Privacy Policy

QVH Systems, LLC prides itself on its commitment to protecting your privacy. This Privacy Policy describes in greater detail the privacy practices of QVH Systems, LLC (“QVH Systems”) and its affiliates, meaning companies related by common ownership or control, (“us,” “we,” “our”) responsible for collecting and maintaining certain information collected about you.

If you have questions or complaints regarding our Privacy Policy or practices, please contact us as detailed under the How to Contact Us, heading below.

1. WHEN THIS PRIVACY POLICY APPLIES. If a Service you're using links to this Privacy Policy, this Privacy Policy applies to you. This Privacy Policy applies to our websites, products, and services (collectively, "Services") that link to this Privacy Policy.

2. WHAT WE DO WITH YOUR INFORMATION. We want to be clear about what information we collect and how we use it to deliver our Services to you, operate our business, and help make our Services useful, more intelligent, and work better for you. We do not sell or share your Personal Information with third parties for their own commercial uses without your consent.

   1. Types of Information We Collect. When you access our Services, we may collect information from you which can be used to identify you ("Personal Information"), such as your name, shipping/billing address, email address, phone, username and password.

      We collect information when you register or open an account, sign in, pay a bill, purchase a Service, contact us for support, or give us feedback. We may also get information from other companies or third parties, such as when you sync a third-party account or service with your QVH Systems’ Service, or when we may use service providers to supplement the Personal Information you give us (e.g., validate your mailing address) to help us maintain the accuracy of your data and provide you with better service. Finally, we also collect content or other information that you may provide or create when you interact with our Services.

      We may also automatically collect certain usage information when you access our Services ("Usage Data"), such as Internet Protocol (“IP”) addresses, log files, unique device identifiers, pages viewed, browser type, any links you click on to leave or interact with our Services, and other usage information collected from cookies and other tracking technologies. For example, we collect IP addresses to track and aggregate non-personal information, such as using IP addresses to monitor the regions from which users navigate to our Services. We also collect IP addresses from users when they log into the Services as part of our log-in and security features.

      Our Services may change over time and we may introduce new features that may collect new or different types of information.

   2. How We Use Your Information. We may use your information, including your Personal Information, for the following purposes:

      Account Registration. We may use your name, address, phone number, and email address to register your account for certain Services we provide and to communicate important information to you. We may obtain additional Personal Information about you, such as address change information, from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and can change or delete your Personal Information.

      To Provide Our Services and Operate Our Business. We may use your information to operate our business, including providing Services you requested, provide you with support related to our Services, and to help us protect our Services, including to combat fraud and protect your information.

      Customer Service and Technical Support. We may use your name, address, phone number, email address, how you interact with our Services, and information about your computer configuration to resolve questions you may have about our Services and to follow up with you about your experience. We may also offer various Internet chat services, for example, to speak with a support representative. Internet Chat transmissions are encrypted but you should not supply more Personal Information than is required to address your specific issue. A transcript of the session is retained to resolve questions or issues related to our Services.

      Communicate with You and Tell You About Other Services. We may use your information to communicate with you about our Services and to give you offers for third party products and services that we think may be of use to you. Please see below under "What You Can Do to Manage Your Privacy" for the choices you have regarding these communications.

      To Improve Services and Develop New Services.We will use your information to personalize or customize your experience and the Service, develop new features or services, and to improve the overall quality of our Services.

      Feedback. We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers to better understand our Services and how we may improve them. Answering any survey is optional.

      Research, Including Publishing or Sharing Combined Information from Many Users, But Only in a Way that Would Not Allow You or Any Other Person to be Identified. We may prepare and share information about our customers with third parties, such as advertisers or partners, for research, academic, marketing and/or promotional purposes, if neither you nor any other person is identifiable. For example, we may share demographic data that describes the percentage of our customers who a particular operating system. We or our third-party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow you or any other person to be identified.

   3. How We Share Your Personal Information. From time to time, we may need to share your Personal Information with others.

