicable laws. Pharmalto limits the access any Program may have to your Medicine-Vault to that which you expressly permit in connection with your utilizing the Program, but Pharmalto does not control or monitor the privacy practices of any Programs, which will vary. You should read each Program’s privacy statement for more information. You can freely grant and revoke a Program’s access to the information stored in your Medicine-Vault. The access you grant a Program is valid until you revoke that access.
Except as expressly authorized by you, Pharmalto will not provide any unauthorized third party access to your Personal Information. For that reason, you must provide consent for each healthcare provider to have access to your Personal Information. For example, if you have authorized Physician A to have access to your Personal Information, and Physician A is on vacation and Physician B is the “on call” physician attending to you, then Physician B may only access your Personal Information if you provide consent to Physician B’s access. You will be asked to provide that consent in response to an electronic notification from Pharmalto. As another example, if you wish to change physicians, you will need to provide consent so that Pharmalto may provide your new physician with access to your Personal Information. Again, Pharmalto will ask for your consent via an electronic notification to you.
Pharmalto uses PHR Data to provide the Services and for the purposes described in this Statement. PHR Data in your Medicine-Vault may be stored or processed in the United States or any other country in which Pharmalto or its affiliates or Service Providers maintain facilities or equipment. Generally, a “Service Provider” is someone that is hired to perform certain functions for and operate under the direction and control of Pharmalto, and includes software or website designers and data storage providers.
Pharmalto does not use or disclose your information except as described in this Statement. Pharmalto may access or disclose your information if it believes to do so is necessary to: (a) comply with the law or respond to legal process in connection with legal proceedings, law enforcement investigations, or applicable law; or (b) to maintain and protect its computer systems and computer code operability and otherwise protect the rights or property of Pharmalto (including the enforcement of its agreements).
Additionally, Pharmalto will release your information to those persons you have given consent to receive that information. Moreover, Pharmalto occasionally hires other service providers to provide limited services on its behalf. Those services may require Pharmalto to give those services providers portions of your information. In that case, Pharmalto gives those service providers only that part of your information needed to perform the limited services. Pharmalto requires them to enter into an agreement that prohibits them from releasing your Personal Information or identifying you with any information they receive and to otherwise keep the information confidential.
Pharmalto may use Statistical Data to understand the way in which Users use the Services, to monitor, preserve and enhance the function and integrity of Medicine-Vault App digital ecosystem, to improve the quality of the Services, and to market the Services (for example, to tell potential advertisers how many Users live in the United States). Statistical Data is also collected for analysis and statistical purposes, and is used to help diagnose problems with Pharmalto’s equipment or to assess the performance of the ecosystem or parts of it. This information is not used in any way that would reveal your Personal Information to other persons except as described above.
Pharmalto is committed to protecting the security of your Personal Information. Pharmalto uses a variety of security measures, including computer safeguards, secured files, and employee security training, to help protect your Personal Information from unauthorized access, use, and disclosure. For example, Pharmalto stores the Personal Information you provide on computer servers with limited access that are located in controlled facilities. Additionally:
- Pharmalto sends all communications using encryption.
- You can view a history of access and actions to any Medicine-Vault record of which you are a custodian.
The service will periodically send you an email summarizing recent account activity, or notifications and reminders. Users may alter the types and frequency of notifications being received; however, a User may not opt out of this feature.
If you or a Program, deletes a piece of health information, it is permanently deleted, meaning Pharmalto cannot restore it. Pharmalto will add an entry in your Audit Log noting the name of the person who permanently deleted the information and the date the deletion occurred. The Programs and non-custodial persons with whom you have shared your information are not able to see or restore items in the trash, nor may they permanently delete health information.
If you are a custodian of a Medicine-Vault account, you may delete whole PHRs in that account by signing in to your Medicine-Vault account and deleting the PHR. If other Users had any level of access to that record, the record will no longer appear to them because the Service deletes the record for all Users and Programs. However, Pharmalto will wait ninety days before permanently deleting the deleted information to help avoid accidental or malicious removal of your health information.
