Peoplechart Privacy Policy

We are committed to protecting the privacy and security of our members' health information within our control. These Terms and Conditions explain how we transmit and store health information, what choices we give our members regarding the access to the information, what measures we take (and certain limitations on our ability) to safeguard and protect the privacy and integrity of the stored information, and what "cookies" are and how they are used.

Measures We Take to Safeguard Member Information

Peoplechart's security system provides a variety of rigorous information security features, including: state-of-the-art firewall protection, stringent login credentials and verification process, advanced encryption for all internet-based data communications, encryption within Peoplechart's systems for "data at rest", and additional firewall protection between the user interface and system’s databases.

In addition, members can further protect their personal information by controlling who is authorized to have access and using the Peoplechart access event log to monitor the details of each access event. Peoplechart's system also gives members the ability to limit the scope of personal information and systems features that they choose to make available to each authorized user (through intricate table of roles and privileges). The system features also include the ability for the member to set or limit the time period (start time and duration) during which authorized information access is allowed. Finally, Peoplechart's patented "Dual Channel Lock" system provides an additional level of protection in the event of any unauthorized access to Peoplechart’s systems.

Our "live" or production servers and database are guaranteed 99.9% uptime and protected by a professional and secure data storage facility that is located in disaster-free zone state. The facility includes video surveillance cameras, motion and temperature detectors, and continuously monitoring for online intrusions.

Re-Disclosure Risk

Peoplechart stores members' health information in dedicated web servers. Peoplechart will not disclose any of the member's personal, identifiable health information to third parties without member authorization. Our system, however, does provide members with the ability to register new users who are third parties (such as physicians and agents), and if the member chooses, turn "on" the ability for these third party users to register other users who will have access to the member's personal, identifiable health information.

Any time a new user is being registered to a member's account, Peoplechart sends a notification via email to the member and to the person who is registering the new user (if not the member) about the registration of a new user. The notification also provides instructions for the member and the person who is registering the new user to void or change the terms of the registration.

It is very important for our members to understand the potential risks associated with users to whom members have granted the privilege of registering a new user who, in turn, is able to access the personal information of the member. In particular, when our members decide to grant to other users the privilege of registering new users (by switching the "create-new-users" default setting from "off" to "on"), Peoplechart is limited in its ability to control against intentional or unintentional breaches to privacy. However, inside the privilege profile table of the new user, the member or the person registering the new user can select for certain type of information to be kept private.

There may be times when we are legally required to release member information in order to comply with a search warrant or court order, but in such cases we will notify our members that we are doing so unless it would violate the law for us to do so.

We may give access to member's information on an as-needed basis from time to time to our employees and contractors who are directly involved with the maintenance or upgrading of our servers and for the purpose of handling and processing requests for medical record collection as authorized by our members. Our employees and contractors with access to our databank must sign confidentiality clauses relating to the disclosure and use of personal health information and are required to follow strict operating guidelines to protect the confidentiality and security of the information.

Sharing of Information

Our members have the ability to limit user access to their personal health information or to exercise the need for complete privacy when desired. Once a member decides to share information with another person by registering the person as a new user, an email notification is sent out to both the member and the user. This way, the member has a chance to void or edit the action associated with a particular user. A member can exercise several methods of sharing information with registered users of the member's account (part of the member’s designated "care community") or with people who are not registered as users and only interact with our member outside of the Peoplechart system:

Internal-to-Internal Information Sharing (Within Same Server Computer)

Features are controlled by default settings that can be turned on/off by the member for each authorized user at any time.

  • Select which documents can and cannot be shared
  • Create/add new users to the member's care community for online access
  • Control type and scope of access by turning on or off certain features (privileges) for each authorized user of each member's account
  • Control start time and duration of account access for each authorized user of each member's account
  • Create and assign specific documents, folders, and reports to specific user(s)
  • Attach document/report to an internal message (within same server) sent to user
Internal-to-External Information Sharing (Server Computer to External Device)

Features are controlled by default settings that can be turned on/off by the member for each authorized user at any time.

  • Fax information directly from member's account to an external fax machine
  • Download information into password-protected and encrypted file that can be zipped and stored in portable device (CD-ROM or USB memory device)
  • Pre-define scope of information disclosure for emergency situation when member cannot communicate

Limitations on Security and What Happens if Security Breach Occurs

Peoplechart has not experienced any security breach since the company was founded in 1999. However, there is always some risk that an unauthorized third party may find a way to thwart our security systems and methods. Our members must always weigh the advantages of convenience with the potential risks and compromise to systems security. Should our members discover or suspect that a breach has occurred, we ask that they notify Peoplechart immediately at our toll-free number (888) 779-8879.