      Third Party Service Providers. We may share your information, including Personal Information and Usage Data, with third party service providers who perform various functions to enable us to provide our Services and help us operate our business, such as website design, sending email communications, fraud detection and prevention, customer care, or performing analytics. Our contracts with these third parties require them to maintain the confidentiality of the Personal Information we provide to them, only act on our behalf and under our instructions, and not use Personal Information for purposes other than the product or service they're providing to us or on our behalf.

      Response to Subpoenas and Other Legal Requests. We may share your information with courts, law enforcement agencies, or other government bodies when we have a good faith belief we're required or permitted to do so by law, including to meet national security or law enforcement requirements, to protect our company, or to respond to a court order, subpoena, search warrant, or other law enforcement request.

      Protection of QVH Systems and Others. We may share account information, Personal Information and Usage Data when we believe it is appropriate to enforce or apply our products' Terms of Service and other agreements; or protect the rights, property, or safety of QVH Systems, LLC, our Services, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. This does not include selling, renting, sharing, or otherwise disclosing Personal Information of our customer

      Reporting to Credit Bureaus. We may share your information with credit bureaus, consumer reporting agencies, and card associations. Late payments, missed payments, or other defaults on your account may be reflected in your credit report and consumer report. We may also share your information with other companies, lawyers, credit bureaus, agents, government agencies, and card associations about issues related to fraud, credit, or debt collection.

      Information Sharing Between QVH Systems’ Entities. We share your information, including your Personal Information, with and among our affiliates, except where prohibited by law. Affiliates means companies related by common ownership, control or contracted service providers. The reasons why we share your information include for our everyday business purposes, such as to: process your transactions, maintain your accounts, operate our business, etc. We will also share your information to enable us to offer our products and services to you. We may also share information about your creditworthiness, your transactions and experience so that we can operate our business effectively, detect and prevent fraud, and improve our Services.

      Sale of Our Business. If we sell, merge, or transfer any part of our business, we may be required to share your information. If so, you will be asked if you'd like to stop receiving promotional information following any change of control.

      With your Consent. Other than as set out above, we will provide you with notice and the opportunity to choose when your Personal Information may be shared with other third parties.

   4. Syncing, Linking, or Connecting Other Third Party Services with Your QVH Systems’ Service. You may choose to sync certain QVH Systems’ Services with information from other services or systems, such as your EHR. To sync with other services or systems, we must contact the other service provider. We will request your user name, password, and any other login data that you have set up with that service or system to enable access. We use this information to update and maintain the information you download, to assist with the download process, and to enhance the Services we may provide in the future.

      We work with other companies or developers to offer you products and services and you may choose to sync, link or connect other third party services to your QVH Systems Services. Sometimes QVH Systems may let you know about the service or product, or another company may let you know about a QVH Systems’ service or product. It will be clear who is referring the service or product, and who is providing the service or product. If you choose to accept these services, providing your consent to either the third party or to us, we may exchange your information, including your Personal Information, as well as information about how you interact with each company's service or product. This exchange of information is necessary to maintain business operations and to provide the ongoing service you've requested. By requesting or accepting these products or services, you are permitting us to provide your information, including your Personal Information, to the other party.

   5. QVH Systems Single Sign-On or Direct IP Restriction. QVH Systems Single Sign-On is a Service that allows you to sign-in to a variety of QVH Systems Services. We will collect certain information for security purposes to verify your authorized access to an account or to reset your password if you cannot access your QVH Systems account. Some Services may require added security and may be asked to provide additional information. The email address and password that you use to sign up for a QVH Systems account are your "credentials" that you will use to authenticate with our network. We assign a unique ID number to your credentials to track you and your associated information. QVH Systems’ Services do not allow sharing of accounts between users or individuals.

3. WHAT YOU CAN DO TO MANAGE YOUR PRIVACY. You can view and edit information that identifies you online through your QVH Systems’ Service. How you can access and control information that identifies you will depend on which Services you use.

   1. Updating Your Personal Information. In connection with your right to manage your Personal Information you provide to us, you may access, update, change, correct or request deletion of your information either through the Service or through our customer support. You can reach our customer support by using the contact information provided in the "How to Contact Us" section of this statement.

