The OneHealth website contains links to other sites. Once you enter another Web site (whether through an advertisement, service, or content link), be aware that OneHealth is not responsible for the privacy practices of these other sites. We encourage you to look for and review the privacy statements of each and every Web site that you visit through a link or advertisement on OneHealth’s website.
Part 2: Non-Personal Information We Collect About You
Even if you do not register with OneHealth, we collect Non-Personal Information about your use of our
OneHealth Web site, special promotions and newsletters.
We also may use Web Beacons to collect Non-Personal Information about your use of our Web site and the Web sites of selected sponsors and advertisers, and your use of special promotions or newsletters. The information collected by Web Beacons (i) allows us to statistically monitor how many people are using our website and selected sponsors’ and advertisers’ sites, (ii) how many people open our emails, and (iii) for what purposes these actions are being taken. Our Web Beacons are not used to track your activity outside of our Web sites or those of our sponsors’. We do not link Non-Personal Information from Web Beacons to Personally Identifiable Information without your permission and do not use Web Beacons to collect or store Personal Health Information about you.
Third Parties Collecting Non-Personal Information on OneHealth’s Behalf
Part 3: Personally Identifiable Information We Collect About You
Newsletters & Emails to You
At registration and at various times as you use OneHealth, you will be given the option of receiving recurring informational/promotional newsletters via email from OneHealth and/or directly from third parties. These emails will not contain Personal Health Information. At the time
you sign up for our email newsletters or any time thereafter, you can choose to Opt-In to receiving additional promotional emails from OneHealth. In order to subscribe to OneHealth newsletters via email, we need your contact information, such as name and email address. You
can unsubscribe from the newsletters by simply clicking on the “unsubscribe” link at the bottom of any email newsletter. An email to our automated unsubscribe service will be created on your computer. Click the “send” button. You will then be unsubscribed from that newsletter within two to three business days. You may also unsubscribe or change any of your email preferences by clicking on the applicable links in your email newsletter or by changing your profile within OneHealth. If you are experiencing difficulties with our automated unsubscribe service, please contact our OneHealh Customer Service office and they will unsubscribe you from that newsletter in two to three business days. In some cases, when you click on a link or an advertisement on our site, in an e-mail or newsletter, your browser may be momentarily directed to the website of a third party which, acting on behalf of OneHealth who will make notes or “counts” your response to the e-mail or newsletter before re-directing your browser to your selected destination; this re-direction process will not be apparent to you.
Emails You Send to OneHealth
Message Boards and other Public Forums
As a service to our users, OneHealth features message boards, chat rooms and other public forums where users with similar interests or medical conditions can share information and support one another or where users can post questions for experts to answer. We also offer online discussions moderated by medical or healthcare experts. Any information shared (including Personally Identifiable and Personal Health Information) that you reveal in a chat room, message board, Ask Our Expert posting or online discussion is by design and open to the public and is not a private, secure service. You should think carefully before disclosing any Personally Identifiable or Personal Health Information in any public forum. What you have written may be seen, disclosed to or collected by third parties and may be used by others in ways we are unable to control or predict, including to contact you for unauthorized purposes. As with any public forum on any site, this information may also appear in third-party search engines like Google, Yahoo, MSN etc.
Website Registration and Interactive Tools on OneHealth
After you have registered as a member of OneHealth, you may choose to use certain OneHealth interactive content, tools and services that may ask you to voluntarily provide other types of information about yourself including Personal Health Information. Some of the tools (like certain quizzes or calculators) do not retain your Personal Health Information, while others (like Ovulation Calendar) store your Personal Health Information in accordance with the authorization you provide at the time you use the tool.
From time to time, OneHealth offers users the opportunity to register for paid subscription services. Each subscription service has its own Service Agreement that governs your use of the service and the information we collect to provide the service, including your credit card information. The Service Agreement will be disclosed to you at the time of registration for that subscription service.
