Last Updated April 20, 2020
Personal Information Collected By the Services
ADROIT uses information collected from users of the Services to personalize and improve Your visit and experience at the Site and for other purposes set out below. ADROIT gathers information in the following ways:
Information You Give to ADROIT
Through a user’s interactions with the Services, ADROIT collects “Personal Information,” which is information that identifies an individual or relates to an identified individual. Personal Information includes any information You have provided in connection with Your use of the Services. Personal Information is collected when You establish an account with ADROIT, or when You communicate with ADROIT about the Site.
“Sensitive Personal Information” refers to Personal Information regarding more sensitive areas, such as Your government ID and certain other medical or health information, financial information, gender, marriage status, race/ethnicity, or veteran or disability status.
ADROIT (or service providers on ADROIT’s behalf) may collect information from visits to the Site through the use of “Web Beacons.” Web Beacons are web page elements which may employ cookie technology that enable ADROIT to record data about visits to or transactions made on the Site. This information is sometimes known as “clickstream data.” ADROIT may use this data to analyze trends and statistics to improve Your online experience or our customer service. No Personal Information is collected through the use of Web Beacons on the Site.
Information Received on Your Behalf
You may authorize us to obtain information, on Your behalf, from other third-party sources. For example, if You submit claims to the Centers for Medicare and Medicaid Services (“CMS”) You may decide to authorize us to obtain information directly from CMS. If You authorize us to collect information from a third party, or if You authorize a third party to send us information, and You later decide that You no longer want us to collect that information, You may need to go to the third party source directly and ask that they stop transmitting information to us.
Information Received as a Business Associate
Upon Your request or with Your consent, Your healthcare provider may share information about You, including Your Personal Information, with ADROIT. ADROIT shall only use such information as a “business associate” of a “covered entity” in accordance with any instructions or restrictions provided to ADROIT by Your healthcare provider. With regard to such information, ADROIT shall comply with the applicable provisions of Health Insurance Portability and Accountability Act and the regulations promulgated thereunder, and the Health Information Technology for Economic and Clinical Health Act and any regulations promulgated thereunder, to the extent such privacy laws are applicable to business associates.
Use of Information Collected By ADROIT
ADROIT uses the Personal Information collected in an effort to improve Your experience with the Services, to provide services to You and to communicate with You about information that You request. ADROIT may also use Personal Information to help target specific offers to You and to help ADROIT develop and improve its Services. Additionally, ADROIT may use Your Personal Information to:
- Respond to user service requests.
- Administer user accounts.
- Provide service to our clients, which may include healthcare providers.
- Respond to your questions and concerns.
- To communicate with users about our products, services, and related issues.
- To administer fees and provide users with invoices or resolve billing issues.
- Conduct research and analysis.
Sharing of Information with Third Parties
- ADROIT may disclose Personal Information to its parent, subsidiary, affiliates, and other related companies without Your consent.
- ADROIT may disclose Personal Information to service providers for the purposes of operating our business, delivering, improving, and customizing our products or services, sending marketing and communications related to our business, payment processing, and for other legitimate purposes permitted by applicable law. ADROIT is responsible for the processing of personal data it receives from citizens of the EU and United Kingdom under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. ADROIT complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and United Kingdom, including the onward transfer liability provisions.
- ADROIT may disclose Personal Information, including Sensitive Personal Information, to ADROIT’s clients, which may include healthcare providers.
- If ADROIT sells all or part of its business or makes a sale or transfer of assets or is otherwise involved in a merger or business transfer, You agree that ADROIT may transfer Your Personal Information to a third party as part of that transaction.
Security of Personal Information
ADROIT has reasonable and appropriate safeguards in place to help protect the Personal Information ADROIT collects from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Although ADROIT attempts to protect the Personal Information in our possession, no security system is perfect, and ADROIT cannot promise that Your Personal Information will remain secure in all circumstances.
Data Integrity and Purpose Limitation
ADROIT limits the use of Personal Information to ways that are compatible and relevant to the purposes for which the Personal Information was collected or subsequently authorized or for which consent was obtained. ADROIT will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current.
