Effective Date: May 27, 2019
Capitalized terms not defined in this Definitions Section below shall have the meaning set forth by applicable law when a citation is present.
- “Agreement” means the underlying Service Agreement and related agreement between CareDox
- “School” refers to an LEA or educational institution who has implemented CareDox Services pursuant to an Agreement with CareDox.
- “Student Data” means the personally identifiable information CareDox receives regarding a student of the School.
Student Data Collected
CareDox receives Student Data from Schools in order to provide Services under its Agreement with the School. When a School enters into an Agreement with CareDox, the School may be asked to input the following Student Data into the CareDox system or platform: Student ID, First and Last Name, Grade Level, School, Home Address, Parent or Guardian Name, Email Address and Phone Number, Medical alerts and Emergency contact information. Student Data contained in CareDox student record systems updated by the School include, but are not limited to: allergies, medications, medical conditions, and medical records. The School will be the custodian of the Student Data, and will be responsible for maintaining this information securely, with such responsibilities including, but not limited to, securely configuring accounts using federated identity management or strong and unique passwords and not sharing authentication information.
CareDox receives Student Data from parents or guardians, including, but not limited to: Care Plans, Insurance Cards, and Doctor’s Notes.
Use or Sharing of Student Data
We share Student Data solely for the purposes of performing Services under our Agreement, and for purposes required by law.
- Disclosures by Law
We may disclose Student Data when required or permitted by law.
- De-identified Data
We may use de-identified data to improve our products or services and for other related purposes.
The security of Student Data is important to us. CareDox stores and processes Student Data in accordance with industry standards and applicable law, ensuring that Student Data is protected from unauthorized access, use and disclosure.
In the event that we believe that the security of Student Data has been compromised, we will notify you as required by applicable law and the terms of the Agreement. We will always attempt to notify you as promptly as possible under the circumstances of any security breach affecting Student Data that we believe may pose a material risk of harm.
Upon notice from a parent or School to delete or destroy Student Data, we will ensure that the deletion of Student Data complies with FERPA and HIPAA standards. In all instances we will ensure that procedures concerning the Student Data we use to perform Services comply with FERPA and HIPAA.
To protect Student Data from unauthorized access, use, and disclosure, CareDox maintains a comprehensive information security program and employs reasonable and appropriate physical, administrative, and technical safeguards. CareDox performs periodic risk assessments of its information security program and prioritizes remediation of identified security vulnerabilities.
CareDox will NEVER: 1) Sell student data to third parties; 2) share Student Data with third parties for the purpose of targeted advertising; 3) use Student Data for marketing purposes; 4) claim ownership of Student Data.
Cookies and Internet Tags
We may collect and process information about your use of the Services to help us improve the Services and to compile aggregate statistics about the use of Services for internal purposes through the use of “cookies.” Cookies also enable you to sign in to the Service and access your stored preferences and settings. If you choose to block this function, it may impair or prevent required functionality and therefore your use of the Service.
Our Services comply with all applicable provisions of the Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. 6501 et seq.). To the extent COPPA applies to the information we collect, we process such information for educational purposes only, at the direction of the partnering School and on the basis of educational institutional consent.