User account privacy policy

Included in this Policy:

• Introduction
• What information we collect
• How we collect your information
• Data collection technologies
• How we use your information
• How we share your information
• Your choices; interest-based content
• Children’s information
• Note to international visitors
• How to update or change your information
• Links to other sites
• How we protect your information
• Changes to this privacy policy
• Contacting us

Introduction

Thank you for choosing Northwell Health. We want to make sure that you understand all aspects of your managing your care and your privacy is an important part of that. Our mobile lab applications for patients and employees, including LabFly, Clinician Access and LabFly Mobile Phleb, provide patients direct access to their laboratory results and enable our mobile phlebotomists to perform on site blood draws for maximum convenience, safety, and privacy. We have created this privacy policy so that you are aware of the ways in which we collect and share your information. This privacy policy covers the usage of Northwell’s LabFly application as well as Mobile Phleb.

Northwell Health, Inc. and its subsidiaries and affiliated hospitals, facilities, physicians, providers, ancillary providers and companies (collectively, “Northwell”, “we”, “us” or “our”), thank you for using our Services. This Privacy Policy governs your access to and use of the websites (“Sites”), mobile applications (“Apps”) and other online services that make up the Northwell Health Digital Health Experience and that link to this Privacy Policy (collectively, the “Services”). The Services include all software and Content (defined below) provided through or as part of the Services.

This Privacy Policy explains how information about you is collected, used and disclosed by Northwell. Any information that is Protected Health Information (defined below) is governed by, and will be used and disclosed solely as permitted by our Notice of Privacy Practices. For more information about the privacy of Protected Health Information, please refer to our Notice of Privacy Practices.

This Privacy Policy is incorporated into and made a part of the Terms of Service. Please review our Terms of Use because they govern your use of the Services and limit our liability to you. By using our Services, you agree that we may treat your information in the ways we describe in this Privacy Policy. If you do not agree with any term of this Privacy Policy or the Terms of Use, you must refrain from accessing or using our Services.

What information we collect

When you access and use the Services, we collect the following types of information from you:

• “Personal Information” is information that can be used to identify, contact or locate you. Examples of Personal Information include your name, address, email address, telephone number and other information you provide.
• “Protected Health Information” is personally identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”).
• “Transaction Information,” including limited payment information from you, such as the payment card type and expiration date and the last four digits of your payment card number.
• “Location Information” is a subset of Personal Information that can be used to locate the device you use to access the Services. Location Information may include: (i) the location of the device derived from GPS or Wi-Fi use; (ii) the IP address of the device or internet service used to access the Services; and (iii) other information made available by a user or others that indicates the current or prior location of the user. If you do not want us to collect Location Information from your device, please disable the location setting(s) on your device or delete our Apps. Please note that disabling the location setting may affect certain features of the Services and the Apps.
• “Usage Data” is information that we automatically collect about your use of the Services and your device. This could include the date and time of your visit to our website and your location at the time of your visit, down to the city-level. This type of information does not usually, by itself, uniquely identify an individual, and may include your IP address, web browser and operating system, device model and manufacturer, and your activity on the Services.

How we collect your information

We collect information directly from you when you create an account, access or use the Services, pay for service, schedule appointments, or contact us with inquiries. Additionally, we may gather information from other sources, including third-party websites. We collect the information you provide directly to us. For example, we collect information when you:

• Create an account
• Access or use the Services
• Schedule an appointment
• Pay for an appointment
• Contact us with inquiries and comments
• Complete and submit forms offered on the Services

We may also obtain information about you from other sources, including commercially available sources such as data aggregators, public databases and other third parties. For example, if you are on a third party website and you opt in to receive information from us, that website will forward your contact information to us so we may contact you as requested. We may combine this information with the information we collect from you to help us tailor our communications and improve our Services. We also collect information from third parties through the MyHealth feature within our Sites and Apps.

Data collection technologies

We may use technologies like cookies, web beacons, Google Analytics, and others to collect and analyze data. These technologies help us customize content, personalize your online experience, and improve our Services.

