Revised April 5, 2011.
We understand your health information is a personal matter. This Policy is intended to explain, in plain English, what information we collect to make our services meaningful and useful to you. We also detail below how we handle and protect your health information.
Ultimately, to the extent that you have sensitive health information that you do not wanted shared with others, we ask that you not share your health information with us.
This Policy is intended to address the following:
NAPT is Not a HIPAA Covered Entity or a Business Associate
NAPT is not regulated by the Privacy and Security Rules applicable to “covered entities,” as defined at 45 C.F.R. § 160.103, under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This is because NAPT does not store data on behalf of health care providers/payors, rather our primary relationship is with you the user.
Information Collection and Use
NAPT does not collect personal information on the site. Website statistical data is collected at the server level using Smarter Stats and through the website using Google Analytics. This statistical data tells us how visitors find the site, how they explore it, and gives us clues on how we can enhance the visitors' experience. Through this data we also learn which areas of the website receive the most visitors and it alerts us to areas that may need improvement.
Disclosure of Your Personal Information
Unless we receive your explicit permission, NAPT will not sell, rent, or share your sensitive health information or other personal information to or with any third party not affiliated with or owned by NAPT, with the following exceptions:
NAPT may provide to third parties non-personal Aggregate Information about you in a profile that does not allow you to be identified or contacted and that is combined with the non-personal information of other users. For example, we might inform third parties regarding the number of users of our website and the services they utilize while on our website. We also may not limit the third parties’ use of the Aggregate Information, except that we do require third parties to whom we disclose Aggregate Information to agree that they will not attempt to make this information personally identifiable by combining it with other databases or otherwise.
Disclosure of Personal Information As Required By Law.
We will disclose information considered PHI under HIPAA or other personal information when required by law, or if we have a good-faith belief that such action is necessary to (a) comply with a current judicial proceeding, a court order or legal process served on us, (b) protect and defend our rights, (c) protect the rights, property, and other interests of our users or others, or (d) if necessary to avert a serious threat to a user’s or another’s health or safety.
Business Structure Transitions.
We delegate the task of physically safeguarding the majority of data to our out-sourced data center. In addition whenever when you transmit information over the Internet we cannot completely ensure the privacy of e-mail communications to and from our Site because they are not encrypted and, therefore, not secure. Given the nature of the Internet and the fact that network security measures are not infallible, we cannot guarantee the security of your information. If you have any questions about the security at our Site, you can send a message to firstname.lastname@example.org
Correcting, Updating, and Deleting Personal Information
Users are able to self-administer key privacy settings via the website in order to keep their personal health information and other personal information private. You can always contact us in order to delete any of your personal information from our systems (which may result in a termination of service) or if your Personal Information on the website is incorrect. We will make the requested correction or deletion within five (5) business days.
Notification of Changes