SPINNphr Account Beta Version Security and Privacy Statement
Updated July, 2009
White Pine Systems, LLC (“White Pine”) is committed to protecting your privacy. This security and privacy statement applies to the data collected by White Pine through the SPINNphr account beta version at www.SPINNphr.com ("SPINNphr").; It does not apply to data collected through Microsoft HealthVault (“HealthVault”), other programs that work with the HealthVault, or other online or offline sites, products or services. This is a preliminary disclosure and is not intended to be exhaustive. Using this website indicates that you are in agreement with the terms indicated in this security and privacy statement.
Introduction
SPINNphr is a personal health application that lets you gather, edit, augment, store and share health information online. With SPINNphr, you can control your own health records. You can also share your health information with family, friends and healthcare professionals, and have access to online health information management tools.
You can store health information for other people (such as your family) in one SPINNphr account. You can store and access each person’s information in separate health records within your account.
Some health care professionals can electronically send you your personal health information or receive personal health information from you. Also some home health tools, like weight scales, blood pressure monitors and blood glucose meters can automatically send information to HealthVault, which can then be viewed in SPINNphr.
You can choose to share specific information (or all information) with different people under different circumstances.
Most of the applications which SPINNphr uses were developed by and are owned and managed by White Pine, although some applications are licensed by White Pine from other vendors. Most personal health information gathered by or viewed through SPINNphr is stored in the HealthVault personal health platform although some information is also stored on computers owned and controlled by White Pine.
Collection of your information
SPINNphr asks you to enter an identifier and password to sign in. SPINNphr follows the HealthVault convention and currently accepts either Windows Live ID or OpenID from certain providers. SPINNphr does not issue either OpenIDs or Windows Live IDs. Windows Live IDs are issued by Microsoft.
The first time you sign in to SPINNphr, SPINNphr asks you to create an account in HealthVault. This single process creates your account in both SPINNphr and HealthVault. To create an account, you must provide personal information such as name, date of birth, e-mail address, postal code and country/region.
Both SPINNphr and HealthVault may use the e-mail address you provide when you create your account to send you an email requesting that you validate your email address, to include in sharing invitations you send through SPINNphr and to send you SPINNphr notifications.
An account allows you to manage one or more health records, such as the ones you create for yourself and your family members. You choose what information to put in your records. You decide who should be allowed to enter information for yourself or your family members. Examples of the types of information you can store in a record include:
- Measurements such as blood glucose and blood pressure
- Lab results
- Medications
- Allergies
- Medical conditions
- Health history
- Discharge summaries
- Life style activities such as exercise and diet
HealthVault allows you to use other programs to enter information in your HealthVault account. Information in your HealthVault record can be viewed through SPINNphr regardless of the source.
By default, you are the custodian of any records you create. You may invite additional people to be custodians. Each custodian can add and remove other custodians and users who can view and modify the record. Some of the information stored in the records you manage may be highly sensitive. So you need to consider carefully with whom you choose to share the information. A record may have multiple custodians.
Sharing your Personal Health Information
A key value of SPINNphr is the ability to share your health information with people and services who can help you meet your health-related goals. For example, you can share health information from records you control:
- To co-manage the health of a family member
- To communicate with health care providers
- To provide important information in an emergency
- To notify family and friends when your information is being viewed
- To provide fitness and diet information to coaches and trainers
You can share information in a health record you are custodian of with another person by sending a sharing invitation e-mail through SPINNphr. If the person accepts your sharing invitation and has or creates a SPINNphr account, you have given him or her access to that information. You can specify how long they have access (custodian access does not expire but, like all sharing access, it can be revoked at any time) and whether they can modify the information in the record.
You can share information either within SPINNphr itself or you can exchange information electronically. For example, you can allow SPINNphr to automatically receive information from your doctor or hospital such as test results, visit notes and prescriptions, and you can send information such as diet, exercise, or home test results (like blood glucose, weight and blood pressure) to your doctor.
How we use your personal information
We use personal information collected through SPINNphr, including health information, to provide this service, and as described in this security and privacy statement. We do not use or disclose your information except as described in this security and privacy statement.
