Client SideKick (“us”, “our”, “we”) provides access to and use of web-based software, applications, services and other products on the Client SideKick web site (collectively referred to as the “Software”) to home healthcare agencies, staffing agencies, other healthcare organizations and healthcare professionals (“Client”, “your employer”) including their employees, sub-contractors and agents (“User(s)”, “you”, “your”).
INFORMATION ABOUT YOU:
In order to use and have access to the Software you need to set up a User account, a process that in some instances, must be authorized by a Client of Client SideKick (most commonly a User’s employer). Certain information is required to set up a User account such as your name, email address and other information. Once you are an authorized/registered User, other information can be entered either by yourself, your employer(s) or other authorized entity(s) that authorized you to access the Software. Such ‘other’ information may include business/organizational related data about your relationship with a healthcare organization.
Who can access your information?
Only you and any authorized entity(s) that granted you access to the Software can view, edit, delete and add personal information to your User profile such as addresses, phone numbers, and other pertinent information.
Information that you SHOULD NOT SHARE with anyone includes your Password, USER ID and any E-Signature, which you must keep confidential at all times. If your employer is required to have access to such information they will be able to obtain or control it without requesting that you disclose it.
What do we do with the information we gather?
All information that is transmitted to the Client SideKick servers or that we transmit to authorized users during their logon session is encrypted using 256-bit Secure Socket Layer encryption. In addition, we de-identify (encrypt) any User Password (and Social Security Numbers if applicable) with a “second layer” of encryption directly in our secured MySQL database.
We never sell personal information to third parties that could be used to specifically identify an individual User. Anonymous data is sometimes shared with third parties. We do provide personal information to government agencies as required by law or regulation, and in connection with investigations of possible illegality or misuse of Client SideKick products and/or services.
We may disclose personal information if we are required to do so by law or we in good faith believe that such action is necessary to (1) comply with the law or with legal process; (2) protect and defend our rights and property; (3) protect against misuse or unauthorized use of the Software; or (4) protect the personal safety or property of our Users or the public (among other things, this means that if you provide false information or attempt to pose as someone else, information about you may be disclosed as part of any investigation into your actions).
What OTHER steps do we take to keep your information secure?
We store the information you provide to the Software on our secure servers and have designed our security protocols and standards to meet and/or exceed the applicable HIPAA security requirements. These servers are protected from malicious and unauthorized access including at least the following security measures:
- Physical Security:
- Physically locked server security access;
- 24/7 Logged visual surveillance
- Multiple security alarm points
- Network Security:
- Dedicated servers for production and database separated from testing servers.
- Dedicated hardware firewall.
- Dedicated IP address
- Dedicated private network
- Secure Socket Layer Encryption
- Data Security:
- Encrypted file systems
- Encrypted sensitive information
In addition, we conduct regular vulnerability scans, implement regular updates to our antivirus software, and all information that is stored on our server, transmitted to our server or that we transmit to our Users during their logon session is encrypted using 256-bit Secure Socket Layer encryption. Passwords are also encrypted using the AES-256CBC.
To further protect against unauthorized use of the Software, we have implemented automated tools and techniques that log information about your use of the Software. Information collected during a logon session includes (but is not limited to) what and when a User accesses or interacts with patient information using the Software such as logging instances of the following actions: viewing, creating, editing, and/or deleting a patient profile or record(s) that contain PHI.
What steps can you take to keep your information secure?
In addition to complying with the requirements contained in the Acceptable Use Policy, your own efforts to protect against unauthorized access play an important role in protecting the security of your personal information and patient information. You should be sure to LOG OUT of the Software at the end of each logon session and log out of the browser that was used to access the Software. You should never save your user ID or password information in any browser used to access the Software. You should never access the Software using an unsecured or public network (e.g. Wi-Fi networks that are easily accessed or unsecured by members of the public generally).
We may have links to other, outside web sites that we do not control. We are not responsible for the content or privacy policies of these sites, and Users should check and abide by the policies on/for such external sites when interacting with those sites.
Do we do Surveys?
From time to time, we may ask you to fill out a survey on the Client SideKick website to help us better understand our Clients’ and Users’ needs. You may opt-out of participating in such surveys. We will not disclose survey response information to any other party and will solely use surveys internally.
What are my choices?
You may choose to delete, edit or add information to your User account at any time. You may choose to discontinue use of the Software at any time. After termination of your User account we will continue to treat and protect your personal information in accordance with this Policy.
Our services are not directed to persons under the age of 18, and we do not knowingly collect information from persons under the age of 18.
Risks inherent in sharing information.
Although by having a User account your personal information is only shared between you and any entity that grants you access to the Software, you must be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users including any with whom you share your information, including your employer or other authorized entity—we cannot guarantee that only authorized persons will view your information. We are not responsible for third party circumvention of any privacy settings or security measures on the Software. You can reduce these risks by using common sense security practices such as choosing a strong password, using different passwords for different services, and using up to date antivirus software (including firewalls).
When accessing our Software, you may be introduced to, or be able to access or link to certain third-party websites or advertisements created or hosted by third-party advertising companies. We may analyze the personal information you provide us and use that information to display the links, web sites, and advertisements we believe may be of relevance to you.
Each User is solely responsible for using their own judgment and their actions when using the Software to view, transmit, or otherwise interact with any patient information, including without limitation information that is considered “PHI” or otherwise regulated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security rules, as amended and/or other applicable state or federal laws, rules or regulations.
Privacy Contact Information
Client SideKick may change this policy from time to time. Any such modifications will be automatically and immediately effective. We are not responsible for informing Clients and Users directly of any modifications to this Policy. Clients and Users are required to regularly review this Policy which is available on our website at www.clientsidekick.com.