- Activity Logs. Activity logs are CCM’s and its Service Providers’ records of when PHR Data is created, accessed, modified, deleted, released, or exported from and/or within the PHR.
- Aggregate Data. Aggregate Data is PHR Data that is: (1) grouped so it does not connect to you as an individual and (2) has names and other identifiers removed or altered. In other words, Aggregate Data is de-identified data and cannot be used to identify you as an individual.
- Authorized Individuals. An Authorized Individual is someone you authorize to access your care management records on your behalf.
- “PHR” means Personal Health Record. A PHR is an electronic health data application that can help you collect, manage, and share your health information.
- Personal Information. Personal Information means information about you that reasonably can be linked to you such as your name, health information, and other identifiers. Personal Information may also include but is not limited to your financial information or social security number.
- Provider. A healthcare provider, healthcare practice, home health organization or hospital that you authorize to provide information to your CCM personal health record.
- Service Providers. A Service Provider is an entity that is hired to perform certain functions for CCM to support the development, maintenance, and implementation of the Service. Service Providers may include software or website designers and data storage providers.
- Security Measures. Security measures can include computer safeguards, secured files, and employee security training. In addition, CCM may be required by law to notify you about particular data breaches.
What Information CCM Collects
- CCM collects all information that you supply directly to the Service. CCM also may collect information from participating Providers whom you expressly authorize to use the Service with respect to you and your information (each, a “Provider” and collectively, the “Providers”). By authorizing a Provider, you also authorize CCM to collect information regarding you from your Provider’s support staff and from other practitioners affiliated with your Provider or in your Provider’s practice. Further, CCM may collect information from other third party information providers that you expressly authorize to send information to your CCM account.
How CCM Uses Your Information
- If you choose to authorize a Provider to participate in the Service with you, then CCM may use your information to facilitate the exchange of information and communication between you and your Provider (e.g., the Service would enable you to schedule an appointment with your Provider and receive an appointment reminder in return).
- If you elect to utilize any billing services features of the Service, CCM also may use your information to process payments, send invoices and conduct other billing-related activities as requested by you.
Sharing Your Information With Third Parties
- CCM may make your Personal Information available to third parties participating in the Service that are authorized by you or as necessary to complete transactions you authorize.
- CCM may disclose your Personal Information to CCM’s Service Providers that provide technical support or other services to CCM related to the Service. All such Service Providers are subject to confidentiality obligations and may only access and utilize your data for purposes of fulfilling their obligations to CCM.
Choices You Have About How CCM Uses Your Information
- You may grant access to your CCM account to one or more Authorized Individuals or Authorized Individual-Representatives. You may grant an Authorized Individual access to your CCM account by specifically authorizing CCM to permit access by such Authorized Individual to your CCM account. When you grant access to an Authorized Individual, you permit the Authorized Individual to have the same level of access to your CCM account as you have, i.e., the Authorized Individual will be authorized to access your CCM health record and to communicate with your Providers and/or engage in other transactions with your Providers to the same extent that you are able using the Service. Whether or not to grant an Authorized Individual access to your CCM account is your decision. You acknowledge and agree that: (a) you are solely responsible for verifying the identity of, and monitoring the use by, any Authorized Individual you select; and (b) CCM has no responsibility or liability in connection with any access to, or use of, your account and information by any Authorized Individual or Authorized Individual-Representative.
- You may revoke any Provider’s, third-party’s, or Authorized Individual’s authorization to communicate with you, or request information from you or your CCM account through the Service. Once revoked, the Provider, third-party, or Authorized Individual may no longer access and use the Service with respect to you and your Personal Information. Any disclosure of your PHR Data or Personal Information made prior to the authorization revocation cannot be recalled, removed, or retrieved by CCM. By using the Service, you agree that CCM cannot, and has no obligation to, remove Personal Information from your Provider’s, other third-party’s or Authorized Individual’s records once properly disclosed.
- You may terminate your CCM account at any time by notifying us at firstname.lastname@example.org. In addition, except with respect to an Authorized Individual-Representative who establishes an account on behalf of a Dependent, CCM will terminate your account within thirty (30) days of its receipt of a death certificate certifying your death. With respect to an Authorized Individual-Representative, CCM will terminate all accounts associated with such Authorized Individual-Representative within thirty (30) days of its receipt of a death certificate certifying the death of such Authorized Individual-Representative unless a Dependent also has a living Authorized Individual-Representative associated with the account. Otherwise, CCM will maintain and/or destroy all PHR Data and Personal Information associated with your account in accordance with its then current document retention and destruction policies. Please note that copies of your Personal Information may remain in your Providers’, other third-parties’ and Authorized Individual-Representative’s and/or Authorized Individual’s records, as described above.
How CCM Protects Your Information
CCM uses both technical and procedural Security Measures to maintain the integrity and security of the your records and other databases, including the use of firewalls. CCM encrypts all PHR Data during transmission between your Provider and CCM. Within CCM, all Personal Information is encrypted at three levels: each individual has a unique encryption key; demographic information is encrypted; and clinical data is separately encrypted.
The safety and security of your Personal Information also depends on you. Never share your password with anyone else. Notify CCM promptly if you believe your password has been breached. Also, remember to log off of the CCM site before you leave your computer.
Security Breach Notification Requirements
Pursuant to applicable law, CCM or its partners may be required to send you notice of security breaches or suspected security breaches that impact your Personal Information. In the unlikely event that CCM must provide you a notice of a security breach, CCM will send you security breach notices to the e-mail address contained in your account information unless we are otherwise require by law.
If you have additional questions, please contact CCM any time. Or write to the company at:
Chronic Care Management, Inc.
30575 Bainbridge Rd., Bldg. 2, Suite 300
Solon, OH 44139
Date last modified: January 20, 2018.