Effective Date: January 1, 2021
The Applications exist to help you share health data, and to ensure it can be located and retrieved in an emergency if you cannot share it yourself, so you can have a voice in your healthcare. We collect demographic data you voluntarily provide when you create your account. We collect the health data you voluntarily share with us. We securely store and protect your personal data. We use some of it, like contact information for you and your friends and family, so we can contact you and help you share your health data. We also respond to requests from hospitals, doctors and nurses trying to find your health data so they can know something about you when they treat you. We may share the fact that you use the Applications with a third party that pays for your healthcare, but we never share your health data with that third party. We may also share aggregated data with third parties for purposes of research or statistical analysis, but no one can use the data shared to identify you. Finally, we track general usage of the Applications so we can improve them.
You control your personal data collected by the Applications. You voluntarily provide it, and you can change or delete it at any time. You can also close your MyDirectives account any time you wish.
Now for the legalese version.
The information you provide to ADVault is protected by several privacy frameworks. In the United States, certain Protected Health Information and Personally Identifiable Information are protected by the United States Federal Health Insurance Portability and Accountability Act of 1996, usually known as HIPAA. If you are a citizen or resident of the European Union (“EU”), any health data you provide to ADVault is also a protected form of data known as a Special Category of Personal Data under the General Data Protection Regulation (“GDPR”). In addition to the usual appropriate technical and organizational measures we implement to ensure the security and integrity of the personal data we process, we may implement additional measures in relation to Special Categories of Personal Data, as appropriate. These measures may include segregation, pseudonymization or restriction of access to the data.
Your Role, Responsibilities, and Risks
You need to be an informed user of the Applications. Please read our Terms and Conditions of Use and all our policies in full so you know how our service works and how you will interact with the Applications.
Understand how we collect data and how it is used. For example, we may offer programs that collect data for special reasons, such as research, scientific studies, and statistics, in which case you may be interested in participating with consent.
Be aware that use of the Applications cannot replace, nor is it intended to serve as, a medical treatment provider-patient relationship or an attorney-client relationship. You should always consult with a medical professional for diagnosis and treatment for specific health problems. If you need legal assistance, you should seek the services of a competent legal professional.
What You Should Expect
We will strive to maintain your privacy, confidentiality, and security at all times.
We will not use any of your medical treatment choices information without your express consent.
We will make you aware when you leave MyDirectives for another website, either by telling you in writing or by another technical mechanism.
Further details about how we use your personal information and medical treatment choices information are set out in our Terms and Conditions of Use.
We may also provide further notices highlighting certain uses we wish to make of your personal information, as well as the ability to opt in or out of selected uses, when we collect personal information from you.
Our Security Measures
All of ADVault’s systems and infrastructure have obtained certification for security and privacy under the HITRUST CSF®. We use physical, technical and administrative measures to protect the integrity and privacy of the personal information and medical treatment choices information you provide to us. When you enter sensitive information (such as your health/medical information) in response to our questions, we encrypt the transmission of that information using secure socket layer technology (SSL). Although we make every reasonable effort to protect personal information and medical treatment choices information from loss, misuse, or alteration by third parties, you should be aware that there is always some risk involved in transmitting information via the Internet, and that hackers or thieves do find ways to thwart security systems. Please also be aware that we may use third-party cloud service providers like ClearDATA that provide hosting, data storage and other services pursuant to standard terms and conditions that are generally non-negotiable. These service providers inform us that they apply security measures they consider adequate for the protection of information within their system. If you have reason to believe that your interaction with the Applications is no longer secure, please notify us immediately by contacting us at info@MyDirectives.com.
ADVault Collects and Retains Data
ADVault collects information on its users in different sections of the Applications. ADVault is interested in user information for the purposes of operating the Applications more efficiently, providing users with more efficient and reliable functionality, and to answer your questions and concerns.
ADVault will retain your information for as long as your account is active or as needed to provide you services. Please contact us if you wish to cancel your account or request that we no longer use your information to provide you services. We will retain and use your information as necessary to comply with our legal obligations, to resolve disputes, and to enforce our agreements. More information on ADVault is available in the About Us section of the Applications, and at the websites www.advaultinc.com and www.idecide.org.
