logo

Your private health information is secure and protected. TouchHealth takes every precaution to secure your information so that it is only available to the care providers and authorized people you choose. Your health information and/or any identifying information which links you to your health information is encrypted while on TouchHealth servers and only decrypted when being accessed by authorized parties – those individuals to whom you have provided permission, explicitly or implicitly, to access your information. As a business practice, your personally identifiable health information is never sold, made available to third parties unless authorized by you.(1)

The TouchHealth Privacy Policy

This policy only applies to those TouchHealth services for which you also must accept TouchHealth’s Terms of Use. TouchHealth greatly respects your privacy and considers the proper management of patient health information a primary focus of both our technical infrastructure and business policies. TouchHealth takes every reasonable precaution to ensure that patient data is made accessible only to those individuals who are intended to have access.

By accepting TouchHealth's Terms of Use, you consent to the use and disclosure of personally identifiable information provided to us as outlined in this Privacy Policy.

Who Is Collecting Information?

TouchHealth provides you, your healthcare providers (“Providers”), “Provider-Designated User” or authorized member of a Provider Group with the ability to communicate with each other regarding health and medical matters. In order to establish an account with TouchHealth, we require that the patient provide common identifying information (name, address, etc.) We also might ask for identifying information typically requested by your doctor such as birth date.

You might also choose to use the ‘health forms’ feature of TouchHealth, in which case you complete health forms on the TouchHealth site which are stored for you so that, at a later date, you can submit selective information from these forms to a new healthcare provider without having to tediously complete the forms again. These forms constitute “Personal Health Information” or “PHI” we are required by law to protect this information according to HIPAA standards. Accordingly, the company has adopted a companywide HIPAA plan which establishes technical architectures, policies and procedures for protecting PHI. Following is a few of the ways your PHI is protected.

How is My PHI Protected?

Secure communication between you and the TouchHealth website (servers). Any time you sign-in to the TouchHealth website from within the United States, you are connected via an industry standard 256bit SSL connection. From outside of the United States, the encryption is limited to 128bit SSL.

Encrypted data in TouchHealth databases. TouchHealth encrypts key information which relates the identity of any patient to PHI. In the unlikely event that the database is stolen, the software keys necessary to decrypt this information would not be available to a perpetrator.

Firewall protection. The TouchHealth servers are further protected by an industry standard Cisco firewall. The firewall provides an additional barrier between the protected server environment and the public internet. The firewall also allows for the restriction of administrative access to a select few individuals.

Engineering and administrative access to TouchHealth servers. In order to operate and improve the TouchHealth service, TouchHealth software engineers (employees and/or consultants) occasionally need access to the TouchHealth servers. While TouchHealth engineers have access to the servers, because key data is encrypted, these individuals typically do not have access to PHI. TouchHealth closely monitors access and maintains logs of each time the servers are accessed.

Data backup procedures. All data is stored in redundant storage arrays and the full data set is backed up nightly. In the event that there was a catastrophic failure, a worst case scenario could result in a day’s worth of data being lost. This event would be highly unlikely.

TouchHealth Qualified Search (“TQS”)

TQS is customized version of the Google search engine specifically designed to meet the needs of our customers. Google is a third party provider to TouchHealth and when you use the TQS, the search information you input is processed by Google to return the search results and to direct you to the correct website when you click a link within the TQS. Accordingly, Google may decide to monitor and record your activity through the TQS. The privacy and use of the information gathered by Google is outside of the control of TouchHealth and we ask our users to be aware of this fact.

Will TouchHealth use my data for commercial purposes?

Without your consent, we will not sell, make available, or rent personally identifiable health information that is collected in the TouchHealth service to non-authorized persons or entities, or unless otherwise required by law.

While TouchHealth has no immediate plans to do so, we reserve the right to use aggregate, non-identifiable (“depersonalized”) information commercially. Quite often, aggregate health data can be used to determine health trends and patterns across the larger population. This aggregate data can in no way be used to identify any individual.

Provider-Patient Communications.

TouchHealth offers various messaging platforms relating to specific requests and/or purposes to facilitate communications. Either you or your Provider, Provider-Designated User or authorized member of a Provider Group can initiate such messages and/or communications. Your response and/or provision of information regarding these communications is voluntary; therefore, you have a choice whether or not to disclose this information. Information provided via these communications may be used to update your health forms or other PHI stored at TouchHealth. Certain communications (for example, e-mails, messages) are recorded and maintained by TouchHealth. TouchHealth will not alter the content of the communication between you and your Provider, Provider-Designated User or authorized member of a Provider Group other than alterations that occur do to the design-of or technical constraints or limitations of the TouchHealth system. For example, images or attachments may be compressed or encrypted by the system. TouchHealth considers these communications to be personal and private and will not use or disclose these communications except as provided for in this Privacy Policy or where required by law or unless you agree to additional use and disclosure of information provided via TouchHealth.

