Patient Journey Platform Privacy Statement
Virtua Health, Inc. and its subsidiaries and affiliates (“Virtua” or “we” or “us”) are committed to respecting your privacy and maintaining your trust. This Privacy Statement will help you understand what information we and Customer Evolution, LLC (our vendor and host of the Patient Journey Platform) collect, use, and share when you use the Patient Journey Platform. We encourage you to carefully review this Privacy Statement, which is incorporated into and made part of our Terms and Conditions for the Patient Journey Platform.
Scope and Applicability
This Privacy Statement only addresses information that we receive through your use of the Patient Journey Platform. Please note that this Privacy Statement does not apply to information we collect, receive, or access outside of the Patient Journey Platform.
Collection and Storage of Information
There are three types of data or information we may collect and then store in the Patient Journey Platform when you access the Patient Journey Platform. They are:
- Protected Health Information: Your Patient Journey Platform account will contain some of your Protected Health Information (“PHI”). This is information related to your health care that personally identifies you. How we may receive your Personal Information is discussed below under Protected Health Information You Provide to Us.
- Personal Information – This is information that personally identifies you. Personal Information includes, but is not limited to, such things as your name, email address, phone number, postal address, and date of birth. How we may receive your Personal Information is discussed below under Personal Information You Provide to Us.
- Non-Personal Information – This is any data we receive from your access and use of the Patient Journey Platform that is not Personal Information. Examples of Non-Personal Information are discussed below under Non-Personal Information Collected Automatically.
Protected Health Information You Provide to Us
We collect PHI through the Patient Journey Platform when you are invited to participate in a specific journey by your care team and when you voluntarily provide it to us. The Patient Journey Platform is a HIPAA-compliant solution and any PHI or Personal Information you provide to us, or that we communicate to you, through the Patient Journey Platform is secure.
Personal Information You Provide to Us
We collect Personal Information through the Patient Journey Platform when you are invited to participate in a specific journey by your care team and when you voluntarily provide it. For example, we collect information from you when you register to participate in a specific journey or when you fill out a form.
If you provide us with Personal Information about other people through the Patient Journey Platform, you represent that you have the authority to do so and give us permission to collect, use, and share their Personal Information in accordance with this Privacy Statement.
Non-Personal Information Collected Automatically
When you access or use the Patient Journey Platform, some Non-Personal Information is automatically collected. Non-Personal Information may include but is not limited to:
- The Internet domain (for example, "xcompany.com") and IP address (an IP address is a number automatically assigned to your computer when surfing the internet) from which you access the Patient Journey Platform;
- The Internet service provider, type of browser and operating system used to access the Patient Journey Platform;
- The date and time you accessed the Patient Journey Platform;
- Certain location information, such as your mobile device’s GPS signal or information about nearby WiFi access points and cell towers; and
- Information about the links you click and pages you view within the Patient Journey Platform, and other standard server log information.
This Non-Personal Information is collected through technologies such as cookies, pixel tags, local shared objects, and through analytics tools. Cookies are small bits of information that are stored by your computer’s web browser. The cookies we use for the purposes described below under Use of Personal and Non-Personal Information may be first-party cookies or third-party cookies. First-party cookies are issued directly by the website you are viewing. Third-party cookies are issued by someone other than the website you are viewing. For example, if you link to the Patient Journey Platform website from another website, the cookies issued from that website are considered third-party cookies. Pixel tags are small images or small pieces of data embedded in images that can recognize cookies, the date and time a page is viewed, a description of the page where the pixel tag is placed and similar information from your computer or device. Local shared objects (sometimes called “flash cookies”) are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. By using the Patient Journey Platform, you are consenting to the storing and accessing of the cookies, pixel tags, local shared objects and other technologies on your device. Please note that you may be able to adjust your web browser settings to decline all cookies.
Use and Disclosure of Protected Health Information
Virtua’s HIPAA Joint Notice of Privacy Practices (“Notice”) is a separate document that governs how we protect and may use or disclose our patients’ PHI. We will only use or disclose your PHI that is collected in the Patient Journey Platform in accordance with our Notice.
Use of Personal and Non-Personal Information
We may use the Personal and Non-Personal Information we collect for many reasons, including but not limited to:
- Provide, improve and optimize the Patient Journey Platform;
- Respond to your comments, questions, and requests for information and provide customer service;
- To send you updates and messages about your Patient Journey Platform account, such as when new information is available or reminders of past due activities may be needed.
- Better understand you and your preferences so that we can personalize our interactions with you and provide you with materials and content that is relevant and tailored to your interests;
- When permitted or required by law; and
- We may use or share Personal Information for a purpose not covered by this Privacy Statement. Should that happen, we will tell you what that purpose is at the time we collect the Personal Information from you or obtain your consent to use the Personal Information for that new purpose.
We may communicate with you through email. If you provide us with a phone number, we may communicate with you through phone calls and text messaging as well. We will only contact you via phone call or text message as permitted by federal and state laws. By providing us with your phone number, you expressly consent to us contacting you via phone call or text message for any of the purposes mentioned above at that phone number. This contact may include, but is not limited to, the use of pre-recorded/artificial voice messages, interactive voice recognition system, an automatic dialing device, and/or Short Message Service (SMS) text messaging. Message and data rates may apply for any text messages sent from us to you or from you to us. Contact your carrier for details. By providing us a phone number, you represent that it is your phone number or you have the authority to provide consent to receiving phone calls or text messages to that phone number.
You may opt-out of receiving communications from us related to your journey in the Patient Journey Platform at any time by following the instructions outlined in the “Opt-Out Option” section of this Privacy Statement.
Sharing Personal Information Outside of Virtua
As permitted by applicable laws and regulations, we may share Personal Information we receive about you through the Patient Journey Platform with individuals, companies or government agencies that are not employed or owned by Virtua, as described below:
- Vendors. We may share Personal Information or PHI with our vendors/service providers who help us provide certain business or administrative services (“Vendors”). Vendors may include companies that perform website hosting, data analysis, data storage, advertising, event registration, and communications delivery. Vendors may perform on our behalf any of the Personal Information collection, storage, use or transmission activities described in this Privacy Statement. Our Vendors are not authorized to use or share your Personal Information or PHI other than to: (i) provide the duties we engage them for (either themselves or through their subcontractors); and (ii) to comply with legal requirements.
- Vendor subcontractors. Virtua requires any Vendor who has access to your Personal Information or PHI to require its subcontractors to adhere to the same confidentiality protections of your Personal Information as the Vendor itself must provide. In applicable circumstances, such as when a Vendor hosts a Virtua webpage, Virtua requires the Vendor to comply with the terms of this Privacy Statement or maintain comparable privacy practices that protect your Personal Information or PHI.
- Others. With respect to those who are not our vendors or our vendors’ subcontractors, as described above, we may use and share your Personal Information that we receive through the Patient Journey Platform: (i) to comply with applicable laws and regulations and to cooperate with law enforcement; (ii) if we reasonably believe such disclosure is important to protect the rights, property, safety, privacy, or security of any of our users, workforce, or the public; (iii) to respond to an emergency; or (iv) with your consent or at your direction.
Sharing Non-Personal Information Outside of Virtua
We may use and disclose Non-Personal Information for any purpose, except where prohibited under applicable law.
The security of your Personal Information and PHI is very important to us. Virtua and Customer Evolution use various measures, such as technical applications and administrative policies, to protect your Personal Information and PHI from loss, theft, misuse, and unauthorized access, disclosure, alteration, and destruction. When using the Patient Journey Platform, information will be transmitted over an Internet medium that is beyond the control of Virtua or Customer Evolution. No data storage system or digital data transmission method can be guaranteed to be 100% secure but we work very hard to protect the security of your Personal Information and PHI.
Patient Journey Platform users are responsible for ensuring that their computer system(s) and other digital devices have the appropriate security controls enabled, and protecting their username and password to their Patient Journey Platform account.
If you do not wish to continue on a specific journey or to receive journey-specific communications from us, you may opt-out of the journey at any time by logging into the Patient Journey platform and selecting to disable the journey. If you opt to disable the journey, all communications will stop. Alternatively, you may contact your Virtua provider’s office assisting you on the journey and advise them of your decision to opt-out. We work to comply with your request(s) as soon as reasonably practicable.
Third Party Sites
In order to provide you with other helpful information, the Patient Journey Platform may contain links to web sites not owned or controlled by Virtua (“Third Party Sites”). This Privacy Statement only applies to our Patient Journey Platform and does not apply to these Third Party Sites. We are not responsible for the privacy practices on Third Party Sites. Once you follow a link to a Third Party Site, you are subject to the privacy statement or notice (if any) of that Third Party Site. We encourage you to carefully read the privacy statement and notices on any Third Party Sites before providing them with your Personal Information or PHI.
Virtua is located in the United States, has a principal purpose of delivering health care to customers located in the United States, and the Personal and Non-Personal Information and PHI we collect is governed by U.S. law. The Patient Journey Platform is directed only to customers located in the United States.
If you are not located in the United States when you use the Patient Journey Platform, by accessing or using the Patient Journey Platform or otherwise providing Personal Information or PHI to us, you consent to your Personal and Non-Personal Information and PHI being transferred to, stored, or processed in the United States and/or maintained on computers or servers located in the United States, where the privacy laws may not be as protective as those in your jurisdiction.
The Patient Journey Platform is intended to be used by individuals over the age of 18. If you are a parent and become aware that your minor child has provided us with personally identifiable information through the Patient Journey Platform, please contact our Privacy Officer as described in the “Contact Information” section of this Privacy Statement and we will work with you to address the issue.
The Patient Journey Platform is not intended or designed to attract children under the age of 13. In compliance with the Children’s Online Privacy Protection Act of 1998, we do not knowingly collect personally identifiable information from any child under the age of 13.
Acceptance of these Terms; Updates
By accessing and/or otherwise using the Patient Journey Platform, you are agreeing that we may collect, use and share Personal and Non-Personal Information and PHI as described in this Privacy Statement.
We reserve the right to modify this Privacy Statement at any time. All updates will be posted on this page, so please review it periodically. If you use the Patient Journey Platform following any amendment of this Privacy Statement, you accept and agree to be bound by the revised statement.
If you have any questions regarding this Privacy Statement, please contact Virtua’s Privacy Officer at:
Virtua Health Privacy Officer
303 Lippincott Drive, 4th Floor
Marlton, NJ 08053
Last Updated 11/19/2020