Last Updated June 28, 2021
1.1.1. “Services” means eCW’s products and services, such as our websites (“Sites”), electronic medical records systems, practice management systems, healthcare provider customer portals (“Provider Portals”), patient portals (“Patient Portals”, collectively with Provider Portals, “Portals”), software and mobile applications for the foregoing, etc.
2. The Personal Information We Collect
2.1. When you access and use the Services, we may collect the following types of information:
2.1.1. “Personal Information” is information that identifies an individual or relates to an identifiable individual or household. The types of Personal Information collected, and the uses thereof depend on the purposes for which we collect the Personal Information (e.g., whether you are a visitor to our Sites, a user of our Portals, or a customer of our Services).
2.1.2. “Protected Health Information” or “PHI” is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”).
2.1.3. “Usage Data” is information that we automatically collect about your use of the Services and includes the sort that Web browsers and servers typically make available, through Web server logs, Web beacons, cookies and other similar tracking technologies, about the devices you use to access our Services, as well as information on how you interact with our Services. Usage Data may include the IP address of a device or internet service used to connect your device to the Internet and may provide information about your Location; computer and connection information such as your browser type and version; operating system and platform; confirmation when you open e-mail that we send you; purchase history; and the URLs which lead you to and around the Site including the date and time of access. Usage Data may overlap with Location Information. Usage Data is generally not Personal Information but may be in some instances.
3. How We Collect Your Personal Information
3.1. eCW uses information collected from users of the Services to personalize and improve your visit and experience, to provide the Services to you or our customers, and for other purposes set out below. When you use the Services, eCW may collect Personal Information in the following ways described below.
3.2. Information You Provide to eCW: eCW collects Personal Information when you use and interact with the Services, such as when you:
3.2.1. Communicate with eCW about our Services whether by letter, e-mail, online chat window, or telephone;
3.2.2. Complete and submit forms to us on our Sites or Provider Portals (e.g., to register for an account on a Provider Portal, authenticate yourself to verify your authorized use of the Services, to register for our events, or to subscribe to our newsletters);
3.2.3. Visit our offices; or
3.2.4. Visit our Sites or interact with us on social media and provide us Personal Information.
3.3.Information that eCW Collects Automatically: When you use the Services, eCW may automatically collect Usage Data subject to the settings of your device that you use to access the Services. With your consent, we may also collect information from your device to facilitate your use of certain features of the Services. eCW may use this data to analyze trends and statistics to improve your online experience or our customer service.
4. Protected Health Information; eCW as a Business Associate
4.1. Certain Services we provide to our customers or make available to their patients, such as the Portals, as well as certain support operations, involve access to, and the processing of, PHI. This PHI is provided to us pursuant to a service agreement, business associate agreement, or other document with terms and conditions for the Portals (the “Customer Documents”) that we have entered with our customers (health care providers or their firms, “Providers”) that also govern our use of PHI of their patients provided by our Provider customers or their patient users.
5. Use of Information Collected By eCW
5.1. eCW uses the Personal Information collected to provide Services to our customers and their authorized users to improve user experience with the Services, and to communicate with you about requested information. eCW may use Personal Information to help target specific offers to customers and others and to develop and improve its Services.
Additionally, eCW may share your Personal Information as discussed below in Section 7, and use your Personal Information to:
- Respond to user service requests, user questions and concerns, and administer user accounts. We may use your information to verify your identity, register you, administer your account, or provide you the information, products, and services that you request.
- Provide service to our customers, which include Providers. If you are a patient of a Provider, we use your information when providing the Services to the Provider.
- To communicate with users about our products, services, and related issues. We may use your information to try to identify if you may be interested in any of the Services or our business partners’ products and services. If we think something may interest you, we may send you information and promotional materials. You may unsubscribe from receiving marketing e-mails from us by using the unsubscribe link included in marketing e-mails.
- To administer fees and provide users with invoices or resolve billing issues. We may use your information to verify your identity in order to process your payments.
- Conduct research and analysis. We may use your information, subject to your consent, or otherwise in de-identified or aggregate form as part of research studies.
- In the event of a business transaction. If we are exploring or go through a business transition or financial transaction, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, securities offering, or sale of all or a portion of our assets, we may use your information in connection with exploring or concluding such transaction.
- To comply with law. We may disclose your information to comply with any applicable laws and/or regulations, such as to comply with valid legal processes such as a search warrant, subpoena, or order from a court or tribunal of competent jurisdiction.
