Our mission is to drive better and more affordable healthcare through innovative software and information solutions for providers throughout the care continuum, their patients, and health researchers. Our solutions include our electronic health record, patient health records software, medical organizations health records software, our care coordination, and clinical data transmission services. Altos Health is dedicated to protecting the privacy of the users of any of our products or services and of the individuals whose health information is stored or transmitted by our system. Altos Health interfaces are developed for the highest levels of security and performance.
This Privacy Policy (this “Policy”) applies to the software and information services we offer through our website located at www.altos.health, our cloud-based electronic health record and medical organizations management solutions, and web-enabled emails and in-app notifications sent as part of, in connection with, or relating to such software and information services (collectively, our “Services”). This Policy does not apply to any other services.
Maintaining your trust is important to us, and we strongly encourage you to read this Policy in full.
The purpose of this Policy is to describe how we and our partners collect, use, and share information about you. This Policy may incidentally describe how our Services gather and use information about other individuals or information about you that may be submitted by another user. This Privacy Policy, however, only applies to how we and our partners collect, use, and share information about you with respect to the Services covered by our Terms of Use and not to any other service we may offer to any other individual or customer.
Some of our users – such as healthcare providers – are subject to laws and regulations governing the use and disclosure of health information they create or receive, including the Health Insurance Portability and Accountability Act of 1996, as amended from time to time, together with the regulations adopted thereunder (“HIPAA”). When we store, process or transmit “individually identifiable health information” (as defined by HIPAA) on behalf of a healthcare provider who has entered into a Healthcare Provider User Agreement, we do so as its “business associate” (as also defined by HIPAA). Under this agreement, we cannot use or disclose individually identifiable health information in a way that the provider itself may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity, and availability of the individually identifiable health information we store and process on behalf of such providers. For the purpose of this Policy, the term “healthcare provider” means any user who is a “health care provider” (as defined by HIPAA) or any user who is a member of such health care provider’s “workforce” (as also defined by HIPAA). For additional information regarding our business associate obligations, please see Sections 4.1.8 and 9 of our Healthcare Provider User Agreement.
Altos Health may revise and update the Privacy Policy at any time, without notice to you. We encourage you to periodically reread this Privacy Policy, to see if there have been any changes to our policies that may affect you.
We understand the importance of protecting you from the unauthorized use of information you provide in the course of doing business with us. Except as disclosed in this policy or our User Agreement, we will not give away, sell or otherwise disclose any information that personally identifies you. We may, however, obtain, use and disclose personal information about you for the purpose of verifying your identity and practice credentials, and we may provide personal information to payers with which you contract to provide health care services. We may also disclose personal information about you if we are compelled to do so by law or by valid legal process. We may disclose personal information if we have your express permission to do so, or the disclosure is to our service providers to assist us in providing our services, or for user verification purposes. We may also use IP addresses to analyze trends, administer the site and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. We have the right to remove personal identifiers from your personal information so that it cannot reasonably be used to identify you.
Our User Agreement sets forth our obligations as our users’ business associate under the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 and its privacy and security regulations (HIPAA), and under the privacy and security provisions of the Technology for Economic and Clinical Health Act of 2009 (the HITECH Act). We will comply with the business associate provisions of our User Agreement. We will also comply with provisions of the HIPAA Security Rule that apply to business associates under the HITECH Act, and the privacy and security provisions of the HITECH Act that are applicable to business associates.
The User Agreement sets forth the ways in which we may use or disclose protected health information we receive from you or create or receive on your behalf. Among other permitted uses, we may:
You agree that you will use other persons’ information available on or through this site (whether or not protected health information) strictly in accordance with applicable laws and regulations, and you will ensure that others under your control who have access to such information also comply with applicable laws and regulations. You are solely responsible for obtaining and maintaining all patient consents and authorizations necessary for your use of the site and the systems to which it provides access.
To access your account, you must provide the identifier we provided you. With this information, we can verify your identity and permit you to view data in our system. We log and audit system use in order to ensure that users are using the system appropriately. If we have questions about your use of the system, we may contact you. We may also disclose your identity to others to assist in the investigation of suspected misuse of our systems, and otherwise to ensure the proper operation of our systems.
Altos Health may ask you to participate in use surveys, questionnaires, or polls, to facilitate feedback and input from our users. When you respond to surveys, questionnaires or polls related to our site, this information is collected only as anonymous, aggregated information and is used for statistical purposes.
Each time you visit one of the Sites, Altos Health collects the limited information that your browser makes available whenever you visit any website. Additionally, Altos Health may place internet “cookies” on the computer hard drives of visitors to this website. Information we obtain from cookies helps us to tailor our site to be more helpful and efficient for our visitors. The cookie consists of a unique identifier that does not contain information about you or your health history. We use two types of cookies, “session” cookies and “persistent” cookies.
We will NOT place advertisements of any type on the interface to our services and we will NOT use or disclose to any third party any information that identifies you to enable the third party to market products or services to you directly.
