Privacy Policy

Effective: March 18, 2016

Scientific Technologies Corporation ("STC," "we," and "us") provides this Privacy Policy ("Privacy Policy") to inform you of our policies and procedures regarding the collection, use and disclosure of "Personal Information" and "Non-Personal Information" we receive from "Providers," "Designees," "Users" and "Authorized Caregivers" through their use of our website, accessible at www.stchome.com (the "Site"), and our software platforms and related services (collectively, the "Services").

This Privacy Policy applies to your access to and use of the Site and the Services, and by choosing to use them, you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described in this Privacy Policy.

About STC

STC provides the Site and Services to support the exchange of accurate and timely information through registries and integrated medical record systems to make an impact on chronic, infectious, and vaccine-preventable diseases. STC provides technology and electronic medical record exchanges to empower consumers, healthcare providers, pharmacists, public health professionals, and health plans with immunization information and decision support. We reinforce information captured through STC-developed state immunization information systems and STC-supported WIR registries with Immunization Intelligence.

Other than information gathered through the Site and the Services, STC acts as a service provider for Providers and public health authorities, and does not own or control the information that is submitted to us through the Services. The information that is submitted through the Services will be held subject to the requirements specified by our health service provider clients and applicable law, such as the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act of 2009, and the related regulations promulgated thereto (collectively, "HIPAA").

No Medical Advice

The contents of the Service and the links to other websites are not intended to be a substitute for professional medical advice, diagnosis, or treatment. Users shall always seek the advice of a physician or other qualified health provider with any questions the User may have regarding a medical condition and reliance on any information provided by the Services is solely at the User's own risk.

Personal Information

What is Personal Information?

"Personal Information" means information that alone or when in combination with other information may be used to readily identify, contact, or locate you, such as: contact data (such as your address, e-mail address and phone number); demographic data (such as your gender, your date of birth and your zip code); payment data (such as credit card, shipping and billing information); insurance data (such as your insurance carrier, insurance plan, member ID, group ID and payer ID); medical data (such as your doctors or other health care providers, your medical history, and other medical and health information you choose to share with us); and other information that you voluntarily choose to provide to us, including without limitation, data, your SSN, your unique identifiers such as passwords, and information in emails or letters that you send to us.

Personal Information We Collect From Providers and Designees

If you are a physician or other healthcare or medical provider ("Provider"), or an individual who is authorized by a Provider to access and use the Services ("Designee"), we collect Personal Information about the Provider and Designee when the Provider registers to use the Services. The Personal Information about Providers and Designees that we collect includes, without limitation, the Provider's and Designee's name, specialty, email address, phone number, and business postal address.

Personal Information We Collect From Users and Authorized Caregivers

If you are a patient of a Provider who has subscribed to the Services ("User"), we collect Personal Information about you when you register to use the Services and through your or your Authorized Caregiver's use of the Site and the Services. If you are an individual authorized by a User to use the Services to communicate with such User's Provider ("Authorized Caregiver"), we collect Personal Information about you, including, without limitation, your name, email address, phone number and your relationship to the User. When communicating with the Provider in using the Services, the User, Authorized Caregivers, Provider and its Designees may disclose Personal Information about the User, which may include Protected Health Information.

How We Use Personal Information

We may use Personal Information as follows:

• To enable you to access and use the Site and the Services.
• To respond to your inquiries.
• To send you important information regarding the Services, changes to our terms, conditions, and policies and/or other administrative information.
• For our proper management and administration or to carry out our legal responsibilities, such as data analysis, audits, developing new products, and enhancing and improving our Site and the Services.
• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

How We Respond to "Do Not Track" Signals

Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a "Do Not Track" (DNT) or similar feature that signals to websites that a visitor does not want to have his/her online activity and behavior tracked. If a website operator elects to respond to a particular DNT signal, the website operator may refrain from collecting certain Personal Information about the browser's user. Not all browsers offer a DNT option and there is currently no industry consensus as to what constitutes a DNT signal. For these reasons, many website operators, including STC, do not take action to respond to DNT signals. For more information about DNT signals, visit http://allaboutdnt.com.

