This statement describes our Privacy Policy, including what information we collect, how we collect and use that information, with whom we share it, how you can access and modify it, and how we protect it. As described below, we may make limited disclosure of some of your individually identifiable information. By accepting the User Agreement, you expressly consent to our use and disclosure of your individually identifiable information. This Privacy Policy is incorporated into and subject to the terms of CashPPO's Terms and Conditions Agreement.
If you have any questions after reading this Privacy Policy statement, please do not hesitate to contact us at privacy@emailhmi.com or write to:
Legal Department
HealthDataInsights, Inc.
2620 Regatta Drive, Suite 208
Las Vegas, NV 89128
How Do We Collect Your Information? What Do We Collect?
Unregistered Visitors
Visitors to www.cashppo.com can access our home page, and browse some content areas of the Site, without disclosing any individually identifiable information. We do track information provided to us by your browser, including the website you came from (known as the "referring URL"), the type of browser you use, the time and date of access, and other information that does not personally identify you. You must register to use the entire Site.
Information We Collect When You Register
Customers registering for services on our Site are asked to provide us with specific information, such as name, gender, contact information, employer group, financial information (like credit card number and expiration date), and other identifying information. If we have trouble processing your registration, this contact information is used to get in touch with you. On our registration screen, we clearly label which information is required for registration, and which information is optional and may be given at your discretion. You will also be given a choice about whether or not you want to receive email updates and newsletter subscriptions. We will ask for your consent before collecting individually identifiable information.
The only personal information we have about you is the information you voluntarily give us. We do not use "cookies" to take information from you or your computer without your knowledge.
We do collect and save the email addresses of members and customers, as well as people who send us emails or subscribe to our newsletters. As part of the normal maintenance and operation of our Site, we may also passively collect some information from you, such as your domain type and your IP address. We use IP addresses to analyze trends, administer the Site, track member movements, and gather broad demographic information for aggregate use. IP addresses are not linked to individually identifiable information. We also collect click data on categories or sections of the Site you visit.
From time to time we send members Site and service announcement updates. Members are not able to un-subscribe from service announcements, which contain important information about our service. We may communicate with you to provide requested services and in regards to issues relating to your account via email or telephone.
When you provide us with individually identifiable information we are committed to protecting the privacy of that information. We may use your information to personalize the Site for you, or to contact you about features, enhancements and services available to you. We will not use that information to contact you for other purposes or allow third parties to do so.
How Do We Use Your Information?
Collecting information such as email addresses, domain types, IP addresses, and click data helps us tailor your experience on our Site. We retain this information so that the next time you visit, we can provide you with personalized information tailored to your interests.
Unless it is necessary to do so in providing you with a service you requested, we will not disclose your personal identifying information to any third party. A limited number of our employees may have limited access to individually identifiable information maintained on our systems, but all are required - by written agreement and subject to substantial penalties - to keep such information strictly confidential and to use it only as necessary to perform their duties relating to the service that you have requested.
CashPPO is the sole owner of the information collected on its Site. We do not disclose, give, sell, or transfer any personal information about our members or visitors without consent, unless required by law. We would release your personal information to third parties without consent only in the following limited circumstances:
- if legally required to do so under a law, regulation, search warrant, subpoena or court order;
- if the rights or property of CashPPO, its service providers or the users of its Site are at risk; or
- if the personal safety of users of the Site, CashPPO members, or other members of the public are at risk.
CashPPO NEVER shares credit card numbers or other financial information with third parties.
We do create aggregate data about visitors to our Site for product development and improvement activities. We also use it for market analysis. We may provide information from our Site in aggregate form, with identifying information removed, to third parties. For example, we may tell a healthcare partner what percentage of our members live in a particular area, or have a particular disease. When aggregated health information is provided, we pool it from many individual records and strip it of any data that could be used to identify an individual before it is used. Any third party that receives aggregated healthcare data must agree not to attempt to re-identify the people to whom it belongs.
We may contract with other companies and individuals to help us provide services. For example, we may host our Site on another company's computers, hire technical consultants to maintain our Web-based health tools, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In order to perform their jobs, these other companies may have limited access to some of the personal information we maintain about our users. We require all such companies to comply with the terms of our Privacy Policy, to limit their access to any personal information to the minimum necessary to perform their obligations, and not to use the information they may access for purposes other than fulfilling their responsibilities to us. We use our best efforts to limit the use of other companies in areas where individually identifiable healthcare information may be involved.
From time to time our Site requests information from users by way of surveys and contests. Participation in these surveys and contests is completely voluntary and the member therefore has a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as Zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this Site or in rating hospitals, providers and health plans.
Sometimes we send offers to selected groups of customers on behalf of another business. When we do this, we do not give that business your name and address. We provide a variety of mechanisms for you to tell us you do not want to receive such promotional offers. For example, we may provide an opt-in box for consumers to receive email from another business, and we make clear that by opting in you are submitting your data to a third party. You can elect to not receive promotional material from us by updating your member profile.
If we transfer a business unit (such as a subsidiary) or an asset (such as a website) to another company, we will require it to honor the applicable terms of this Privacy Policy.
When we share information with a third party, we require that they agree in writing to abide by our Privacy Policy. If we discover that a third party inadvertently disclosed personal information about any of our customers, we will take immediate action to prevent further occurrences.
Other than the cases described above, we will not release individually identifiable information to a third party without your consent. Also, if we ask your consent to release individually identifiable healthcare information to a third party, we will use our best efforts to clearly define and limit the scope of your consent.
Some of our business partners may use cookies on our Site (for example, advertisers). However, we have no access to or control over these cookies.