6. Data Collection Technologies
6.1.1. Web Beacons: A Web Beacon is a Web page element (such as a clear gif, pixel tag or single-pixel gif) that may be embedded into our Sites or e-mail communications, and which may employ cookie technology to enable eCW to record clickstream data
6.1.2. Cookies: Cookies are small text files placed on your device to store data that can be recalled by a Web server in the domain that placed the cookie. Cookies enable eCW to collect clickstream data, including traffic on the Sites. You may set your browser to reject certain cookies or to notify you when you are sent a cookie. Rejecting cookies may limit functionality of the Sites. Third parties also provide software that allows you to visit the Sites without providing certain types of this information. Our Sites may use the following types of cookies:
188.8.131.52. Essential/Strictly Necessary Cookies: These cookies are necessary for the Sites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the Sites will not then work.
184.108.40.206. Analytics/Performance Cookies: These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our Sites. They help us know which pages are the most and least popular and see how visitors move around the Sites. Information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you have visited our Sites.
220.127.116.11. Targeting/Advertising Cookies: These types of cookies may be set by our advertising partners at Sites at which a cookie banner is displayed. These cookies may be used by those advertising partners to build a profile of your interests and to show you relevant adverts on other websites. You may disallow these targeting/advertising cookies using the cookie banner. If you do not allow these cookies, you will experience less targeted advertising.
6.1.3. Analytics Services: We may use third-party Web analytics services (such as those of Google Analytics) and other technologies on our Services to: collect and analyze usage information through cookies and similar tools; engage in activities such as auditing, research, or reporting; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.
6.2. Notice Concerning Do Not Track: Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our website for third-party purposes, and that is why we provide the variety of opt-out mechanisms listed above. We do not currently use technology that recognizes “do not track” signals from your Web browser. To learn more about Do Not Track, you can do so here.
7. Sharing of Information
7.1.1. At Your Request: eCW may disclose Personal Information to third parties at your request, direction, or authorization. For example, if you direct eCW to disclose your Personal Information to a third party entity, whether and eCW business partner or other third party to use the third party’s service, we will share your information with the third party.
7.1.2. Internal Sharing: eCW may disclose Personal Information to its affiliates (including parents, entities under common ownership, and subsidiaries, such as Healow, LLC), and other related companies without authorization.
7.1.3. With Our Service Providers: eCW may disclose Personal Information to service providers for the purposes of operating our business, delivering, improving, and customizing our products or services, sending marketing and communications related to our business, payment processing, and for other legitimate purposes permitted by applicable law.
7.1.4. With Our Customers: eCW may disclose Personal Information, including Sensitive Personal Information, to its customers consistent with the Customer Documents. Sensitive Personal Information” refers to Personal Information regarding more sensitive areas, such as government ID and certain other financial information, gender, marriage status, race/ethnicity, or veteran or disability status.
7.1.6. Business Transaction: If eCW sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, eCW may transfer your Personal Information to a third party as part of that transaction.
8. Advertising and Third-Party Data Collection
eCW may enter into relationships with third-party advertising companies to drive traffic to and serve ads on our Site. These third-party companies may also collect information through Data Collection Technologies described in Section 6 to measure the effectiveness of their ads and to personalize advertising content. In addition, the Network Advertising Initiative offers useful information about Internet advertising companies (also called “ad networks” or “network advertisers”), including information about how to opt-out of their information collection, here.
8.1. You may opt-out of receiving marketing communications from us by following the instructions included in such a communication or by contacting us as provided in the Contact Information Section 17. If you opt out, we may still send you non-marketing communications, such as those about your account or our ongoing business relationship.
8.2. You may review and request changes to the Personal Information we have collected about you by contacting us as provided in the Contact Information Section 17 below.
9. Biometric Data
10. Security of Personal Information
eCW has reasonable and appropriate safeguards in place to help protect the Personal Information eCW collects from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Although eCW attempts to protect the Personal Information in our possession, no security system is perfect, and eCW cannot promise that your Personal Information will remain absolutely secure in all circumstances.
11. Retention of Personal Information
eCW will retain your Personal Information as needed to fulfill the purposes for which it was collected. eCW will retain and use your Personal Information as necessary to comply with eCW’s business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
12. Aggregated De-Identified Information
eCW may provide aggregated information related to your Personal Information to some of eCW’s business partners. This information is used in a collective manner and does not identify you individually in any way. If you are a patient of a Provider, we may only create, use or disclose aggregated or certain de-identified PHI as authorized by your Provider in the Customer Documents.
13. Links to Third Party Websites
Our Sites may contain certain links to third party websites. eCW is not responsible or liable for the privacy practices or content found on these websites. You should check the privacy notice and policies of each website you visit. Links to third party websites are provided solely for your convenience and any use or submission of data to such websites shall be at your sole risk.
14. Children’s Privacy
Our Services are not directed toward children under the age of 13. We do not promote our Services to minors, and we do not knowingly collect any Personal Information through our Services from any person under 13.
15. United States Only
17. Contact Information
2 Technology Drive
Westborough, MA 01581
Attn: Chief Privacy Officer
This e-mail address is monitored only for privacy-related inquiries. If you are a patient and have a question related to accessing the Patient Portal, please contact your healthcare provider.
Pursuant to applicable law, eCW may be required to send you notice of known or suspected security breaches that impact Your Personal Information. In the event that eCW must provide a notice of a security breach to You, eCW will send security breach notices to the contact information contained in your account information unless eCW is required by law to notify you using another method. Otherwise, if eCW needs, or is required, to contact you concerning any event that involves information about you we may do so by e-mail, telephone, or mail.
18. Privacy Notice for California Residents
Effective Date: January 1, 2020
Last Updated: June 28, 2021
18.1. CCPA Personal Information Collected By the Services
Through a user’s interactions with the Services, eCW collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“CCPA Personal Information”). CCPA Personal Information includes any information you have provided in connection with your use of the Services.
CCPA Personal Information does not include:
- Publicly available information from government records;
- De-identified or aggregated consumer information; or
- Information excluded from the CCPA’s scope, like:
- PHI, health or medical information covered by HIPAA and the California Confidentiality of Medical Information Act (“CMIA”) or clinical trial data;
- Information we collect from our employees or business contacts pursuant to CCPA’s temporary exceptions for these categories of individuals.
|Category of CCPA Personal Information||Examples|
|Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, e-mail address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers|
|Personal information categories listed in the California Customer Records statute (Cal.
Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.|
|Biometric information.||If you have biometric authentication integration as part of the Services, then we may collect information concerning Your fingerprints, faceprints, and voiceprints, and iris or retina scans.|
|Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.|
|Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.|
|Sensory data.||Audio, electronic, visual, or similar information. Audio recordings of calls are typically in this category.|
|Professional or employment-related information.||Current or past job history or performance evaluations|
|Inferences drawn from other Personal Information.||Inferences drawn from other Personal Information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.|
18.2. How We Collect Your CCPA Personal Information
We collect each of the categories of CCPA Personal Information listed above in one or more of the following ways:
- Directly from You;
- Indirectly from You (e.g., information collected in course of delivering services);
- Third party applications that are integrated with our “eManager” software;
- Other third parties that interact with us in connection with the services we perform;
- Other medical providers, third party payors, and government authorities;
- Data brokers or resellers from which we purchase data to supplement the data we collect;
- From employees; and
- From other vendors/suppliers.
18.3. Our Use of Your CCPA Personal Information
eCW uses the CCPA Personal Information collected in an effort to improve your experience with the Services, to provide the Services to you and to communicate with you about information that you request. eCW may also use CCPA Personal Information to help target specific offers to you and to help eCW develop and improve its Services. Additionally, eCW may use Your CCPA Personal Information for one or more of the following business purposes:
- To respond to user service requests
- To administer user accounts;
- To provide service to our customers, which include Providers;
- To respond to Your questions and concerns;
- To market and communicate with users about our products, services, and related issues;
- To administer fees and provide users with invoices or resolve billing issues;
- To conduct research and analysis;
- To carry out our obligations and enforce Company’s rights arising from any contracts entered into between You and us;
- As necessary or appropriate to protect the rights, property or safety of us, our customers or others;
- To provide, support, personalize, and develop our products and services;
- To help maintain the safety, security, and integrity of our website, products and services, databases and other technology assets, and business;
- As described to You when collecting Your CCPA Personal Information or as otherwise set forth in the CCPA;
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity; and
- Undertaking activities to verify or maintain the quality or safety of a service of the business and to improve, upgrade, or enhance such service.
18.4. Sharing of CCPA Personal Information with Third Parties
In the preceding 12 months, we have disclosed the following categories of CCPA Personal Information to the preceding categories of third parties: identifiers and personal information; characteristics of protected classifications under California or federal law (for users of our Conference Events app); commercial information; biometric information (for users who have biometric authentication as part of the Services); Internet or other similar network activity; geolocation data (for users of our Conference Events app); sensory data; professional or employment-related information; and inferences that we draw from Your CCPA Personal Information to create a profile about Your preferences. We also disclose other information voluntarily and incidentally disclosed by you through your interactions with eCW that falls under one of the enumerated categories above.