In support of these uses, White Pine may use personal information:
- To provide you with important information about the SPINNphr service, including critical updates and notifications
- To determine your age and location to help determine whether you qualify for an account
White Pine may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on White Pine; (b) protect and defend the rights or property of White Pine (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of White Pine services or members of the public.
How we use aggregate information and statistics
White Pine may use aggregated information from the SPINNphr service to improve the quality of the service and for marketing of the service (for example, to tell potential advertisers how many SPINNphr users live in the United States). Also, where organizations such as healthcare providers or insurers purchase blocks of memberships on behalf of or to provide to their constituents, we may provide them with aggregate information such as the number of users who join or remain as members. This aggregated information is not associated with any individual account. White Pine will not use your individual account and record information for marketing or research purposes without first asking for and receiving your opt-in consent.
Links to other sites
Our website may contain links to other sites not owned or controlled by SPINNphr. Please review carefully the privacy policies of those sites before volunteering any personal information. We are not responsible for nor can we control the privacy practices of any other websites. Links to non-SPINNphr websites do not constitute or imply endorsement by SPINNphr of those websites, any products or services described on those sites or of any other material contained in them.
HealthVault and Windows Live ID
SPINNphr allows you to save your personal health information in the Microsoft HealthVault system. SPINNphr follows the HealthVault convention and currently accepts either Windows Live ID or OpenID from certain providers.
If you choose to use Windows Live ID when you save your information in a HealthVault record, you will be asked to enter an e-mail address and password, which Microsoft refers to as your Windows Live ID or your Microsoft Passport Network credentials. After you create your Windows Live ID, you can use the same credentials to sign into many different Microsoft sites and services, as well as those of select Microsoft partners that display the Windows Live ID or Microsoft Passport Network logos. By signing in on one Microsoft site or service, you may be automatically signed in when you visit other Microsoft sites and services. To learn more about how your credential information is used when you sign into participating sites, please read the Microsoft Online Privacy Statement at http://privacy.microsoft.com/.
You can also review and edit the personal information you provided at SPINNphr by signing into your HealthVault account and editing your saved Windows Live ID profile.
Account access and controls
You choose whether to create an account with SPINNphr. The required account information consists of a small amount of information such as your name, e-mail address, region, and SPINNphr credentials. We may request other optional information, but we clearly indicate that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your SPINNphr account and editing your account profile.
You can close your account in SPINNphr and in HealthVault at any time by signing into your HealthVault account and editing your account profile. With HealthVault, we wait 90 days before permanently deleting your account information in order to help avoid accidental or malicious removal of your health information.
When you close your account, SPINNphr deletes all records for which you are the sole custodian. If you share custodian access for a record, you can decide whether to delete the record from SPINNphr. You should think carefully before you grant custodian access to your records. Contact Customer Support to reopen an account.
Record access and controls
SPINNphr allows an account to contain multiple health records. This feature enables, for example, family health managers to create and manage records for family members.
When you create a record, you become a custodian of that record. As a custodian, you decide what level of access to grant other users of the information. SPINNphr, working in conjunction with HealthVault, creates a fixed list of each access or change by users, which HealthVault keeps as a full history of the record. You can view and update records you are custodian of and can examine the history of access and changes to those records.
Sharing records with other SPINNphr users
You decide who should see what information in SPINNphr.
- Emergency information. This is information made available to anyone who is not authorized to see restricted information. This could include anyone off the street as well as a Emergency Medical Technicians, physicians, or other healthcare providers who are not known by SPINNphr to be an authorized healthcare provider.
- Registered healthcare provider members only. This information is viewable by healthcare providers who are registered as healthcare providers in SPINNphr and who are authenticated by the log-in process. Registered healthcare providers include those registered through White Pine or other White Pine affiliates.
- Your personal health network. You can create a network of healthcare providers who all have the same level of access to selected information. This information is viewable only by people in your personal health network.
- Named SPINNphr members only. You may choose to limit access to certain information to specifically named people.
Within this framework, the level of access you can grant as a custodian include:
- View-only access (time-limited access)
- View-and-modify access (time-limited access)
- Custodian access (no time limit)
Access becomes active only when the recipient accepts the invitation.
