Last updated – June, 17 2019

Overview
Health Navigator believes that privacy is important and respects privacy of individuals.
We may collect personal information (prospect and client contact information including organization name, individual email, phone numbers, first name, last name, title) while providing specific products/services or while answering your questions through email/website. The purpose of this privacy policy is to help you understand the practices we follow for collection of this personal information, its use, storage, sharing and retention.

Health Navigator complies with the EU – U.S. and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States, respectively. Health Navigator has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

To learn more about the EU-U.S. Privacy Shield Framework and Swiss – U.S. Privacy Shield Framework, and to view our certification, please visit https://www.privacyshield.gov/.

Health Navigator provides clinical decision support content to clients who build medical solutions. The content is delivered through the Health Navigator Application Programming Interface (“API”). The Health Navigator API is provided as a hosted web service that is licensed to Health Navigator clients.
While this policy covers data collected from prospects and clients, the API does not process or store protected health information (PHI) or personally identifiable information (PII).

Collection of Personal Information
Health Navigator hosts and processes very limited and only required personal data. Health Navigator purposely avoids accepting any other data that could personally identify an individual.
Our APIs are designed to accept only the following required fields:

  1. Gender
  2. Age in days
  3. Pregnancy Status
  4. Chief Complaint – The chief complaint(s) is the patient’s reason to seek health care, in other words, the patient’s reason for visiting a healthcare provider.

Once the above mentioned data is stored in our API request logs, Health Navigator does not have a process to link this logged data to a specific individual. These data elements are required to be collected in order for the Health Navigator API to provide the clinical decision support content relevant for the demographics data entered.

Other data collection includes data submitted from “Contact Us” form on Health Navigator website, communications for Sales & Marketing purposes and Health Navigator Portal (accessed by only prospect and clients).

Notice, Purpose of Data Collection and Use
Health Navigator collects and uses gender, age, pregnancy status and chief complaints to provide medical decision support to our API clients. Each API call is stored in our API request log as well as collected by our Application Insights tool. API does not store or process any PII or PHI data or link the data elements to an individual user.
The data collected through API is used only for billing, reporting and analysis, testing purposes and providing support to our API clients.

When we collect your personal data from other sources like emails, the Health Navigator Portal, the website (Contact Us form), while answering your queries or while providing details of our services, we display explicit notice that this data will be collected and used for only limited and specific purposes. The notice also mentions that you are consenting to collection, use, retention of your data for the specific purpose.

Access, Modification & Updates to Personal Information
Health Navigator understands and accepts the individual’s right to access and update their personal data as needed.
Since the Health Navigator API accepts only minimal required data, we do not have the ability on our own to identify and retrieve data for any specific individual. Our clients who have integrated our API in their products may have ability to put the data together to build these records, if requested to do so (which is not managed by Health Navigator). Individuals can connect with these service providers to access, modify, update or delete their personal information if required.

Regarding data collected from website or emails, if requested by user, Health Navigator can give access to specific personal information. However, we may ask you to provide other details to verify your identity and to help us to respond to your request.

In the Health Navigator Portal, users have the ability to view and request an edit of their information.
If the user no longer wishes to receive any marketing or subscription e-mails from Health Navigator, user can click on the unsubscribe link at the bottom of the e-mail.

Retention, Use & Sharing of Personal Information
We may disclose API request log data to API Clients for reporting purposes. Except for request counts and total number of encounters; we do not share any API data with any vendor or any other third party.

Regarding information collected from other sources, we may retain and use it for purposes like:

  1. Asking for feedback of the services provided
  2. Sending updates about our services (Via Newsletters)
  3. Analyzing the type of website users/traffic

We maintain the user e-mail ID list for sending out newsletters, only if the user has subscribed for the newsletter.

We may disclose the data to third parties in following cases:

  • In the event Health Navigator sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation), in which case the data held by us about our clients will be among the assets transferred to the buyer or acquirer;
  • If required and asked to do so by law or legal process;
  • In response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.

The data will be retained only till the purpose for which the data is collected is fulfilled or as permitted by the law.

Information Security & Accuracy of the Information
Physical, administrative and technical controls are implemented by Health Navigator, in order to protect user personal information from loss, misuse, destruction, unauthorized access, disclosure or alteration.

However as no security system is impenetrable, we cannot guarantee the security of your information. Especially data transmission over e-mail may not be secure, so we request you to be cautious while sending your data over e-mails or before replying to any e-mails asking for personal information.

Health Navigator adheres to the EU – U.S. and the Swiss – U.S. Privacy Shield Principles for processing personal data received from the EEA, UK, EU and Switzerland and keeping it secure as applicable.

Child Privacy
Health Navigator intentionally does not collect any data from children below 18 years. If any user specifically request to delete child data which was submitted by mistake then we can delete it from our records.

Cookie Policy
Cookies are sent by the website to the user’s browser which are used for various purposes like identifying the user, remembering user preferences, tracking pages visited, advertisement purposes, authenticating the user to login a secure area on the website etc.

A notice is displayed on Health Navigator website, which asks for user’s consent for Health Navigator to use and store their information in the form of cookies.

Health Navigator stores cookie information from the website like device IP address, browser type, device OS details, list of pages visited, time of access etc. which is used for analytical reports and real-time statistics.  We may also use cookie information to identify and prevent fraudulent users.

On the Health Navigator portal, Health Navigator only stores and application token ID which helps in identification of a specific user. These users of the portal are prospects or existing clients.

Users can change browser settings to turn off the cookies; however it might hamper the user experience on the Health Navigator portal and website.

Updates & Notifications to the Policy
Health Navigator periodically verifies that the privacy policy is accurate, implemented as applicable and easily accessible over website. On any changes in the policy the last updated date on website page will be changed. For any changes in our practices regarding collection, use, sharing or retention of your personal information we will notify the users by publishing the updated policy on the website.

Enforcement & Dispute Resolution
In order to comply with the EU – U.S. and the Swiss – U.S. Privacy Shield Framework, Health Navigator commits to the resolution of complaints about privacy of your personal information. For complaints that cannot be resolved through our internal process, Health Navigator has agreed to participate in the dispute resolution procedures in cooperation with the EU Data Protection Authorities (DPAs) (http://ec.europa.eu/justice/data-protection/index_en.htm) for EU – U.S. Privacy Shield and with the Swiss Federal Data Protection and Information Commissioner (FDPIC) (https://www.edoeb.admin.ch/edoeb/en/home.html) for Swiss – U.S. Privacy Shield. In the event that we or the appointed arbitrator(s) conclude that we did not comply with the Privacy Policy, we will take appropriate steps to address any adverse effects and assure our future compliance.

Health Navigator complies with the Privacy Shield Principles for onward transfers of personal data from the UK, EU and Switzerland, including onward transfer liability provisions, relating to transfers of data to a third party acting as an agent on its behalf.

Under certain conditions as described on the Privacy Shield website https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint, individuals may invoke binding arbitration when other dispute resolution measures have been exhausted.

With respect to personally identifiable information received or transferred following the Privacy Shield Framework, Health Navigator is subject to the investigatory regulatory enforcement powers of the Federal Trade Commission (FTC).

Contact Us
For any questions or suggestions about the policy or the practices which we follow or if you need to access, update, modify, delete your information or opt out/unsubscribe, contact us at: privacy@healthnavigator.com or by regular mail at:

Health Navigator, LLC.
Attn: Privacy
321 S 8th Avenue
La Grange, IL 60525