Privacy Policy

Notice of Privacy Practices

Last Update: December 13, 2016

Please read this Privacy Policy (“Privacy Policy”) in its entirety to understand how Artifact Health handles the privacy of personal information that is provided by you or by your hospital through the use of Artifact Health software and/or services.

The Artifact Health product consists of secure, internet-based software, communications systems and related infrastructure. We understand how important it is to keep your personal information private, and have implemented security and privacy safeguards to ensure your information is not shared beyond what is needed to provide you with the services you have signed up for.

This Privacy Policy describes the data we collect, what we use it for, and how we ensure its confidentiality.

Personal Information

What we collect from our healthcare provider users

We collect the healthcare provider’s name, profession, email address, NPI and other hospital identifiers. Providers may optionally also share their phone number. This information is provided by the hospital during provider registration as an Artifact Health product user.

We use this provider information for various purposes, including authentication, authorization, granting roles and privileges, associating clinics and hospitals with their providers, and associating providers with their patients. We also use this information for notifications regarding product related information, for providers who opt-in for such emails.

We do not share this information with anyone outside of Artifact Health.

What we collect about patients

Patient data are entered manually or via integration with the hospital’s EMR system, and include name, medical record number (MRN), other hospital identifiers, gender, date of birth, admission date, discharge date and deceased date. We do not store or use patients’ social security numbers.

Encounter data generated by the EMR and used by Artifact Health software include status, class, participants (name and role), period (admission date, discharge date), location (hospital, unit, room and bed), primary diagnosis, account number, and other hospital identifiers.

We do not share this information with anyone outside of Artifact Health.

Data Generated During a Query

Information created in support of queries include title (typically a reference to a diagnosis), author, recipient, questions and answers, referenced documents, and clinical information, which may include excerpts from the medical record, symptoms, diagnoses, test results or other clinical findings. A query may optionally include documents such as progress notes. Information included with a document may include document type, note date, encounter date, author and the document content.

We do not share this information with anyone outside of Artifact Health.

Protected Health Information (PHI)

PHI is stored or created within the Artifact Health product(s) when used by healthcare providers. For example, encounter information and physician queries are generated by the Artifact Health application and securely stored on our servers. See the Security section below for information on how we keep PHI secure and maintain the privacy of patient data.

Non-Personal Information

We collect web browser information such as browser type, browser version, date and time of web visit, pages viewed, etc. Product usage data, including user actions within our application, are also stored. This is data that we use for understanding how our product is used, for identifying product improvements, and for product optimization.

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Artifact Health has implemented organizational, technical and administrative safeguards to protect the personal information under our control, consistent with the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules and the notification requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Need More information?” section below.

Wherever we collect sensitive information (such as protected health information or personally identifiable information), that information is encrypted and transmitted to us in a secure way.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Your personal information is always stored encrypted, on secure servers at our HIPAA-compliant hosting provider. Only employees who need the information to perform a specific job (for example, customer service) are granted access to personally identifiable information.

Sharing your information

Please note that Artifact Health will share your information only in accordance with this Privacy Policy, except in the following situations:

Your Control over the Information we Collect

You may opt out of any future contacts with us at any time.

Patients may submit a request to inspect or copy any Protected Health Information (PHI) we have about the patient. To request such access, patients should email the Security & Privacy Officer at compliance@artifacthealth.com and ask for a copy of our “Request for Access to PHI” form. The request will be forwarded to the relevant hospital.

If a patient believes the Protected Health Information we store about the patient is incorrect, he or she may request the information be corrected. To request such modification, patients should email the Security & Privacy Officer at compliance@artifacthealth.com and ask for a copy of our “Request for PHI Amendment” form. The request will be forwarded to the relevant hospital.

Links to Third Party Sites

The Artifact Health website and applications do not contain links to other sites, and Artifact Health does not pass your information to any third party sites. Please take a moment to read the privacy policy of any sites you visit.

Retention Period

We retain information for just as long as we need it to fulfill the purposes described above, unless there are legal requirements to retain if for a longer period.

Privacy Policy Updates

We reserve the right to make periodic updates and revisions to this Privacy Policy. Any changes will be posted on this page. Please check this page for the most recent update date and review any changes that have been made to the Policy.

Need More Information?

If you have any questions about this Privacy Policy, please contact us by email at compliance@artifacthealth.com or write to:

Artifact Health, Inc.
ATTN: Security & Privacy Officer
PO Box 949
Boulder, CO. 80306

Please note that email communications are not always secure; please do not include sensitive information in your emails to us.