Last Modified: March 12, 2015
SafeStart is HIPAA-compliant. We provide this overview so that you can better understand the security measures we've put in place to protect the information that you store using SafeStart.
All data stored in our databases is symmetrically encrypted using AES 256 keys. Amazon Web Services stores data over several large-scale data centers. You can find more information about Amazon Web Services' security at the Amazon Web Services' website. Encryption keys are stored using further encryption.
Your files are sent from SafeStart's mobile and web apps to our servers over a secure channel using SSL encryption, the standard for secure Internet network connections.
User accounts are password protected. Upon successful entry of a unique email, password and authentication token, the user then gains access to his or her account.
SafeStart and Amazon Web Services keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss.
We guard your privacy and work hard to protect your information from unauthorized access. Except as stated in the next sentence, SafeStart employees are prohibited from viewing the content of files you store in your SafeStart profile(s), and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in the SafeStart Privacy Policy (e.g., when legally required to do so). We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. Any user data may be accessed by a medical personnel in the course of providing treatment to the adult user or person having authority for the patient's medical care.
SafeStart cooperates with United States law enforcement when it receives valid legal process, which may require SafeStart to disclose information contained in your SafeStart profile(s). In the case of being compelled to disclose information as above, SafeStart will decrypt the data before providing them to law enforcement.
Our auditing process tracks all records that are created, deleted and modified. We also track activity on the site by users, such as, login, page view, viewing images, adding notes and other activity on the site by Patients and Medical Professionals.
You understand that your medical history is entered into the SafeStart database and that all reasonable measures have been and will be taken to protect the confidentiality of this medical and personal information – in accordance with HIPAA standards. You know that no computer or phone system is completely 100% secure. SafeStart understands your rights to reasonable privacy in accordance with HIPAA standards and state laws, and in accordance with our Privacy Policy, will not release information to anyone without your written authorization or as required permitted by law, or in accordance with your health insurer's privacy policy if applicable, or as otherwise disclosed via our Privacy Policy.
Last Modified: February 23, 2015
SafeStart takes your privacy very seriously. We are committed to protecting the privacy of visitors to the SafeStartMedical.com web site and mobile application (the "Site"). The purpose of this Privacy Policy is to inform you what kinds of information we may collect about you when you visit the Site or use the service offered on the Site (the "Service"), how we may use that information, to whom we may disclose it, and the choices you have regarding our use of, and your ability to manage and edit, your information. This Privacy Policy applies to the Site and the Service. This Privacy Policy does not apply to other web sites to which we may link.
This Privacy Policy governs information we collect about patients who use the Service ("Patients") and about designated health care professionals who are part of a Patient's health care team ("Medical Professionals").
Patients and Medical Professionals can access the Service through the Sites, via desktop or laptop computer, mobile phone, tablet, or other consumer electronic device. This Privacy Policy governs your use of the Service regardless of how you access the Service, and by using the Service you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described in this Privacy Policy.
The Service is a health records platform that allows patients to view protected health information online and to communicate and share that information with designated Medical Professionals. This Service also allows Medical Professionals to gather, edit, add to, store and share protected health information online related to the treatment of their patients and share that information with their patients and other designated Medical Professionals.
When you use the Service, the Service collects identifying information about you (e.g., name and email address) as well as, if you are a Patient, your protected health information n (e.g., photos, videos, notes, doctor communications, and health history), and, if you are a Medical Professional, your patient communications.
We may collect and store the following information when you use the Service:
When you register to create an account with the Service, we collect some information about you, such as your email address. If you are a Medical Professional, we also may collect information about your medical credentials, such as your medical license number, degree, office number, email address, and specialty.
You cannot delete or alter any photos and/or information from your account.
When you make payment for your use of the Service, we collect additional financial information as required to process those purchase transactions.
When you use the Service, we automatically record information, from the computer, mobile phone or other consumer electronic device you use to access the Service, that device's software, and your activity using the Service (collectively, "Analytics Information"). This may include the device's Internet Protocol ("IP") address, browser type, the web pages you visit on our website, information you search for on our website, locale preferences, identification numbers associated with your device, your mobile carrier, date and time stamps associated with transactions, system configuration information, captured metadata from photos and video concerning your uploaded health information, and other interactions with the Service.
The Service allows you to view your health records or those of your dependent children.
How we use non-personally identifying information:
We may use Analytics Information to monitor and analyze use of the Service, for the Service's technical administration, to increase the Service's functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
As of the date this Privacy Policy went into effect, we use Google Analytics. To learn more about the privacy policy of Google Analytics, visit: http://www.google.com/intl/en/policies/privacy/
We may also use, or share with third parties, other non-personally identifying information in the aggregate for the purpose of improving the Service and for business and administrative purposes, or for medical studies of quality, safety, and outcomes.
How we use personally identifying information
We use personally identifying information collected through the Service, including Patients' protected health information:
A key purpose of the Service is to facilitate the sharing by Patients of health information with Medical Professionals that are designated members of the Patient's health care team.
Patients share protected health information with designated Medical Professionals once they have established a Medical Professional - Patient relationship as outlined in our Terms of Service. Once data is shared it will remain shared with the Medical Professional.
No Medical Professional who accepts a sharing invitation has the ability to use the Service to share a Patient's health information with third parties, the exception being that Medical Professionals can use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, photos, videos, and other medical information for treatment purposes only without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.
We may permit certain trusted third party companies and individuals to access your information in connection with their performance of services to help us maintain, operate, analyze, and improve the Service, including but not limited to data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Service's features. These third parties may have access to your information only for purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.
We may disclose your personally identifying information to third parties when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of SafeStart or its users; or (d) to protect SafeStart's property rights. If we provide your personally identifying information to a law enforcement agency as set forth above, when legally required, we will remove SafeStart's encryption from the files before providing them to law enforcement.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personally identifying information may be transferred as part of that transaction, but we will notify you of this transfer of your information (for example, via email and/or a prominent notice on the Site). We will also notify you of choices you may have regarding the transfer of your information.
We may disclose your non-personally identifying information to third parties as described above under "How we use aggregate non-personally identifying information." We do not sell, trade or rent your personal information to third parties.
We will retain copies of your information if required by law.
We follow generally accepted industry standards to protect your health information and other personally identifying information that we collect about you. We use firewall barriers, SSL 256-bit high-grade encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect user accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
The Service is not intended for use by individuals under the age of 18. A parent or guardian can create a Profile for a child and grant others access to the data. If a parent or guardian becomes aware that his or her child has provided us with personally identifying information without their consent, he or she should contact us at contact@safestartmedical.com. If we become aware that a child has provided us with personally identifying information, we will take steps to delete such information from our files.
SafeStart may revise and update this Privacy Policy at any time, without notice to you. We encourage you to periodically check the Site to see if there have been any changes to our Privacy Policy that may affect you.
An internet cookie is a string of information that a website stores on a visitor's computer, and that the visitor's browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors to the Site, their usage of the Site, and their website access preferences. Visitors to the Site who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using the Site, with the caveat that certain features of the Site may not function properly without the aid of cookies.
You have a right to:
If you have any questions about this Privacy Policy, please contact us at contact@safestartmedical.com.
Last Modified: March 12, 2015