Last modified: March 1, 2019.
This Privacy Statement describes how Verisma Systems, Inc. and its affiliates (collectively, “Verisma”) may collect, use, transfer, and/or store “Personal Information”, i.e., data that can be used to identify or to contact a specific individual. The Statement applies to the Verisma website, www.verisma.com, and all associated websites linked to www.verisma.com including, without limitation, the Verisma Requestor Portal website (https://track.recordjacket.com/), and Verisma’s Release Manager website (www.verisma.com) (collectively, the “Websites”), and to the Verisma services available through the Websites (collectively, the “Services”). All references in the Statement to “our,” “us,” “we,” or the “Company” refer to Verisma.
This Privacy Statement may be updated periodically and without prior notice to you to reflect changes in our information practices. We will indicate above when it was most recently updated. This Statement is not intended to, and does not, create any contractual or other legal right in or on behalf of any party.
Personal Information We Collect
We do not collect any Personal Information at our Websites or via our Services unless you provide it to us voluntarily. We may gather the following types of Personal Information at the Websites or via the Services:
- contact information, such as name, organization and department, email or postal address, telephone or fax number
- information used to create an online account, such as username, password, and answers to security questions
- financial information, such as credit card details, and billing name and address
- purchase and customer service history
We need and use this information primarily to process, track, and fulfill your Release of Information requests, to keep you informed about the status of your requests, and to administer your account (e.g., tracking payments, fraud detection). From time to time, we may use Personal Information to send important notices, such as changes to the terms and policies concerning the Services. We may use Personal Information for internal purposes such as auditing, data analysis, and research to improve the Services.
We also are required by the healthcare providers we serve to retain copies of all medical records that we provide to requestors. We retain these records to permit the providers, and government agencies, to monitor the quality of our Services and for other business purposes.
Protecting the Confidentiality and Security of Personal Information
We restrict access to Personal Information to Verisma personnel and other parties who assist us in providing the Services and/or conducting our normal business operations and who have agreed to maintain the confidentiality of the information and not to use it except in connection with the Services. We reserve the right to disclose Personal Information as necessary in the event of a potential sale of Verisma or a part of our business or assets, provided that any party receiving such information agrees to privacy protections equivalent or greater than set forth in this Statement. Without your express authorization, Verisma will not sell, license, transmit, or disclose Personal Information to any other parties.
While no party that maintains a website can guarantee security, Verisma does utilize administrative, technical, and physical safeguards, consistent with applicable laws, that are designed to ensure the integrity of our systems and to protect Personal Information that we have collected against unauthorized access, disclosure, or use. These safeguards include, without limitation, encrypting all Personal Information that is stored by us. We periodically review and update our collection, processing, and storage practices with respect to Personal Information, including physical security measures, and implement any changes necessary to guard against unauthorized access, disclosure, or use to your Personal Information.
Collection and Use of Non-Personal Information
We also collect data in a form that does not, on its own, permit direct association with a specific individual. We may collect, use, transfer, or disclose non-personal information for any purpose.
Some examples of non-personal information we may collect and how we may use it are:
- “server logs” that record your IP address, web browser used, domain name, date and time of your access, and details of how you use the Services, all of which we may aggregate for use in maintaining and improving the functioning of the Websites
- “cookies” or a file we send to your browser (but do not retain) that will help us identify you when visiting our Websites for the second and succeeding time.
You may disable cookies within your web browser, but this may render certain functionalities of our Websites unusable to you.
Notice Regarding Children’s Online Privacy Protection Act (COPPA)
Except in very rare circumstances, COPPA does not apply to Verisma’s Services.
Verisma’s websites and Services are not directed to children under 13 years old and cannot be used by children younger than 18 years old without Verisma’s prior written permission because, in most cases, federal and state privacy laws require that requests for release of records containing Protected Information be authorized by persons 18 years or older. There are exceptions for cases where the person submitting the request is an emancipated minor or otherwise could legally consent to the medical treatment for which the release of information is sought. However, these exceptions generally do not generally apply to persons younger than 13 years old. Verisma will only permit a person under 18 years old to use its Services if they can establish that they fall into one of the excepted categories.
In the rare case where a child younger than 13 years old could use the Services with Verisma’s permission, we will collect and retain for the same period, without the consent of the requestor’s parent or guardian, the same information listed above that we would collect if the request were submitted by an adult. If permitted by applicable state privacy laws or with the requestor’s authorization, information regarding these requests will be made available to the requestor’s parent or guardian.