Last Updated January 31, 2020
Relationship with Covered Entities and PHI
Under the terms of each Business Associate and Subscription Agreement ("Agreement") by and between SafeKeeping and a Covered Entity, SafeKeeping provides services to Covered Entity that may involve Individually Identifiable Health Information constituting PHI. SafeKeeping's uses and disclosures of PHI and other actions under each Agreement are and shall be consistent with the Covered Entity's privacy policies, as stated in Covered Entity's notice, and which may be modified or altered by the Covered Entity from time to time.
To the extent SafeKeeping is authorized by the Agreement to disclose PHI to Authorized Users, Covered Entity must obtain, prior to making any such disclosure, reasonable assurances from the Authorized Users that the PHI will be held confidential as provided pursuant to the Agreement and only disclosed as required by law or for the purposes for which it was disclosed to such Authorized User, and an agreement from the third party to immediately notify SafeKeeping of any breaches of confidentiality of the PHI, to the extent it has obtained knowledge of such breach. The Covered Entity is required to obtain the necessary permissions and signatures to allow any third parties or Authorized Users to access any PHI through the Services provided by SafeKeeping.
SafeKeeping shall disclose to its subcontractors, agents or other third parties, and request from the Covered Entity, only the minimum PHI necessary to performing or fulfilling a specific required or permitted function. SafeKeeping will establish and maintain all appropriate safeguards to prevent any use or disclosure of PHI other than pursuant to the terms and conditions of the Agreement. SafeKeeping shall immediately report and document any security incidents/potential breaches regarding information received by it from Covered Entity.
SafeKeeping shall abide strictly by the administrative, technical, and security parameters set by Covered Entity and SafeKeeping, as the case may be. In the event of any conflict between administrative, technical, and security parameters set by Covered Entity and SafeKeeping, the parameters of Covered Entity shall control.
Information SafeKeeping Collects
Information given by Covered Entity, Authorized Users, or third-party users. Services provided may require you to sign up for a SafeKeeping or How's Mom account(s) ("SafeKeeping Account"). When you do, certain information about you, the related facilities, staff, and residents may be collected. This information may include personal information, like name, health information, or photos. This information will only used to authorize your access and provide such information to you through the Services.
Information we get from your use of our services. We may collect information about the services that you use and how you use them, like when you visit our website or access our Services. This information includes:
- Device Information. We may collect device-specific information (such as your hardware model, operating system, and mobile network information).
- Log information. When you use the Services or view content provided by SafeKeeping, we may automatically collect and store certain information in our server logs. This may include:
- details of how you used the Services.
- Internet protocol addresses
- device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
- cookies that may uniquely identify your browser or your Authorized User account
- Location information. When you use a location-enabled SafeKeeping Services, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
- Cookies and anonymous identifiers. We use various technologies to collect and store information when you visit SafeKeeping Services, and this may include sending one or more cookies or anonymous identifiers to your device. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Services. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
How SafeKeeping uses collected information
Information that is shared
Personal information is not shared with companies, organizations, and individuals outside of SafeKeeping unless one of the following occurs
- Consent. Personal information will be shared with companies, organizations, or individuals outside of SafeKeeping when your consent has been provided to do so.
- Domain/IT administration. If you create a SafeKeeping Account and it is managed by an IT administrator then your IT administrator may have access to your SafeKeeping Account information (including your data, email, and personal information). Your IT administrator may be able to:
- view statistics of the account
- change the account password
- suspend/terminate account access
- access information retained on the account
- access or receive other information or data of your account or adjust settings within your account
- Legal Concerns. Personal information may be shared with companies, organizations, or individuals outside of SafeKeeping if there is a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- enforce applicable Terms of Service
- meet applicable laws, regulations, legal processes or enforceable governmental requests
- detect, prevent, or otherwise address fraud, security or technical issues and defend rights or property of SafeKeeping
- investigate wrongdoing in connection with the Services
- protect personal safety of users of the Services or the public
“Do Not Track” Signals under the California Online Protection Act (CalOPPA)
We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.