Revised: March 18, 2016
American Well Corporation (“we, “us”, “our” or “Company”) operates the www.amwell.com website (“Site”) and provides other telemedicine services. This policy applies to our website as well as to the services and applications we provide, collectively known as the “Services.”
Protected health information is information that includes, but is not limited to, identifying data such as name, social security number, address, contact information, as well as information about personal health issues and insurance submitted through the Services. Personally identifiable information may include all such types of information, except for health- or health-care-specific information. This is the information we aim to protect.
We collect protected health information and other personally identifiable information that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual’s past, present, or future physical or mental health condition.
As a Business Associate of health care providers that are Covered Entities under the federal health care privacy and security rules (HIPAA and HITECH), we maintain protected health information (PHI) in compliance with these rules and our contractual obligations with health care providers. Currently our main focus is providing a platform to allow individuals to receive telehealth Services from various healthcare providers. We collect information solely for the purposes of providing the Services, marketing and promoting our Services to you and for market research data. We use this information ourselves and we share it as needed with our partners solely for their performance of contracted services for us. We and our partners may also collect personally identifiable information for marketing, user experience monitoring and improvement and related business purposes.
We assume you are giving consent to this information collection and use, but we also give you the opportunity to “opt out” of receiving direct marketing or market research information by emailing us at firstname.lastname@example.org.
We maintain web logs to record data about all visitors who use the Site and interact with the Services and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services, the Site pages you visited
All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who have to adhere to strict guidelines regarding user data security and privacy.
“COOKIES” AND INTERNET TAGS
We may collect and process information about your use of the Services, such as the Site pages you visit, the website you came from and some of the searches you perform. Such information is used by us to help improve the contents of the Site and the Services and to compile aggregate statistics about individuals using our Site and the Services for internal, market research purposes. In doing this, we may install “cookies” that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. A cookie is a small piece of information which is sent to your browser and stored on your computer or other device. Cookies do not damage your device. You can set your browser to notify you when you receive a cookie. This will enable you to decide if you want to accept it or not. If you do not accept cookies you may not be able to use all functionality of your browser software or this Site. We may obtain the services of outside parties to assist us in collecting and processing information collected through cookies.
We may also use internet tags (also known as action tags, web beacons, single-pixel GIFs, clear GIFs, invisible GIFs and 1-by-1 GIFs) and cookies through the Services and may deploy these tags/cookies through a third-party advertising partner or a web analytical service partner which may be located and store the respective information (including your IP address) in a foreign country. These tags/cookies may be placed both on online advertisements that bring users to the Services and on different pages of the Site. We use this technology to measure the visitors’ responses to the Site and the Services and the effectiveness of our advertising campaigns (including how many times a page is opened and which information is consulted) as well as to evaluate your use of the Services. The third-party partner or the web analytical service partner may be able to collect data about visitors to the Site and other sites because of these internet tags/cookies, may compose reports regarding the Site’s activity for us and may provide further services which are related to the use of the Site and the internet. They may provide such information to other parties if there is a legal requirement that they do so, or if they hire the other parties to process information on their behalf. If you would like more information about web tags and cookies associated with on-line advertising or to opt-out of third-party collection of this information, please visit the Network Advertising Initiative website http://www.networkadvertising.org. (We are not affiliated with the Networking Advertising Initiative in any way.) If you opt out, please be advised that your user experience will be degraded.
When you download or use apps created by us (e.g., to deliver the Services), we may receive information about your location and your mobile device, including a unique identifier for your device. We may use this information to provide you with location-based services, such as search results and other personalized content. Most mobile devices allow you to turn off location services.
We may use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.
We do not provide any personal information to third party sites that display our interest-based ads. However, third parties (including the ad networks, ad-serving companies, and other service providers they may use) may assume that users who interact with or click on a personalized ad or content are part of the group that the ad or content is directed towards (for example, users in the Southwest who have experienced ear infections). Also, some third parties may provide us information about you (such as the sites where you have been shown ads or demographic information) from offline and online sources that we may use to provide you more relevant and useful advertising.
SHARING OF INFORMATION
We employ other companies and individuals to perform functions on our behalf. Examples include analyzing data, providing marketing assistance, processing credit card payments, and providing customer service. They have access to anonymized and personal information needed to perform their functions, but may not use it for other purposes. Access to this information will permit them to provide services more efficiently and effectively to you and to us.
For example: your IP address may be used to estimate your location and personalize your experience with the Services; we may share information such as IP address, user name, email address and cookie and web beacon information with third parties in order to tailor advertising to our various market segments; your IP address and email address and the page you are viewing may be shared with a third party that operates the customer service “chat” feature for our Services; and aggregate data about IP addresses, pages loaded, time to load pages and errors encountered may be used by third-party performance monitoring and improvement products.
These third parties may be required to disclose information, as described in the section below entitled “Disclosures in Accordance with Law.”
SECURITY OF INFORMATION COLLECTED
We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and some data encryption. Our Site and the Services use industry standard TLS encryption to enhance security of electronic data transmissions. American Well will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data. American Well is responsible for ensuring the security of your credit card/cardholder data that may be stored, processed, or transmitted on your behalf, in the context of a telehealth visit. American Well will maintain all applicable PCI DSS requirements to the extent that it has access to, or otherwise stores, processes or transmits cardholder data.
In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Site or Services.
If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other site’s privacy and security policy with respect to Internet use.
We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward personal health information electronically to another person on or off the Site or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
SELF REVIEW OF DATA AND ABILITY TO DELETE YOUR ACCOUNT INFORMATION
You may request to delete any personal information and to de-authorize the collection of personal information in the future by sending us an email at email@example.com.
THIRD PARTY SITES/TRUSTED RELATIONSHIPS
As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.
Our Site contains links to other sites. We do not share your personally identifiable information with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards. However, we encourage you to learn their particular privacy policies.
DISCLOSURES IN ACCORDANCE WITH LAW
We do not knowingly allow individuals under the age 18 to create accounts that allow access to our Site.
QUESTIONS OR SUGGESTIONS