Covenant Health, Inc. (Covenant) is organized to coordinate the corporate, administrative, clinical and service strengths and potentials of its member organizations. Covenant functions as the parent company to its member organizations which include St. Joseph Hospital of Nashua, NH (Nashua), St. Mary’s Health System (St. Mary’s), St. Joseph Healthcare Foundation and Subsidiaries (Bangor), Youville Lifecare, Inc., Youville House, St. Andre Health Care Facility (St. Andre), Mary Immaculate Health Care Services, Inc., Fanny Allen Corporation, Fanny Allen Holdings, St. Joseph Manor Health Care, Inc., St. Mary’s Villa Nursing Home, Inc. (St. Mary’s Villa), Covenant Health Insurance Ltd. (CHIL), Providentia Prima Trust (Providentia Prima), Mount St. Rita Health Centre and Youville Place. Covenant and its member organizations, and their various related entities are collectively referred to herein as “COVENANT HEALTH.”
This Policy does not apply to COVENANT HEALTH Patient portals, MyChart or Career Sites, to information that we obtain outside of the Website, or websites of third parties to which we provide links. We do not control and are not responsible for the privacy practices of, or the data available on, the websites of third parties, and we urge you to evaluate the soundness of these practices for yourself.
ELECTRONIC PROTECTED HEALTH INFORMATION (ePHI)
Electronic Protected Health Information We May Collect
In some circumstances, COVENANT HEALTH’s use of your information will also be subject to the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”).
In these circumstances, the terms of Covenant’s HIPAA Notice of Privacy Practices will apply.
ePHI is “individually identifiable” “protected health information” sent or stored electronically. Protected health information refers specifically to three classes of data:
- An individual’s past, present, or future physical or mental health or condition
- The past, present, or future provisioning of health care to an individual
- The past, present, or future payment-related information for the provisioning of health care to an individual
“Individually identifiable” means information that can be somehow linked back to a specific individual (even if this is very indirect). There are 18 types of identifiers for an individual (listed below). Any of one these, combined with some kind of “protected health information” (e.g. an appointment with a particular doctor) would constitute ePHI.
- Address (all geographic subdivisions smaller than state, including street address, city, county, zip code)
- All elements (except years) of dates related to an individual (including birth date, admission date, discharge date, date of death and exact age if over 89)
- Telephone number
- Fax number
- Email address
- Social Security number
- Medical record number
- Health plan beneficiary number
- Account number
- Certificate/license number
- Any vehicle or other device serial number
- Device identifiers or serial numbers
- Web URL
- Internet Protocol (IP) address numbers
- Finger or voice prints
- Photographic images
- Any other characteristic that could uniquely identify the individual
Personal Information We May Collect
“Personal Information” is information that identifies you as an individual, such as:
- Postal address (including billing and shipping addresses)
- Telephone number (including home and mobile phone numbers)
- Email address
- Credit and debit card number
- Social media account ID
- Country of residence
In instances where we identify that Personal Information becomes Protected Health Information, we will treat that information under our HIPPA policies.
How We May Collect Personal Information
We and our service providers may collect Personal Information in a variety of ways, including:
- Through the Sites: We may collect Personal Information through the Sites, e.g., when you sign up for a newsletter, make a donation, request an appointment or ask a question.
- Offline: We may collect Personal Information from you offline, such as when you contact certain departments that relate to our Sites.
- Online tracking: Because we do not track our Site users over time and across third- party websites, we do not respond to browser do-not-track signals.
- From Other Sources: While not currently being used, we may receive your Personal Information from other sources, such as public databases; joint marketing partners; social media platforms; from people with whom you are friends or otherwise connected on social media platforms, as well as from other third parties. For example, if you elect to connect your social media account to our Website account, certain Personal Information from your social media account will be shared with us, which may include Personal Information that is part of your profile or your friends’ profiles.
- Mobile usage: While we do not currently use mobile apps, we may in the future. If we are able to identify you as a user of a mobile app, we may, for example, link your activity with a COVENANT HEALTH member organization to one of our mobile applications.
To the extent permitted by applicable law, the Personal Information you provide through the Sites may be combined with Personal Information and Other Information that you provide to us (via online or offline means), that is publicly available, or that we may otherwise obtain online or offline, including, for example, from providers of demographic and other information, social media platforms and other third parties.