How We Disclose Personal Information

We may disclose Personal Information, including Protected Health Information (defined below) as follows:

• If you are a User, to your designated Provider(s), each such Provider's Designees, and your Authorized Caregivers, if any, without further authorization for purposes of treatment, payment or operations; for other uses or disclosures permitted by law; or for purposes related to such uses or disclosures.
• If you are an Authorized Caregiver, to your User and his/her designated Providers and each such Provider's Designees.
• To our third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer service, email delivery services, credit card processing, backup, auditing services and other similar services.
• To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your state or country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Protected Health Information

What is Protected Health Information?

"Protected Health Information" is a part of the Personal Information that we collect. Protected Health Information or PHI includes information, whether oral or recorded in any form or medium, that we receive from a User, his/her Authorized Caregiver, a Provider, or a Provider's Designee(s), or that we create on behalf of a Provider or its Designee(s), (a) that relates to the past, present or future physical or mental condition of the User; the provision of health care to the User; or the past, present or future payment for the provision of health care to the User; and (b) that identifies the User or with respect to which there is a reasonable basis to believe the information can be used to identify the User. "Protected Health Information" has the same meaning generally in this Privacy Policy as defined as the term "Protected Health Information" in 45 C.F.R. § 160.103.

How We Use and/or Disclose Protected Health Information

We may use and/or disclose Protected Health Information in the same manner as Personal Information, described above, except our use and disclosure of Protected Health Information is further limited as provided by HIPAA.

Specifically, as described above, all uses or disclosures of PHI shall require User authorization or a valid authorization on the User's behalf, except: (a) uses or disclosures by or to the User; (b) uses or disclosures for treatment, payment or healthcare operations; (c) as part of any valid use or disclosure; or (d) in compliance with and pursuant to applicable law.

STC may disclose PHI for most other purposes only pursuant to a User's valid authorization, including as follows: (i) for most uses and disclosures of psychotherapy notes; (ii) for use or disclosure of PHI for marketing purposes; (iii) for disclosures that constitute a sale of PHI; or (iv) for other uses or disclosures that are not exempt from the authorization requirement.

We will enter into business associate agreements with the User's Providers who are "Covered Entities" when we are a "Business Associate," as those terms are defined by HIPAA. We will use and disclose Protected Health Information only for those uses and disclosures permitted by HIPAA and under the applicable business associate agreement. We may use or disclose Protected Health Information to provide Services to the User or the Provider. We may also use Protected Health Information for our proper management and administration or to carry out our legal responsibilities.

Security

We use reasonable organizational, technical and administrative measures to protect Personal Information under our control, consistent with our obligations under HIPAA. Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the Contact Us section below.

Non-Personal Information

What is Non-Personal Information?

"Non-Personal Information" is any information that does not reveal, on its own, your specific identity, such as: browser log data, aggregated information, and your IP addresses. While Non-Personal Information may not necessarily identify you, if we have your Personal Information, we may link any Non-Personal information with your Personal Information in our records.

Non-Personal Information We Collect

We and our third party service providers may collect Non-Personal Information in a variety of ways, including:

• Browser Log Data: When you visit the Site, whether as a User or a non-registered user just browsing the Site, our servers automatically record information that your browser sends whenever you visit a website ("Browser Log Data"). This Browser Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, operating system or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, access times and dates, and other statistics. Browser Log Data may also include pixel tags, web beacons, clear GIFs or other similar technologies, which may be used in connection with some Site pages and HTML-formatted email messages to, among other things, track the actions of Site users and email recipients, and compile statistics about Site usage and response rates.
• Cookies: The Site uses "cookies" to collect information. A cookie is a small data file that we transfer to your computer's hard disk for record-keeping purposes.
• Aggregated Personal Information: Aggregated Personal Information (and, if such Personal Information includes PHI, such Personal Information has been "de-identified" in accordance with HIPAA) does not personally identify you or any other user of the Service.
• IP Addresses: Your "IP Address" is a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP). An IP Address is identified and logged automatically in our server log files whenever a user uses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP Addresses is standard practice on the Internet and is done automatically by many web sites.

