Embark EMR: Comprehensive Privacy and Cookie Policy
Introduction
Embark EMR (“Embark” or “we”) prioritizes your privacy and takes pride in safeguarding your personal information. This comprehensive Privacy and Cookie Policy outlines our data collection, usage, sharing, and security practices concerning your access to and interaction with our website, https://embarkemr.com, the electronic medical record software, including all features, tools, and content, and any other product or technology provided by Embark (collectively, the “Services”).
Data
Understanding Your Data:
We understand the importance of distinguishing between two key data types:
Personal Data: This encompasses information that directly identifies you, such as your name, email address, phone number, address, payment details, and, for healthcare providers, sensitive health information governed by HIPAA regulations.
Non-Personal Data: This comprises data that does not directly identify you, including your device type, browser information, operating system, IP address, browsing activity, and information collected through cookies and similar technologies.
Gathering Your Information:
Embark collects data through various channels, ensuring transparency and giving you control over your information:
- Directly from You: When you create an account, interact with us, or utilize our Services, you provide us with personal data necessary to fulfill your requests and enhance your experience.
- Automatically: As you navigate our website, your device automatically transmits non-personal data, such as browsing activity and device specifications. This information helps us analyze website usage and optimize performance.
- Third-Party Sources: Occasionally, we may receive information about you from third-party sources, such as referral programs or social media platforms, with your prior consent. This allows us to personalize your experience and offer relevant services.
Utilizing Your Information:
Embark leverages your data for various purposes, always striving to provide value and ensure transparency:
- Operational Excellence: We utilize your information to deliver and operate the Services effectively, ensuring a seamless and efficient user experience.
- Personalized Journey: We analyze your data to tailor content and features to your preferences, personalizing your interaction with the website and making it more relevant to your needs.
- Essential Communication: We utilize your information to send you relevant updates, security alerts, and support messages, keeping you informed and ensuring your experience is seamless.
- Marketing and Promotions: With your consent, we may use your data to present you with relevant marketing materials and promotional offers for our products and services.
- Legal and Regulatory Compliance: We may be required to disclose your information to comply with legal or regulatory obligations, such as court orders or subpoenas.
- Protecting Our Interests: We reserve the right to utilize your information to protect our legal rights and interests, such as defending ourselves against litigation or investigating fraudulent activities.
Sharing Your Information Responsibly:
Embark understands the importance of responsible data sharing and only discloses your information with select third parties under specific circumstances:
- Trusted Service Providers: We may share your data with trusted service providers who assist us in operating the Services effectively, such as data hosting companies, email providers, and customer support teams. We ensure these providers adhere to strict data privacy standards through legally binding agreements.
- Business Partners: With your explicit consent, we may share your data with trusted business partners to offer you joint products or services, expanding your options and enhancing your experience.
- Legal and Regulatory Authorities: We may be required to disclose your information to comply with legal or regulatory obligations, such as court orders or subpoenas.
- Other Third Parties: In rare circumstances, we may disclose your information to other third parties, but only with your explicit consent or as permitted by law.
Embark EMR’s Commitment to Data Privacy and HIPAA Compliance
Embark is dedicated to safeguarding sensitive health information and adhering to the stringent standards of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This document outlines our policies and procedures regarding the handling, usage, and protection of user data, including Protected Health Information (PHI).
User Data Ownership
You affirm, represent, and warrant that you own or have all necessary licenses, consents, and permissions to use and authorize us to use, retain, copy, and process the User Data in connection with the services as contemplated by this Agreement. Your provision of User Data through and in connection with the services is complete, accurate, and complies with all applicable laws and does not infringe on any third-party rights.
Licensing of User Data to Embark EMR
By uploading or submitting any User Data to or through the Services, you grant Embark a non-exclusive, worldwide, royalty-free, perpetual, irrevocable, sublicensable, and transferable license to use, reproduce, distribute, create derivative works from, perform, and display such User Data solely for the purpose of providing Embark’s services and for further development and improvement of Embark’s offerings (e.g. testing, debugging, providing support). This license continues even after termination of your account but is solely for the purposes mentioned and not for any identifiable personal or organizational uses.
Handling Data from Payment Processors
You grant Embark a non-exclusive, worldwide, perpetual, royalty-free license to obtain, copy, and use User Data received from payment processors supporting services for the purpose of providing services and improving Embark’s offerings. This data will be handled in a manner consistent with this Agreement and applicable laws. Payment processors have their own privacy practices and policies, which are outside of our control. We encourage you to review them prior to their use.
Your Responsibility for Data
You are responsible for all User Data you and other users input to the Services, including maintaining the integrity and security of Client progress notes. You agree to comply with all applicable laws and regulations, including HIPAA, regarding the handling and protection of PHI and personally identifiable information.
Prohibited Data Use and Restrictions
You and other team members must not post, upload, store, or share any User Data that violates laws or infringes upon any rights. This includes, but is not limited to, data that is unlawful, infringing, or contains sensitive personal information without proper consent.
Embark EMR’s Rights to Manage User Data
Embark may, where necessary, modify, delete, or remove User Data at its discretion. You consent to the processing, transfer, and storage of information about you and other users in accordance with local laws and regulations.
