CareDox Privacy Policy

Effective Date: May 27, 2019

This Privacy Policy (“Privacy Policy” or “policy”) describes how CareDox, Inc. (“CareDox”, “Us”, “We”) handles data and personal information in providing CareDox services (“Services”) to its users and customers. All of our systems, procedures, use of data, and Services are in accordance with the Family Education Rights and Privacy Act of 1974 (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) governing the use of student data, and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. § 300gg) governing the safeguarding of medical information. We encourage you to read through and understand this Privacy Policy. We may periodically update our Privacy Policy to address new issues or reflect changes to our Services. If we make changes that are material to the use of personally identifiable information, then we will attempt to provide you with notice of those changes. We reserve the right to revise this policy, with such revisions effective immediately upon the posting of the revised policy. Your use of Services after such posting constitutes your acceptance of those terms as revised.

Definitions

Capitalized terms not defined in this Definitions Section below shall have the meaning set forth by applicable law when a citation is present.

  • “Agreement” means the underlying Service Agreement and related agreement between CareDox
  • “School” refers to an LEA or educational institution who has implemented CareDox Services pursuant to an Agreement with CareDox.
  • “Student Data” means the personally identifiable information CareDox receives regarding a student of the School.

Student Data Collected

CareDox receives Student Data from Schools in order to provide Services under its Agreement with the School. When a School enters into an Agreement with CareDox, the School may be asked to input the following Student Data into the CareDox system or platform: Student ID, First and Last Name, Grade Level, School, Home Address, Parent or Guardian Name, Email Address and Phone Number, Medical alerts and Emergency contact information. Student Data contained in CareDox student record systems updated by the School include, but are not limited to: allergies, medications, medical conditions, and medical records. The School will be the custodian of the Student Data, and will be responsible for maintaining this information securely, with such responsibilities including, but not limited to, securely configuring accounts using federated identity management or strong and unique passwords and not sharing authentication information.

CareDox receives Student Data from parents or guardians, including, but not limited to: Care Plans, Insurance Cards, and Doctor’s Notes.

Use or Sharing of Student Data

We share Student Data solely for the purposes of performing Services under our Agreement, and for purposes required by law.

  • Disclosures by Law
    We may disclose Student Data when required or permitted by law.
  • De-identified Data
    We may use de-identified data to improve our products or services and for other related purposes.

Security

The security of Student Data is important to us. CareDox stores and processes Student Data in accordance with industry standards and applicable law, ensuring that Student Data is protected from unauthorized access, use and disclosure.

In the event that we believe that the security of Student Data has been compromised, we will notify you as required by applicable law and the terms of the Agreement. We will always attempt to notify you as promptly as possible under the circumstances of any security breach affecting Student Data that we believe may pose a material risk of harm.

Upon notice from a parent or School to delete or destroy Student Data, we will ensure that the deletion of Student Data complies with FERPA and HIPAA standards. In all instances we will ensure that procedures concerning the Student Data we use to perform Services comply with FERPA and HIPAA.

To protect Student Data from unauthorized access, use, and disclosure, CareDox maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative, and technical safeguards. CareDox performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.

CareDox will NEVER: 1) Sell student data to third parties; 2) share Student Data with third parties for the purpose of targeted advertising; 3) use Student Data for marketing purposes; 4) claim ownership of Student Data.

Cookies and Internet Tags

We may collect and process information about your use of the Services to help us improve the Services and to compile aggregate statistics about the use of Services for internal purposes through the use of “cookies.” Cookies also enable you to sign in to the Service and access your stored preferences and settings. If you choose to block this function, it may impair or prevent required functionality and therefore your use of the Service.

COPPA

Our Services comply with all applicable provisions of the Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. 6501 et seq.). To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering School and on the basis of educational institutional consent.

Contact Us

Please contact privacy@caredox.com with any questions you may have about our Privacy Policy.

c