How You Can Access and Modify the Information We Collect? Choice/Opt-Out
We recognize that by providing us with your information, you are signifying your trust. We therefore want to provide you with easy access to your information, so that you can make any updates or corrections necessary. You may edit your personal profile any time that you want.
Our members are given the opportunity to 'opt-out' of having their individually identifiable information used for purposes not directly related to our Site at the point where we ask for the information. For example, our registration form has an 'opt-out' mechanism so users who buy a product or service from us, but don't want any marketing material, can keep their email address off of our marketing lists.
Users who no longer wish to receive a newsletter or promotional materials from our partners may opt-out of receiving these communications by replying to unsubscribe in the subject line in the email or email us at support@emailhmi.com.
Users of our Site are always notified when their information is being collected by any outside parties. We do this so our users can make an informed choice as to whether they should proceed with services that require an outside party, or not.
Upon your request, we will deactivate your account, contact information, and financial information from our active databases. Such information will be deactivated as soon as reasonably possible in accordance with our deactivation policy and applicable law. We will retain in our files information you have requested to remove in some circumstances, such as to resolve disputes, troubleshoot problems and enforce our User Agreement. Further, such prior information is never completely removed from our databases due to technical and legal constraints, including stored "back up" systems. Therefore, you should not expect that all of your individually identifiable information will be completely removed from our databases in response to your requests.
CashPPO's Site is designed and intended for use by adults, and is not intended or designed for use by children under the age of 18. Minors under the age of 18 may register for our Site only with the prior written consent of their parent or legal guardian, and then only under the direct supervision of that parent or guardian. The parent or guardian is responsible for providing supervision to ensure the minor's authentication information is kept secure and the credibility of the health record is maintained. We do not collect individually identifiable information from any person we know is a child under the age of 13.
How Do We Protect Your Information?
We take every precaution to protect our members' information. When you submit sensitive information your information is protected both online and off-line. We have security measures and written policies and procedures in place in our physical facilities and in our computer systems, databases, and networks to strictly protect information contained within our systems from loss or misuse.
What Is Our Security System? How Do We Protect Against Intrusion? How Is Intrusion Detected?
Your individually identifiable healthcare information is stored on our database servers at our data centers or hosted by third party entities that have entered into agreements with us that require them to observe our Privacy Policy. We have a firewall to prevent individuals from accessing information without authorization. Data centers are physically secure and protected from unauthorized access by unauthorized persons. Physical access to the servers requires individual authorization and authentication.
Information in our data centers is backed up routinely, in order to aid in the recovery of information in the event of accidental damage of information or due to a natural disaster. The backup media is stored in a physically secure storage facility.
When our registration or order forms ask users or members to enter sensitive information (such as credit card number or social security number), that information is encrypted and is protected with the best encryption software in the industry - Secure Sockets Layer (SSL). While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when you are just 'surfing'. To learn more about SSL, click here.
While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect information off-line. All of our members' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to individually identifiable information. Our employees with access to individually identifiable information must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to re-gain access to your information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices. Every quarter, as well as any time new policies are added, our employees are notified or reminded about the importance we place on privacy, and what they can do to ensure our members' information is protected.
Please be advised, however, that although we have endeavored to create a secure and reliable website for our members, the confidentiality of any communication or material transmitted to or from an Internet website or by way of email cannot be guaranteed. When disclosing any personal information, all members should remember that it is potentially accessible to the public, and consequently, can be collected and used by others without your consent. You should consider carefully if you want to submit sensitive information that you would not want disclosed to the public and you should recognize that your use of the Internet and this Site is solely at your own risk. Members are ultimately responsible for maintaining the secrecy of their personal information. CashPPO has no responsibility or liability for the security of personal information transmitted via the Internet. We urge all of our members to be careful and responsible whenever they are online. For a list of tips on protecting your online privacy, go to http://www.truste.org/education/protection_guidelines.html.
For website security purposes and to ensure that this service remains available to all users, we employ software programs to monitor traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Such attempts are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act.
If you have any questions about the security at our Site, please send an email to security@emailhmi.com.
What About Our Links to Other Sites?
Our Site has links to other websites and Web resources. The Privacy Policy described here does not apply to those other sites. Once you link to another site, you are subject to the privacy policy of that site. We encourage our members to be aware when they leave our Site and to read the privacy statements of each and every website that collects individually identifiable information. This Privacy Policy applies solely to information collected at the CashPPO Site.
How Do You Control Your Password?
You are responsible for all actions taken with your User ID and password, including fees. Therefore we do not recommend that you disclose your password to any third party. Your account may not be accessed by any third party. If you choose to share your User ID and password or your information with third parties to provide you additional services, you are responsible for all actions taken with your User ID and password and therefore you should review that third party's privacy policy. If you lose control of your password, you may lose substantial control over your individually identifiable information and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately change your password.
If we decide to change our Privacy Policy, we will post a notice on our Homepage so our members are always aware of what information we collect, how we use it, and under circumstances, if any, we disclose it. If at any point we decide to use individually identifiable information in a manner different from that stated at the time it was collected, we will notify you by way of an email. You will have a choice as to whether or not we use your information in this different manner. We will use information in accordance with the Privacy Policy under which the information was collected.
Thank you for taking the time to read this Privacy Policy statement. We welcome your comments and suggestions. Please send them to privacy@emailhmi.com or by mail to:
Chief Privacy Officer
Legal Department
HealthDataInsights Inc.
2620 Regatta Drive, Suite 208
Las Vegas, NV 89128
Last Revised: December 28, 2001