Transferring and Managing User Data
You are responsible for the proper transfer and sharing of User Data according to applicable laws. The Services provide mechanisms for the secure transfer of User Data in compliance with HIPAA and other regulations. Procedures are outlined for transferring account ownership or access to User Data in events like death or incapacitation. Please contact our support with any questions on proper transfer or sharing.
Data Privacy Commitments
We commit not to sell Personal Information contained in User Data and will only use or disclose this information as permitted under this Agreement and in compliance with HIPAA. You are responsible for ensuring all necessary notices and consents are provided regarding the collection and use of User Data. We will notify you in advance of any legal requests for data disclosure, wherever possible.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13. We do not have direct relationships with the clients of our customers. The data collected and stored by the Services, as entered by our clients, may include personal information about children under 13. If we receive any inquiries or requests from clients about their personal information, the request will be directed to the appropriate customer.
Notification of data breaches:
We will comply with laws applicable to us in respect of any data breach. If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Payments and Billing
Embark EMR has partnered with “Imagine” for payment and billing processing services, including ImaginePay and ImaginePeregrine. This section outlines the terms and responsibilities associated with the use of these services.
Agreement to Imagine’s Terms:
You must agree to the ImaginePay and ImaginePeregrine Account Agreement and any other applicable Imagine agreement when creating an account for the Services.
Embark EMR’s Role in Payment Processing:
- Embark may conduct activities related to payment processing such as communicating information about transactions and refunds, adjusting account balances, and handling disputes.
- You may incur certain use, recurring, or application fees for using the payment processing services.
User Responsibilities:
You must:
- Comply with all terms and conditions of your Imagine Account Agreement, including not processing payments from prohibited business as listed in the agreement.
- Provide accurate and complete information about you and your practice for payment processing.
- Enter Payment Data only into designated payment fields within the app and avoid entering any payment data into non-payment related areas.
- Ensure no payments are processed in any country sanctioned by the U.S. Office of Foreign Assets Control (OFAC).
- Understand that Embark EMR and Imagine take measures to secure payment data and comply with applicable laws and regulations.
With regard to chargebacks and disputes, you:
- Understand and authorize that sums due to chargebacks or payment disputes may be debited from your accounts, and non-sufficient funds or inaccessible accounts may increase fees or result in service suspension.
- Will be responsible for refunding or allowing chargebacks of fees imposed by the payment processor due to disputes.
Cookies and Your Browsing Experience:
To personalize your experience and enhance website functionality, Embark utilizes cookies and similar technologies like pixel tags and web beacons. These small text files, stored on your device, allow us to remember your preferences, track website activity, and tailor content to your needs.
We employ various types of cookies:
- Essential Cookies: These are indispensable for the website’s basic operation and ensure smooth navigation. Disabling them could limit or even prevent your access to the Services.
- Performance Cookies: These cookies help us understand how you interact with the Services, what pages you visit, and how long you spend on each page. This valuable information guides us in website improvement and optimization.
- Functionality Cookies: These cookies remember your preferences, like language and location, personalizing your use of the Services and making it more convenient.
- Targeting/Advertising Cookies: These cookies tailor advertisements to your browsing habits and interests, presenting relevant ads based on your online activity. We do not use these cookies on our site.
You have complete control over cookie preferences through your browser settings. Most browsers allow you to view, accept, block, or delete cookies based on your individual preferences. However, keep in mind that disabling certain cookies might affect use of the Services and limit your overall experience.
Additional Disclosures for California Compliance (US)
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.
To make such a request, please contact us using the details provided in this privacy policy with “Request for California privacy information” in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organizations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.
Do Not Track
Some browsers have a “Do Not Track” feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser “Do Not Track” signals.
We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.
Cookies and Pixels
At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser’s capabilities. Please refer to the Cookies section of this privacy policy for more information.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
- Customer records, such as billing and shipping address, and credit or debit card data.
- Demographics, such as your age or gender. This category includes data that may qualify as protected classifications under other California or federal laws.
- Audio or visual data, such as photos or videos you share with us or post on the service.
- Employment and education data, such as data you provide when you apply for a job with us.
For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.
Right to Know and Delete
If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.
To exercise any of these rights, please contact us using the details provided in this privacy policy.
Shine the Light
If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.
To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.
Jurisdiction and Venue
This policy, and your relationship to Embark, are governed by the laws of the State of Indiana. You and Embark agree and stipulate to the exclusive jurisdiction and venue of the courts sitting in Marion County, Indiana (including without limitation the Commercial Courts) for state law question matters, and of the courts of the Southern District of Indiana for federal law question matters. You and Embark consent to the jurisdiction and venue of these courts with respect to yourself and your property, wherever it may be located. You and Embark waive any challenge to venue, including that of an inconvenient forum. You and Embark agree to waive any requirement of bond for an injunction, or agree that any such bond shall be no greater than one thousand dollars. You and Embark agree that the prevailing party to any litigation shall, in addition to its damages, be reimbursed for its costs and reasonable attorney fees.
Changes to This Policy
- At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
- If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
- If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Contact Information
If you have any questions or concerns regarding our HIPAA compliance or the handling of your healthcare data, please don’t hesitate to contact us at Info@EmbarkEMR.com.