We are committed to protecting the privacy of children. Neither OneHealth nor any of its services are designed or intended to attract children under the age of 18. We do not collect Personally Identifiable Information from any person we actually know is under the age of 18. A parent or guardian, however, may use a OneHealth Manager or Director to establish a personal health record. The parent or guardian assumes full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided to OneHealth.
Part 4: Information Collected by Third Parties Not Acting on Eh Health’s Behalf
You can also find additional information and resources about how to opt out of advertising and related cookies by visiting the World Privacy Forum’s Site.
Part 5: Disclosure of Your Information
Disclosure to OneHealth Operations and Maintenance Contractors
Disclosure to Third Party Contractor Websites
OneHealth also provides links to sites provided by Third Party Contractor Websites that have business arrangements with OneHealth to pay commissions based on sales of products or services generated through OneHealth. An example of this would be “Ad links” from Yahoo on our Search pages.
Disclosure to or by Co-branded Channel Partners
Disclosure to Linked Sites
Disclosure of Aggregate Information
OneHealth may provide Aggregate Information to third parties. For example, we might inform third parties regarding the number of users of our website and the activities they conduct while on our site. We might also inform a pharmaceutical company (that may or may not be an advertiser on our site) that “30% of our users live east of the Mississippi” or that “25% of our users have tried alternative medicine.” Depending on the circumstances, we may or may not charge third parties for this Aggregate Information. We require parties with whom we share Aggregate Information to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.
Part 6: How OneHealth Handles Privacy and Security Internally
Listed below are some of the security procedures that OneHealth uses to protect your privacy:
- Requires both a personal username (log-in name) and a password in order for users to access their Personally Identifiable Information or Personal Health Information.
- Requires a public ‘nickname’ different from the username and password, used for any public forums like message boards.
- Uses firewalls to protect information held in our servers.
- Utilizes Secure Socket Layer (SSL) encryption in transmitting Personally Identifiable Information to our servers. In order to take advantage of encryption technology, you must have an Internet browser which supports 128-bit encryption.
- Closely monitors the limited number of OneHealth employees who have potential access to your Personally Identifiable Information.
- Backs-up our systems to protect the integrity of your Personally Identifiable and Personal Health Information.
OneHealth also provides additional protection for your Personal Health Information as follows:
- Maintains Audit Trails so you can know who has accessed your OneHealth record. This can be viewed by clicking on “Activity” in the Settings window, which is accessible from your OneHealth home page.
- Provides secure messaging within the OneHealth website so that information related to your personal health related characteristics is sent through a secure, encrypted connection.
- Provides geographic redundancy of OneHealth website servers, which enhances your ability to access your information by storing identical information at two separate, secure locations. Both sites maintain physical security through pass code locked door access and pass code authority.
- Limits access to Personally Identifiable Information to authorized users. OneHealth enables you to have full control over who has access to your Personal Health Information. For example, you may decide to permit your physician or other health care professional access to the personal health information you maintain within our tools. Only the person who creates a record can grant access to other users.
Despite OneHealth’s efforts to protect your Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third-party may find a way around our security systems or that transmissions of your information over the Internet may be intercepted.
Part 7: Updating Your Information and Contacting OneHealth
Updating Your Personally Identifiable Information
OneHealth tools that collect and store self-reported data allow you to correct, update or review information you have submitted by going back to the specific tool, logging-in and making the desired changes. OneHealth may store user submitted data (PII and/or PHI) in an active database for a period of six (6) months. After six (6) months, user submitted data, including PII and/or PHI will be held in an active database or on an inactive back-up medium for a period of not less than six (6) years.
Removing your Personal Information
If you have a complaint or problem, please use our new Customer Support Form. Our customer service department will forward your complaint to the appropriate internal OneHealth department for a response or resolution. We try to answer every email within 24 business hours, but may not always able to do so. If you want to (1) delete your Personally Identifiable Information from our systems, (2) update the Personally Identifiable Information that you have provided to us, or (3) change your preferences with respect to marketing contacts or other activities, select the privacy option on our Contact Us form.
