Patient Pattern has achieved Office of the National Coordinator for Health Information Technology (ONC-Health IT) 2015 Edition Cures Update Health IT certification.

Privacy Policy

Overview and scope

Overview

This policy and applicable supporting procedures are designed to provide Patient Pattern with a documented and formalized process for protecting individuals’ privacy. Respect for the privacy of personal and other information is fundamental to us. This privacy policy describes our collection of personal information from users of our Web site ("Website" or "Site"), our Platform, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Policy is displayed (collectively, together with the Website, our "Service"). This Policy also describes our use and disclosure of such information. By using our Service, you consent to the collection and use of personal information in accordance with this policy.

Scope

This policy and supporting procedures cover the privacy of all data collected by Patient Pattern in its interaction with individuals in its business operations.

Roles and responsibilities

The following roles and responsibilities are to be developed and subsequently assigned to authorized personnel within Patient Pattern regarding privacy practices:
  • Chief Privacy Officer: Responsibilities include providing overall direction, guidance, leadership, and support on methods and tools for the implementation of a security and privacy-related program. The Chief Privacy Officer will conduct resource and investment planning to implement the management, operational, technical, and privacy requirements of the program;
  • Privacy Committee: Responsibilities include approving and monitoring adherence to this policy, analyzing the organization’s environment, and the legal requirements with which it must comply. Additional responsibilities include.
  • Execute the privacy operations of the firm, including monitoring the system used to solicit, evaluate, and respond to individual privacy complaints and problems.
  • Evaluate implemented privacy controls;
  • Assessing existing policies and procedures that address privacy areas.
  • Working with appropriate departments to ensure compliance with privacy policies and procedures;
  • Recommending and monitoring, in conjunction with the relevant departments, the development of internal systems and controls to carry out the organization’s privacy objectives;
  • Report to the Chief Privacy Officer on the effectiveness of the privacy controls/program in meeting applicable regulatory requirements and standards.

Personal information

"Personal Identifiable Information" (PII) as used in this policy, is information that specifically identifies an individual, such as an individual’s name, social security number, telephone number, or e-mail address. Personal information also includes information about an individual’s activities, such as information about his or her activity on the Site or credit history, and demographic information, such as date of birth, gender, address, geographic area, and preferences, when any of this information is linked to personal information that identifies that individual.

Personal information does not include "aggregate" or other non-personally identifiable information. Aggregate information is information that the organization collects about a group or category of products, services, or users that is not personally identifiable or from which individual identities are removed. The organization may use and disclose aggregate information, and other non-personally identifiable information, for various purposes.

PROTECTED HEALTH INFORMATION

"Protected Health Information" (PHI) as used in this policy, is information that specifically identifies an individual used together with medical information. PHI is individually identifiable information relating to the past, present, or future health status of an individual that is created, collected, or transmitted, or maintained by a HIPAA-covered entity in relation to the provision of healthcare, payment for healthcare services, or use in healthcare operations (PHI healthcare business uses). PHI is also not limited to digital text. Videos, images, x-rays, MRIs, doctors’ notes, and insurance cards are all examples of PHI.

PHI includes, but is not limited to the following data types.