Portions of this site require a valid user name, e-mail address, code or password (or a combination of the foregoing) to access and use services or materials on the site. You are solely responsible for (1) maintaining the strict confidentiality of any user name, e-mail address, code or password (collectively, “User IDs”) assigned to you, (2) not allowing another person to use your User IDs to access the site, (3) any damages or losses that may be incurred or suffered as a result of your failure to maintain the strict confidentiality of your User IDs, and (4) promptly informing Altos Health in writing of any need to deactivate a User ID due to potential or actual security breaches. Altos Health is not liable for any harm related to the theft of your IDs, your disclosure of your User IDs, or your authorization to allow another person or entity to access and use the site using your User IDs. You agree to immediately notify Altos Health in writing of any unauthorized use of any of your User IDs.
We may offer forums for the exchange of information among our users. You agree to assume all responsibility for your use of such forums. In particular, you understand that we do not assure the accuracy, reliability, confidentiality or security of information made available through the use of our forums. You agree not to disclose individually identifiable health information through our forums.
We may provide information to assist you in clinical decision-making. This may include information and reminders concerning lab tests, drug interactions, allergies, dosages, as well as general health-care related information and resources. We may also provide forums for our users to exchange information. The information and materials available through this site are for informational and educational purposes only and are not intended to constitute professional advice, diagnosis or treatment, or to substitute for your professional judgment. Information may be placed on this site by Altos Health and by third parties beyond the control of Altos Health. Altos Health is not responsible for the accuracy or completeness of information available from or through this site. You assume full risk and responsibility for the use of information you obtain from or through this site, and you agree that Altos Health is not responsible or liable for any claim, loss, or liability arising from the use of the information. Altos Health does not recommend or endorse any provider of health care or health-related products, items or services, and the appearance of materials on this site relating to any such products, items or services is not an endorsement or recommendation of them.
You may provide content or material to this site by participating in forums, discussion groups and the like, or by using the site to create custom templates and the like. You agree that any information, material or work product you provide to this site, other than protected health information that identifies a patient or personal information that identifies you, is the exclusive property of Altos Health, and by submitting such content or material you assign to Altos Health, all intellectual property rights in such content or material. Furthermore, you agree that Altos Health may use, disclose, market, license and sell such material or content and that you have no interest in the information, or in the proceeds of any sale, license, or other commercialization thereof. You warrant and agree that any material you provide will not infringe on the intellectual property or other rights of others, and will not be otherwise unlawful, infringing, threatening, libelous, defamatory, obscene, pornographic, or in violation of any law. You should bear in mind that any information you post in a forum or discussion group is available to the public, and may result in your receiving communications from others outside this site. You are responsible for safeguarding the privacy of your and your patients’ personal information when you participate in forums, discussion groups and the like.
This site may provide links to sites operated by third parties. Altos Health has no control over the content of such linked sites and is not responsible for it, or for the effect of your accessing a site through a link on our site. You should assume that any information that does not bear the Altos Health logo is operated by a third party, and you should read the site’s privacy notice before using it.
Any claim relating to the use of this site or the systems or information to which it gives access shall be governed by the internal substantive laws of the State of California.
We have no intention of accepting any information from individuals under the age of 18. If you are not yet 18 years of age, please leave this site immediately. Parents are urged to monitor and supervise their children’s on-line activity. We reserve the right to make changes to our privacy policy at any time without prior notice and to apply the changes to information received by us prior to the effective date of the change. Please be sure to check this page periodically for updates to this policy.
If you have any questions about this Privacy Statement, our policies and practice, your rights under this statement, send an email to support@altos.health, or by U.S. mail at the address below:
Altos Health
Attn: Privacy Officer
2242 Camden Ave., Suite 204
San Jose, CA 95124
(Effective Feb 9, 2022)
This HIPAA Notice of Privacy Practices (the "Notice") is being provided to you by Altos Health, as that entity or its subsidiaries and affiliated entities may be formed and incorporated in your state, and the employees and practitioners that work at such entity and/or for such practices (collectively referred to herein as “We” or “Our”). It contains important information regarding your medical information. You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time. If you received this Notice electronically, you are still entitled to a paper copy of this Notice upon your request. You can request a paper copy of our current Notice from the Privacy Officer at 650.383.4768
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
You have the right to:
You have some choices in the way that we use and share information as we:
We may use and share your information as we:
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
Ask us to correct your medical record
Request confidential communications
Ask us to limit what we use or share
Get a list of those with whom we’ve shared information
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
File a complaint if you feel your rights are violated
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases we never share your information unless you give us written permission:
In the case of fundraising:
We typically use or share your health information in the following ways.
Treat you
We can use your health information and share it with other professionals who are treating you.
Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Run our organization
We can use and share your health information to run our practice, improve your care, and contact you when necessary.
Example: We use health information about you to manage your treatment and services.
Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
Help with public health and safety issues
We can share health information about you for certain situations such as:
Do research
We can use or share your information for health research.