How We Collect Information
Whether directly or through our third-party service providers, we may collect your information in a variety of ways, including:
From you: As you set up your profile in the My Account section of the Applications, you will be asked for your name, address, telephone number, email address, birth date, social security number or other identification number, depending on where you live, and other contact or identification information. We collect this information to identify or contact you, and to verify that you are at least 18 years old. We may also collect demographic information such as your location, or other information like your preferred means of communication, when you voluntarily provide such information to us.
If you contact us, we will typically keep a record of that correspondence.
If you choose to create a digital advance care plan, you will also have the opportunity to provide us with information about your medical treatment choices; allergies and medications; who should make medical treatment decisions for you if you cannot make or communicate those decisions yourself; your wishes regarding organ donation, autopsies and other post-death services; and messages you wish to express to your friends, family and medical care providers. The Applications use this information to automatically populate ADVault’s proprietary digital advance care plan.
Through your device: Certain information is collected automatically through your device, such as your operating system name and version, device manufacturer and model, device identifier, language and the name and version of the software application you are using. We use this information for purposes such as ensuring that the Applications function properly and understanding usage of the Applications.
Through server log files: As is true of most websites, we gather certain information automatically and store it in log files. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We may combine this automatically collected log information with other information we collect about you. We do this to improve services we offer you, and to improve marketing, analytics, or site functionality.
Tracking technologies: Technologies such as cookies, beacons, tags and scripts are used by MyDirectives and our analytics service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements around the site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis.
Physical Location: We may collect the physical location of your device, for example, using satellite, cell phone tower or WiFi signals. We may use your device’s physical location to, among other things, provide you with extra security features. We may also aggregate this information to display usage trends. We may also share de-identified information about your device’s physical location for any purpose not prohibited by applicable law. In some instances, you may be permitted to allow or deny such uses of your device’s location, but if you choose to deny such uses, we may not be able to provide you with extra security features.
By aggregating information: Aggregated personal information, aggregated protected health information and/or aggregated additional information does not personally identify you or any other user of the Applications. For example, we may aggregate personal information to calculate the percentage of our users who have a particular telephone area code or postal code, and we may aggregate protected health information and/or other information to calculate the percentage of our users with particular medical treatment goals, preferences and priorities.
Where Information Is Collected
We collect information about you at several places throughout the Applications. Most information is collected in the following instances:
Registration and My Account
In order to have access to many of the services and the content available on the Applications, you are required to complete a registration form that requests certain personal information. You will also have the opportunity to document and store contact information for friends, family, and medical treatment providers, but providing this contact information is optional and voluntary.
We may use your My Account information to send you an email or a text message to confirm your identity and your registration with MyDirectives, to respond to questions from you, or to notify you if there is a problem. Unless you click Notifications on your MyDirectives Dashboard and opt out, we may also send emails from time to time or newsletters we think may be of interest to you. You may unsubscribe from newsletters by following the directions in the newsletters.
As stated above, if you choose to create a digital advance care plan, you will have the opportunity to voluntarily enter certain health information about your medical treatment choices, allergies and medications, as well as other personal thoughts you would like to express to your friends, family and medical care providers. The Applications use this information to automatically populate ADVault’s proprietary digital advance care plan.
How We Use Your Personal Information
In this section, we set out the purposes for which we use your personal information. For the benefit of MyDirectives users who are European citizens or residents (and in compliance with our obligations under the GDPR), we also identify the “lawful bases” on which we rely to process the information. These “lawful” bases are set out in the GDPR, which allows companies to process personal data only when the processing is permitted by the specific lawful bases established by law, the full description of which can be found here.
Please note that in addition to the disclosures we have identified below, we may disclose personal information for the purposes we explain in this notice to service providers, contractors, agents and advisors (for example, legal, financial, business or other advisors) that perform activities on ADVault’s behalf.
To contact you and provide customer support. Lawful Bases.
To conduct user outreach. We provide you with reminder emails and updates relating to our products and services. Where required by law, we obtain consent to conduct this activity. We will provide an option to unsubscribe or opt out of further communication on any electronic marketing communication sent to you, or you may opt out by contacting us. Lawful Bases.
To provide new and better services. We monitor user traffic patterns and try to analyze what our users like and do not like about our current offerings so we can design better services for you. We may also use certain information for testing purposes, site development and planning, and during the normal course of maintaining the Applications. In these cases, researchers, business analysts, system designers, and others may have access to the data we collect. Lawful Bases.