How We May Use Personal Information
To the extent permitted by applicable law, we may use Personal Information:
- to respond to your inquiries and fulfill your requests, such as to send you newsletters or to respond to your questions and comments.
- to send administrative information to you, for example, information regarding the Sites and changes to our terms, conditions, and policies. Because this information may be important to your use of the Sites, you may not opt-out of receiving these communications.
- to complete and fulfill your purchase and/or your donation, for example, to process your payments, communicate with you regarding your donation and provide you with related customer service.
- to provide you with updates and announcements concerning our service lines, events, promotions and programs and to send you invitations to participate in special programs.
- to re-contact you if we have not heard from you in a while.
- to send you advertising/promotional material from any of our member organizations, and from our promotional and strategic partners.
- to personalize your experience on the Sites by presenting content tailored to you.
- to process rewards, prizes, and donations, as applicable.
- to allow you to participate in polls, sweepstakes, instant win promotions, contests and other promotions and to administer these activities. Some of these activities have additional rules, which could contain additional information about how we use and disclose your Personal Information, so it is important that you read the additional rules carefully.
- to permit you to participate on blogs, rate providers and other services to which you are able to post information and materials (including our Social Media Pages). Please note that any information you post or disclose through these services will become public information and may be available to visitors to the Sites and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Sites.
- to permit you to participate in social sharing, including live social media feeds.
- for our business purposes, such as analyzing and managing our businesses, market research, audits, developing new service lines, enhancing our Sites, improving our services and offerings, identifying usage trends, determining the effectiveness of our promotional campaigns, tailoring the Sites experience and content based on your past activities on the Sites, and gauging satisfaction and providing customer service (including troubleshooting in connection with customer issues).
- as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our member organizations; (f) to protect our rights, privacy, safety or property, and/or that of our member organizations, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
How Personal Information May Be Disclosed
To the extent permitted by applicable law, your Personal Information may be disclosed:
- to our third-party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email delivery services, credit card processing, auditing services and other services, to enable them to provide services.
- to our third-party strategic partners with whom we may enter into a special relationship. We will provide you with choices regarding this sharing prior to sharing your Personal Information with a strategic partner. Because these third parties will use your Personal Information in accordance with their own privacy practices, you should check their websites for information regarding their privacy practices.
- to identify you to anyone to whom you send messages through the Sites.
- by you, on blogs, provider ratings and other services to which you are able to post information and materials (including our Social Media Pages). Please note that any information you post or disclose through these services will become public information and may be available to visitors to the Sites and to the general public. We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Sites.
- by you, if you participate in a live social media feed (which you may do, for example, by tagging (referencing) us in your social media post or “liking” us on a social media platform). If you do participate, your public username and profile photo may be displayed on the Sites along with your post.
- to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
- as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity, such as:
- Browser and device information
- Server log file information
- Information collected through cookies, pixel tags and other technologies
- Mobile site or App usage data
- Demographic information and other information provided by you
- Location information
- Aggregated information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Information under applicable law, then, in addition to the uses listed in the “How We May Collect Other Information” section below, we may use and disclose Other Information for all the purposes for which we use and disclose Personal Information.
How We May Collect Other Information
We and our third-party service providers may collect Other Information in a variety of ways, including:
- Through your browser or device: Certain information is collected by most browsers or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version, service provider, and the name and version of the Sites you are using. We use this information for statistical purposes as well as to ensure that the Sites function properly.
- Through server log files: Your “IP Address” is a number that is automatically assigned to the computer or device that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user visits the Sites, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many websites. We use IP Addresses for purposes such as calculating Sites usage levels, helping diagnose server problems, and administering the Sites. Please note that we treat IP Addresses, server log files and related information as Other Information, except where we are required to do otherwise under applicable law.
- Using pixel tags, web beacons, clear GIFs or other similar technologies: These may be used in connection with some Sites pages and HTML-formatted email messages to, among other things, track the actions of Sites users and email recipients, measure the success of our marketing campaigns and compile statistics about Sites usage and response rates.