   2. Cookies and Other Tracking Technologies. In accordance with applicable law, QVH Systems and our service providers may use commonly-used tools to recognize your visit and track your interactions with our Services such as cookies, web beacons, pixels, local shared objects, and similar technologies (collectively, "Cookies"). Sometimes this tracking is necessary for us to provide you the Service you requested. Other times, we combine Usage Data collected from Cookies with that of other customers to improve your and other customers' experience. QVH systems does not share this information with sources outside or business vendors.

   3. Do Not Track. Like most other companies, our Services are not currently configured to respond to browsers' "Do Not Track" signals because no formal "Do Not Track" standard has been adopted.

   4. Social Media Features. Our Services may use social media features, such as Facebook sharing ("Social Media Features"). These features may collect your IP address and which page you are visiting within our Service, and may set a cookie to enable the feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy statement of the company providing the relevant Social Media Features.

4. DATA RETENTION AND YOUR ACCESS RIGHTS

   1. Data Retention. In accordance with and as permitted by applicable law and regulations, we will retain your information so long as necessary to serve you, to maintain your account for as long as your account is active, or as otherwise needed to operate our business. When you close your account, we may continue to communicate with you about our Services, give you important business updates that may affect you, and let you know about products and services that may interest you, unless you have opted out of receiving marketing communications. We may also continue to use some of your information for business purposes and to improve our offerings or in some cases to develop new ones. We will retain and use your information as required by applicable regulations and QVH Systems’ records and information management policies to comply with our legal and reporting obligations, resolve disputes, enforce our agreements, complete any outstanding transactions and for the detection and prevention of fraud.

   2. Your Access Rights. As required by applicable law, you may contact us to confirm whether we maintain, or process on behalf of a third party, any of your Personal Information and to review it to verify its accuracy and the lawfulness of our processing of such Personal Information. Where you have determined that the Personal Information we collected about you is inaccurate or processed in violation of applicable law, you may also request that your Personal Information be corrected, amended, or deleted. Requests for access to your Personal Information and to have it corrected, amended, or deleted should be sent to support@qvhsystems.com or to the mailing address provided under "How to Contact Us."

5. SECURITY OF YOUR INFORMATION. Keeping your Information safe is important to us. We provide reasonable and appropriate security measures in connection with securing Personal Information we collect. For example, we:

   • Constantly work to update our security Sites to implement accepted best methods to protect your Personal Information, and review our security procedures carefully.
   • Comply with applicable laws and security standards.
   • Securely transmit your sensitive Personal Information.
   • Train our staff and require them to safeguard your data.
   • Transmit store, protect, and access all cardholder information in compliance with the Payment Card Industry's Data Security Standards.

6. HOW TO CONTACT US. If you have questions or comments about this Privacy Statement, please contact us. We want your feedback and comments.

   1. Via Email. If you have questions or complaints regarding our Privacy Statement or practices, please contact us by email at support@qvhsystems.com.

   2. Via Direct Mail. Contact us at QVH Systems, LLC, Attention: Privacy, QVH Systems, LLC, 1437 S. Boulder Ave., Suite 1030 Tulsa, Oklahoma 74119.

7. CHANGES TO OUR PRIVACY POLICY. From time to time we may change or update our Privacy Policy. We reserve the right to make changes or updates at any time. If we make material changes to the way we process your Personal Information, we will provide you notice via our Services or by other communication channels, such as by email or community post. Please review any changes carefully. If you object to any of the changes and no longer wish to use our Services, you may close your account(s). All changes are effective immediately upon posting and your use of our Service after a notice of material change or posting of an updated Privacy Policy shall constitute your consent to all changes.

8. HIPAA BUSINESS ASSOCIATE AGREEMENT.Your disclosure to us of any “protected health information” (“PHI”, as defined pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”)) shall be subject to the Business Associate Agreement appended to the end of this Privacy Policy. We make no representation or warranty that the Business Associate Agreement is necessary for the compliance by you with HIPAA or other applicable law or regulation regarding any PHI. You are fully responsible for your actions with respect to any such PHI, and agree to indemnify, defend and hold harmless QVH Systems for and against any violations by you of HIPAA or any other applicable law or regulation regarding any PHI.

