When you register to create an Account, you must provide certain Personal Information including your name, your date of birth, and a valid email address. You may also select a username and password for the Account, and provide other information (such as answers to security questions and a security phrase). We use the information you provide to confirm your eligibility to establish an Account, to protect against unauthorized access to the Account you create, and to communicate with you regarding the Services.
We also collect and record certain information from your browser each time you connect to our Site, such as your IP address, browser type and language, date, time and duration of your connection, and the actions that you perform. That information becomes part of our Audit Files, which we use only in connection with providing, monitoring or improving the performance of the Services, and in offering any technical support or assistance you might request in connection with your use of the Services.
We also store some information in cookies (small text files) that are created on your computer. The information stored there is retrieved when you connect to our Site and used to improve or simplify your user experience on subsequent visits. Most web browsers allow you to decline cookies, and if you’ve chosen to do so then some features or conveniences otherwise available when using the Services will not work for you.
Other Personal Information you can provide to take advantage of the Services. If you’ve established a Diya Health Services Account, you can enter, upload and transfer from other locations a wide variety of other Personal Information to your account for storage, maintenance, editing, organization and sharing with others as you direct. That Personal Information might include health records available to you through Diya Health accounts, other health information that you want to organize or share as part of your personal health record, as well as documents, X-rays, other electronic images, and data from various medical monitoring devices such as blood pressure or blood glucose monitors.
|We will make good faith efforts to provide you access to your Personal Information through the Site. Diya Health Services allow you to delete or correct inaccuracies in your Personal Information that is stored on the Production Servers.
Diya Health will not use, sell, rent, lease or disclose any of your Personal Information for the purpose of allowing third parties to advertise to you or otherwise attempt to sell you products or services or solicit you for business of any kind.
We use your Personal Information in several ways:
We also reserve the right to use your Personal Information to investigate possible violations of the Terms of Service that govern your use of the Services, to protect Diya Health’s property and rights, to investigate potential fraud or security issues, and to communicate with you regarding the Services or your use of the Services.
Diya Health employs a wide variety of administrative, physical and technical safeguards to protect the confidentiality, integrity, and availability of your Personal Information.
For example, only Diya Health employees who have a need, such as those assigned to operate and provide support for the Services, are provided electronic access to the Diya Health Servers on which your Personal Information is stored. Those Diya Health Servers are kept in secure locations and physical access to them is highly-controlled and tracked.
We use Secure Sockets Layer (SSL) certificate technology so that you have assurance when using the Services that our Site is genuine and operated by Diya Health. That technology also allows us to establish a secure, encrypted connection between our Site and the web browser you are using when you connect to the Site. When the secure, encrypted connection exists, the address appearing in your browser’s address bar will begin with https:// (not just http://). If you use a high-security browser, your browser address bar will turn green to indicate your secure connection.
Please note, however, that when the Services re-direct you to web sites operated by other organizations (such as a healthcare organization or healthcare applications at which you have an active account), you no longer are connected to our Site. At that point, the nature of your connection is governed and controlled by the technology adopted and put into place by the organization operating the web site to which you’ve been re-directed.
Other technical safeguards that we employ at Diya Health to protect your Personal Information include the following:
Diya Health Services allow you to transfer your Personal Information to and from your Account. You control those transfers through the features provided within the Services. For instance, you can authorize healthcare providers at the organizations where you have Diya Health Accounts to pull designated portions of your Personal Information from your Account for inclusion in your electronic medical record at those organizations. Only those provider organizations that you authorize will be able to initiate such transfers, and they will be able to transfer only the Personal Information from your Accounts that you choose to make available to them. To enable this functionality, the Services make the fact that you are a Diya Health Account holder known to those organizations where you have linked Diya Health Accounts.
You also will be able to download your Personal Information to your local computer or portable storage devices, or to direct that such Personal Information be transmitted to other entities. Again, all such transfers of your Personal Information will be solely in your control, as directed by you through your use of the Services.
Please note that Diya Health cannot control and is not responsible for the privacy and security of your Personal Information once it has left Diya Health in accordance with your requests and directives when using the Services. We cannot retrieve that information after you’ve shared it; and we cannot control or restrict the use of Personal Information by other organizations. For instance, designating within your Diya Health Services Account that portions of your Personal Information are not to be shared restricts only the transfer of the Personal Information via the Services; it does not extend those restrictions to organizations to which you’ve sent that information or from which your Diya Health Services Account has received it, such as a healthcare organization where you have a Diya Health Account. How such organizations treat your Personal Information is determined by their own privacy practices.
There are very few instances in which your Personal Information ever will be disclosed by us other than as directed by you through your use of the Services. We may disclose your Personal Information in the following circumstances:
In addition, Diya Health may at times engage other companies or individuals to perform certain activities on our behalf and related to our provision of the Services, such as assistance in improving software, off-site storage of information for disaster recovery, web site hosting, or technical assistance regarding operating systems, web browsers or other non-Diya Health software with which the Services might interact. Diya Health will provide such third parties access to your Personal Information only (i) when such access is necessary to accomplish the activity for which we have engaged the third party; and (ii) when the third-party is contractually bound to us: (a) to use the information only in connection with accomplishment of the activity for which they’ve been engaged and (b) to provide administrative, physical and technical safeguards to protect the confidentiality and security of the information.
You can choose to close an Account at any time. If you choose to do so, we will retain your Personal Information until you request permanent deletion. Please note that closing an Account affects only your Personal Information that is stored on Diya Health Servers. It does not affect, alter or accomplish the deletion of any Personal Information that is stored or maintained on other systems, such as those of your healthcare providers or the organizations at which you have Diya Health Accounts.
After deletion, Your Personal Information may persist in Backup Files for up to a year and in our Audit Files for longer periods of time based upon government agency and private organization guidelines and recommendations that pertain to analogous categories of data and information. Our Backup and Audit Files are never stored on computers connected to the Internet and the data in such files is not readily or even easily accessible. We therefore reserve the right to decline to process requests to provide access to, to delete or to correct inaccurate Personal Information if such requests would be impractical, require disproportionate technical efforts, jeopardize the security of other individuals’ personal information or interfere with Diya Health’s legal obligations or its legitimate efforts to protect its business interests.
We may make changes to this policy from time to time by posting revised versions on this page.