Retention of Personal Information
ADROIT will retain Your Personal Information as needed to fulfill the purposes for which it was collected. ADROIT will retain and use Your Personal Information as necessary to comply with ADROIT’s business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
Aggregated De-Identified Information
Links to Third Party Websites
The Site may contain certain links to third party websites. ADROIT is not responsible or liable for the privacy practices or content found on these websites. You should check the privacy notice and policies of each website You visit. Links to third party sites are provided solely for Your convenience and any use or submission of data to such sites shall be at Your sole risk.
Cross-Border Transfer of Personal Information
ADROIT may transfer Your Personal Information to ADROIT’s entity in the United States, to any ADROIT subsidiary or affiliate, or to third parties as described above, that are located in various countries around the world. By using ADROIT’s Services, or providing any Personal Information to ADROIT, where applicable law permits, You consent to the transfer, processing, and storage or such information outside of Your country of residence where data protection standards may be different. When ADROIT collects information in one country, and transfers it to another, to the extent possible it applies the same level of data protection required under the laws in the first country even when the data is in the second country.
ADROIT safeguards and enables the global transfer of Personal Information in many ways. The following describes some of the protections that are taken with regard to data originating from certain countries:
- EU-U.S. Privacy Shield
If You are a citizen of the EU or United Kingdom and You have an unresolved privacy or data use concern that ADROIT has not addressed satisfactorily, please contact JAMS, ADROIT’s U.S.-based third party dispute resolution provider (free of charge) by clicking here. Under certain conditions, more fully described on the Privacy Shield website, You may invoke binding arbitration when other dispute resolution procedures have been exhausted. If You are an employee, past employee, or prospective employee, please see ADROIT’s employee privacy notice for information concerning who to contact if You have an unresolved privacy or data use concern.
Right to Access and Correct Personal Information
ADROIT strives to make sure that our information is reliable, accurate, and up-to-date. While Personal Information is maintained by ADROIT, You may access the Personal Information that ADROIT has collected directly from You to the extent required by law to review, update, and correct inaccuracies. Upon request made to the contact listed below under the section titled “Contact Information,” ADROIT will provide You with reasonable access to the Personal Information ADROIT has collected from You, or will forward your request to the health care provider that has contracted with ADROIT to provide you with Services. Because Personal information—for example, Your email address—is required to use the Site, we retain certain Personal Information as long as your account is active. You will have the opportunity to correct, transfer, update, modify, or delete this information by logging into Your account and updating Your Personal Information online or contacting ADROIT at the address listed below under the section titled “Contact Information.” In some situations, we may forward your request to correct, transfer, update, modify or delete your information to the health care provider that has contracted with ADROIT to provide you with Services. You may also limit the use and disclosure of Your Personal Information by either unsubscribing from marketing communications or contacting ADROIT at the address listed below under the section titled “Contact Information.” Please note that some information, excluding claims data information provided by CMS as part of the “Blue Button” program, may remain in ADROIT’s records even after You request deletion of Your Personal Information, to the extent permitted by the Privacy Shield Principles or required by applicable laws. Additionally, there may be limits to the amount of information ADROIT can practically provide. For example, we may limit access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to an individual’s privacy or where doing so would violate others’ rights.
Regardless of the above, however, and except as required by applicable law, ADROIT does not provide You with access to patient records and will recommend that You directly contact Your healthcare provider to obtain a copy of Your patient records.
Adroit Infosystems, INC
11291 S Portobello Rd
South Jordan, UT 84095
Attn: Chief Privacy Officer
If You are not satisfied with ADROIT’s response, and are in the European Union or United Kingdom, You may have a right to lodge a complaint with Your local supervisory authority.
Pursuant to applicable law, ADROIT may be required to send You notice of known or suspected security breaches that impact Your Personal Information. In the event that ADROIT must provide a notice of a security breach to You, ADROIT will send security breach notices to the contact information contained in Your account information unless ADROIT is required by law to notify You using another method. Otherwise, if ADROIT needs, or is required, to contact You concerning any event that involves information about You, we may do so by email, telephone, or mail.