To enable healthcare providers to locate and retrieve your advance care planning documents. We use demographic information to attach metadata “tags” to your advance care planning documents so that healthcare providers can locate and retrieve them if they are needed. Lawful Bases.
To improve usability, quality and functionality of the Applications. We may share aggregate statistical information on our users, sales, traffic patterns, and website usage with our business affiliates. There is nothing in this information that could be used to identify or contact you, and this information does not include information on your health. Lawful Bases.
We may require vendors to provide specific services, such as data analysis, data storage, email processing, or customer service. We ask vendors to adhere to our confidentiality standards and do not permit a vendor to use our customer information for any other purpose. These companies are authorized to use your personal information only as necessary to provide these services to us. Lawful Bases.
We may share your registration data with your public or private health insurance provider or your healthcare providers solely to inform them that you are registered with MyDirectives. Other than cases of a declared healthcare emergency where doctors and nurses need access to your information for treatment purposes, we do not use or disclose any health information or medical treatment choices information you provide on our site to an unrelated third party without your express consent. Lawful Bases.
In certain limited circumstances, we may be legally compelled to release your personal information in response to a court order, subpoena, search warrant, law, or regulation. If we are compelled to disclose personal information or medical treatment choices information to a third party under such circumstances, we will notify you unless doing so would violate the law or court order. We also reserve the right to cooperate with law enforcement authorities in investigating and prosecuting users that violate our rules or engage in behavior that is harmful to other users or illegal. We may also release your personal information when we believe in good faith that disclosure is necessary to make or defend against a legal claim, protect your safety or the safety of others, investigate fraud, or respond to a government request, where to do so would be permissible under applicable law. Lawful Bases.
If ADVault is involved in a merger, acquisition, or sale of all or a portion of its assets, we may disclose some of your personal information in the course of the transaction. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. Lawful Bases.
ADVault works with several types of third-party vendors that provide products and services that we integrate into the Applications. We also work with private health insurance plans, hospitals, hospice and palliative care providers, and a host of other medical treatment providers, and we intend to work with public and self-funded corporate insurance plans, United States federal and state authorities, as well as foreign governments, to ensure the broadest possible adoption of, and access to, the MyDirectives system. We request that third-party vendors, commercial partners, and users of the Applications and ADVault’s other technology solutions supply us with information on their security procedures, and we evaluate them periodically to ensure that they are using data only as previously agreed.
We may allow third-party vendors or commercial partners to buy aggregate data collected on our site. We may also share aggregate data with third parties such as universities for purposes of conducting research, scientific studies and statistics. None of the aggregate data we share with third parties can be used to identify you.
Rights Relating to Personal Data under the GDPR
EU citizens and residents have a number of rights relating to how their personal data is used. If you are an EU citizen or resident, please be aware that certain exceptions apply to the exercise of these rights, so you will not be able to exercise them in all situations. In addition, these rights will vary slightly between EU member states. If you wish to exercise any of these rights, we will check your entitlement and respond within a reasonable timeframe. Where applicable, EU citizens and residents have the following rights relating to their personal data:
If you have any questions relating to your rights or the exercise of your rights, please contact us.
You can contact ADVault at any time if you do not wish to use the Applications or store your personal information or medical treatment choices information any longer. Upon receiving your request, we will try to remove or delete all personal information and/or medical treatment choices information stored in the active databases that we use for research and daily business activities. If you choose to de-register, ADVault may be required to inform your public and/or private health insurance plan provider(s) of your decision.
Change/Update/Delete Personal Information and Medical Treatment Choices
You may change, update, or delete your personal information at any time by returning to the My Account section of the Applications. If you have selected to create a digital advance care plan, you can change your medical treatment choices recorded on our system at any time by returning to the My Decisions section of MyDirectives (or the Healthcare Agent and Organ & Tissue Donation sections of MyDirectives MOBILE, as appropriate) and changing your answers to the questions asked as part of your medical treatment choices “conversation” with the system. If you have previously uploaded a digitized paper advance care planning document, you can delete the document by returning to your My Dashboard page, clicking on the document you wish to delete, then clicking Delete in the Actions column next to that document.
With your consent, we may post your testimonial along with your name. If you want your testimonial removed, please contact us.
Our website offers a publicly accessible blog. You should be aware that any information you provide in this area may be read, collected, and used by others who access it. To request removal of your personal information from our blog, please contact us at info@MyDirectives.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.