HSS Policy on General Data Protection Regulation Privacy Disclosure (GPDR): https://www.hss.edu/files/GDPR-Privacy-Disclosures...
The goal of the HSS Web Sites is to provide current and useful information about HSS, our services, our educational and research activities, our physicians, and information for physicians, other health providers, and members of the public in the broad area of musculoskeletal medicine. We therefore need to collect information about our users to understand their interests. We collect two types of information from you, "aggregate and anonymous information" and "personally identifiable information."
Collection of Aggregate and Anonymous Information. Aggregate and anonymous information is information that we collect about users of the HSS Web Sites that cannot be tied back to a specific individual. Each time a user comes to the HSS Web Sites, we collect some information to help us assess what users wish to know. We collect users' IP addresses (for example, whether the user logged on from a .com, .gov, .edu, or other domain), referral data (for example, the address of the last URL a user visited prior to clicking through to the HSS Web Sites), browser and platform type (for example, a Microsoft browser on an Apple platform), and information regarding how frequently our users request or indicate an interest in certain types of information on the HSS Web Sites. We collect this information to improve our content and keep it in line with the needs of our users. We will use this aggregate and anonymous information to direct our efforts to better meet the needs of our users, by analyzing how often users are accessing certain features of the HSS Web Sites.
Collection of Personally Identifiable Information. The HSS Web Sites may also collect personally identifiable information about you, our users, when you visit the HSS Web Sites. We only collect the personal information about you that you provide to us, and we only use that personal information for the purpose of providing information, services, or materials to you that you have requested, unless you specifically consent to (or, if required by applicable law, authorize in writing) other uses of your information. If you register at any of the HSS Web Sites in order to use special services for registered users only, we will require that you provide your name and e-mail address, and may also require that you provide additional information, such as your address, and indicate your affiliation with HSS. We use this information only to improve your experience at the HSS Web Sites and to enable you to maintain and gain access to your specially personalized areas of the HSS Web Sites. Your identifying information will be shared by us with authorized HSS employees and staff, health care providers affiliated with HSS, certain third party vendors who provide services to HSS (as described more fully below), and other third parties as required by applicable law. Your identifying information will not be otherwise shared without your written permission (or, if required by applicable law, authorization). If you are using the HSS Web Sites to register and pay for an educational program, please read "Registration for Education Division Programs Through Authorize.Net®" below. If you are using the HSS Web Sites to make a charitable donation to HSS, please read "Giving to HSS - Online Donations" below.
Other specific instances when we collect personally identifiable information from you through the HSS Web Sites, and how we may use and/or disclose that information in those instances, include:
- Physician Referrals (Through "Request an Appointment"). If you request a physician referral, we will link you to the HSS Physician Referral on-line e-mail "Request an Appointment" page and we will contact you with the name of a physician. The personal information that you are required to submit to us at the "Request an Appointment" page includes your name, street address, e-mail address, telephone number, age, and condition/syndrome and its area/location,; you may also (but are not required to) submit your relationship to the patient (if you are not the patient), whether or not you have had an evaluation or diagnostic testing in the last six months, whether or not you have been told that surgery is needed, and what type of insurance you have.
- Insurance Information. If you use the secure form at https://www.hss.edu/secure/insurance-question-form.asp to contact the HSS Insurance Advisory Service, you will be required to provide your name, email address, and daytime phone, along with stating your insurance-related question. You will also be asked, but not required, to provide your mailing address, information about the type of insurance you have, your insurance identification number, and your date of birth. HSS, through its Insurance Advisory Service, will use the information you provide to serve as a liaison service among you, your insurance carrier(s), and HSS, and to provide information to you regarding your insurance coverage for services at HSS. This means HSS may use the information internally and also disclose it externally to your insurance carrier(s) and persons working on their behalf.
