athenaText

This Policy is Effective as of October 15, 2020

I. SCOPE AND PURPOSE

II. CONTACT

III. SPECIAL NOTE FOR MINORS

IV. WHAT INFORMATION DO WE COLLECT?

V. HOW DO WE USE YOUR INFORMATION?

VI. SHARING YOUR INFORMATION

VII. PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

• INFORMATION WE COLLECT

• USE OF PERSONAL INFORMATION

• SHARING PERSONAL INFORMATION

• YOUR RIGHTS AND CHOICES

• NON-DISCRIMINATION

• OTHER CALIFORNIA PRIVACY RIGHTS

VIII. CHANGES TO OUR PRIVACY NOTICE

IX. CONTACT INFORMATION

SCOPE AND PURPOSE

This privacy policy describes the practices of athenahealth, Inc., including its affiliates and

subsidiaries (“we” or “athenahealth”) with regard to information

abo

collect,

and/or third pa

ties

application or

athenaText

functionality (“the

application”, the “App, or “

athenaText”).

This policy does not apply to (i) other athenahealth platforms (e.g., athenaCollector,

athenaClinicals, athenaCommunicator, athenaCoordinator,

athenaCoordinator Analytics,

etc.), (ii) athenahealth.com and/or other applications that we operate with their own privacy

policies, (iii) information that we obtain outside of the application, or (iv) applications of third

parties to which we provide links. We do not control and are not responsible for the privacy

practices of, or the data available on or through, the applications of third parties, and we

urge you to evaluate the soundness of these practices for yourself

Please note that this policy does not apply when:

•

You have given us your consent to share or use your information.

•

We believe that we need to share information about you to provide a service that

you have requested from us.

•

We are required by law to disclose information; or

•

We believe that it is necessary to protect our rights or to avoid liability or violations of

the law.

RETURN TO TOP

CONTACT

If you have any questions about this policy or any other aspects of your privacy with

respect to athenahealth, please contact us at: athenahealth, Inc., Attn: Chief Compliance

Officer, 311 Arsenal Street, Watertown, MA 02472.

As described below, the information we collect through the App is HIPAA protected health

information or otherwise covered by the California Confidentiality of Medical Information

Act. Therefore, our practices with respect to the App are exempt from the California

Consumer Privacy Act (the CCPA).

RETURN TO TOP

SPECIAL NOTE FOR MINORS

athenahealth recognizes the importance of protecting the privacy and safety of children.

Our website, services and the App are directed towards the general audience and are not

directed towards children. We do not knowingly collect information about children under

the age of 16 or minors otherwise defined in local law or regulation.

RETURN TO TOP

WHAT INFORMATION DO WE COLLECT?

The following types of information may be collected through the application:

Information you provide to us:

During the registration process we may collect any or all of the following information: your

name, email address, practice name and location, date of birth, postal address and zip

code, profession, specialty/specialties, medical school information including year of

graduation, phone number, NPI and the last four digits of your social security number.

During this process, you may also have the option to upload a photograph of yourself to be

used in connection with the App (please note that registration photograph functionality

may not be available in all instances of the App).

When a user sets up his or her profile, we may ask for the user’s name, gender, office

contact information, residency information (place of residency, year of residency

completion), practice specialty area(s) and board certification information, practice type,

taxonomy, place/location/contact information related to your employment, hospital

affiliations, whether you’re accepting new patients, insurance accepted, languages

spoken, professional organizations and clinical interests. This information may then be

populated into a directory available to users of the App or users of other athenahealth

applications.

If you are a user of athenaClinicals, we may also collect and use demographic information

(for example, date of birth) as well as information related to your practice and occupation,

collected in connection with your use of athenaClinicals.

We also collect information you provide to us in connection with your use and our provision

of the App. For example, we collect information related to who you have conversations

with, information related to the duration of the conversation, and information you provide

to the App during the conversation.

Please note that if you choose not to provide categories of requested information, you

may not be able to use certain features of the application.

Information we receive from third parties about you:

We may collect additional information about you from third parties to assist us in providing

you with services.

Information automatically collected about you:

Whenever you use the App, we may automatically collect:

•

Data about your device such as your device ID and related device identifier

information (e.g., device type, model; operating system model.