BUSINESS ASSOCIATE AGREEMENT

THIS HIPAA BUSINESS ASSOCIATE AGREEMENT(the “Agreement”) is made as of the effective date of Your acceptance of the Terms of Use of any QVH Systems’ tool (“Underlying Agreement”) by and between You (“Covered Entity”) and QVH Systems (“Business Associate”). This agreement supersedes any prior agreement between the parties that regards the privacy and confidentiality of Protected Health Information (“PHI”) and the security of Electronic PHI as it applies to Customer’s use of QVH Systems tools, including the MIPS Advanced Integrated Registry (AIR), the Advancing Care Excellence Portal (ACE) and SNAPHx (patent pending), and any related data upload, download or storage. This agreement is intended to supplement any service or other agreement, arrangement or understanding between the parties.

WHEREAS, in connection with the Underlying Agreement, Covered Entity may disclose certain information to Business Associate constituting Protected Health Information (PHI), this Agreement will become effective if and only to the extent that Covered Entity discloses PHI to Business Associate in order for Covered Entity and Business Associate to comply with the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 and the Health Information Technology for Economic and Clinical Health Act (“HITECH”) (collectively, “HIPAA”) and privacy and security regulations promulgated thereunder as amended from time to time (the “HIPAA Regulations”) and other applicable laws.

NOW THEREFORE,for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the parties, intending to be legally bound, hereby agree as follows:

1. Definitions
   

   Unless otherwise specified in this Agreement, all capitalized terms will have the meaning ascribed to them under the HIPAA Regulations.

2. Obligations of Business Associate
   

   Business Associate agrees to:

   1. not use or disclose PHI other than as permitted or required by the Agreement or as required by law;
   2. use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to PHI in electronic form, to prevent use or disclosure of PHI other than as provided for by the Agreement;
   3. immediately report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including Breaches of Unsecured PHI as required at 45 CFR 164.410, and any Security Incident compromising the privacy or security of PHI of which it becomes aware. Business Associate’s notice will include, to the extent available, information necessary for Covered Entity to comply with its breach notification obligations under the HIPAA Regulations and/or state law. Business Associate may supplement its initial report as facts become available.
   4. Notice to Covered Entity under this paragraph, will be provided as designated on Customer’s enrollment information in accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions, conditions, and requirements that apply to the Business Associate with respect to such information;
   5. make available PHI in a Designated Record Set to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.524;
   6. make any amendment(s) to PHI in a Designated Record Set as directed or agreed to by the Covered Entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.526;
   7. maintain and make available the information required to provide an accounting of disclosures to Covered Entity as necessary to satisfy Covered Entity’s obligations under 45 CFR 164.528;
   8. comply with the requirements of Subpart E of 45 CFR Part 164 to the extent required by law and also to the extent that Business Associate is to carry out one or more of Covered Entity's obligation(s) under Subpart E of 45 CFR Part 164; and
   9. make its internal practices, books, and records available to the Secretary for purposes of determining compliance with the HIPAA Regulations.

3. Permitted Uses and Disclosures by Business Associate
   
   1. Business Associate may only use or disclose PHI as necessary to perform the services set forth in the Underlying Agreement. In addition to other permissible purposes, Business Associate is authorized to use PHI to de-identify the information in accordance with 45 CFR 164.514(a)-(c).
   2. Business Associate may use or disclose PHI as required by law.
   3. Business Associate agrees to make uses and disclosures and requests for PHI consistent with Covered Entity’s minimum necessary policies and procedures provided to Business Associate in advance.
   4. Except for uses and disclosures set forth in Section III (e), (f) and (g) herein, Business Associate may not use or disclose PHI in a manner that would violate Subpart E of 45 CFR Part 164 if done by Covered Entity.
   5. Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of Business Associate.
   6. Business Associate may disclose PHI for the proper management and administration of Business Associate or to carry out the legal responsibilities of Business Associate, provided the disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom the information is disclosed that the information will remain confidential and used or further disclosed only as required by law or for the purposes for which it was disclosed to the person, and the person notifies Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
   7. Business Associate may provide data aggregation services relating to the health care operations of Covered Entity.
4. Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
   