In the preceding 12 months, third parties have that have advertising technology activities on eCW websites have received the following categories of CCPA Personal Information: identifiers and personal information, and inferences that we draw from Your CCPA Personal Information to create a profile about Your preferences.
We do not knowingly disclose or sell Personal Information of minors under 16 years of age to non-service provider third parties.
18.5. CCPA Data Subject Rights
As a California resident, You have the right to certain “information requests,” that include (i) requests to obtain a copy of your CCPA information, or for additional disclosures about the CCPA Personal Information we collect, use, disclose and sell over the past 12 months (collectively “requests to know”); and (ii) a request for information regarding and deletion of Your CCPA Personal Information (“request to delete”). As a California resident, you also have the right to opt-out of the sale of CCPA Personal Information at any time if eCW were to sell CCPA Personal Information (“right to opt-out”).
Consumers who opt-in to personal information sales may opt-out of future sales at any time. eCW will not discriminate against you for exercising any of these rights, for example, by charging a different price or denying goods or services. However, eCW may charge a different price or rate or provide a different level or quality of goods or services when that difference is reasonably related to the value provided to us by the data.
You may also limit the use and disclosure of Your CCPA Personal Information by either unsubscribing from marketing communications or contacting eCW at the address listed above under Section 17 titled “Contact Information”. Please note that some information, excluding claims data information provided by CMS as part of the “Blue Button” program, may remain in eCW’s records even after You request deletion of Your CCPA Personal Information, to the extent required by applicable laws. Additionally, there may be limits to the amount of information eCW can practically provide. For example, we may limit access to CCPA Personal Information where the burden or expense of providing access would be disproportionate to the risks to an individual’s privacy or where doing so would violate others’ rights.
18.6. How to Exercise CCPA Data Subject Rights
If you wish to exercise any of these rights, please complete this Web form https://eclinicalworks.com/privacyrequests/. You may also call us toll-free at +1 (866) 888-6929.
To exercise the right to opt-out, you (or your authorized representative) may also submit a request to us by visiting the following Internet Web page link “Do Not Sell My Personal Information.”
We will review your requests and respond accordingly. The rights described herein are not absolute and we reserve all our rights available to us at law in this regard. Additionally, if we retain Your CCPA Personal Information only in de-identified form, we will not attempt to re-identify your data in response to a Data Subject Rights request.
If you make an information request/request to know or request to delete CCPA Personal Information about You, You will be required to supply a valid means of identification as a security precaution. We will verify your identity with a reasonably high degree of certainty using the following procedure where feasible: we will match identifying information you provide when making the request to the CCPA Personal Information maintained by eCW or use a third-party identity verification service. If it is necessary to collect additional information, eCW will use the information only for verification purposes and will delete it as soon as practicable after complying the request. For requests related to particularly sensitive information, we may require additional proof of identification.
If you make a Data Subject Rights request through an authorized agent, we will require written proof that the agent is authorized to act on your behalf.
We will process your request within the time provided by applicable law.
18.7. Other California Privacy Rights
In addition to the rights already described, California’s Shine the Light law permits California residents to request certain details about how their information is shared with third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes. Under the law, a business must either provide this information or permit California customers to opt in to, or opt out of, this type of sharing.
We may from time to time elect to share certain information about you collected by us through the Services with third parties or affiliates for those third parties’ or affiliates’ own direct marketing purposes. If you are a California resident, you may opt out of such future sharing of your personal information (as defined by the California Shine the Light law) by contacting our Privacy Officer at email@example.com with the phrase “Do Not Share” in the subject line.
18.8. CCPA Roles
If you are a California resident and we, as a service provider, have processed personal information about you on behalf of our customers and you wish to exercise your CCPA rights, please inquire with our customer directly. If you wish to make your request directly to us, please provide the name of our customer on whose behalf we processed your personal information. We will refer your request to that customer and will support them to the extent required by California privacy law in responding to your request
18.9. Individuals with Disabilities
If you have a disability and would like to access this Notice in a different format, you may contact us at firstname.lastname@example.org with the phrase “Alternative Format California Privacy Notice” in the subject line.
18.10. CCPA Governing Law
This Notice will be subject exclusively to the laws of the State of California within the United States of America. We make no representation that this Notice and such practices comply with the laws of any other country. Visitors who use this Site and reside outside the United States do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable. If you reside outside of the United States, by using our Site, You consent to the transfer and use of your information outside your country.