- From you: Information, such as date of birth, gender, personal characteristics, hobbies and interests, consumption habits, zip code and your preferred means of communication, may be collected when you voluntarily provide it. Unless combined with Personal Information, this information does not personally identify you or any other user of the Sites.
- Physical Location: We may collect the physical location of your device by, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content, including advertising. We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content, including advertising and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.
- By aggregating information: Aggregated Personal Information does not personally identify you or any other user of the Sites (for example, we may use Personal Information to calculate the percentage of our users who have a particular telephone area code).
In some instances, we may combine Other Information with Personal Information (such as combining your name with your zip code). If we combine any Other Information with Personal Information, the combined information will be treated as Personal Information as long as it is combined.
We are also not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including in connection with any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.
THIRD-PARTY ADVERTISING-RELATED VENDORS
Our online and email advertising-related vendors may use pixel tags, web beacons, clear GIFs or other similar technologies in connection with the Sites to help manage our online and email advertising campaigns and strengthen the effectiveness of such campaigns. For example, if a vendor has placed a unique cookie on your computer, the vendor may use pixel tags, web beacons, clear GIFs or other similar technologies to recognize the cookie during your visit to the Sites and to learn which of our online advertisements may have brought you to our Sites, and the vendor may provide us with such Other Information for our use. Please note we may link such Other Information provided to us by our vendors to Personal Information about you that we have previously collected. Such combined information will be treated as Personal Information.
We may use third-party advertising companies to target advertisements to you on our Sites, across the web, on your mobile device and on any of your other devices, based on the Personal and Other Information we have collected from and about you, as well as information relating to your and other users’ visits to this and other websites and online services. To do so, these companies may place or recognize a unique cookie on your browser, through the use of pixel tags or recognize an identifier associated with your mobile device. These companies may also use these technologies, along with Personal Information and Other Information they or we collect on the different devices you use, to recognize you across the devices you use, such as a mobile device and a laptop or other computer. If you would like more information about these practices, go to www.aboutads.info. To learn about your choices in connection with these practices on the particular device on which you are accessing this policy, please visit http://www.networkadvertising.org/managing/opt_out.asp and http://www.aboutads.info/ to opt out in desktop and mobile web browsers. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps.
We use reasonable organizational, technical and administrative measures to protect Personal Information under our control. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contacting Us” section below.
CHOICES AND ACCESS
Your choices regarding our use and disclosure of your Personal Information
We give you choices regarding our use and disclosure of your Personal Information for marketing purposes.
- If at any time you wish to stop receiving phone, mail, SMS, and email marketing communications from us, please just let us know by emailing, calling or writing to us using the contact information listed below in the “Contacting Us” section or by using the unsubscribe feature in the marketing email you received. In your request, please indicate that you wish to stop receiving email marketing communications from us.
- In addition, we will not disclose your Personal Information to third parties, including our subsidiaries, for the third party’s direct marketing purposes if we have received and processed a request from you that your Personal Information not be shared with third parties for that purpose. If you would like to submit such a request, please just let us know by emailing, calling or writing to us using the contact information listed below in the “Contacting Us” section. Please clearly indicate that you request that COVENANT HEALTH not disclose your Personal Information to COVENANT HEALTH subsidiaries and/or other third parties for their direct marketing purposes.
Please note that changes may not be effective immediately. We will endeavor to comply with your request(s) as soon as reasonably practicable. Please also note that if you do opt-out of receiving marketing-related messages from us, we may still send you important administrative messages, and you cannot opt-out from receiving administrative messages.
How you can access, change or suppress your Personal Information
To review, correct, update, suppress, delete or otherwise limit our use of your Personal Information that has been previously provided to us, please email, call or write to us using the contact information listed below in the “Contacting Us” section and clearly describe your request.
In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information suppressed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Note that despite our efforts, there may be residual information that will remain within our databases and other records, which will not be removed or changed. Further, please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion).
USE OF SITES BY MINORS
Our Services are not directed to or intended for children. COVENANT HEALTH does not knowingly collect information from children under the age of 18. You can visit the Federal Trade Commission’s website to learn about the Children’s Online Privacy Protection Act (COPPA).
Covenant Health, Inc.
100 Ames Pond Drive, Suite 102
Tewksbury, MA 01876