If you do not receive adequate resolution of a privacy related problem, you may write to OneHealth’s Privacy Help Desk at: 1-800-486-2070.
Attn: Office of Privacy Manager
400 Southern Avenue, SE
Washington; DC 20032
Updating Your Personal Health Information on the OneHealth website
Self-Reported Information – Please log-in to the OneHealth website, access your “settings” tab, and the functions will show you how to correct, update or review your information. We remove Personal Health Information only at the request of the authorized user. In order to verify that it is the authorized user requesting removal of his/her Personal Health Information, we require you to send a signed statement, including your name, address, email address and birth date, to the address below authorizing OneHealth to remove your Personal Health Information from our active databases and other readily searchable media. Upon receiving your request, your personal health identifiers stored in active databases and other readily searchable media will be removed so that you cannot be identified or associated with any Personal Health Information you previously provided. Mail your requests to:
OneHealth Customer Service Representative
Attn: Office of Privacy Information
400 Southern Avenue, SE
Washington, DC 20032
Limitations on Removing or Changing Information
Upon your request, we will delete your Personally Identifiable or Personal Health Information from our active databases and where feasible from our back-up media. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to OneHealth from our servers.
If you have contacted OneHealth about a privacy related concern and you do not believe that the problem has been addressed, you may file a complaint with TRUSTe.
which means a change that expands the permissible uses or disclosures of Personally Identifiable
Web site will indicate acceptance of the changes. You may of course choose to Opt-out of continuing
to use the OneHealth Web site. Please exit the site immediately if you do not agree to the terms of
Part 9: Glossary
Aggregate Information or Data: As a website gathers individual pieces of Non-Personal Information (see definition below) from its users, it may combine similar data from many or all the users of the website into one big “batch”. For example, the site may add up the total number of people in Peoria, Illinois, (but not their names) who are seeking information about weight loss and compare that to the number of people in Petaluma, California seeking the same information.
This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Web sites may use aggregate data or share it with their business partners so that the information and services they provide best meet the needs of the users. Aggregate data also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.
browser: Short for web browser, a browser is a software application used to locate and display web (Internet) pages. The most popular browsers are AOL, FireFox, Microsoft Internet Explorer, and Netscape Navigator. In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats.
cache (also called cache memory): Once your Web browser accesses a web page, it references that page and the graphics on it within your computer’s “cache” (or more simply, your computer takes a “snapshot” of every page you visit and stores it in the “cache”.) The next time you visit that same page, your download time will be quicker as the images and much of the page is already available on your computer for your browser to reference instantly.
Cookie: A small data file that is stored on the hard drive of the computer you use to view a Web site. Cookies are placed by that site or by a third party with a presence on the site, such as an advertiser using a Web Beacon (see definition below) and are accessible only by the party or site that placed the Cookie (i.e. a Cookie placed on your computer by OneHealth isn’t accessed by any other site you visit but a Cookie placed on your computer by an advertiser may be accessed by any site on which that same advertiser has a presence). Cookies can contain pieces of Personally Identifiable Information (PII). OneHealth encrypts any PII it stores in its Cookies. These Cookies often are used to make the site easier to use. For example, if you check a box to ask that we store your user name on your computer so that you don’t have to enter it each time you visit the site, it’s stored in a Cookie on your
encryption: The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. This is typically done by secure computer systems.
firewall: A system designed to prevent unauthorized access to or from a public or private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private portions of public networks. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Nickname: On OneHealth, as part of your registration, you will be required to provide a Nickname in addition to a username (log-in name) and a password. OneHealth is the name that will appear on any of your public forum postings. This name should be different from the username that you use when you log on to OneHealth. NOTE: Once you establish a Nickname on OneHealth, you cannot change it without registering with a new account.
Non-Personal Information: Information that is not traceable back to any individual and cannot be used to identify an individual. For example, Click Stream Information is Non-Personal Information, as is information such as gender, age, city and state when not linked with other Personally Identifiable Information.
