Effective date: 10/21/20
This page is used to inform our customers regarding our policies with the collection, use, and disclosure of personal information that you provide when you use our Service, and other information that is collected from your use of the Service. You should check this page often to ensure that you are aware of any changes to our policy.
Under the Health Insurance Portability and Accountability Act (HIPAA), Tonic is a “business associate” of its healthcare provider customers, which means that Tonic is an individual or entity that is not a member of the “covered entity’s” (i.e., the healthcare provider’s) workforce, and performs certain functions involving the use or disclosure of protected health information (PHI) on behalf of the covered entity. As a business associate, Tonic is subject to all applicable HIPAA privacy and security requirements.
Information Collection and Use
We use the information gathered to provide you with a better product and service. Uses include:
- Internal record keeping
- Improve our products and services
- Customize our service according to your interests
- Provide information to third party partners that improve the product you use
We never sell or rent your Personal Information.
We want to inform you that whenever you use our Service, we collect data and information (through third party products) on the Apps and Website called Log Data. This Log Data may include information such as the device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the Apps when utilizing our Service, the time and date of your use of the Service, and other statistics. When you use our Website, the Log Data also may include information such as the domain from which you access the Website, the type of browser you use and the pages or screens that you viewed. All Log Data are stored securely, and may only be accessed by Tonic employees or designees on a need-to-know basis for a specific purpose. Tonic uses Log Data to help us design our Website and the Apps, to identify popular features, to resolve user, hardware, and software problems, to make the Website and the Apps more useful to users and for security purposes.
Cookies are files with a small amount of data that are commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your device’s internal memory or computer’s hard drive.
Our Website may use these “cookies” to collection information and to improve our Service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our Service;
- To provide the Service on our behalf;
- To perform Service-related services; or
- To assist us in analyzing how our Service is used.
We want to inform our Service users that these third parties have access to your Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose including marketing, advertising, or other use-based data mining purposes other than improving health management or for the purpose of health research (only with permission.)
Before any health-related patient research studies that we perform, we first obtain consent from participants or, in the case of minors, their parent or guardian. Such consent includes the (a) nature, purpose, and duration of the research; (b) procedures, risks, and benefits to the participant; (c) information about confidentiality and handling of data (including any sharing with third parties); (d) a point of contact for participant questions; and (e) the withdrawal process.
We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. The Website and the Apps have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control both during transmission and once the information is received. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the “Contact Us” section below or by emailing PX-Security@R1RCM.com.
With respect to PHI, Tonic puts the following safeguards in place to ensure security of your data:
- Tonic does not sell, rent, disclose or use PHI without patient authorization or unless permitted or required by law.
- PHI is secured through password protection and can only be accessed by authorized users within the healthcare practice.
- PHI is firewall-protected and under electronic surveillance 24 hours a day, seven days a week.
- PHI is only temporarily stored on Tonic tablets until submitted and then it is immediately deleted. All temporarily stored data is encrypted so that if a session ends unexpectedly, or if a tablet is lost or stolen, no PHI can be accessed.
- PHI transmitted between the Tonic platform and Tonic’s data centers is protected using industry-standard TLS (256-bit AES keys).
- Patient data is stored in a highly-secured data center, protected by multi-layer protocols. This means:
- The servers that house the data are stored in a secured building with multiple layers of physical security.
- At the network level, these servers are placed in a secure subnet protected by firewalls.
- Front-end servers and database servers are on physically different networks and have limited connectivity.
- The security of all server networks is monitored by an intrusion detection system that is staffed 24/7 by trained security professionals.
- Within the database server, data is stored in an encrypted form.
- Patient data is stored using AES 256-bit encryption.
Tonic is SOC compliant and ISO 72001 and FIPS 140 compliant.
We are committed to protecting the privacy of the data and Personal Information you transmit through the Service. We restrict access to your personally identifiable information to only those employees who need to know that information in order to provide benefits or services to you. In addition, we train our employees on the importance of confidentiality and maintaining the privacy and security of your information.
Links to Other Sites