   1. Covered entity shall notify Business Associate of any limitation(s) in the Notice of Privacy Practices of Covered Entity under 45 CFR 164.520, to the extent that such limitation may affect Business Associate’s use or disclosure of PHI.
   2. Covered Entity shall notify Business Associate of any changes in, or revocation of, the permission by an individual to use or disclose his or her PHI, to the extent that such changes may affect Business Associate’s use or disclosure of PHI.
   3. Covered Entity shall notify Business Associate of any restriction on the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 CFR 164.522, to the extent that such restriction may affect Business Associate’s use or disclosure of PHI.

   Notice to Business Associate under this paragraph, will be provided by first-class mail sent to:

   Attn: David Ginsberg
   QVH Systems, LLC
   1437 S. Boulder Avenue, Suite 1030
   Tulsa, OK 74119


5. Permissible Requests by Covered Entity

   Covered Entity shall not request Business Associate to use or disclose PHI in any manner that would not be permissible under Subpart E of 45 CFR Part 164 if done by Covered Entity, except for Business Associate uses and disclosures of PHI for data aggregation or management and administration and the legal responsibilities of Business Associate.

6. Term and Termination
   1. Term. The Term of this Agreement shall be effective as of the Effective Date and shall terminate upon termination of the business relationship between the parties by mutual agreement or appropriate written notice, termination of the Underlying Agreement, or on the date Covered Entity terminates for cause as authorized in paragraph (b) of this Section, whichever is sooner.
   2. Termination for Cause. Business Associate authorizes termination of this Agreement by Covered Entity, if Covered Entity determines that Business Associate has violated a material term of this Agreement or the Underlying Agreement and Business Associate has not cured the breach or ended the violation within the reasonable time specified by Covered Entity. Termination of this Agreement will suspend uses and disclosures of PHI by Business Associate pursuant to the Underlying Agreement.
   3. Obligations of Business Associate Upon Termination. Upon termination of this Agreement for any reason, Business Associate shall return to Covered Entity or, if agreed to by Covered Entity, destroy, all PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of Covered Entity, that Business Associate still maintains in any form. Business Associate shall retain no copies of identifiable health information. Upon termination of this Agreement for any reason, Business Associate, with respect to PHI received from Covered Entity, or created, maintained, or received by Business Associate on behalf of covered entity, shall:
      
      • retain only that PHI which is necessary for Business Associate to continue its proper management and administration or to carry out its legal responsibilities;
      • return to Covered Entity or, if agreed to by Covered Entity, destroy the remaining PHI that the Business Associate still maintains in any form;
      • continue to use appropriate safeguards and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI to prevent use or disclosure of the PHI, other than as provided for in this Section, for as long as Business Associate retains the PHI;
      • not use or disclose the PHI retained by Business Associate other than for the purposes for which such PHI was retained and subject to the same conditions set forth herein; and
      • return to Covered Entity or, if agreed to by Covered Entity, destroy the PHI retained by Business Associate when it is no longer needed by Business Associate for its proper management and administration or to carry out its legal responsibilities.
      
      

      The obligations of Business Associate under this Section shall survive the termination of this Agreement.

7. Miscellaneous
   1. Regulatory References.A reference in this Agreement to a section in the HIPAA Regulations means the section as in effect or as amended
   2. Automatic Amendment. The parties agree that privacy and security laws are rapidly evolving, and that amendment of this Agreement may be necessary to ensure ongoing compliance. Specifically, HITECH, as implemented by the HIPAA Omnibus Rule (78 Fed. Reg. 5566 (January 25, 2013)), imposed new requirements on business associates and covered entities with respect to privacy, security and breach notification. Applicable HIPAA and HITECH provisions, together with any guidance issued by the Secretary, and any applicable amendments to federal and state privacy law, are hereby incorporated by reference and will become part of this Agreement as if set forth in their entirety, effective as of the applicable effective date/s.
   3. Interpretation. Any ambiguity in this Agreement shall be interpreted to permit compliance with the HIPAA Regulations.