• Cookies. A cookie is a small file placed on your computer’s hard drive that collects and stores information about your equipment, preferences and browsing patterns. We use cookies to analyze web page traffic, usage patterns, and to tailor our Services to your individual interests. Learn more at all about cookies.
• Web Beacons. A web beacon (also referred to as clear gif, pixel tag or single-pixel gif) is a transparent graphic image used in tandem with cookies that enables us to record a user’s actions. We use web beacons to count users who have visited those pages, verify system and server integrity and for similar statistical measures.
• Google Analytics. We use Google Analytics to help us understand how users engage with our Services. Google Analytics uses cookies to track your interactions with our Services, then collects that information and reports it to us, without identifying individual users. This information helps us improve our Services so that we can better serve users like you. Northwell also uses Google AdWords to provide online advertisement delivery and tracking. Northwell may employ tools provided by Google AdWords to support Display Advertising, including Remarketing, Google Display Network Impression Reporting, data collection via advertising cookies and anonymous identifiers, the DoubleClick Campaign Manager integration and/or Google Analytics Demographics and Interest Reporting. In general, this means that third-party vendors, including Google, may show Northwell ads on sites across the Internet based upon visits to Northwell websites. To implement these tools, Northwell and third-party vendors, including Google, use first-party cookies and third-party cookies together to inform, optimize, and serve ads based on past visits to Northwell websites. Visit Google Analytics Privacy Policy and Google AdWords Privacy Policy.
• DoubleClick. Northwell uses DoubleClick, a business owned by Google with the same Privacy Policy, to understand the characteristics and demographics of the people who visit Northwell sites. Northwell staff only conducts analyses on the aggregated data from DoubleClick. No personal identifiable information is collected by DoubleClick from Northwell websites. You can opt out of receiving DoubleClick advertising.
• Log Information: When you visit the Services, our servers automatically record certain log file information, such as your Internet Protocol (“IP”) address, operating system, browser type and language, referring URLs, access times, pages viewed, links clicked and other information about your activities on the Services.
• Card/account information stored/saved: Bank or credit card information is tokenized with the merchant account associated with the agreement. Bank or credit card information is never stored in the system. These services are provided by CardPointe. For additional information regarding these services, contact CardPointe.

How we use your information

We may use the information we collect about you so that we can provide you with better Services, and we may also anonymize your information and aggregate with other users in order to improve our Services overall.

We may use your information in the following ways:

• Provide you the Services and fulfill your requests. We may use your information to register you, administer your account, and provide you the information and services that are requested from you including information about health care and health-related services and resources.
• Communicate with you. We may communicate with you to confirm blood draw schedules, discuss billing issues, notify you of office hours, and assist in other ways. We may send you confirmations, updates, technical notices, security alerts and support and administrative messages.
• Enhance your experience. We may use your information to personalize and enhance your experience when you use the Services, such as by tailoring content and advertising and remembering your preferences.
• Improve our Services. Your information helps us improve the content and functionality of our Services. For example, we may use our users’ demographics, interests, and behaviors to create new features and content.
• Monitoring Usage and Activities. Monitor and analyze trends, usage and activities in connection with the Services.
• Prevent Illegal Activities. Detect, investigate and prevent fraudulent transactions and other illegal activities and protect the rights and property of Northwell and others.
• Linkage of Data to Improve Experience. Link or combine with information we get from others to help understand your needs and provide you with a better experience.
• Other Purposes. Carry out any other purpose for which the information was collected.

We may link Usage Data to the Personal Information we have collected about you. If we link this Usage Data to your Personal Information, we will treat such linked information as Personal Information in accordance with this Privacy Policy. We may also anonymize your information or aggregate your information with other users of the Services (“Aggregate Information”). This Aggregate Information is not Personal Information, because it cannot be used to identify you, and may be used by us for any lawful purpose.
 
In addition to those purposes listed above, we may use your information for any other purpose disclosed to you at the time of collection.

How we share your information

We work with other partners to provide certain services to you. We may share your information with them for different reasons, but we will let you know about it at the time we collect the information.