•

Information related to cookies and web beacon technologies that may be placed

on the App.

•

Location information including estimated location and IP Address.

•

Platform, browser, and system related information.

•

Information related to the version of the App you are using including language

selection and use.

•

Connectivity information.

Information related to your use and interaction with the App including, but not limited to,

information related to logging in, session time, clicks, App session times, username related

information, etc.

•

We will also collect information related to how the App is working and information

related to troubleshooting and information necessary to improve the App.

•

When you use the App, we may ask for a list of “contacts” and their contact

information to enable you to send messages to those contacts through the App.

•

We may collect data about the equipment used to visit the App and the patterns

of utilization of the App.

RETURN TO TOP

HOW DO WE USE YOUR INFORMATION?

We use information collected to provide you with the App and improve upon the

functionality of the application. For example, we may track the number of visitors using

certain portions or features of the App to make changes that may be necessary to

improve the App’s functionality.

We may use information collected from you to track the popularity of features on the App

to guide the development of new features.

We may also use the information to send you related information, including confirmations,

technical notices, updates, security alerts, and support and administrative messages

related to your use of the App.

We may send you invitations, by email or other means, from other athenaText users to

connect and/or communicate through our App; and

We may communicate with you via email, mobile alerts, and other messaging services

about clinical information. If you are an athenaClinicals user, we may use the

information we collect about you through the App for purposes of populating a

provider-based directory for athenahealth and third party uses.

RETURN TO TOP

SHARING YOUR INFORMATION

athenahealth may share your information (i) with other entities if needed to comply with

laws or to respond to lawful requests and legal process; (ii) to protect the rights and property

of our agents, customers, and others, including to enforce our agreements, policies and

athenahealth on your behalf; or (iv) in an emergency to protect the personal safety of

athenahealth, its customers, or any person. Finally, your information may be shared in

connection with or during negotiation of any merger, financing, acquisition, or bankruptcy

transaction or proceeding involving sale or transfer of all or a portion of our business or

assets.

RETURN TO TOP

PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

This Privacy Notice for California Residents supplements the information contained in the

above referenced privacy policy and applies solely to all visitors, users, and others who reside

in the State of California ("consumers" or "you"). We adopt this notice to comply with the

California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have

the same meaning when used in this Notice.

Where noted in this Notice, the CCPA temporarily exempts personal information reflecting a

written or verbal business-to-business communication ("B2B personal information") from some

its requirements.

As described above, the information we collect through the App is HIPAA protected health

information or otherwise covered by the California Confidentiality of Medical Information

Act. Therefore, our practices with respect to the patient related information that is collected

are exempt from the California Consumer Privacy Act (the CCPA). To the extent any

information is collected that is not exempt from the CCPA, the following applies:

INFORMATION WE COLLECT

We collect information that identifies, relates to, describes, references, is reasonably capable

of being associated with, or could reasonably be linked, directly or indirectly, with a

consumer, household, or device ("personal information"). Personal information does not

include:

•

Publicly available information from government records.

•

Deidentified or aggregated consumer information.

•

Information excluded from the CCPA's scope, like:

•

Health or medical information covered by the Health Insurance Portability and

Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical

Information Act (CMIA).

In particular, we have collected the following categories of personal information from its

consumers within the last twelve (12) months:

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal

identifier, online identifier, Internet Protocol address,

email address, account name, Social Security number,

driver's license number, passport number, or other similar

identifiers.

YES

B. Personal

information

categories listed

in the California

Customer

Records statute

(Cal. Civ. Code §

1798.80(e)).

A name, signature, Social Security number, physical

characteristics or description, address, telephone

number, passport number, driver's license or state

identification card number, insurance policy number,

education, employment, employment history, bank

account number, credit card number, debit card

number, or any other financial information, medical

information, or health insurance information.

Some personal information included in this category may

overlap with other categories.

YES

C. Protected

classification

characteristics

under California

or federal law.

Age (40 years or older), race, color, ancestry, national

origin, citizenship, religion or creed, marital status,

medical condition, physical or mental disability, sex

(including gender, gender identity, gender expression,

pregnancy or childbirth and related medical conditions),

sexual orientation, veteran or military status, genetic

information (including familial genetic information).