Provider Health Information. From time to time, your Provider or a member of your Provider's staff may provide medical or other information contained in their medical records or patient files to update or supplement your Health Record or other information about you in our service. This may include sharing of information about you via integration between our service and certain systems used by your Provider containing information about you (for example, medical record-keeping/storage systems, billing systems). The provision and sharing of this information is optional by your Provider and based upon normal standard of care procedures and and/or your consent.

Stored Health Forms. Stored Health Forms is a tool that permits you to provide and store health information online, including health conditions, allergies and medications. You have the ability to enter information into your health forms record directly. In addition, where you have authorized another person (a "Patient Account Manager" or a “Custodian”) to access your Health Record, those individuals authorized by you (“Authorized Third Party”) will also have the ability to enter information into your account at TouchHealth as well as to view existing information in your record at TouchHealth. Whether or not your provide other’s permissions to access your account is entirely your decision and TouchHealth takes no responsibility for how Authorized Third Parties utilize or disseminate PHI.

Subscriber Log Files. TouchHealth reserves the right to collect and store the Internet Protocol (IP) address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the Web site from which you directly linked to TouchHealth. TouchHealth may use this log file information to establish security rules based on such information, analyze trends, administer the service, and monitor service traffic and usage patterns for internal security purposes and to help make the TouchHealth service more useful.

Provider and Provider-Designated User Information.

Provider Registration. When Provider arrives at TouchHealth, we require the collection of certain contact information as part of the Provider registration process (for example, name, medical license number and state of issue, office address, office zip code). TouchHealth does not warranty the accuracy of this information or endorse provider credentials in any way. In many cases, you will be asked to enter this contact information directly. In other cases that information may be pre-filled if you have already provided it to a related product or registration process of a business partner site and have consented to its disclosure to TouchHealth through that business partner site. In circumstances there the information has been pre-filled by someone other than you, you may be asked to confirm the information provided and agree to TouchHealth's Terms of Use before being able to use TouchHealth.

Provider-Designated User Registration. We require the collection of certain contact information as part of the Provider-Designated User registration process (for example, name, user function, office zip code). It is optional for you to provide unique contact information (for example, office fax, e-mail address), but you are encouraged to provide this information in order to enable optimal use of our service. In many cases, you will be asked to enter this contact information directly. In other cases that information may be pre-filled if you have already provided it to a related product or registration process of a business partner site and have consented to its disclosure to TouchHealth through that business partner site. In circumstances there the information has been pre-filled by someone other than you, you may be asked to confirm the information provided and agree to TouchHealth's Terms of Use before being able to use TouchHealth.

Billing Information. TouchHealth requests billing information from you via a Billing Form. Here you must provide TouchHealth with billing information (for example, credit card information) for your use and access to TouchHealth. This information is used for billing purposes.

Log Files. TouchHealth may collect and stores the Internet protocol address of the computer you are using; the name of the domain and host from which you access the Internet; the browser software you use and your operating system; the date and time you access the service; and the Internet address of the Web site from which you directly linked to TouchHealth. TouchHealth uses this log file information to analyze trends, administer the service, and monitor service traffic and usage patterns for internal security purposes and to help make the TouchHealth service more useful.

Will Your Information Be Used And Disclosed?

In addition to the uses and disclosures of information outlined above, your information may also be used and disclosed as follows:

If another individual is managing your account with your permission (for example, mother managing account of her son) or Authorized Third Party, this Authorized Third Party can view all your information entered in TouchHealth on your behalf.

Your Provider, a Provider-Designated User or authorized member of a Provider Group can use contact and/or health information about you stored by TouchHealth for many purposes such as inviting you to register for TouchHealth and constructing and updating your TouchHealth account and many other clinical and business purposes such as screening for drug and allergy interactions, screening for formulary compliance, identifying and providing educational materials, sending appointment reminders and wellness information. Your Provider, a Provider-Designated User or authorized member of a Provider Group will also likely import form information which you provide through TouchHealth into their Electronic Health Record system.

Disclosure of Subscriber Information.

If you have authorized an Authorized Third Party, those individuals authorized by you will also have the ability to access your TouchHealth account and update any TouchHealth form information.

Where your Provider, Provider-Designated User or authorized member of a Provider Group authorized by you determines that it is clinically appropriate, they may send a referral message to another provider and/or refer you as a patient to another provider. This referral message may include personally identifiable medical and/or health information about you, including, but not limited to, your Health Record. This communication is at the discretion of your Provider, Provider-Designated User or authorized member of a Provider Group and subject to their privacy policies with you. TouchHealth in no way assumes responsibility for the content of private communications between any two or more parties using the TouchHealth system.

If you authorize an individual as a Provider-Designated User or authorized member of a Provider Group, that individual may access your messages and other account information with your permission and can respond on your behalf.

