InXite Privacy Policy

InX­ite Health Sys­tems Pri­va­cy Pol­i­cy Effec­tive Date: Novem­ber 27, 2018
InX­ite takes its oblig­a­tion to pro­tect the con­fi­den­tial­i­ty of, and to lim­it the uses and
dis­clo­sure of your Per­son­al Infor­ma­tion very seri­ous­ly. This Pri­va­cy Pol­i­cy lets you
know:
 what infor­ma­tion we col­lect about you when you reg­is­ter for and use the Ser­vices
and how that infor­ma­tion is used;
 what addi­tion­al infor­ma­tion you can pro­vide and orga­nize to take advan­tage of
the Ser­vices;
 the lim­it­ed ways in which we use the addi­tion­al infor­ma­tion you pro­vide;
 the ways in which we pro­tect the secu­ri­ty of your infor­ma­tion;
 the ways in which you con­trol the shar­ing of your infor­ma­tion with oth­ers, and the
very lim­it­ed cir­cum­stances in which we might ever dis­close your infor­ma­tion to
oth­ers with­out a direc­tion from you to do so;
 what hap­pens to your infor­ma­tion when you choose to close an account;
 ways in which you can fur­ther pro­tect your infor­ma­tion;
 how this pri­va­cy pol­i­cy can change and its scope.
Cap­i­tal­ized terms used in this Pri­va­cy Pol­i­cy have the mean­ings set forth in the
Def­i­n­i­tions sec­tion found at the end of the pol­i­cy. This Pri­va­cy Pol­i­cy does not apply to
Non-per­son­al Infor­ma­tion.

Personal Information we collect and how it is used

When you reg­is­ter to cre­ate a Ser­vice Account, you must pro­vide cer­tain Per­son­al
Infor­ma­tion includ­ing your name, your date of birth, and a valid email address. You also
will select a user­name and pass­word for the Ser­vice Account, and pro­vide oth­er
infor­ma­tion (such as answers to secu­ri­ty ques­tions and a secu­ri­ty phrase). We use the
infor­ma­tion you pro­vide to con­firm your eli­gi­bil­i­ty to estab­lish a Ser­vice Account, to
pro­tect against unau­tho­rized access to the Ser­vice Account you cre­ate, and to
com­mu­ni­cate with you regard­ing the Ser­vices. For exam­ple, when we send you email,
we will include the secu­ri­ty phrase that you pro­vid­ed; if you receive an email pur­port­ing
to be from InX­ite Ser­vices that does not con­tain the secu­ri­ty phrase you set on your
Ser­vice Account, you should not trust that the email was sent by InX­ite Ser­vices.
For InX­ite Ser­vices Ser­vice Accounts, you also will need to pro­vide the user­name and
pass­word you use for each InX­ite Account that you wish to have linked to your InX­ite
Ser­vices Account. Please note we do not store or retain any of your InX­ite Account
user­names or pass­words on InX­ite Servers. Instead, we use that infor­ma­tion to cre­ate
secure cre­den­tial­ing mech­a­nisms to ensure accu­rate future sys­tem iden­ti­fi­ca­tion
between InX­ite Ser­vices and your InX­ite Account provider orga­ni­za­tions’ web sites in
con­nec­tion with your use of the Ser­vices.
We also col­lect and record cer­tain infor­ma­tion from your brows­er each time you con­nect
to our Site, such as your IP address, brows­er type and lan­guage, date, time and
dura­tion of your con­nec­tion, and the actions that you per­form. That infor­ma­tion
becomes part of our Audit Files, which we use only in con­nec­tion with pro­vid­ing,
mon­i­tor­ing or improv­ing the per­for­mance of the Ser­vices, and in offer­ing any tech­ni­cal
sup­port or assis­tance you might request in con­nec­tion with your use of the Ser­vices.
We also store some infor­ma­tion in cook­ies (small text files) that are cre­at­ed on your
com­put­er. The infor­ma­tion stored there is retrieved when you con­nect to our Site and
used to improve or sim­pli­fy your user expe­ri­ence on sub­se­quent vis­its. Most web
browsers allow you to decline cook­ies, and if you’ve cho­sen to do so then some
fea­tures or con­ve­niences oth­er­wise avail­able when using the Ser­vices will not work for
you. Oth­er Per­son­al Infor­ma­tion you can pro­vide to take advan­tage of the Ser­vices
If you’ve estab­lished an InX­ite Ser­vices Ser­vice Account, you can enter, upload and
trans­fer from oth­er loca­tions a wide vari­ety of oth­er Per­son­al Infor­ma­tion to your
account for stor­age, main­te­nance, edit­ing, orga­ni­za­tion and shar­ing with oth­ers as you
direct. That Per­son­al Infor­ma­tion might include health records avail­able to you through
InX­ite accounts, oth­er health infor­ma­tion that you want to orga­nize or share as part of
your per­son­al health record, as well as doc­u­ments, X-rays, oth­er elec­tron­ic images, and
data from var­i­ous med­ical mon­i­tor­ing devices such as blood pres­sure or blood glu­cose
mon­i­tors.
We will make good faith efforts to pro­vide you access to your Per­son­al Infor­ma­tion
through the Site. InX­ite Ser­vices allow you to delete or cor­rect inac­cu­ra­cies in your
Per­son­al Infor­ma­tion that is stored on the Pro­duc­tion Servers.

