Effective Date: September 17, 2017
CloudVisit user licensing and usage
This software is licensed for use exclusively in The United States, its territories and possessions and military bases.
Some of the health data CloudVisit collects are protected by HIPAA.
CloudVisit may collect the following personal or Personally Identifiable Information (“PII”) from you:
- First and last name
- Business Name or Company
- E-mail Address
- Phone number
- Any other information that you voluntarily submit to CloudVisit directly, such as by registering, filling out a form, or using chat functionality.
CloudVisit may also collect the following additional information from you:
- Personal Health Information
- Credit Card information
- Billing Address
- Your IP address
- Your browser and search engine information
- Your device information
- Your visitor history
- Your usage of the Portal, including, without limitation, any links or items clicked or pages viewed and statistics
- Information stored in cookies, pixel tags, or web beacons
- Analytical data from system proprietary reporting data
- Any other additional analytic data that you voluntarily submit to the CloudVisit
CloudVisit uses this personal or personally identifiable information to:
- Provide you with access to CloudVisit
- Personalize your experience to deliver the content and product offerings in which you are most interested
- Process any requests made by you; process any functionality or business contemplated by CloudVisit
- Communicate with you, respond to customer service requests
- Improve CloudVisit
- Identify and fix problems with CloudVisit
- Update you on changes to CloudVisit
- Communicate with you concerning your account
- Complete a session you initiated or are a participant in
- Inform you of additional products, services, and functionality being made available through CloudVisit or related services being made available by CloudVisit or your health care provider
You further authorize the following specific uses:
- Enable your use of CloudVisit and its associated services
- Improve algorithms
- Measure service usage
- Develop new features
- Contact and communicate with you, whether through email, telephone, live chat, video and audio conferences or messages within CloudVisit
- Customize and/or tailor CloudVisit and your User experience
- Aggregate certain information that does not include your personal information and discloses it for analysis, demographic profiling
- Transmit and process your information and actions within the Website
- Provide statistical information, and include you in the same, where applicable
- Provide you with technical service and support, including updates
- Store, archive, retrieve, and make copies of your User generated content
- Understand your needs and requests
- Facilitate your use of CloudVisit and upgrades/replacements to CloudVisit
CloudVisit uses a proprietary reporting system to log when users view specific pages or take specific actions within CloudVisit. In some cases this information is only shared with your healthcare provider where appropriate. CloudVisit’s developers may also review support tickets and anonymous user reports in-order to improve system performance.
CloudVisit does not share your identifiable data with other companies or entities nor does CloudVisit share your data after removing identifiers.
CloudVisit does not sell your identifiable data or your data after removing identifers to any of the following: data brokers, marketing firms, advertising firms, or analytical firms.
CloudVisit stores and protects your personal or personally identifiable information in the following manner:
Your personal health information is not stored on your device. Your personal health information is stored and processed on computers and servers in the United States, to which only a limited number of individuals have access and, through your use of CloudVisit, you acknowledge the processing and storage of your personal and personally identifiable information. You understand that CloudVisit may continue to store your information for a predetermined time after you cease use of the service or disable your account as defined in retention rules and limited by the agreement between CloudVisit and your healthcare provider.
Your name and email address are encrypted within the portal so that CloudVisit’s development team cannot recognize your name or personal health information.
CloudVisit uses commercially reasonable efforts and standard technology, such as Malware scanning, and encryption to store and help prevent against the unauthorized disclosure of your information. Though it undertakes commercially reasonable efforts to protect your information, no website, software, or online service is completely safe.
To protect your Personal Information, CloudVisit uses specific security measures, such Secure Sockets Layer (SSL) protocol, which encrypts information you input at 128-bit strength. This is denoted in most web-browsers by a small padlock appearing on the bottom bar of the window and the address of the window changing from http:// to https://, meaning a secure connection.
CloudVisit encrypts your data while it is transmitted. Industry standard AES 256-bit encryption is used at all points where patient information is transmitted between a user and CloudVisit’s servers. This includes full encryption for information shared by providers and patients, as well as encrypted transmission of uploaded/downloaded documents and images.
CloudVisit encrypts your data while it is at rest. All patient data and billing information is stored in encrypted database tables using standard AES 256-bit. All documents and images uploaded by a patient or provider are stored encrypted, as well. Full drive encryption is in place for all hard drives storing patient information and website operation data using SHA-512 encryption standards.
CloudVisit encrypts audio/video. Audio and video for all sessions are transmitted over an encrypted channel using industry standard cryptographic primitives. Audio and video streams are decoded as received by a participating provider or patient.
CloudVisit uses distributed servers to manage, store and process information. Multiple servers are used to handle specific tasks, such as webhosting, data storage, and video session management. Each server is uniquely configured with separate access details, software decryption keys, permissions, and safeguards. Access to systems containing sensitive information is restricted to an internal network structure.
CloudVisit’s app does not allow you to share collected data with your social media accounts, such as Facebook.
We retain files, for up to 30 days after your account has been deactivated by your healthcare provider. During this 30 day period, CloudVisit users with Doctor or Administrator permissions will have the ability to review retained personal information.
