Last Modified: March 12, 2015
SafeStart is HIPAA-compliant. We provide this overview so that you can better understand the security measures we've put in place to protect the information that you store using SafeStart.
All data stored in our databases is symmetrically encrypted using AES 256 keys. Amazon Web Services stores data over several large-scale data centers. You can find more information about Amazon Web Services' security at the Amazon Web Services' website. Encryption keys are stored using further encryption.
Your files are sent from SafeStart's mobile and web apps to our servers over a secure channel using SSL encryption, the standard for secure Internet network connections.
User accounts are password protected. Upon successful entry of a unique email, password and authentication token, the user then gains access to his or her account.
SafeStart and Amazon Web Services keep redundant backups of all data over multiple locations to prevent the remote possibility of data loss.
SafeStart cooperates with United States law enforcement when it receives valid legal process, which may require SafeStart to disclose information contained in your SafeStart profile(s). In the case of being compelled to disclose information as above, SafeStart will decrypt the data before providing them to law enforcement.
Our auditing process tracks all records that are created, deleted and modified. We also track activity on the site by users, such as, login, page view, viewing images, adding notes and other activity on the site by Patients and Medical Professionals.
Last Modified: February 23, 2015
The Service is a health records platform that allows patients to view protected health information online and to communicate and share that information with designated Medical Professionals. This Service also allows Medical Professionals to gather, edit, add to, store and share protected health information online related to the treatment of their patients and share that information with their patients and other designated Medical Professionals.
When you use the Service, the Service collects identifying information about you (e.g., name and email address) as well as, if you are a Patient, your protected health information n (e.g., photos, videos, notes, doctor communications, and health history), and, if you are a Medical Professional, your patient communications.
We may collect and store the following information when you use the Service:
When you register to create an account with the Service, we collect some information about you, such as your email address. If you are a Medical Professional, we also may collect information about your medical credentials, such as your medical license number, degree, office number, email address, and specialty.
You cannot delete or alter any photos and/or information from your account.
When you make payment for your use of the Service, we collect additional financial information as required to process those purchase transactions.
When you use the Service, we automatically record information, from the computer, mobile phone or other consumer electronic device you use to access the Service, that device's software, and your activity using the Service (collectively, "Analytics Information"). This may include the device's Internet Protocol ("IP") address, browser type, the web pages you visit on our website, information you search for on our website, locale preferences, identification numbers associated with your device, your mobile carrier, date and time stamps associated with transactions, system configuration information, captured metadata from photos and video concerning your uploaded health information, and other interactions with the Service.
The Service allows you to view your health records or those of your dependent children.
How we use non-personally identifying information:
We may use Analytics Information to monitor and analyze use of the Service, for the Service's technical administration, to increase the Service's functionality and user-friendliness, and to verify users have the authorization needed for the Service to process their requests.
We may also use, or share with third parties, other non-personally identifying information in the aggregate for the purpose of improving the Service and for business and administrative purposes, or for medical studies of quality, safety, and outcomes.
How we use personally identifying information
We use personally identifying information collected through the Service, including Patients' protected health information:
A key purpose of the Service is to facilitate the sharing by Patients of health information with Medical Professionals that are designated members of the Patient's health care team.
Patients share protected health information with designated Medical Professionals once they have established a Medical Professional - Patient relationship as outlined in our Terms of Service. Once data is shared it will remain shared with the Medical Professional.
No Medical Professional who accepts a sharing invitation has the ability to use the Service to share a Patient's health information with third parties, the exception being that Medical Professionals can use or disclose protected health information, such as X-rays, laboratory and pathology reports, diagnoses, photos, videos, and other medical information for treatment purposes only without the patient's authorization. This includes sharing the information to consult with other providers, including providers who are not covered entities, to treat a different patient, or to refer the patient.
We may disclose your personally identifying information to third parties when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of SafeStart or its users; or (d) to protect SafeStart's property rights. If we provide your personally identifying information to a law enforcement agency as set forth above, when legally required, we will remove SafeStart's encryption from the files before providing them to law enforcement.
If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your personally identifying information may be transferred as part of that transaction, but we will notify you of this transfer of your information (for example, via email and/or a prominent notice on the Site). We will also notify you of choices you may have regarding the transfer of your information.
We may disclose your non-personally identifying information to third parties as described above under "How we use aggregate non-personally identifying information." We do not sell, trade or rent your personal information to third parties.
We will retain copies of your information if required by law.
We follow generally accepted industry standards to protect your health information and other personally identifying information that we collect about you. We use firewall barriers, SSL 256-bit high-grade encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect user accounts and systems from unauthorized access. However, no method of transmission over the Internet or method of electronic storage is 100% secure.
The Service is not intended for use by individuals under the age of 18. A parent or guardian can create a Profile for a child and grant others access to the data. If a parent or guardian becomes aware that his or her child has provided us with personally identifying information without their consent, he or she should contact us at firstname.lastname@example.org. If we become aware that a child has provided us with personally identifying information, we will take steps to delete such information from our files.
You have a right to:
Last Modified: March 12, 2015