How we use the Personal Information you provide and
store in your Service Accounts

InX­ite will not use, sell, rent, lease or dis­close any of your Per­son­al Infor­ma­tion for the
pur­pose of allow­ing third par­ties to adver­tise to you or oth­er­wise attempt to sell you
prod­ucts or ser­vices or solic­it you for busi­ness of any kind.
We use your Per­son­al Infor­ma­tion in sev­er­al ways:
 To pro­vide the Ser­vices to you;
 To pro­vide assis­tance or tech­ni­cal sup­port in con­nec­tion with your use of the
Ser­vices;
 To audit, mon­i­tor, improve and fur­ther devel­op the Ser­vices.

We also reserve the right to use your Per­son­al Infor­ma­tion to inves­ti­gate pos­si­ble
vio­la­tions of the Terms of Ser­vice that gov­ern your use of the Ser­vices, to pro­tect
InXite’s prop­er­ty and rights, to inves­ti­gate poten­tial fraud or secu­ri­ty issues, and to
com­mu­ni­cate with you regard­ing the Ser­vices or your use of the Ser­vices.

How we protect the security of your Personal
Information

InX­ite employs a wide vari­ety of admin­is­tra­tive, phys­i­cal and tech­ni­cal safe­guards to
pro­tect the con­fi­den­tial­i­ty, integri­ty, and avail­abil­i­ty of your Per­son­al Infor­ma­tion.
For exam­ple, only InX­ite employ­ees who have a need, such as those assigned to
oper­ate and pro­vide sup­port for the Ser­vices, are pro­vid­ed elec­tron­ic access to the
InX­ite Servers on which your Per­son­al Infor­ma­tion is stored. Those InX­ite Servers are
kept in secure loca­tions and phys­i­cal access to them is high­ly-con­trolled and tracked.
We use Secure Sock­ets Lay­er (SSL) cer­tifi­cate tech­nol­o­gy so that you have assur­ance
when using the Ser­vices that our Site is gen­uine and oper­at­ed by InX­ite. That
tech­nol­o­gy also allows us to estab­lish a secure, encrypt­ed con­nec­tion between our Site
and the web brows­er and/or mobile app you are using when you con­nect to the Site.
When the secure, encrypt­ed con­nec­tion exists, the address appear­ing in your browser’s
address bar will begin with http:// (not just http://). If you use a high-secu­ri­ty brows­er,
your brows­er address bar will turn green to indi­cate your secure con­nec­tion.
Please note, how­ev­er, that when the Ser­vices re-direct you to web sites oper­at­ed by
oth­er orga­ni­za­tions (such as a health­care orga­ni­za­tion or health­care appli­ca­tions at
which you have an active account), you no longer are con­nect­ed to our Site. At that
point, the nature of your con­nec­tion is gov­erned and con­trolled by the tech­nol­o­gy
adopt­ed and put into place by the orga­ni­za­tion oper­at­ing the web site to which you’ve
been re-direct­ed.

Other technical safeguards that we employ at InXite to protect your Personal
Information include the following:

 Ser­vice Account pass­words are stored in an encrypt­ed for­mat.
 We pro­vide you guid­ance on how to cre­ate secure pass­words.
 The Site can be accessed only when you are using high-secu­ri­ty browsers of
cer­tain ver­sions, all of which must be SSL-com­pat­i­ble.
 All trans­fers of data between sys­tems made via the Inter­net in con­nec­tion with
your use of the Ser­vices occur in encrypt­ed form using SSL pro­to­col or sim­i­lar
tech­nol­o­gy this is wide­ly regard­ed to be secure and reli­able.
 Fire­walls and audit trails are used to safe­guard your infor­ma­tion fur­ther.

