Collecting User Information
As you navigate our website, we may collect some information about you. We do not collect personal information unless you voluntarily provide it to us. By “personal information” we mean Data that is unique to an individual, such as a name, address, or telephone number. Any information we collect is used solely for the purpose stated on the page where it is collected.
In some case (and in all cases where it is required by law or regulation), you will be able to update the information that you provide to us via a secure method of communications, where you have established personal profiles with us, by updating your profile online. Please refer to the specific pages where data is collected for more information.
From time to time, we may request personal information from you at our Website in order to deliver requested materials to you or respond to your questions.
We may use what is known as “cookie” technology to collect certain information that does not identify you personally but provides our software with information needed to facilitate your use of the Site, as well as “usage data” that helps us to recognize repeat users, track usage patterns and identify which pages are visited often. We use this information to help us analyze and improve the usefulness of the information we provide as well as to better serve you when you return to our website. At any time, you may choose to block or disable cookies directly through your browser settings; however, doing so may limit the features of the Site.
The site is not intended for use by minors under the age of 13, unless under the direct supervision of an adult.
Sharing User Information
Mana Health will not sell, license, transmit or disclose your information outside of Mana Health and its affiliated companies unless such disclosure is: (i) expressly authorized by you, (ii) necessary to enable Mana Health contractors or agents to perform certain functions on our behalf, or (iii) required or permitted by law. In all cases we will disclose the information consistent with applicable laws and regulations and we will require that the recipient protects the information and uses it only for the purpose it was provided. Any information you choose to share in public forums—including Mana Health’s Facebook, Twitter, or LinkedIn pages—cannot in any way be kept private. It is advised you think carefully about which information you choose to share in our public forums, as others can access this information and use it for
purposes outside of Mana Health’s purview.
Mana Health may use anonymized data to perform statistical inferences on health and medical trends to help make the site better for you. Your personally-identifiable information will not be linked to this data, which will be de-identified in accordance with §164.502(d) of the HIPAA Privacy Rule.
We welcome your comments or questions about our Website and have provided a secure contact us functionality for that purpose. We will share your comments and questions with our customer service representatives and those employees most capable of addressing your questions and concerns. Unencrypted communications, such as e-mail or telephone calls, may potentially be accessed and viewed by others, without your (or our) knowledge and permission, while in transit to us. Mana Health cannot guarantee the privacy or security of information shared via e-mail or other means not specifically designed for sensitive information exchange. Please do not include any confidential information, such as private health information or social security numbers, within your e-mail message or within any other unsecured method of correspondence.
Mana Health will not use your email address for marketing purposes or to send you spam. While we do offer various newsletters, reminders, and bulletins, you may customize which correspondence you wish to receive and at the frequency at which you receive it. You can manage your subscription settings from your Portal dashboard, or by contacting firstname.lastname@example.org.
Links to other sites
Our website may contain links to other sites not owned or controlled by Mana Health. Please review carefully the privacy policies of those sites before volunteering any personal information. We are not responsible for nor can we control the privacy practices of any other websites. Links to non-Mana Health websites do not constitute or imply endorsement by Mana Health of these websites, any products or services described on these sites, or of any other material contained in them.
You will be able to view, edit and update your profile information online whenever needed. You can choose which personal information you share with us, and may opt at any time to remove personal information. However, the removal of personal information may limit the functionality of Site features that rely on this information. Additionally, as a user you have the option to cancel your account, and can contact us via email@example.com to request deactivation of your account.
Mana Health is Not a Healthcare Provider and Cannot Offer Medical Advice
Mana Health receives your personal health data from your doctors’ records, and at no time is directly involved in the diagnosis, treatment, or provision of care or advice for your medical conditions. The Site may display supplementary material about conditions, medications, procedures, testing, and/or health trends derived from reputable external sources. This supplemental material is intended only to enrich your understanding and should not replace medical advice. Mana Health cannot provide individual advice or counseling, whether medical, legal, or otherwise. If you are seeking specific advice or counseling, you should contact a licensed practitioner or professional, a social services agency representative, or an organization in your local community. In case of an emergency, contact your healthcare provider or emergency medical services (911) immediately.
Discrepancies in Data
While Mana Health makes every effort to provide accurate and reliable information, it does not guarantee or warrant that the data on its systems are complete, accurate or up-to-date. The data displayed on this site is provided to Mana Health by your health care providers, Mana Health is not responsible for any discrepancies and incompleteness of the information. For any concerns please contact your healthcare provider directly. Information on how to contact your provider for data issues can
be found in the Information section of the portal.
Security and Safeguards
At Mana, we believe in transparency and integrity when it comes to your health information, and we Mana Health has adopted and adheres to stringent security standards designed to protect nonpublic personal information against accidental loss, misuse, unauthorized access and disclosure. Among the safeguards that Mana Health has developed for this site are administrative, physical and technical barriers that together form a comprehensive set of controls to ensure the confidentiality, integrity, and reliable availability of information stored on our systems.
To protect the confidentiality of information and/or electronic data including Protected Health Information as defined by HIPAA Privacy Rule 45 CFR Part 164 (collectively, “Data”), Mana Health utilizes the following physical and electronic safeguards;
- Authentication and Passwords
A valid user ID and password is required for online access to enter the application systems and/or access Data maintained in our online application systems. It is your responsibility to maintain the confidentiality of your username, password, and account. It is advised that you not share your log in information with anyone else, and that you fully log out of the Site and close your browser when you are done using it. It is also advised that you not access your account on a shared or public computer. You may not access another user’s account without their express permission. If you suspect your account has been compromised, it is your responsibility to notify Mana Health support immediately at firstname.lastname@example.org. Mana Health will not be held liable for any losses you incur due to someone else accessing your account, either with or without your knowledge.
Under no circumstances will we ever ask you to disclose your password to us. If you receive communication that appears to be from Mana Health and requests your password, please inform us immediately at email@example.com.
- Internet Security and Encryption
We utilize industry-standard technical controls to protect Data from unauthorized external access. Communication between your browser and our servers is secured with Transport Layer Security (TLS, also sometimes called SSL), using a combination of digital certificates and bulk data encryption to prevent unauthorized parties from intercepting or altering transmitted data. Data is protected from unauthorized external access through the use of proxy servers and firewalls. Despite these measures, the Internet is not a 100% secure environment. As such, you assume the risk and liability of transmitting your protected health information via online media. Mana Health requests that you never send confidential information through unencrypted messaging, such as email, chat, or text message communication. If we become aware that your personal information has been accessed in an unapproved fashion, we will take steps to notify you about the extent and nature of this access as soon as permitted by legal and regulatory compliance.
We restrict access to Data only to authorized personnel. Our controls limit access to a client’s data to those specific personnel with a legitimate need for that access. We impose policy and technical controls upon individuals authorized to access electronic Data in order to prevent illegitimate access to and/or modification of Data.
Mana Health employees are only granted access to the minimum amount of Data needed to provide you with the patient portal service. All employees are trained in HIPAA policies and best practices, to ensure your Data is being handled according to Federally-mandated standards.
- Physical Security
The physical environment of computer systems containing Data is highly secured. Data center security controls have been formally (and successfully) evaluated for compliance with the widely-used SSAE 16 and ISAE 3402 standards, as well as ISO 27001. As part of these evaluations, the data centers have been shown to have robust physical, environmental, and personnel security practices appropriate for protection of highly sensitive information.