YES

D. Commercial

information.

Records of personal property, products or services

purchased, obtained, or considered, or other purchasing

or consuming histories or tendencies.

E. Biometric

information.

Genetic, physiological, behavioral, and biological

characteristics, or activity patterns used to extract a

template or other identifier or identifying information,

such as, fingerprints, faceprints, and voiceprints, iris or

YES

retina scans, keystroke, gait, or other physical patterns,

and sleep, health, or exercise data.

F. Internet or

other similar

network activity.

Browsing history, search history, information on a

consumer's interaction with a website, application, or

advertisement.

YES

G. Geolocation

data.

Physical location or movements.

YES

H. Sensory data.

Audio, electronic, visual, thermal, olfactory, or similar

information.

YES

I. Professional or

employment-

information.

Current or past job history or performance evaluations.

YES

J. Non-public

education

information (per

the Family

Educational

Rights and

Privacy Act (20

U.S.C. Section

1232g, 34 C.F.R.

Part 99)).

Education records directly related to a student

maintained by an educational institution or party acting

on its behalf, such as grades, transcripts, class lists,

student schedules, student identification codes, student

financial information, or student disciplinary records.

YES

K. Inferences

drawn from other

personal

information.

Profile reflecting a person's preferences, characteristics,

psychological trends, predispositions, behavior, attitudes,

intelligence, abilities, and aptitudes.

YES

We obtain the categories of personal information listed above from the following categories

of sources:

•

Directly from you. For example, from forms you complete or your use of the App and

its functionality.

•

Indirectly from you. For example, from observing your actions on the App.

RETURN TO TOP

USE OF PERSONAL INFORMATION

We may use or disclose the personal information we collect for one or more of the following

purposes:

To fulfill or meet the reason you provided the information. For example, when you provide

your personal information in connection with your use of the App, we will use that information

to provide you with functionality We may also save your information to improve the App and

its future fucntionality.

•

To provide, support, personalize, and develop our Website, products, and services

and the App.

•

To create, maintain, customize, and secure your account with us.

•

To provide you with support and to respond to your inquiries, including to investigate

and address your concerns and monitor and improve our responses.

•

To personalize your We App experience and to deliver content and product and

service offerings relevant to your interests.

•

To help maintain the safety, security, and integrity of our website, products and

services, the App, databases and other technology assets, and our business.

•

For testing, research, analysis, and product development, including to develop and

improve our Website, products, services and the App.

•

To respond to law enforcement requests and as required by applicable law, court

order, or governmental regulations.

•

As described to you when collecting your personal information or as otherwise set

forth in the CCPA.

•

To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution,

or other sale or transfer of some or all of our assets, whether as a going concern or as

part of bankruptcy, liquidation, or similar proceeding, in which personal information

held by us about our users or Providers is among the assets transferred.

We will not collect additional categories of personal information or use the personal

information we collected for materially different, unrelated, or incompatible purposes

without providing you notice.

RETURN TO TOP

SHARING PERSONAL INFORMATION

We may disclose your personal information to a third party for a business purpose. When we

disclose personal information for a business purpose, we enter a contract that describes the

purpose and requires the recipient to both keep that personal information confidential and

not use it for any purpose except performing the contract

We share your personal information with the following categories of third parties:

•

Service providers.

•

Third Parties with whom we have an agreement with.

Disclosures of Personal Information for a Business Purpose

In the preceding twelve (12) months, we have disclosed the following categories of personal

information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C. Protected classification characteristics under California or federal law

Category E: Biometric information.

Category F: Internet or other similar network activity.

Category G: Geolocation data.

Category H: Sensory data.

Category I: Professional or employment-related information.

Category J. Non-public education information

Category K: Inferences drawn from other personal information.

We disclose your personal information for a business purpose to the following categories of

third parties:

•

Service providers.

•

Third Parties with whom we have agreements.

Sales of Personal Information

In the preceding twelve (12) months, we have not sold personal information.

RETURN TO TOP

YOUR RIGHTS AND CHOICES

The CCPA provides consumers (California residents) with specific rights regarding their

personal information. This section describes your CCPA rights and explains how to exercise

those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our

collection and use of your personal information over the past 12 months. Once we receive

and confirm your verifiable consumer request (see Exercising Access, Data Portability, and

Deletion 0), we will disclose to you:

•

The categories of personal information we collected about you.

