EasyReporting and its staff (collectively “EasyReporting”, “we”, “our”, or “us”) are committed to the privacy and security of our website visitors, service users, service companies, partners, and associates (collectively “Users” or “you”) and the information they entrust us with. This document outlines our policy of privacy and security (the “Policy”) that we apply to all our services including our web application and our Chrome extension. While our website (https://geteasyreporting.com) can be used and accessed by the general public as a source of information, our services are intended to be used by health care professionals and healthcare management companies.
Private Information Clarification
Information that is used by a government authority, financial institution or insurance carrier to distinguish a person from other individuals ( e.g., social security number, social insurance number, credit card information, or insurance policy number) is private. Such information can be used to identify an individual (e.g., a person who works at a healthcare facility, or a resident or patient in a healthcare facility). Certain information may be used to contact a person directly (e.g., an email address, home mailing address or telephone number). Depending on the jurisdiction, the above identifiers are considered to be Personal Information (“PI”), Personally Identifiable Information (“PII”), Sensitive Personal Information (“SPI”) or a similar term, and it is private. An individual’s business contact information and business title generally are exempt from privacy laws. Information about an individual’s health, including insurance and billing information, is also considered – depending on the jurisdiction – to be PI, Protected Health Information (“PHI”), Personal Health Information (also known as “PHI”), Individually Identifiable Health Information (“IIHI”) or a similar term, and it also is private. In Canada and the United States, the laws that primarily govern how we deal with the PI, PII, SPI, PHI and IIHI which you provide to us in relation to the Services are listed in Table 1.
For the remainder of this Policy, we will refer to all PI, PII, SPI, PHI, IIHI, and “Health Information” as “Personal Information” unless we specifically note otherwise. If we wish to refer only to information about a specific individual’s health but not to other forms of Personal Information, we will refer to “PHI.”
This Policy also will apply to non-personal information if such information can be used in combination with other Personal Information or non-personal information to identify an individual.
Please be aware that this Policy only covers information manually submitted to, or automatically collected by, us through use of the Site and/or the Services. If you contact or exchange information with another EasyReporting customer or business partner in person or through a means other than through the Site or Services, such activity is not covered by this Policy. Additionally, if you are not a customer or a business partner of EasyReporting by way of written agreement, and are contacting us out of interest in the Services, a business partnership or a job opportunity, please be aware that the information that you share with us is not covered by this Policy, unless required by law.
Collected Information
To use EasyReporting’s services, we must collect information about its Users. The types of information that we collect depends on the services utilized by you and may be obtained via third parties such as Google Analytics.
- Information and content you provide – We collect information (personal and/or non-personal) obtained via communication with us including but not limited to offline communications (such as in person, postal mail, or telephone communications), email, live chat, publicly accessible means, or when you authorize us to access, retrieve, import, and / or process information from a third party on your behalf.
- Network, Connections, and Devices – We collect information about the connection and usage of our services including, but not limited to, date and time of network request, device and software used to make the connection, IP address and geolocation of the connection, connection time zone, URL connected to, cookies, unique identifiers, and other network and usage related meta data.
- Your Usage – We collect information on how you use our services. This includes, but is not limited to, the navigation and interactions with our services.
- Things others do and information they provide about you – In some instance we may use information obtained via other users of our services.
Information Usage
EasyReporting uses the information collected to provide and improve our services to you and increate and verify the security of our services.
- Provide, personalize, and improve our services – information collected may be used to provide you with our services, provide a personalized experience when interacting with our services, and / or in the improvement of our services including but not limited to debugging, new features, and / or new services.
- Analytics and usages – Information collected may be used in the analytics and study of how our Users use our site and services.
- Security – information collected may be used to provide security to other users and / or our services, network, servers, computers, database, or data.
- Communication – information may be used to communicate with you including, but not limited to, surveys, service status, account information, or new services.
Information Sharing
In some instances, EasyReporting may share information it has collected or was provided on you.
- People and services you share and communicate with – We may share information though our services about you if you request us to or if you share it through our services.
- Information others share about you – we may share information collected that others share through our services.
- Apps, websites, and third-party integrations – we may share information collected about you with other services, apps, websites, and / or their party’s when requested by you, during the course of our normal operations, or with services that our services integrate with.
- New owner – in the instance that there is a new owner of EasyReporting, we will share all data with the new owner.
- Law enforcement or legal requests – Information may be shared with law enforcement or to comply with legal requests when required to by law.
Consent and Authorization
By visiting the Site, you are consenting to the use of your Personal Information for the aforementioned purposes. On occasion, we may request additional consent in connection with the use or sharing of Personal Information for a purpose not stated in this Policy or because the law requires such consent.
If you are a customer or business partner of EasyReporting, we will never use your Personal Information in a manner not otherwise provided for in our written contracts with you, authorization forms you provide to us, or this Policy.
Protecting Health Information
As a provider of hosted, electronic health record solutions, EasyReporting customers are health care providers and subject to laws and regulations governing the use and disclosure of PHI. In the United States, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI. In Canada, provincial laws govern the handling of PHI. See Table 1: Privacy Laws Applicable to the Services. Other laws may apply with respect to specific customers, as set forth in our contracts with those customers. Health care providers are considered to be Covered Entities under HIPAA and are subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI in order to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. To enforce protection, HIPAA requires Covered Entities to execute a “Business Associate Agreement” or ”BAA” with each of its Business Associates. Our U.S.-based customers are required to sign a BAA with us. As a Business Associate, we are required to use reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of PHI that is stored and processed on behalf of Covered Entities. Similarly, Alberta’s Health Information Act requires that our Alberta customers enter into an Information Manager Agreement (“IMA”) with us and, from time to time, we may enter into similar contracts with other Canadian customers, related to each party’s obligations to comply with applicable provincial privacy laws. From time to time, the terms of EasyReporting’s standard BAA, IMA and/or similar agreements may be posted on the Site.
Security, Threats, and Breach Notification
Our Services have physical, administrative and technical security measures in place to protect against the loss, misuse, unauthorized access and alteration of data and Personal Information under our direct control. When the Services are accessed using current browser technology, Secure Socket Layer (“SSL”) technology protects information using both server authentication and data encryption to help ensure that data is safe, secure, and available only to you. EasyReporting also implements an advanced security methodology based on dynamic data and encoded session identifications, and hosts the Services in a secure server environment which uses a firewall and other advanced technology to prevent interference or access from outside intruders. Unique user names and passwords also are required and must be entered each time a customer logs into the Services.
We are committed to educating our staff about the protection of Personal Information, and the importance of compliance with relevant privacy legislation and company policies. Employees and contractors are required to sign confidentiality agreements.
These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Personal Information; however, it is important to remember that no system can guarantee 100% security at all times. In the event that we detect a threat to security or a security vulnerability, we may attempt to contact you to recommend protective measures. Additionally, incidents of suspected or actual unauthorized handling of Personal Information are always directed to EasyReporting’s Legal & Compliance team, which is responsible for determining escalation and response procedures, depending on the severity and nature of the incident. Incidents involving unauthorized handling of PHI will be governed by relevant legislation and, where applicable, the provisions of a BAA, IMA or similar agreement with a customer. If EasyReporting determines that Personal Information has been misappropriated or otherwise wrongly acquired, EasyReporting will report such misappropriation or acquisition to you promptly.
For customers who purchase Connected Services, it is important to note that the third-party vendors that provide Connected Services to you may have different procedures in place to protect your Personal Information than the standards EasyReporting has implemented. We cannot be responsible for their policies or their compliance with them, regardless of whether we have integrated their solutions with our Services and/or made them available to you.
Openness, Transparency and Access to Personal Information
We offer visitors to the Site and our customers using the Services a means to choose how we may use the information they provide to us. If, at any time, you change your mind about:
our use of Personal Information submitted to the Site;
our use of Personal Information submitted via the Services;
receiving notices from us (including automatic notifications about updates to the Services and the frequency with which we send you such messages); or
receiving marketing or sales notices from us, including special offers, product enhancement details, event information, etc.;
sharing your non-personal information with third parties (as described in this Policy), send us a request specifying your choice or change of permission by contacting us.
Please note that, if you choose to impose certain restrictions on our use of your Personal Information – e.g., if we may no longer access your database to perform any necessary quality testing or disaster recovery testing – you may no longer be able to use the Services. Similarly, if you choose to unsubscribe from receiving notifications or messages from us, your customer experience in using the Services may be compromised. If complying with your request would result in termination of the Services, we will make that clear to you and confirm that this is what you want before proceeding.
Retention and Deletion
EasyReporting will retain Personal Information: as necessary for the purposes outlined in this Policy; for as long as a customer account remains active; as required to manage and administer the Services; as required to carry out legal responsibilities (e.g., legal holds and other legal procedures); to resolve a dispute (including enforcement of a contract); or, as communicated to you at the time of collection. After all applicable retention periods have expired, we will delete or destroy your Personal Information in a manner designed to ensure that it cannot be reconstructed or read. If, at any time, it is not feasible for us to delete or destroy your Personal Information, we will continue using the same safeguards of protection and security outlined in this Policy and related subordinate policies, for as long as it cannot be destroyed.
Cross-Border Transfers
EasyReporting provides their services from its headquarters in Knoxville, Tennessee, United States of America (“USA”) and hosts customers data in the USA. Our services are not intended to be accessed and/or use by those outside of the USA. We may actively block or otherwise prevent the connection, use, and transportation of data of our service outside of the USA.
Opt-Out Policy
We offer visitors to the Site and our customers using the Services a means to choose how we may use the information they provide to us. If, at any time, you change your mind about:
our use of Personal Information submitted to the Site;
our use of Personal Information submitted via the Services;
receiving notices from us (including automatic notifications about updates to the Services and the frequency with which we send you such messages); or
receiving marketing or sales notices from us, including special offers, product enhancement details, event information, etc.;
sharing your non-personal information with third parties (as described in this Policy), send us a request specifying your choice or change of permission by contacting us.
Please note that, if you choose to impose certain restrictions on our use of your Personal Information – e.g., if we may no longer access your database to perform any necessary quality testing or disaster recovery testing – you may no longer be able to use the Services. Similarly, if you choose to unsubscribe from receiving notifications or messages from us, your customer experience in using the Services may be compromised. If complying with your request would result in termination of the Services, we will make that clear to you and confirm that this is what you want before proceeding.
Changes
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, statutory/regulatory or other legal reasons.
Who We Are
Our physical address and direct contact information:
EasyReporting
123A South Gay Street
Suite 4
Knoxville, TN 37902
Phone: (865) 745-5775
Email:
support@geteasyreporting.com
Website:
geteasyreporting.com