Region: 

Privacy Policy

1. Introduction

Allscripts respects the privacy of every person who visits our websites. This Privacy Policy outlines the information Allscripts will collect and how we will use that information. This statement will also tell you how you can verify the accuracy of your personal data submitted to Allscripts through our websites via computers, smart phones and other mobile devices, and how you can request that we delete or update your personal data. We have developed our privacy policy from industry guidelines and standards, and national laws and requirements. This Privacy Statement highlights our strong commitment to protect your privacy. Thanks again for placing your trust in Allscripts.

2. What is Allscripts

Allscripts is a leader in healthcare information technology solutions that advance clinical, financial and operational results. Our innovative solutions connect people, places and data across an Open, Connected Community of Health™. Connectivity empowers caregivers to make better decisions and deliver better care for healthier populations.

Allscripts is a global corporation based in the United States with international offices, employees, and operations. You can find information on how to contact us below in Section 14, and you can find a listing of our office locations here. Throughout this Privacy Statement, “Allscripts” refers to Allscripts Healthcare, LLC, including its affiliated companies and subsidiaries (also referred to as “we” and “us”). Many of the services which Allscripts provides to its clients are provided as a processor, which means that the client remains primarily responsible for your information. In these instances, we may redirect any inquiries about our use of your information to the client.

3. Information We Collect

Allscripts’ primary goal in collecting personal data from you is to give you a meaningful, enjoyable and customized experience while using our websites and to allow us to develop new products and services that are relevant to visitors like you. Personal data also allows us to provide services and features that most likely meet your needs, and to customize our service to make your online experience smooth and efficient.

Personal Data

  • To provide access to certain information on our websites, we need to collect certain personal data identifying who you are, your e-mail address and your mailing address. Visitors may also be asked to select a user ID and password. If you opt not to provide your personal data, you can still access our websites; however, you may be unable to gain access to certain information.

Aggregate and Statistical Data

  • Allscripts may collect certain aggregate data called web log information (such as your web browser, operating system, pages visited, mobile device information if applicable, etc.) and use cookies when you visit sites. For instance, when you visit one of our sites, our web server will automatically recognize some non-personal data, including but not limited to the date and time you visited our site, the pages you visited, the referrer (the website you came from), the type of browser you are using (e.g. Internet Explorer, Mozilla), the type of operating system you are using (e.g., Windows or Mac OS), and the domain name and address of your Internet service provider. Neither the web log information nor cookies collect any personal data. They do not contain personal data, such as your name or e-mail address, and in no way are used to identify our users. You can find out more about our cookies here.

4. Sensitive Information

We will not collect sensitive information through our websites unless it is required. We ask that you not send us or share any sensitive Personal Data (e.g., government-issued or financial account numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic, or biometric data, criminal background or trade union membership) unless we specifically request this information.

5. Children's Information

Allscripts’ website is not directed to minors. If you believe that we have mistakenly or unintentionally collected Personal Data of a minor through our website without appropriate consent, please notify us as detailed in our Contact Information section below so that we may immediately delete the information from our servers and make any other necessary corrections.

6. How We Use Your Information

Personal Data

  • We use personal data about you to improve our marketing and promotional efforts; to statistically analyze site usage; to improve our content and product offerings; and to customize our sites' content, layout and services. We may also use your personal data to deliver information to you that, in some cases, is targeted to your interests, new services and promotions. We believe these uses allow us to improve our site and better tailor it to meet our visitors' needs. Allscripts may combine non-personal data collected automatically (e.g., through web log data) with your previously submitted personal data.

Aggregate and Statistical Data

  • Allscripts uses web log information (such as your web browser, operating system, pages visited, etc.) to help us design our website, to identify popular features, and for other managerial purposes. However, web logs may be used if necessary to help identify any person attempting to break into or damage our website. We may share web log information with law enforcement agencies if we believe that we have evidence of a violation of computer security or related laws.

7. Legal Basis of Processing

We collect and process (i.e. use) personal data about you where we have lawful bases. In a majority of the cases, processing will be justified on the basis of:

Consent

  • In specific situations, we can collect and process your data with your consent.
  • When collecting your personal data, we will make clear to you which data is necessary in connection with a particular service.

Contractual obligations

  • In certain circumstances, we need customers’ personal data to comply with our contractual obligations.

Legal compliance

  • If the law requires us to, we may need to collect and process your data.

Legitimate interest

  • In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

8. How We Protect Your Information

Allscripts is committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration. Vendors, contractors, or partners of Allscripts who have access to your personal data in connection with providing services for Allscripts are required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for us. When necessary, we use secure connections on our web sites to protect information during its transmission. Access to your personal data is password-protected and we regularly monitor our system for possible vulnerabilities and attacks.

9. How Long Will We Retain Your Personal Data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymized, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

10. How We May Share Your Data

Except as stated below, we will not share, trade or sell personal data of our visitors for use by any business. However, aggregated and statistical data from our visitors may be shared with our partners in a manner that does not identify you personally. For example, we may let a partner know that approximately "75% of our visitors use high speed connections or access our site after 7pm." We may share personal data with service providers or contractors that perform services for us and act at our direction. The services they provide may include such activities as direct mailing, fulfillment services, or e-mail campaigns. When you have agreed to receive such services, we also may share personal data with our business partners that provide joint offerings with us. When we do so, such business partners are restricted in using your data to provide the services you’ve agreed to.

Allscripts may share your personal data with any person or company that acquires Allscripts’ business or any portion of the Allscripts business to which your personal data relates. Allscripts will ensure that any person or company to which your personal data is transferred agrees to abide by the same privacy obligations as Allscripts. Allscripts also reserves the right to share personal data to respond to duly authorized information requests of governmental authorities or where required by law. We may also share personal data in responding to requests from law enforcement officials, government bodies or judicial authorities to address matters of personal or public safety, national security, litigation, investigations (including data security incident investigations), and other legal matters where the data is pertinent.

11. Cross-Border Data Transfers

Allscripts operates international offices and has developed global data privacy and security practices designed to ensure that your personal data is appropriately handled and protected. Please note that personal data may be transferred, accessed and stored globally as necessary for the uses and disclosures stated above in accordance with this policy. By providing your personal data to Allscripts you consent to Allscripts transferring your personal data to its affiliates globally and to third party entities that provide services to Allscripts.

Allscripts adheres to the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce and publicly certifies that it complies with the Privacy Shield Principles. Allscripts has implemented appropriate safeguards for transfers of personal data originating from the European Economic Area (“EEA”) to Allscripts affiliates and unaffiliated third parties located outside the EEA. Allscripts complies with the Privacy Shield Frameworks Principles for onward transfers of personal information obtained from the EU, including the onward transfer liability provisions. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.

In the event that an individual satisfies the pre-arbitration requirements specified at Annex I Part C of the EU – U.S. Privacy Shield Framework Principles, EU residents may invoke binding arbitration at no cost to the individual pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework. With respect to its commitment to the Privacy Shield, Allscripts is subject to the investigatory and enforcement authority of the Federal Trade Commission. Allscripts will be responsible for ensuring that the principles of the U.S. – EU Privacy Shield are honored and may be liable if the third party fails to meet those obligations.

12. Third Party Websites

Our websites may provide, or third parties may provide, links to other World Wide Web sites or resources. This Policy applies only to our websites. It does not apply to services offered by third parties, including websites and other online services to which our websites may display links. When you click on such links, you may be visiting websites or interactive services operated by third parties, who have their own information collection practices. We do not have control over how any third party collects or uses information, so we recommend that you review their privacy policies to learn of their practices.

13. What Are Your Rights Over Your Personal Data?

If you are a resident of the EEA, subject to certain exemptions, the processing activity and jurisdiction:

You have the right to:

  • Access to the personal data we hold about you, free of charge in most cases. You can access your account information by logging in to your account. If you request access to additional personal data, you can contact us at the information below.
  • The correction of your personal data when it is incorrect, out of date or incomplete. You can correct your account information by logging in to your account. If you would like to request correction of additional personal data, you can contact us at the information below.
  • That we stop using your personal data for direct marketing (either through specific channels, or all channels).
  • That we stop any consent-based processing of your personal data after you withdraw that consent.
  • Allscripts does not currently engage in activities in which decisions are made that are solely based on automatic processing of data (i.e. where no human has yet reviewed the outcome and criteria for the decision); however, to the extent that Allscripts begins to engage in this type of processing, you may request a review of any decision that is made in this manner.

You can send us a request to exercise these rights and access, correct, or remove your personal data by contacting us at any time at DataProtectionOfficer@allscripts.com. If you send us a written request to access, correct, or remove your personal data or to remove yourself from a database, we will respond to your request within 30 days.

Your right to withdraw consent:

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

  • Where we rely on our legitimate interest
  • In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
  • We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data

Your Right to Object to Direct Marketing

  • You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels.
  • You may opt out of e-mail marketing by using our general unsubscribe automated link that is included in Allscripts’ marketing e-mails.

Checking your identity

  • To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy.
  • If you have authorized a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

14. Contact Information

We hope this Privacy Policy has been helpful in explaining how we handle your personal data and your rights to control it.

If you have any questions that we have not answered, please contact our Data Protection Officer who will be pleased to help you:

  • Email us at Privacy@allscripts.com
  • Or write to us at:

Allscripts
Attn: Privacy Officer
222 Merchandise Mart Plaza Suite 2024
Chicago, Illinois  60654

If you are based in the EEA, you may email our Data Protection Officer at dataprotectionofficer@allscripts.com. If you have any complaints regarding our compliance with this Privacy Policy, you should first contact Allscripts at the contact information listed above. Allscripts will investigate and attempt to resolve complaints and disputes regarding collection, use, and disclosure of personal data in accordance with this Privacy Policy.

Allscripts has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS. This service is provided free of charge to you. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Additionally, if feel that your data has not been handled correctly, and your complaint involves human resources data transferred to the US from the EU in the context of the employment relationship, Allscripts is committed to cooperating with the panel established by the EU data protection authorities (DPA Panel), as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found here.

15. Updates

We may update this Privacy Policy from time to time. When we update this Privacy Policy, we will post the changes on our website and applications. We encourage you to check this Privacy Policy regularly for changes. If we make any material changes to this Privacy Policy we will notify you before they take effect either through the Site or Application or by sending you a notification. Unless otherwise noted, any changes we make to this Privacy Policy will become effective immediately once posted on this page. Please see the effective date noted below for the latest revision date. Your continued use of the Services following any changes to this Privacy Policy indicates your consent to the practices described in the revised Privacy Policy.

Date of Last Update: October 2, 2018

What can we do for you?