How you control the sharing of your Personal
Information and the limited circumstances in which
we may disclose it to others

InX­ite Ser­vices allow you to trans­fer your Per­son­al Infor­ma­tion to and from your Ser­vice
Account. You con­trol those trans­fers through the fea­tures pro­vid­ed with­in the Ser­vices.
For instance, you can autho­rize health­care providers at the orga­ni­za­tions where you
have InX­ite Accounts to pull des­ig­nat­ed por­tions of your Per­son­al Infor­ma­tion from your
Ser­vice Account for inclu­sion in your elec­tron­ic med­ical record at those orga­ni­za­tions.
Only those provider orga­ni­za­tions that you autho­rize will be able to ini­ti­ate such
trans­fers, and they will be able to trans­fer only the Per­son­al Infor­ma­tion from your
Ser­vice Accounts that you choose to make avail­able to them. To enable this
func­tion­al­i­ty, the Ser­vices make the fact that you are an InX­ite Ser­vice Account hold­er
known to those orga­ni­za­tions where you have linked InX­ite Accounts.
You also will be able to down­load your Per­son­al Infor­ma­tion to your local com­put­er or
portable stor­age devices, or to direct that such Per­son­al Infor­ma­tion be trans­mit­ted to
oth­er enti­ties. Again, all such trans­fers of your Per­son­al Infor­ma­tion will be sole­ly in your
con­trol, as direct­ed by you through your use of the Ser­vices.
Please note that InX­ite can­not con­trol and is not respon­si­ble for the pri­va­cy and secu­ri­ty
of your Per­son­al Infor­ma­tion once it has left InX­ite in accor­dance with your requests and
direc­tives when using the Ser­vices. We can­not retrieve that infor­ma­tion after you’ve
shared it; and we can­not con­trol or restrict the use of Per­son­al Infor­ma­tion by oth­er
orga­ni­za­tions. For instance, des­ig­nat­ing with­in your InX­ite Ser­vices Ser­vice Account
that por­tions of your Per­son­al Infor­ma­tion are not to be shared restricts only the trans­fer
of the Per­son­al Infor­ma­tion via the Ser­vices; it does not extend those restric­tions to
orga­ni­za­tions to which you’ve sent that infor­ma­tion or from which your InX­ite Ser­vices
Account has received it, such as a health­care orga­ni­za­tion where you have a InX­ite
Account. How such orga­ni­za­tions treat your Per­son­al Infor­ma­tion is deter­mined by their
own pri­va­cy prac­tices.
There are very few instances in which your Per­son­al Infor­ma­tion ever will be dis­closed
by us oth­er than as direct­ed by you through your use of the Ser­vices. We may dis­close
your Per­son­al Infor­ma­tion in the fol­low­ing cir­cum­stances:
 As we in good faith con­sid­er nec­es­sary for us to com­ply with any applic­a­ble law
com­pelling a dis­clo­sure of the infor­ma­tion, to com­ply with legal process served
on us, or in response to the request of a law enforce­ment or gov­ern­ment
reg­u­la­to­ry agency in cir­cum­stances that we believe war­rant the dis­clo­sure;
 As we in good faith believe is nec­es­sary or appro­pri­ate in order to pro­tect the
per­son­al safe­ty or health of the pub­lic or users of the Ser­vice;
 As we in good faith believe is nec­es­sary or appro­pri­ate to pro­tect and defend our
rights and prop­er­ty, includ­ing the enforce­ment of the Terms or Ser­vice that
gov­ern your use of the Ser­vices;
 As we in good faith believe is nec­es­sary to pro­tect against or address fraud or
secu­ri­ty breach­es.
In addi­tion, InX­ite may at times engage oth­er com­pa­nies or indi­vid­u­als to per­form
cer­tain activ­i­ties on our behalf and relat­ed to our pro­vi­sion of the Ser­vices, such as
assis­tance in improv­ing soft­ware, off-site stor­age of infor­ma­tion for dis­as­ter recov­ery,
web site host­ing, or tech­ni­cal assis­tance regard­ing oper­at­ing sys­tems, web browsers or
oth­er non-InX­ite soft­ware with which the Ser­vices might inter­act. InX­ite will pro­vide such
third par­ties access to your Per­son­al Infor­ma­tion only (i) when such access is
nec­es­sary to accom­plish the activ­i­ty for which we have engaged the third par­ty; and (ii)
when the third-par­ty is con­trac­tu­al­ly bound to us: (a) to use the infor­ma­tion only in
con­nec­tion with accom­plish­ment of the activ­i­ty for which they’ve been engaged and (b)
to pro­vide admin­is­tra­tive, phys­i­cal and tech­ni­cal safe­guards to pro­tect the con­fi­den­tial­i­ty
and secu­ri­ty of the infor­ma­tion.