Once the breach is determined to be valid, Peoplechart will notify the members-at-risk of the investigation's findings including the source, scope, and nature of the breach. With member permission and help, Peoplechart will take action steps to limit the damage from the breach; to address the issues at hand; and to set up preventive measures for reducing the reoccurrences of such risks in the future.

Please review more details about our efforts to investigate and address security issues in section "What Happens if a Security Breach Occurs" as part of the Security Overview link provided on the bottom of each page of our public website.

Cookies

Cookies are small computer files we transfer to a user's computer hard drive that allow us to label the user (although it does not identify the user by name unless the user has provided our site with that information or set up its browser preference to provide this information). The cookies let us know how often someone visits our site and the activities they conduct while on our site.

We do not use permanently stored cookies on our members' computers for many reasons, including our members' concerns about potential privacy misuse. Our server software uses temporary "per-session" cookies on our members' pages to ensure proper display of user interface features. Each of the many simultaneous member and visitor sessions are correctly and securely handled without requiring members to log in multiple times during an active session.

We track user requests, inquiries and traffic patterns as part of our own internal monitoring of patterns or usage. During the period a user is logged onto our website, we document the activities through an Audit Trail, a product feature we provide our members for tracking and reporting activities in their accounts.

Peoplechart provides links for software downloads (such as Acrobat Reader) to view the clinical record pages and reports in PDF format (in our Member-Only website). We also provide an online Health Encyclopedia from a certified third party.

External web site links provided on our site are only for the convenience of our members and do not constitute an endorsement by us. Do not act or rely on any information on such sites, or linked to such sites, without seeking the advice of a professional.

Destruction of Hard Copies of Medical Records

Peoplechart will continue to store the paper copies of the medical records received from our members or their healthcare providers for a period of three months after posting them to your account online. Peoplechart can also mail the hard copy of the medical records to the member at the member's request. If no request for the hard copy is received, Peoplechart will shred the medical records.

Membership Discontinuation and Destruction of Medical Record Electronic Copies

When a member decides to discontinue subscription with Peoplechart, we will continue to store electronic copies of the member's information in our system archives until explicitly instructed by the member in writing to delete all traces of information from archive files. Note that at any time, our members can download a password-protected and encrypted copy of their medical records and personal health information onto a portable device (such as a memory stick or CD-ROM) so that they can take the information with them wherever they go. Of course, members can also choose to store a copy directly in the hard drive of their personal computer and/or print a hard copy directly from their account at any time.

Communications with Members

Peoplechart will occasionally send its members general, unsecured, and unencrypted emails to notify and verify certain changes in their account made either by the members themselves or by other authorized users. We will keep disclosure of personal identifiable information in these emails to a minimum. Sometimes, however, the purpose of the email might require certain identifiable information to be disclosed in order for the content to be helpful or actionable to the recipient. Peoplechart may send email notifications or alerts to our members for the following reasons:

  • Confirmation of successful registration
  • Status update on medical record collection process
  • Users added or removed in care community
  • Folder access privilege turned-on
  • Provider referrals made
  • Incoming message received in account
  • Reset of password or security question & answer
  • Reminders for user action or response
  • Alerts when certain clinical parameters or conditions are met

Under no circumstance would Peoplechart communicate or confirm user login and password credentials via unencrypted email.

Information Collected About Our Members

We occasionally collect demographic information about our members to help us identify which groups are using our services and how we can best serve them. This information is always anonymous and is collected in aggregate or in groups, so no individual or specific information is shared. For example, we track which age groups are subscribing to Peoplechart, and whether men or women are more likely to sign up. We will not sell or rent our member identities and will not release a member’s password or user ID. Moreover, any of our personnel who have authorization to access the database cannot recognize the real password information because it is stored in encrypted format.

Forgot Password

Each member is responsible for the security of his or her password and agrees to take reasonable measures to ensure that no unauthorized person obtains it. Each member agrees to advise Peoplechart if he has reason to believe his password or user ID has been obtained by an unauthorized person. In such cases, Peoplechart will deactivate the member’s account until a new password and user ID is assigned.

In the event a user forgets their password, they are advised to follow the 'forgot password' process, which includes providing the correct answer to the security question that they chose during account registration. If the user has forgotten the answer to their security question, they could contact Peoplechart to reset their security question. When they call, they must be able to confirm their identity by answering several personal or account-related questions for a security check.

Changes to Our Privacy and Security Policy

When we change our privacy or security policy, we will post these changes on our public website under the respective section headers (privacy or security policy). We will also inform members of our changes via email notifications, so that members are always aware of how we collect, store and safeguard their information and under what circumstances
we disclose it.