- "Sign up For eNewsletter". When you sign up for our eNewsletter, you will be asked to provide your email address, status (patient, physician or other health care professional, pharma or device industry, or press/media), your zip code, and your country. The email address you provide will be used to send you a free, monthly eNewsletter highlighting new content featured on the HSS Web Sites. If you identify yourself as a physician or other health care professional, you will also be asked for your specialty - this information will be used by HSS for internal tracking purposes. If you identify yourself as a member of the press/media, you will also be asked for your name, address, phone number and affiliation - this information may be used by the HSS Public Relations Department as contact information for future press releases by HSS.
- Registration for Education Division Programs Through Authorize.Net™. If you wish to register for our Education Division programs, including Continuing Medical Education (CME) courses, we will ask that you provide us with certain personal information, including your name, e-mail address, mailing address, and other information as may be required to process the CME certification. When you choose to purchase a course by credit card using this web site, you will be taken to a separate, secure site operated by Authorize.Net™, a third party web site that will process your credit card transaction. You will not be providing your credit card information to the HSS Web Sites. The Authorize.Net™ server sends that data to your credit card's financial institution for authorization. After your card's financial institution responds to Authorize.Net™ with approval of the transaction, the transactions are then batched and sent to a HSS bank account. Your credit card information will be stored on the secured Authorize.Net™ database for access by HSS personnel for six months. HSS will restrict its access to that database to authorized HSS employees and staff who will use the database information solely for purposes of enrollment, administration of enrollment, and the processing of refunds for Education Division programs. You can find more information about Authorize.Net™ and its privacy policies at http://www.authorize.net/™.
- Giving to HSS - Online Donations. If you wish to make an online charitable donation to HSS, you will be taken to a secure area of the HHS Web Sites created using Blackbaud NetCommunity™ software. A secure server sends your credit card data to third-party credit card transaction processing services that will contact your credit card's financial institution for authorization. After your card's financial institution responds with approval of the transaction, the transaction is then batched with other donors' approved transactions and sent to an HSS bank account. The secure server will also send your name, address, email address, and giving history to our Raiser's Edge™ Fundraising database, where it will be stored indefinitely; your credit card number will not be stored in our Raiser's Edge™ Fundraising database. HSS will restrict its access to that database to only a few HSS employees and officers who will use the database information solely for purposes of verifying that Blackbaud is processing the transactions correctly. We retain the other information that we collect in connection with your online donation (your name, address, and giving history), and use that information for our internal operations (including recordkeeping, and analysis and reporting), and also to send you follow-up correspondence and information about HSS.
- "Back in the Game". If you go to http://www.hss.edu/backinthegame/ and click on “Share Your Story”, you will be taken to a fillable form where you will be asked to provide your contact information (name, email address, and phone number), hometown (city, state, and country), age, the name of procedure(s) you had at HSS, and the name of your physician/therapist, and then there is a free-form box for you to tell your story as well as a place for you to submit photos or videos. If you then check a box to specifically authorize HSS to use and disclose information you submit about your HSS experience (including any photo or video that you submit), if HSS accepts your story, we will electronically post it to www.hss.edu and/or HSS social media channels. Patient stories that are accepted will be searchable so that others with similar conditions or injuries can learn more from your story. The fillable form also contains a check box to receive more information from HSS. If that box is checked, you will receive our monthly newsletter and other information from HSS.
Use of "Cookies"
Use of "Email This Article" Feature
If you elect to use the HSS Web Sites to send a friend an article, we ask for your friend's name and email address, and HSS will use that information to automatically send your friend a one-time email containing the article. HSS does not store this information; it is only used to send this one-time email.
Access to Your Own Information/Opt-Out
If you would like to review the personally identifiable information collected about you through the HSS Web Sites, you may send an e-mail to firstname.lastname@example.org or you may send a letter or fax to Director, HSS.edu, Hospital for Special Surgery, 535 East 70th Street, New York, NY 10021, facsimile (212) 774-7240.