Each Program provider must agree to provide accurate information about its privacy practices and comply with applicable laws. Pharmalto may revoke a Program provider’s access to any Service if a Program does not meet Pharmalto’s requirements. However, once you authorize and elect to use a Program, Pharmalto does not control or monitor those Programs, except to limit its access to your PHR data according to your authorization. Please contact Pharmalto if you believe a Program is not protecting the privacy or security of your health data.
No Program has access to your information through any Service unless and until you grant the Program access. You control the health information a Program may access and the time during which access is permitted. If a Program requires information you do not want to share, you should not use that Program or, if the Program allows you to withhold access to that information, you should elect to withhold access.
If you authorize a Program to have access to a record, the Program will get the name associated with your Medicine-Vault account, the nickname of the authorized record(s), and your relationship to that record.
The Services allow you to control (by accepting or denying Program requests for access) the types of health information you choose to share with each Program and the actions you will allow each Program to perform on the health information.
The level of access you can grant as a custodian includes:
- View-only access (time-limited access)
Access becomes active only when the recipient accepts the invitation.
Custodian access is the highest level of access. A custodian of a health record may:
- Read the record
- Change the record
- Delete the record
- Grant to Users access to the record.
- Revoke the access of any User to a record.
Because inappropriate granting of access could allow a grantee to violate your privacy or even revoke your access to your own records, carefully consider all the consequences before you grant access to your records.
As explained above, you as the custodian can create PharmaltoID access codes that can be used by anyone to get view-only access at Pharmalto’s web site to emergency profile information stored in the record, until the access code is cancelled by you.
The Medicine-Vault App allows multiple PHRs to be stored. This feature enables, for example, family health managers to create and manage PHRs for family members. When you create a PHR in your Medicine-Vault, you become a custodian of that record. As a custodian, you determine the level of access that other Users of that Medicine-Vault may be given. The Medicine-Vault APP creates a list and a history (“Audit Log”) of each time you or a Program may create, access, change, delete, release or exports your Personal Information or a User accesses your Personal Information. You can view and update records you are custodian of and can examine the Audit Log of access and changes to those records.
If a PHR is created by a parent or legal guardian on behalf of a non-contracting User who then reaches the age of eighteen, Pharmalto will automatically revoke access on the non-contracting User’s eighteenth birthday and the non-contracting User must then establish a separate account or otherwise agree to the terms of this Agreement on that non-contracting User’s own behalf. If the former non-contracting User desires that his or her parent, prior guardian, or personal representative continue to have access to the former non-contracting User’s PHR, the former non-contracting User must invite that person to gain access as described below.
You choose whether to create a Medicine-Vault account. The information in your Medicine-Vault account includes your name, e-mail address, geographic region, and username and password. Pharmalto may request other optional information, which will be identified as optional at the time of the request. You can review and update your account information. You can modify, add, or delete any optional information in your Medicine-Vault by signing into your Medicine-Vault account and editing your account profile.
You can close your Medicine-Vault account at any time by signing in and editing your account profile. Pharmalto holds the information in your Medicine-Vault account for ninety days before permanently deleting it to help avoid accidental or malicious removal of your health information. At that time, the Medicine-Vault App will delete all records for which you are the custodian. You should think carefully before you grant access to your records.
Pharmalto may occasionally update this Statement. When it does so, the version number and date at the top of this Statement will be updated to reflect the change. For material changes to this Statement, Pharmalto will notify you either by placing a prominent notice on the home page of the Pharmalto website or by sending you a notification directly. Please review this Statement periodically to stay informed about the procedures used to protect the Personal Information your provide Pharmalto. Your continued use of the Service constitutes your agreement to this Statement and any updates. Please be aware that this Statement and any choices you make on the Service do not necessarily apply to Personal Information you may have provided to Pharmalto in the context of other, separately operated, Pharmalto products or services.
Pharmalto is an authorized integrator with Allscripts, whose mission is to connect third-party applications, devices and other innovative healthcare technologies with Allscripts products to maximize an Open, Connected Community of HealthTM. To learn more, visit developer.allscripts.com and follow the Allscripts Developer Program on Twitter for the latest news.