How We Disclose and Use Non-Personal Information

Because Non-Personal Information does not personally identify you, we may use and disclose Non-Personal Information for any purpose whatsoever, including as described below. However, in some instances, we may combine Non-Personal Information with Personal Information (such as combining your name with your geographical location). If we combine any Non-Personal Information with Personal Information, the combined information will be treated by us as Personal Information as long as it is combined.

• Browser Log Data: We use Browser Log Data to monitor and analyze use of the Site and for the Site's technical administration, to increase our Site's functionality and user-friendliness, and to better tailor it to our visitors' needs. For example, we use this information to verify that visitors to the Site meet the criteria required to process their requests. We do not treat Browser Log Data as Personal Information or use it in association with other Personal Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other Non-Identifying Information.
• Cookies: We utilize persistent cookies to save your login information for future logins to the Site. We also utilize session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by users and web traffic routing on the Site. Unlike persistent cookies, session cookies are deleted from your computer when you log off from the Site and then close your browser. You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions or functionalities of the Site.
• Aggregated Personal Information: We may use aggregated Personal Information (and, if such Personal Information includes PHI, such aggregate Personal Information has been "de-identified" in accordance with HIPAA) to provide you with a better experience, to improve the quality and value of our Services, and to analyze and understand how our Site, Apps and Services are used.
• IP Addresses: We use IP Addresses for purposes such as calculating usage levels, helping diagnose server problems, and administering the Services. We may also use and disclose IP Addresses for all the purposes for which we use and disclose Personal Information. Please note that we treat IP Addresses, server log files and related information as Non-Personal Information, except where we are required to do otherwise under applicable law.

Third Party Sites and Privacy Practices

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including Providers or public health authorities. The inclusion of a third-party link within the Services does not imply endorsement by us or by our affiliates of any such third-party site.

This Privacy Policy does not reflect the privacy practices of STC's health service provider and public health authority clients, and STC is not responsible for our clients' privacy policies or practices. STC does not review, comment upon, or monitor our health service provider or public health authority clients' privacy policies or their compliance with their respective privacy policies, nor does STC review our client's instructions to determine whether they are in compliance or conflict with the terms of a client's published privacy policy or applicable law.

Accessing and Changing Your Information

How you can access or change your Personal Information

If you would like to review, correct, update, delete or otherwise limit our use of your Personal Information that has been previously provided to us, you may contact us in accordance with the Contact Us section below.

In your request, please make clear what information you would like to have changed, whether you would like to have your Personal Information deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Information. We will try to comply with your request as soon as reasonably practicable. Please note that in order to comply with certain requests to limit use of your Personal Information we may need to terminate your account with us and your ability to access and use the Services, and you agree that we will not be liable to you for such termination or for any refunds of prepaid fees paid by you. Although we will use reasonable efforts to do so, you understand that it may not be technologically possible to remove from our systems every record of your Personal Information. The need to back up our systems to protect information from inadvertent loss means a copy of your Personal Information may exist in a non-erasable form that will be difficult or impossible for us to locate or remove.

Retention Period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or allowed by law.

Use of Site by Minors

The Services are not permitted for use by individuals under the age of eighteen (18) unless they have provided the written consent of their parents or legal guardians, and we request that these individuals do not provide Personal Information to us.

Updates to Privacy Policy

STC reserves the right, at its sole discretion, to modify this Privacy Policy, at any time and without prior notice. If we modify this Privacy Policy, we will post the modified Privacy Policy. By continuing to access or use the Site, the App or the Services after we have posted a modified Privacy Policy or have provided you with notice of a modification, you are indicating that you agree to be bound by the modified Privacy Policy. If the modified Privacy Policy is not acceptable to you, your only recourse is to cease using the Site, App and Services.

Contact Us

If you have any questions about this Privacy Policy, please contact us by email at help_myir@stchome.com, or please write to:

ATTN: Todd Watkins
Scientific Technologies Corporation
8444 N. 90th Street, Suite 100
Scottsdale, AZ 85258

Please note that email communications are not always secure; please do not include sensitive information in your emails to us.