Custodian access is the highest level of access. A custodian of a health record can:
- Read the record
- Change the record
- Delete the record
- Grant to others any level of access to the record, including custodian access
- Revoke the access of anyone to a record, including other custodians, and including the custodian who granted them custodian access in the first place
Because inappropriate granting of access could allow a grantee to violate your privacy or even revoke your access to your own records, we urge you to consider all the consequences carefully before you grant access to your records.
When you grant someone non-custodian access, that person can grant the same level of access to Programs (for example, someone with view-only access can grant a Program view-only access).
Deleting records
You can delete any health record that you are a custodian of from both SPINNphr and HealthVault by signing in to your SPINNphr account and editing a record's profile. You can also do this directly in HealthVault. If other users had any level of access to that record, the record no longer appears in their accounts. SPINNphr deletes the record from all users. We wait 90 days before permanently deleting the record information in order to help avoid accidental or malicious removal of your health information.
Archiving health information
When a user with "View and modify" or custodian access deletes a piece of health information, HealthVault archives the information so that it is visible only to record custodians from within HealthVault.
Security of your information
SPINNphr, White Pine and Microsoft are committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer servers with limited access that are located in controlled facilities. Additionally, when we transmit sensitive personal information (such as a credit card number) over the Internet, we protect it through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
Use of cookies
We, SPINNphr, White Pine and Microsoft, use cookies on this site to ensure the integrity of the registration process and to personalize the site. A cookie is a small text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a web page, or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. This simplifies the process of delivering relevant content, eases site navigation, and so on. When you return to the web site, the information you previously provided can be retrieved, so you can easily use the site's features that you customized.
You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to use interactive features of this or other web sites that depend on cookies.
Use of Web beacons
Web pages may contain electronic images known as Web beacons, sometimes called single-pixel gifs, that may be used:
- to assist in delivering cookies on our sites
- to enable us to count users who have visited those pages
- to deliver co-branded services.
We may include Web beacons in promotional e-mail messages or our newsletters in order to determine whether you opened and acted upon those messages.
We may also employ Web beacons from third parties in order to help us compile aggregated statistics and determine the effectiveness of our promotional campaigns. We prohibit third parties from using Web beacons on our sites to collect or access your personal information.
We may collect information about your visit to SPINNphr, including pages you view, the links you click, and other actions taken in connection with the SPINNphr service. We also collect certain standard, non-personally identifiable information that your browser sends to every Web site you visit, such as your IP address, browser type and language, access times, and referring Web site addresses.
Advertising in SPINNphr
As of July, 2009, SPINNphr does not accept any advertising revenue; however, SPINNphr expressly reserves the right to accept banner or other online advertisements in the future. If we accept advertisements, we expect the online banner or other advertisements you will see on SPINNphr Web pages will be displayed by SPINNphr or by sponsors with whom SPINNphr has a direct relationship. We do not expect to engage third-party ad servers or ad networks to display advertisements on SPINNphr Web pages.
Enforcement of this Security and Privacy statement
If you have questions regarding this statement, you should first contact us by using our Web form. If you do not receive acknowledgement of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact SPINNphr at the address and phone number listed below. Changes to this security and privacy statement We may occasionally update this security and privacy statement. When we do, we will also revise the "last updated" date at the top of the security and privacy statement. For material changes to this security and privacy statement, we will notify you either by placing a prominent notice on the home page of our web site or by directly sending you a notification. We encourage you to periodically review this security and privacy statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of the service constitutes your agreement to this security and privacy statement and any updates.
Changes to this Security and Privacy statement
We may occasionally update this security and privacy statement. When we do, we will also revise the "last updated" date at the top of the security and privacy statement. For material changes to this security and privacy statement, we will notify you either by placing a prominent notice on the home page of our web site or by directly sending you a notification. We encourage you to periodically review this security and privacy statement to stay informed about how we are helping to protect the personal information we collect. Your continued use of the service constitutes your agreement to this security and privacy statement and any updates.
Contact information
We welcome your comments regarding this security and privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us by clicking here or sending a letter to the following address:
SPINNphr Privacy Team
White Pine Systems, LLC
1214 S. Seventh St.
Ann Arbor, MI 48103