After the thirty day period we retain files for an additional year during which time only system administrators will have the ability to review and/or restore files. In the case where an administrator restores a file, personal data will be available for providers or administrators to review for a 30-day period prior to being moved back into restricted view.
CloudVisit will not share your personal health information or records with any third parties unless it is directly related to your treatment and perceived wellbeing.
CloudVisit does not collect or share any of your personal information or personal health information with any third parties for direct marketing purposes. CloudVisit may share your personal or personally identifiable information with third parties in the following circumstances:
- Where CloudVisit has obtained your consent
- Where sharing or disclosure of your personal or personally identifiable information is necessary to provide you with CloudVisit and/or associated services (We may share your personal or personally identifiable information with trusted third parties who assist CloudVisit in operating CloudVisit, providing the associated services, and conducting our business)
- Where sharing or disclosure of your personal or personally identifiable information is necessary to share with CloudVisit parents, subsidiaries, successors, assigns, licensees, affiliates, or business partners
- Where CloudVisit has been purchased by a third-party or in the event of a sale of a substantial share of Aurora’s assets
- Where sharing or disclosure of your personal or personally identifiable information is necessary to respond to requests by government authorities
- Where your personal or personally identifiable information is demanded by a court order or subpoena
- Where sharing or disclosure of your personal or personally identifiable information is needed to protect the employees, independent contractors, officers, directors, members, Users, or owners/shareholders of Aurora
- Where sharing or disclosure of your personal or personally identifiable information is needed to help prevent against fraud or the violation of any applicable law, statute, regulation, ordinance, or treaty
- Where CloudVisit is otherwise legally obligated to share your personal or personally identifiable information
You understand and agree that CloudVisit may share your information with other users that have been pre-approved or approved by you or your healthcare provider to complete the services offered.
You may stop CloudVisit from collecting your personal or personally identifiable information by ceasing your use of CloudVisit. You may contact CloudVisit with any requests regarding your information, but CloudVisit reserves the right to act or not act upon such requests.
CloudVisit uses an enterprise-class hosting solution that provides all necessary tools for maintaining HIPAA-compliant security measures and patient privacy. Due to the encryption standards employed by CloudVisit, our hosting solution has no access to sensitive patient information at any time.
HIPAA-compliant business standards
In accordance with HIPAA guidelines and regulations, suppliers of telemedicine software solutions are required to maintain HIPAA-compliant security and business practices. Further, healthcare providers are required to enter a Business Associates Agreement (BAA) with their telemedicine software supplier. CloudVisit maintains HIPAA standards and enters into a mutual BAA with each CloudVisit Telemedicine subscriber.
Purchase or sale of the website and/or other assets
Your obligations when using CloudVisit
Inform CloudVisit of any changes to your personal or personally identifiable information, and protect the security of your Username, password, and your personal or personally identifiable information.
Third party services and third party links
CloudVisit may include or offer third party links, products, and/or services on CloudVisit and provide third party links to the same. These third party Websites have separate and independent privacy policies. CloudVisit has no responsibility or liability for the content and activities of such third parties and their technology systems. We encourage you to read carefully the privacy policies of all such third party Websites or systems. We seek to protect the integrity of CloudVisit and therefore welcome any feedback about any such third party websites or systems.
The Website is not intended for or directed to Users under the age of 13, and CloudVisit does not knowingly or intentionally collect Personal Information from children under the age of 13 or other minors. Where appropriate, CloudVisit takes reasonable measures to determine that Users are adults of legal age and to inform minors not to submit such information to the Website or in response to advertisements. If you are concerned that personal or personally identifiable information may have been inadvertently provided to or collected by Aurora, please contact us immediately so appropriate steps may be taken to remove such information from the CloudVisit database.
Fair Information Practice Principles (“FIPPs”)
The Website is in compliance with the Federal Trade Commission’s FIPPs. In the event of a data breach, we take responsive action by notifying you via e-mail within seven (7) business days of any such breach. Specifically, we adhere to the Individual Redress Principle, which requires individuals to have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law.
We process the data so that our customers can effectively manage the utilization of the software products they pay for. In providing these Services, we process data our customers submit to the Services or instruct us to process on their behalves in connection with the Services ("Customer Data"). While our customers decide what data to submit, Customer Data typically includes profile information and communications between users or among groups of users (e.g., channels), including message text, files, comments, and links.
Purposes of data processing
We process Customer Data submitted by customers for the purpose of providing the Services to customers. To fulfill these purposes, we may access data to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of our customer who submitted the data, or in response to contractual requirements with our customers.
Third parties with whom we may share customer data
We use a limited number of third party providers to assist us in providing the Services to our customers. As of the date hereof, these third party providers perform technical operations such as database monitoring, data storage and hosting services and customer support software tools. These third parties may access, process or store personal data in the course of providing these services, but based on our instructions only.
Contact and notices
Aurora Information Technology, Inc.
3182 Route 9, Suite 107A
Cold Spring, NY 10516
United States of America