•

The categories of sources for the personal information we collected about you.

•

Our business or commercial purpose for collecting or selling that personal information.

•

The categories of third parties with whom we share that personal information.

•

The specific pieces of personal information we collected about you (also called a

data portability request).

•

If we disclosed your personal information for a business purpose, a list including:

•

disclosures for a business purpose, identifying the personal information categories that

each category of recipient obtained.

We do not provide these access and data portability rights for B2B personal information.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we

collected from you and retained, subject to certain exceptions. Once we receive and

confirm your verifiable consumer request (see Exercising Access, Data Portability, and

Deletion 0), we will delete (and direct our service providers to delete) your personal

information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our

service provider(s) to:

Complete the transaction for which we collected the personal information, provide a

good or service that you requested, take actions reasonably anticipated within the

context of our ongoing business relationship with you, fulfill the terms of a written

warranty conducted in accordance with federal law, or otherwise perform our

contract with you.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal

activity, or prosecute those responsible for such activities.

Debug products to identify and repair errors that impair existing intended

functionality.

Exercise free speech ensure the right of another consumer to exercise their free

speech rights, or exercise another right provided for by law.

Comply with the California Electronic Communications Privacy Act (Cal. Penal Code

§ 1546 et. seq.).

Engage in public or peer-reviewed scientific, historical, or statistical research in the

public interest that adheres to all other applicable ethics and privacy laws, when the

information's deletion may likely render impossible or seriously impair the research's

achievement, if you previously provided informed consent.

Enable solely internal uses that are reasonably aligned with consumer expectations

based on your relationship with us.

Comply with a legal obligation.

Make other internal and lawful uses of that information that are compatible with the

context in which you provided it.

We do not provide these deletion rights for B2B personal information.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please

submit a verifiable consumer request to us by either:

• www.athenahealth.com/consumer-privacy-request; or

•

Calling us at 888-807-2076.

Only you, or someone legally authorized to act on your behalf, may make a verifiable

consumer request related to your personal information. You may also make a verifiable

consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice

within a 12-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about

whom we collected personal information or an authorized representative, which may

include:

Name, address, and email address.

Describe your request with sufficient detail that allows us to properly understand,

evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot

verify your identity or authority to make the request and confirm the personal information

relates to you.

We will only use personal information provided in a verifiable consumer request to verify

the requestor's identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its

receipt. If we require more time, we will inform you of the reason and extension period in

writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable

consumer request's receipt. The response we provide will also explain the reasons we

cannot comply with a request, if applicable.

RETURN TO TOP

NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless

permitted by the CCPA, we will not:

•

Deny you goods or services.

•

Charge you different prices or rates for goods or services, including through

granting discounts or other benefits, or imposing penalties.

•

Provide you a different level or quality of goods or services.

•

Suggest that you may receive a different price or rate for goods or services or a

different level or quality of goods or services.

OTHER CALIFORNIA PRIVACY RIGHTS

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our

Website that are California residents to request certain information regarding our

disclosure of personal information to third parties for their direct marketing purposes. To

make such a request, please call us at 888-807-2076 or write us at: Compliance

Department, athenahealth, Inc. Watertown, MA 02472.

RETURN TO TOP

CHANGES TO OUR PRIVACY NOTICE

We reserve the right to amend this privacy notice at our discretion and at any time. When

we make changes to this privacy notice, we will post the updated notice on the Website

and update the notice's effective date. Your continued use of our App following the

posting of changes constitutes your acceptance of such changes.

CONTACT INFORMATION

If you have any questions or comments about this notice, the ways in which VVC collects

and uses your information described here and in the above referenced Privacy Policy,

your choices and rights regarding such use, or wish to exercise your rights under California

law, please do not hesitate to contact us at:

•

Calling us at 888-807-2076.

•

Completing the form at

https://www.athenahealth.com/consumer-privacy-request

•

Via mail at:

athenahealth, Inc.

Attn: Chief Compliance Officer

311 Arsenal Street

Watertown, MA 02472

RETURN TO TOP