American Well Corporation (“we”, “us”, “our” or “Company”) operates the www.amwell.com website (“Site”) and provides other telemedicine services. This policy applies to our website as well as to the services and applications we provide, collectively known as the “Services.”
Personal information or protected health information is information that includes, but is not limited to, identifying data such as name, social security number, address, contact information, as well as information about personal health issues submitted through the Services. This is the information we aim to protect.
We will only collect information that you voluntarily submit. We know that privacy is of the utmost importance. We vigorously believe in keeping confidential any and all personally identifiable information that identifies an individual whether or not it relates to an individual’s past, present, or future physical or mental health condition.
As a Business Associate of health care providers that are Covered Entities under the federal health care privacy and security rules (HIPAA and HITECH), we maintain protected health information (PHI) in compliance with these rules and our contractual obligations with health care providers. Currently our main focus is providing a platform to allow individuals to receive telehealth Services from various healthcare providers. We collect information solely for the purposes of providing the Services, marketing and promoting our Services to you and for market research data.
We assume you are giving consent to this information collection and use, but we also give you the opportunity to “opt out” of receiving direct marketing or market research information by emailing us at email@example.com.
We maintain web logs to record data about all visitors who use this site and interact with the Services and we will store this information. These logs may contain IP address information, types of operating system you use, the date and time you visited the site, and information about the type of device you use to connect to the Services.
All Web logs are stored securely and are accessible to a very limited number of employees and contractors, who have to adhere to strict guidelines regarding user data security and privacy.
What is a cookie? A cookie is a small data file that certain web sites write to your hard drive when you visit them. A cookie file, for instance, may collect user ID information such as items in a shopping cart while navigating a site, but the only personal information a cookie can contain is information you provide. Your user ID or profile information is not stored in cookies.
How do we use cookie technology? We use it in the aggregate as opposed to using any personally identifiable information, to understand how our users collectively use our Site. This helps us continually improve our Site.
We may also use non-personal information to analyze data into useful information. This process of data mining is done in the aggregate, is non-personal, and allows Company to find correlations and patterns in the data.
We use account information in a password-protected environment as a security measure to protect your data. We use administrative, physical and technical safeguards to protect data. We maintain a high level of data protection via safeguards such as data backup, audit controls, access controls, and some data encryption. Our Site and the Services use industry standard SSL encryption to enhance security of electronic data transmissions. In addition, we urge you to take precautionary measures in maintaining the integrity of your data. Please be responsible in making sure no one can see or has access to your personal account and log-in/password information. If you use a public computer, e.g., at a library or a university, always remember to log out of the Site or Services.
If you use our Site or Services through your employer’s computer network or through an internet café, library or other potentially non-secure internet connection, such use is at your own risk. It is your responsibility to check beforehand on your employer’s or such other site’s privacy and security policy with respect to Internet use.
We are not responsible for your handling, sharing, re-sharing and/or distribution of your personal health information. Moreover, if you forward personal health information electronically to another person on or off the Site or Service, we are not responsible for any harm or other consequences from third party use or re-sharing of your information.
You may request to delete any personal information and to de-authorize the collection of personal information in the future by sending us an email at firstname.lastname@example.org.
As noted above, the Company is a Business Associate of health care providers under HIPAA and we share information with health care providers who provide services to individuals, and they share information with us, for purposes related to treatment, payment and health care operations, and otherwise as agreed or authorized by you.
Our Site contains links to other sites. We do not share your personally identifiable information with those sites (unless you specifically authorize such sharing) and are not responsible for their privacy procedures. We seek to work with trusted partners and organizations that will adhere to similar privacy and ethical standards. However, we encourage you to learn their particular privacy policies.
We do not knowingly allow individuals under the age 18 to create accounts that allow access to our Site.