Any e-mail that you receive from the HSS Web Sites will also offer the option of removing your name and e-mail address from our mailing lists. If you would like to advise us of changes required in the personal information that you have submitted through the HSS Web Sites, or to remove your e-mail address from any e-mail services on this site to which you have subscribed, you may advise us by e-mail to email@example.com or you may send a letter or fax to Director, HSS.edu, Hospital for Special Surgery, 535 East 70th Street, New York, NY 10021, facsimile (212) 774-7240.
Our Commitment to Children's Privacy
Protecting the privacy of children is very important to HSS. Thus, we never collect or maintain personally identifiable information from anyone we actually know to be under age 13.
Links to Other Sites
The HSS Web Sites use a variety of other measures to maintain the security of your personal information. Protocols have been developed to comply with the security requirements of government agencies and commercial organizations.
All personally identifiable information supplied by you through the HSS Webs Sites is kept within our secured network and, other than as set forth above in connection with limited use by Authorize.Net® and Blackbaud® NetCommunity, access to your information is limited to authorized HSS employees, staff and affiliated health care providers.
The HSS Web Sites are carefully secured to preserve the privacy of your personal information. However, please remember that no transmission of data over the Internet or any wireless network (for example, a WiFi Hotspot in a coffee shop or airport) can be guaranteed to be 100% secure. In addition, our security is dependent upon your efforts to protect the security of any computer you use to access the HSS Web Sites, including any wireless network you use, and also the confidentiality of the password you use to access the areas of the HSS Web Sites that require you to register and log-in. As a result, while we strive to protect your personal information, the HSS Web Sites cannot guarantee the absolute security of any information that you transmit to us or receive from us, and you therefore agree to use the HSS Web Sites at your own risk. Once we receive your transmission, we do make reasonable efforts to ensure its security on our systems. All personally identifiable information about you that HSS creates, receives, stores, or transmits is covered by our privacy and security policies.
We take steps to help protect the integrity of any credit card information you submit to and through the HSS Web Sites. As noted above, we use Authorize.Net™ to facilitate confidential online business transactions if you enroll in an Education Division program. When linking through the HSS Web Sites to make Education program enrollment payments, your credit card information is encrypted using secure socket layer (SSL) technology and sent to the Authorize.Net® server. Authorize.Net® uses security technologies to facilitate secure on-line transactions and to protect your credit card information when it transfers it to the appropriate financial institutions. Access to the Authorize.Net® database by designated HSS employees and officers is limited, through the use of restricted passwords. For more information about Authorize.Net® and its security policies, please visit that company's web site at http://www.authorize.net/.
As noted above, we use Blackbaud® NetCommunity to facilitate online credit card transactions if you wish to make a gift to HSS through the HSS Web Sites. When linking through the HSS Web Sites to make online charitable donations, your credit card information is encrypted using SSL technology and sent to the Blackbaud® NetCommunity server. Blackbaud® and its third-party credit card transaction processing services use security technologies to facilitate secure on-line transactions and to protect your credit card information when they transfer such information to the appropriate financial institutions. For more information about Blackbaud® and its security policies, please visit its web site at http://www.blackbaud.com/. HSS does not have access to any information maintained by Blackbaud®.
Although we make efforts to preserve user privacy, we may need to disclose personal information when required by law or when we have a good faith belief that such action is necessary to comply with a judicial proceeding, a court order, or other legal process. In addition, we reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful, and to release to such agencies information about users of the HSS Web Sites who we reasonably believe to be engaged in or involved with such activities.
Finally, in the unlikely event that HSS is (or all or substantially all of our assets are) acquired by a third party, merges with a third party, or is bankrupt or ceases operations and dissolves, you should expect that any information you submitted through the HSS Web Sites will be transferred to a third party.
Changes to this Policy
If we would like to make any substantial change in connection with use of any personally identifiable information that we have already collected from you through the HSS Web Sites, then we will contact you by e-mail to give you the option to accept or decline the proposed change in use of the personal information that we collected from you.