Epiphany Healthcare's Statement of Privacy

Epiphany Healthcare is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Epiphany Healthcare website and governs data collection and usage. By using the Epiphany Healthcare website, you consent to the data practices described in this statement.

Collection of your Personal Information

Epiphany Healthcare, with your consent and your data entry, collects personally identifiable information, such as your e-mail address, name, home or work address, or telephone number. Epiphany Healthcare also collects anonymous demographic information, which is not unique to you, such as your region.

There is also information about your computer hardware and software that is automatically collected by Epiphany Healthcare. This information includes: your IP address, browser type, domain names, access times and referring Website addresses. This information is used by Epiphany Healthcare for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Epiphany Healthcare website.

Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Epiphany Healthcare public message boards, this information may be collected and used by others. Note: Epiphany Healthcare does not read any of your private online communications.

Epiphany Healthcare encourages you to review the privacy statements of websites you choose to link to from Epiphany Healthcare so that you can understand how those websites collect, use, and share your information. Epiphany Healthcare is not responsible for the privacy statements or other content on websites outside of the Epiphany Healthcare family of websites.

Use of your Personal Information

Epiphany Healthcare collects your personal information through online forms, cookies, and tracking codes to operate the Epiphany Healthcare website and deliver the services you have requested. Epiphany Healthcare also uses your personally identifiable information to inform you of other products or services available from Epiphany Healthcare and its affiliates. Epiphany Healthcare may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

Epiphany Healthcare does not sell, rent or lease its customer lists to third parties. Epiphany Healthcare may, from time to time, contact you about a particular offering that may be of interest to you. In those cases, your unique personally identifiable information (e-mail, name, address, telephone number) is not transferred to the third party (e.g., Google Analytics). In addition, Epiphany Healthcare may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to Epiphany Healthcare, and they are required to maintain the confidentiality of your information.

Epiphany Healthcare keeps track of the websites and pages our customers visit within Epiphany Healthcare, in order to determine what Epiphany Healthcare services are the most popular. This data is used to deliver customized content and advertising within Epiphany Healthcare to customers whose behavior indicates that they are interested in a particular subject area.

Epiphany Healthcare websites will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Epiphany Healthcare or the site; (b) protect and defend the rights or property, including intellectual property, of Epiphany Healthcare; and, (c) act under exigent circumstances to protect the personal safety of users of Epiphany Healthcare, or the public.

Use of Cookies

The Epiphany Healthcare website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.

One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you register with the Epiphany Healthcare site or services, a cookie helps Epiphany Healthcare to recall your specific information on subsequent visits. When you return to the same Epiphany Healthcare webpage, the information you previously provided can be retrieved, so you can easily use the Epiphany Healthcare features that you customized.

You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Epiphany Healthcare services or websites you visit.

Security of your Personal Information

Epiphany Healthcare secures your personal information from unauthorized access, use or disclosure. Epiphany Healthcare secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When personal information is transmitted to other Websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

In accordance with the European Union General Data Protection Regulation (GDPR) right to be forgotten law, Epiphany Healthcare gives you the right to request that any of your personal information be erased immediately from Epiphany servers. This right to be forgotten is offered via the link below. Upon submission of the completed form, your information will be deleted. This process will be completed without undue delay. To ensure we are erasing data of the right person, we require you to provide us with proof of your identity.

Delete my Information

California Law – General Privacy Laws 1798.83-1798.84

Epiphany Healthcare recognizes and complies with the California Privacy Law that contains the right to ask what specific information we collect and what Epiphany shares with third parties and affiliates. California residents may request to have information corrected by filling out our contact us form or removed by filling out Epiphany’s delete my information form as outlined above.

Data Retention

Epiphany Healthcare uses third-party software for marketing purposes and analytics software to collect and analyze personal data as it pertains to website usage. Data is held in Hubspot and Salesforce indefinitely for customer relationship management and marketing purposes unless Epiphany cancels our subscription to those platforms. Individual information may be deleted upon unsubscribing or utilizing the right to be forgotten. Personal data from Google Analytics is stored for 26 months before automatically being expunged. This data may be deleted prior to 26 months if a person utilizes their right to be forgotten.

Incident Response

In the event of a security breach, Epiphany has assembled an incident response procedure and team to handle post-incident items including containment, eradication, recovery and post-incident notification. Once the Incident Response Procedure has been activated, the Team Leader will ensure that all role holders are contacted and made aware of the nature of the incident. Once an appropriate response to the incident has been identified, the Incident Response Team (IRT) members will manage the overall response, monitor the status of the incident, and ensure effective communication is taking place at all levels. The IRT member responsible for communications will make a list of all interested parties and define the message that is to be delivered. These procedures are intended to ensure a quick, effective, and orderly response to information security incidents.

Changes to this Statement

Epiphany Healthcare will occasionally update this Statement of Privacy to reflect company and customer feedback. Epiphany Healthcare encourages you to periodically review this Statement to be informed of how Epiphany Healthcare is protecting your information.

Contact Information 

Epiphany Healthcare welcomes your comments regarding this Statement of Privacy. If you have any questions or concerns, please contact Epiphany Healthcare. We will use commercially reasonable efforts to promptly address your questions or concerns.

June 12, 2019 V2