TouchHealth uses the information you supply for purposes that will be beneficial to your health care such as inviting you or your providers to register for TouchHealth, supplying information needed for filling prescriptions or billing or remitting payments, or offering you educational or preventive care information.

From time-to-time, TouchHealth may make available certain provider information (for example, name and/or DEA #) to potential business partners in order to provide an aggregate landscape of the TouchHealth Provider community (for example, aggregate number of providers, general types of providers). This information will not be used by the potential business partner for marketing and/or any other purpose.

Aggregate Data

TouchHealth may use non-identifiable anonymous data that is taken from the Personal health information you provided and combine it with other anonymous data to create what is referred to as ‘aggregate data” that may be disclosed to third parties. Aggregate data is information that describes the habits, usage patterns and/or demographics of users as a group but does not reveal the identity of particular users. This data will not identify you but will be used as statistical information to determine such things as user demographics and usage patterns of our services. TouchHealth may use aggregate data within TouchHealth to understand the needs of the TouchHealth community of users and determine what kinds of programs and services we can help your Provider offer to you. Aggregate data may be provided or sold to third parties. TouchHealth may use this aggregate data to give potential users, providers, or business partners a picture of the TouchHealth community and services.

Enforcement of Terms of Use.

TouchHealth and your Internet Access Provider may use Locator Information as is necessary to enforce any of the terms of the TouchHealth Terms of Use. Locator information is your name, electronic messaging address, physical address, and / or other data that enables someone to personally identify you.

Can Patients Opt Out or Opt In to Specific Uses?

Invitations

If you no longer wish to receive invitations to register for TouchHealth, you may request that your Provider no longer send invitations to you using TouchHealth.

Storage and Maintenance of Information

TouchHealth stores and maintains all electronic communications sent via TouchHealth, the content of all webVisits, your Health Record, contact information, financial information and all attachments and/or files uploaded or posted to TouchHealth for a period of at least ten (10) years. Additional information on the storage and maintenance of information is available upon request.

Does TouchHealth Use Cookies?

A "cookie" is a small text file that websites transfer to your computer's hard drive in order to personalize the TouchHealth service for you. Cookies are used both for security and to ensure that the website has the right look and feel for your particular device. Cookies are generally necessary for the normal operation of a complex website. Each computer is assigned a different cookie that contains a random, unique number. The cookie does not contain personally identifiable information. TouchHealth uses two different types of cookies: a “session cookie”, which is required to track a user session, for example, and which expires shortly after the session ends), and a “persistent” cookie, used to track unique visits to the TouchHealth website, as well as how the user arrived at the TouchHealth website (through an email link, or from a referral link, for example), and the type of user (patient, provider, etc.). TouchHealth uses Google Analytics on non-account related pages, such as our home page and informational pages, to monitor aggregate traffic to the website. These cookies contain no personally identifiable information and by design maintain the user’s anonymity.

Your browser software can be set to warn you of cookies or reject all cookies. Most browsers offer instructions on how to reset the browser to reject cookies in the "Help" section of the toolbar. If you reject our cookie, you will not be able to use TouchHealth.

Contextual Advertising

TouchHealth does not collect or use any personal health information for use in marketing, nor does TouchHealth track health information related activity by patients for any purpose other than those stated in our privacy policy and terms of use. Any advertising or promotion generated on the TouchHealth which is contextual in nature has been generated strictly from data generated on a particular webpage and is not linked to any specific patient account. For example, an advertisement for a glucose meter might be generated on educational page about diabetes. This, link was derived from the content on the page, and in no way is tied to the actual account or user viewing the page.

How can I protect my Privacy?

In order to protect your privacy while you can:
Always sign out when you are finished using the service.
Never share you sign in name or password

How will you be notified about changes to this Privacy Policy?

TouchHealth reserves the right to change the terms of this Privacy Policy at any time by posting those changes on our service so that you are always aware of our processes related to collection, use and disclosure of information. We will inform you of any material change to our Privacy Policy that involves the use of your personal health information in order to give you the opportunity to opt-out for any additional uses or disclosures of your personal health information that you made available to us prior to any such change in our Privacy Policy. In addition, we urge you to check here for any updates to this Privacy Policy from time to time.

If you have any questions about this Privacy Policy or the use of your information via TouchHealth, please contact us at [email protected].


(1) TouchHealth will not disclose idenifiable personal information (contact, health and/or billing) to third parties other than provided for in this Privacy Policy, except when we believe in good faith that the law requires it or you have otherwise consented to additional use or disclosure of the information. TouchHealth works with several business partners in making our services available to consumers. It is our policy to require companies with whom we do business to support the same privacy policy we do. By policy and usually by technical restriction, these parties are not allowed nor authorized to view or use personally identifiable information except for the purpose of providing these services.

Updated, 9-26-2016