· Each User or the User’s Educational Institution sends Archetype some information, like the User’s name and email address, so the User’s account can be created. Archetype shares this information only with the User’s Educational Institution, including those staff and faculty members who may be involved with the User’s education.
· Archetype’s help desk and data center is Atomic LLC. Atomic is the only third party outside the User’s Educational Institution school system with routine access to the User’s information. They use this information to make sure the User gets the support the User needs when the User contacts Archetype’s help desk. Other third parties, such as companies which license the use of their software, specifications and/or data content to Archetype, may have access to a User’s information in connection with their right to monitor Archetype’s use of their intellectual property. Any such access would typically be subject to the provisions of a non-disclosure and non-use agreement.
· Occasionally, Archetype sends emails to Archetype’s Users. The User may opt out of certain types of these emails at any time.
· When the User visits Archetype’s websites, Archetype’s system automatically collects some anonymous information (like browser type).
· When the User buys a service directly from Archetype’s site, Archetype never sells, uses or discloses the User’s bank, credit or financial information to anyone. Archetype uses this information only to process the payment.
· All the User’s information is stored for approximately 5 years after the User’s subscription ends.
1. What Information Archetype Collects:
When an Educational Institution chooses to adopt EHR Go/Neehr Perfect for its faculty, staff and students, certain identifying information is required to be provided to Archetype. This typically includes the User’s name, email address, and phone number. When a faculty member, staff member or student wants access to EHR Go/Neehr Perfect, Archetype uses the above information to create the User’s account. When a User visits an Archetype website, Archetype automatically collects some information about User’s computer or other access device — for example, its IP address, web browser software and similar information. Archetype may also assign User’s computer a unique identifier text file, also known as a “cookie,” to record each User contact with Archetype’s website.
When working with faculty users, Archetype may gather other information or material such as course content, patient scenarios, documentation templates, and activities. Normally this material can be shared with other EHR Go/Neehr Perfect faculty users who may, in turn, share it with other faculty, staff and students. In specific instances, upon written request, a User may request that certain items be treated by Archetype as “confidential” and used only within a certain group of Users, Archetype will consider these requests on a case-by-case basis.
2. What Archetype Does With Information It Collects:
Archetype uses collected information to optimize the User’s site experience. Archetype may also use the information to send emails to the User about EHR Go/Neehr Perfect, such as a description of new features or functions, training opportunities, and system maintenance information. Archetype may also use information to respond to a User’s questions and comments. As part of a student User’s coursework, Archetype may be required to make information supplied to Archetype by the student available to the faculty and staff Users at the Educational Institution.
3. Information Sharing and Disclosure:
Archetype may use certain trusted third party companies and individuals to help Archetype service, develop, and analyze the software. These third parties may have access to a User’s information – but only for purposes of performing these tasks on Archetype’s behalf, and under appropriate non-disclosure agreements. Archetype’s Help Desk and Data Center, Atomic LLC, presently has access to User information, which is used for assisting Users who request help.
Archetype will never disclose a User’s credit or debit card, bank information, or similar financial information to any third party, or use it for any purpose except the collection of payment specifically authorized by the User.
If Archetype receives a subpoena, court order, or similar document requesting or requiring disclosure of any User data, it is Archetype’s policy to contact the affected User(s) unless Archetype is legally prohibited from doing so.
Archetype reserves the right to collect and aggregate anonymous information, such as the number of visitors to its website and/or the number of Users, and to share that information with certain third parties including potential advertisers and investors.
4. Data Retention:
Archetype typically stores such information for the duration of User’s subscription to the Application Services and for approximately five (5) years thereafter. In addition, faculty and staff have the right to retrieve student Users’ note documentation for a period of up to three (3) years following the expiration of any such student User’s individual subscription term.
5. Security and Back-up:
For User’s IT department: security of a User’s information is important to Archetype. Users access EHR Go/Neehr Perfect over the Internet using Transport Layer Security (TLS). The server and hosting services are provided under contract with Atomic, LLC in Minneapolis, Minnesota. Atomic is a Software as a Service (SAS) 70 certified organization. Data is completely secure as it resides on the Storage Area Network (SAN) in a dedicated and partitioned Volumes and Logical Unit Number (LUN) and well as Virtual Local Area Network (VLAN) networks. Data is encrypted at rest on the SAN using Advanced Encryption Standard (AES) 256-bit encryption and a True Random Number Generator (TRNG) for key generation. Data has frequent snap-shots taken on the SAN, backed up and rolled to tape and stored off site in a geographically diverse location from the data center for the highest levels in disaster recovery and business continuation strategies.
6. Laws Applicable to Users in the United States:
For Users in the United States and subject to U. S. law, while the right of privacy is not specifically enumerated in the U.S. Constitution, the U.S. Supreme Court has ruled that a right to privacy is explicit in the Bill of Rights, although that right was intended to prohibit various types of unreasonable intrusion into personal freedom by the government – not private companies. However, some states have included the right to privacy in their state constitutions, and many states have enacted laws protecting privacy rights. Archetype’s policy is to comply with these laws. In addition, for student Users in the United States who are classified as “Eligible Students” under the Family Educational Rights and Privacy Act (FERPA), Archetype agrees to follow the requirements of FERPA relating to the treatment of “personally identifiable information” which is applicable to those public and private post-secondary schools that receive funding under any program administered by the U.S. Department of Education, subject to the exceptions described in FERPA. The other specific obligations of schools, including Educational Institutions, subject to FERPA – such as the obligations for allowing access to, and amendment of, a student’s education records – remain the obligation of the Educational Institution in which a student User is enrolled, and not of Archetype.
7. Laws Applicable to Users in Canada:
For Users in Canada and subject to the laws of Canada, the provisions of the Personal Information Protection and Electronic Documents Act (PIPEDA) governing data privacy may apply to protect a User’s “personal information”, which is information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization. PIPEDA requires an organization such as Archetype to obtain consent when it collects, uses or discloses an individual’s personal information; collect information by fair and lawful means, and to have personal information policies that are clear, understandable and readily available. PIPEDA also gives an individual the right to know why an organization such as Archetype collects, uses or discloses their personal information; to expect it to do so reasonably and appropriately and not to use it for any purpose except as a User has consented; to know who within Archetype is responsible for protecting the information; to expect Archetype to take appropriate security measures; to expect that the information will be accurate, complete and up-to-date; to obtain access to the information and ask for any necessary corrections; and to complain about how Archetype has handled the User’s personal information if the User believes his or her privacy rights have not been respected.
9. Contacting Archetype: