2. Allscripts background
Allscripts is a leader in healthcare information technology solutions that advance clinical, financial and operational results. Our innovative solutions connect people, places and data across an Open, Connected Community of Health™. Connectivity empowers caregivers to change what’s possible in care delivery and the health of entire patient populations.
Allscripts is a global corporation based in the United States with international offices, employees, and operations. You can find information on how to contact us below in Section 14, and you can find a listing of our office locations here. Throughout this Privacy Statement, “Allscripts” refers to Allscripts Healthcare, LLC, including its affiliated companies and subsidiaries (also referred to as “we” and “us”). Many of the services which Allscripts provides to its clients are provided as a processor, which means that the client remains primarily responsible for your information. In these instances, we may redirect any inquiries about our use of your information to the client.
3. Information we collect
Our primary goal in collecting personal data from you is to give you a meaningful, enjoyable and customized experience while using our Allscripts websites and to enable us to develop new products and services relevant to visitors like you. Personal data also allows us to provide services and features that most likely meet your needs, and to customize our service to make your online experience smooth and efficient.
- To provide access to certain information on our websites, we need to collect certain personal data that identifies you, your e-mail address and your mailing address. Visitors may also be asked to select a user ID and password. If you opt to not provide your personal data, you can still access our websites; however, you may be unable to gain access to certain information.
Aggregate and statistical data
4. Sensitive information
We will not collect sensitive information through our websites unless it is required. We ask that you not send us or share any sensitive Personal Data (e.g., government-issued or financial account numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, genetic or biometric data, criminal background or trade union membership) unless we specifically request this information.
5. Children's information
The Allscripts website is not directed to minors. If you believe that we have mistakenly or unintentionally collected Personal Data of a minor through our website without appropriate consent, please notify us as detailed in our Contact Information section below so that we may immediately delete the information from our servers and make any other necessary corrections.
6. How we use your information
- We use personal data about you to improve our marketing and promotional efforts; to statistically analyze site usage; to improve our content and product offerings; and to customize our sites' content, layout and services. We may also use your personal data to deliver information to you that, in some cases, is targeted to your interests, new services and promotions. We believe these uses allow us to improve our site and better tailor it to meet our visitors' needs. Allscripts may combine non-personal data collected automatically (e.g., through web log data) with your previously submitted personal data.
Aggregate and statistical data
- Allscripts uses web log information (such as your web browser, operating system, pages visited, etc.) to help us design our website, to identify popular features, and for other managerial purposes. However, if necessary, web logs may be used to help identify any person attempting to break into or damage our website. We may share web log information with law enforcement agencies if we believe that we have evidence of a violation of computer security or related laws.
7. Legal basis of processing
We collect and process (i.e., use) personal data about you where we have lawful bases. In a majority of the cases, processing will be justified on the basis of:
- In specific situations, we can collect and process your data with your consent.
- When collecting your personal data, we will make clear to you which data is necessary in connection with a particular service.
- In certain circumstances, we need customers’ personal data to comply with our contractual obligations.
- If the law requires us to, we may need to collect and process your data.
- In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially affect your rights, freedom or interests.
8. How We protect your information
Allscripts is committed to keeping the data you provide us secure and will take reasonable precautions to protect your personal data from loss, misuse or alteration. Vendors, contractors or partners of Allscripts who have access to your personal data in connection with providing services for Allscripts are required to keep the information confidential and are not permitted to use this information for any other purpose than to carry out the services they are performing for us. When necessary, we use secure connections on our websites to protect information during its transmission. Access to your personal data is password-protected and we regularly monitor our system for possible vulnerabilities and attacks.
9. How long will we retain your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected. At the end of that retention period, your data will either be deleted completely or anonymized. (For example, through aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.)
10. How we may share your data
Except as stated below, we will not share, trade or sell personal data from our visitors for use by any business. However, aggregated and statistical data from our visitors may be shared with our partners in a manner that does not identify the specific visitor personally. For example, we may let a partner know that approximately "75% of our visitors use high speed connections or access our site after 7pm." We may share personal data with service providers or contractors that perform services for us and act at our direction. The services they provide may include activities such as, direct mailing, fulfillment services or e-mail campaigns. When you have agreed to receive such services, we also may share personal data with our business partners that provide joint offerings with us. When we do so, such business partners are restricted in using your data to provide the services you’ve agreed to.
Allscripts may share your personal data with any person or company that acquires Allscripts business or any portion of the Allscripts business to which your personal data relates. Allscripts will ensure that any person or company to which your personal data is transferred agrees to abide by the same privacy obligations as Allscripts. Allscripts also reserves the right to share personal data to respond to duly authorized information requests of governmental authorities or where required by law. We may also share personal data in responding to requests from law enforcement officials, government bodies or judicial authorities to address matters of personal or public safety, national security, litigation, investigations (including data security incident investigations) and other legal matters where the data is pertinent.
11. Cross-border data transfers
Allscripts operates international offices and has developed global data privacy and security practices designed to ensure that your personal data is appropriately handled and protected. Please note that personal data may be transferred, accessed and stored globally as necessary for the uses and disclosures stated above in accordance with this policy. By providing your personal data to Allscripts, you consent to Allscripts transferring your personal data to its affiliates globally and to third-party entities that provide services to Allscripts.
In the event that an individual satisfies the pre-arbitration requirements specified at Annex I Part C of the EU – U.S. Privacy Shield Framework Principles, EU residents may invoke binding arbitration at no cost to the individual pursuant to procedures in Annex I of the EU – U.S. Privacy Shield Framework Principles found here: https://www.privacyshield.gov/EU-US-Framework. With respect to its commitment to the Privacy Shield, Allscripts is subject to the investigatory and enforcement authority of the Federal Trade Commission. Allscripts will be responsible for ensuring that the principles of the U.S. – EU Privacy Shield are honored and may be liable if the third party fails to meet those obligations.
12. Third-party websites
Our websites may provide, or third parties may provide, links to other websites or resources. This Policy applies only to our websites. It does not apply to services offered by third parties, including websites and other online services to which our websites may display links. When you click on such links, you may be visiting websites or interactive services operated by third parties, who have their own information collection practices. We do not have control over how any third party collects or uses information, so we recommend that you review their privacy policies to learn of their practices.
13. What are your rights over your personal data?
If you are a resident of the EEA, subject to certain exemptions, the processing activity and jurisdiction:
You have the right to:
- Access to the personal data we hold about you, free of charge in most cases. You can access your account information by logging in to your account. If you request access to additional personal data, you can contact us at the information below.
- Correct your personal data when it is incorrect, out of date or incomplete. You can correct your account information by logging into your account. If you would like to request correction of additional personal data, you can contact us at the information below.
- Request that we stop using your personal data for direct marketing (either through specific channels, or all channels).
- Request hat we stop any consent-based processing of your personal data after you withdraw that consent.
Allscripts does not currently engage in activities in which decisions are made that are solely based on automatic processing of data (e.g., where no human has yet reviewed the outcome and criteria for the decision); however, to the extent that Allscripts begins to engage in this type of processing, you may request a review of any decision that is made in this manner.
You can send us a request to exercise these rights and access, correct or remove your personal data by contacting us at any time at DataProtectionOfficer@allscripts.com. If you send us a written request to access, correct or remove your personal data or to remove yourself from a database, we will respond to your request within 30 days.
Your right to withdraw consent:
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
- Where we rely on our legitimate interest.
- In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
- We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Your right to object to direct marketing
- You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels.
- You may opt out of email marketing by using our general unsubscribe automated link that is included in Allscripts marketing emails.
Checking your identity
- If you authorize a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
14. Contact information
If you have any questions that we have not answered, please contact our Data Protection Officer who will be pleased to help you:
- Email us at Privacy@allscripts.com
- Or write to us at:
Attn: Privacy Officer
222 Merchandise Mart Plaza, Suite 2024
Chicago, Illinois 60654
Allscripts has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, JAMS. This service is provided free of charge to you. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Additionally, if you feel that your data has not been handled correctly, and your complaint involves human resources data transferred to the US from the EU in the context of the employment relationship, Allscripts is committed to cooperating with the panel established by the EU data protection authorities (DPA Panel), as applicable and to comply with the advice given by the DPA panel and/or Commissioner, as applicable with regard to such human resources data. To pursue an unresolved human resources complaint, you should contact the state or national data protection or labor authority in the appropriate jurisdiction. Contact details for the EU data protection authorities can be found here.
Discover how, together, we can expand the possibilities at your own organization today—all through the power of Allscripts partnership, solutions and services.