Comply with the law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests
We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests
We can use or share health information about you:
Respond to lawsuits and legal actions
We can share health information about you in response to a court or administrative order, or in response to a subpoena.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
If you have any questions about this Notice of Privacy Practices our policies and practice, your rights under this statement, send an email to support@altos.health, or by U.S. mail at the address below:
Altos Health
Attn: Privacy Officer
2242 Camden Ave., Suite 204
San Jose, CA 95124
Telephone: (650) 383-4768
Altos Health (“we” “our” or “us”), in Conjunction with Health Gorilla, provides access to a personal health record service (the “Patient Portal”) as a service to patients (and their personal representatives), on behalf of the doctors within our Clinical Network, and other healthcare service providers (“Providers”). This Patient Portal User Agreement (this “Agreement”) applies to your use of the Patient Portal. By signing up for, or otherwise obtaining, an account, or by accessing or using the Patient Portal, you are entering into this Agreement and agreeing to be bound by its terms. Please read this Agreement carefully, and do not sign up for an account or use the Patient Portal if you are unwilling or unable to be bound by this Agreement. The Patient Portal is made available on the https://www.healthgorilla.com website, the use of which is governed by the Terms of Use and Privacy Policy. Please review each carefully. In the event of a conflict between the terms of this Agreement and of the Terms of Use or Privacy Policy, the terms of this Agreement control.
The Patient Portal is an internet-based portal that allows your Provider(s) to make certain health information available to you. In addition to your health information, if you have the authority under applicable law to access the health information of another individual, such as your child, that individual’s Provider(s) may, in his or her discretion, grant you access privileges for that individual’s health information through the Patient Portal.
You can request you information through healthgorilla.com and we will forward your request to your selected providers. Access to the Patient Portal may or may not be granted to you by Provider(s) you had selected on healthgorilla.com. Your Providers may also invite you to access Patient Portal. Once invited, you will receive an email inviting you to register an account. To register, you will need to satisfy our identity verification and certification procedures and select a user ID and password. You should safeguard your user ID(s), password(s) and other logon information carefully, and not share them with anyone else. If you believe someone has had unauthorized access to the Patient Portal, please contact us at support@healthgorilla.com.
Your Provider(s) (or the Provider of an individual with respect to whom you are authorized to access his/her health information) is responsible for the information made available to you through the Patient Portal. Because the Patient Portal includes information created by your Provider, such information may contain typographical errors, inaccuracies or omissions. In addition, although the Patient Portal displays certain information from your medical records, it does not necessarily display all information in the health records retained by your Provider. If you think that your medical information displayed in the Patient Portal is inaccurate or incomplete, or if you would like to request a complete copy of your medical record, please contact your Provider directly. Because your Patient Portal includes information that is part of your Provider’s health record about you, you cannot delete such information. You may, however, terminate your access to the Patient Portal by contacting Health Gorilla or your Provider directly. Your Provider also retains the ability to revoke your access to the Patient Portal.
You may be required to pay a non-refundable Processing Fee for each request for information using the Patient Portal. The Processing Fee is charged per each request you make to an individual provider on the Patient Portal. You may elect not to pay the Processing Fee; in this case we will not deliver the information request to the selected Provider. Based on state regulations in which your Provider’s resides, your Provider may charge you an additional Processing Fee. We will notify you in the case additional Processing Fee is required. You may decide not to pay this additional Processing Fee; in this case your records will not be delivered to the Patient Portal. Any additional Processing Fees will be delivered by us directly to the Provider.
We do not control your Provider’s use or disclosure of your health information. Your Provider should give you a notice of privacy practices that describes how he or she uses and discloses health information about you. Your Provider’s ability to disclose your health information for these and similar purposes is restricted by applicable laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), and the regulations adopted thereunder. If you wish to restrict the disclosures that your Provider makes of your health information, please contact your Provider directly.
We, like your Provider, are also subject to laws and regulations, including HIPAA, which govern the use and disclosure of certain personal and health information. We make your Patient Portal available to you on behalf of your Provider, as a “business associate” (as defined by HIPAA) of your Provider, pursuant to our Healthcare Provider User Agreement. Under this agreement, we are prohibited from, among other things, using individually identifiable health information in a manner that your Provider may not. We are also required to, among other things, apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of individually identifiable health information we store and process on behalf of your Providers. To see our Healthcare Provider User Agreement click here, and to specifically review our business associate obligations to Providers who agree to our Healthcare Provider User Agreement, please review Sections 4 and 9 of that agreement.
Although the Patient Portal is made available on the https://www.healthgorilla.com website, this Agreement only applies to the Patient Portal. All other services made available on https://www.healthgorilla.com are covered by the Terms of Use and/or a separate User Agreement (as such term is defined by our Terms of Use).
Without limiting the generality of the foregoing, this Agreement incorporates by reference the following provisions of our Terms of Use with all references to the phrase “our Services” (as such term is defined therein) referring to and including the phrase “the Patient Portal” (as such term is defined in this Agreement): Sections 1.2 through 1.5 and Sections 4.2 through 4.14.