We may share your information for the reason(s) disclosed to you at the time we collect it, with your authorization or consent, as well as in the following ways: 

• At Your Direction: We may share your information with third parties if and when you direct us to. For example, if you request that we share your information with one of our business partners to take advantage of a feature that our partner offers, we will share your information with that business partner.
• Notice of Privacy Practices: Northwell may also share your information consistent with the Notice of Privacy Practices. Health and Personal Information, Personal Identifiable Information and Protected Health Information, will be kept confidential and governed by law.
• With our Affiliates, Business Units and Brands: We may share your information internally among our current or future business units, brands, and our affiliates to provide, maintain or improve our Services.
• With Vendors, Consultants and Other Service Providers: We may share your information with our vendors (including third-party hosting providers) who need access to such information in order to carry out work or perform services on our behalf, including but not limited to CardPointe.
• With Business Partners and Parties to Whom We Provide Services. As permitted by law, we may share your information with our business partners, and other third parties for whom we provide services, to provide you with our Services.
• In the Event of a Corporate Transaction: In the event we go through a business transition, such as a merger, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or sale of all or a portion of our assets, we may disclose your information to the party or parties of such transaction.
• For Legal Purposes: We will disclose your information when we think it is necessary to investigate or prevent actual or expected fraud, criminal activity, injury or damage to us or others or when otherwise required by law, regulation, subpoena, or court order, or if necessary to protect the rights, property or safety of Northwell or others.
• Third-Party Vendor. We may share Aggregate Information about our users in all legally permissible ways.

Your choices; interest-based content

We encourage you to communicate your preferences to us about how we use your information.

You may review and request changes to the Personal Information we have collected about you by contacting us at the information included in the Contacting us section below.

We may use third-party service providers to place advertisements on our behalf across the Internet. These advertising service providers may collect (through the use of Data Collection Technologies) non-identifiable information about your visits to, and interactions with, our Services. In addition to the information about your visits to our Site, our service providers may also use the information about your visits to other websites to target advertisements for products and services available from us. If you would like more information about this practice and to know your choices for not having this information used by third-party service providers, please visit NAI. You may manage your third-party advertising preferences at NAI Consumer Opt Out.

Children’s information

Northwell respects the privacy of all online users, especially children. Our Services are not intended for use by children under 18 years of age, and we do not knowingly collect information, including personal information as defined by the Children’s Online Privacy Protection Act, from children under the age of 13.

Note to international visitors

The Services are intended for use in the United States of America only. All matters relating to our Services are governed by the laws of the State of New York in the United States of America. If you visit our Services or contact us from outside of the United States of America, please be advised that (i) any information you provide to us or that we automatically collect will be transferred to the United States of America; and (ii) by using our Services or submitting information, you explicitly authorize its transfer to and subsequent processing in the United States of America in accordance with this Privacy Policy. 

How to update or change your information

Call +1 516-719-1100 to update or make changes to your information.

Links to other sites

Our Services may contain links to other sites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices or content of such other sites. We encourage you to be aware when you leave our Sites and to review the privacy policies of each and every website that collects Personal information as the privacy policy may differ from ours. 

How we protect your information

The security of Personal Information is important to us. We use reasonable safeguards aimed to protect against unauthorized use, disclosure, alteration or destruction of the Personal Information we collect and maintain. You should keep in mind, however, that no data transmitted over the Internet is 100% secure and any information disclosed online can potentially be collected and used by parties other than the intended recipient. As a result, while we strive to protect your information, we cannot guarantee or warrant the security of any information you transmit to or from our Services. 

Changes to this privacy policy

We reserve the right to change or replace this Privacy Policy at any time. Please check back from time to time to ensure that you are aware of any changes or updates to the notice. We will indicate the Privacy Policy’s effective date at the top of this page. Your continued use of the Services after changes have been posted indicates your consent to the amended terms of the Privacy Policy. If we make material changes that would impact your use of the Services, we will endeavor to notify you of the changes, such as by posting a notice directly on the Services, by sending an email notification (if you have provided your email address to us), or by any other reasonable method.

Contacting us

If you have any questions or comments about this Privacy Policy, please contact us at +1 516-719-1100 to update or make changes to your information.