What happens to your Personal Information when you
close a Service Account

You can choose to close a Ser­vice Account at any time. If you choose to do so, we will
retain your Per­son­al Infor­ma­tion until you request per­ma­nent dele­tion. Please note that
clos­ing a Ser­vice Account affects only your Per­son­al Infor­ma­tion that is stored on InX­ite
Servers. It does not affect, alter or accom­plish the dele­tion of any Per­son­al Infor­ma­tion
that is stored or main­tained on oth­er sys­tems, such as those of your health­care
providers or the orga­ni­za­tions at which you have InX­ite Accounts.
After dele­tion, Your Per­son­al Infor­ma­tion may per­sist in Back­up Files for up to a year
and in our Audit Files for longer peri­ods of time based upon gov­ern­ment agency and
pri­vate orga­ni­za­tion guide­lines and rec­om­men­da­tions that per­tain to anal­o­gous
cat­e­gories of data and infor­ma­tion. Our Back­up and Audit Files are stored on servers
that are not read­i­ly or even eas­i­ly acces­si­ble. We there­fore reserve the right to decline
to process requests to pro­vide access to, to delete or to cor­rect inac­cu­rate Per­son­al
Infor­ma­tion if such requests would be imprac­ti­cal, require dis­pro­por­tion­ate tech­ni­cal
efforts, jeop­ar­dize the secu­ri­ty of oth­er indi­vid­u­als’ per­son­al infor­ma­tion or inter­fere with
InXite’s legal oblig­a­tions or its legit­i­mate efforts to pro­tect its busi­ness inter­ests.
Changes to this Pri­va­cy Pol­i­cy
We may make changes to this pol­i­cy from time to time by post­ing revised ver­sions on
this page.

Questions and concerns

If you have any ques­tions regard­ing this Pri­va­cy Pol­i­cy or con­cerns about our use,
dis­clo­sure or han­dling of your Per­son­al Infor­ma­tion, please con­tact us by email­ing
info@inxitehealth.com, with 'Pri­va­cy Pol­i­cy' in the sub­ject.

Definitions

 Audit Files refers to files in which logs are made to track the activ­i­ty occur­ring on
a Ser­vice Account, which can be use­ful in pro­vid­ing sup­port to account hold­ers.
 Back­up Files refers to copies of InX­ite Servers peri­od­i­cal­ly made and retained
for the pur­pose of being able to restore our sys­tems in the event of an
occur­rence that would neces­si­tate such restora­tion.
 InX­ite refers to InX­ite Health Sys­tems, Inc.
 InX­ite Servers means all tan­gi­ble com­put­er equip­ment and stor­age media of any
kind owned and con­trolled by InX­ite.
 InX­ite Ser­vices refers to the ser­vices InX­ite pro­vides allow­ing you to estab­lish,
store, main­tain and share a per­son­al health record.
 InX­ite Account refers to web- and/or mobile-based patient access and ser­vices
accounts that you hold at health­care orga­ni­za­tions offer­ing such accounts using
InXite’s per­son­al health record soft­ware.
 Non-per­son­al Infor­ma­tion refers to infor­ma­tion that can­not rea­son­ably be
iden­ti­fied as per­tain­ing to any par­tic­u­lar Ser­vice Account or rea­son­ably be used
to iden­ti­fy any indi­vid­ual per­son.
 Per­son­al Infor­ma­tion refers to any infor­ma­tion that rea­son­ably could be
iden­ti­fied as per­tain­ing to you or your Ser­vice Accounts or oth­er­wise used to
iden­ti­fy you, whether that infor­ma­tion is infor­ma­tion that we col­lect­ed about you
or that you pro­vid­ed or direct­ed to be trans­ferred into your Ser­vice Accounts
when using the Ser­vices.
 Pro­duc­tion Servers refer to those InX­ite Servers through which the Ser­vices are
active­ly being pro­vid­ed via the Inter­net and on which Ser­vice Account hold­ers’
live, up-to-date infor­ma­tion is stored and active­ly accessed in con­nec­tion with the
pro­vi­sion of the Ser­vices, includ­ing any real-time copies of such servers that we
might main­tain and oper­ate for the pur­pose of pro­vid­ing con­ti­nu­ity of ser­vice in
the event of a dis­as­ter at our prin­ci­ple serv­er site.
 Ser­vice Accounts refers to active InX­ite Ser­vices and InX­ite Ser­vices accounts
resid­ing on InX­ite Servers and acces­si­ble via the Inter­net in which you man­age
and access the infor­ma­tion you enter or trans­fer into the accounts.
 Site means the web sites, appli­ca­tions, and inter­faces through which InX­ite
pro­vides the Ser­vices and for which InX­ite is the reg­is­tered own­er.
 Terms of Ser­vice means the InX­ite Sys­tems Cor­po­ra­tion Terms of Ser­vice for
Web-Based Ser­vices to which you agree when you estab­lish a Ser­vice Account.