Opt-In: Means you are actively indicating your preference to participate in a program, email, feature, tool, or enhancement on a Web site. Typically, if you “Opt-in” you must provide certain information, usually Personally Identifiable Information, to the Web site or otherwise actively indicate your choice or preference to participate in the OneHealth Web site program. For example, if you wish to receive a diabetes newsletter by email from OneHealth, you must enter your email address and choose the type of newsletter by checking a box next to a statement such as: “Yes, I’d like to receive a free subscription to OneHealth Newsletter.”
Opt-Out: Means that if you do not take some action you are indicating your preference to participate in a program, email, feature, tool or enhancement on a OneHealth Web site. Typically, if you “Opt-out” you must uncheck a box next to a stated preference or otherwise take some indicate action to indicate your preference not to participate in a program. For example, if you do not wish to receive promotional emails from OneHealth or its sponsors, you must uncheck the box in your email preference center that states: “Please send me special offers and communications from OneHealth and/or its partners that would interest me.”
password: A secret series of characters, typically alphanumeric (meaning it consists of both letters and numbers) that enables you to access a file, computer, or program. You must enter your password before the computer or system will respond to commands. The password helps ensure that unauthorized users do not access the system. In addition, data files and programs may require a password.
Ideally, the password should be something that nobody could guess. In practice, many people choose a password that is easy to remember, such as their name or their initials. This is one reason it is relatively easy to break into many computer systems.
Personal Health Information (PHI): When your Personally Identifiable Information (PII) is combined with known health characteristics. For example, if you indicated that you have a certain disease or condition, when that information is combined with your PII, it becomes Personal Health Information.
Personally Identifiable Information (PII) (also called Personal Information): Information that can be traced back to an individual (contrast with Non-Personal Information and Aggregate Information). Examples of PII include your name, home address, telephone number, email address, and Social Security number.
If other pieces of information are linked to PII, they also become PII. For example, if you use a nickname to chat online and give out your real name while chatting, your nickname becomes PII when linked with other PII.
Security Questions: OneHealth requires you to answer two security questions, usually called Challenge-Response questions. We will use the answers you provide to these questions to help you in the event you forget your username or password. In order to help maintain your privacy, we require an EXACT match against what you submitted during your registration process. Correct spelling and short answers can help ensure that you will succeed with retrieving your username or resetting your password.
server: A computer that provides services to other computers. A “web server” stores web site files and “serves” them to people who request them.
SSL (Secure Sockets Layer): A security protocol developed by Netscape for transmitting private information via the Internet. SSL works by using a private key to encrypt data that’s transferred over the SSL connection. Both Microsoft Internet Explorer (http://www.webopedia.com/TERM/S/Internet_Explorer.htm) and Netscape Navigator (http://www.webopedia.com/TERM/S/Navigator.htm) support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that utilize an SSL connection start with https: instead of http.
username: A name used to gain access to a computer system or program. Usernames, and often passwords, are required in shared systems, such as the Internet. In most such systems, users can choose their own usernames and passwords (see Nickname above for additional information.)
Usernames are also required to post a reply on message boards, use certain OneHealth Tools and online services such as OneHealth Manager.
virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also “replicate” themselves by copying their code to other computers. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. There are numerous virus protection programs available. See the “How You Can Protect Yourself” section.
Web Beacons (also often referenced as “clear GIFs”, “web bugs”, “1-by-1 GIFs”, “Single-Pixel GIFs”, “1 x 1 Pixels”, or “clear Pixels”): Tiny graphic image files, imbedded in a web page in GIF, jpeg or HTML format, typically used to monitor activity on a web page and send back to its home server (which can belong to the host site, a network advertiser or some other third party) information from your browser, such as the IP address, the URL of the page on which the beacon is located, the type browser that is accessing the site and the ID number of any Cookies on your computer previously placed by that server. Web Beacons can also be used to place a Cookie on your computer.