3. THE BASICS
a)All information on this site is copyrighted by Geisinger.
b)Please don’t reuse information—including images—from this site without our written permission.
c)We can’t provide medical advice on this site or through email. If you’re having a medical emergency, call 911.
d)To use online payment, you’ll need to agree to allow us to display your information on our secure site.
e)You’re responsible for activities that occur on your account.
f)If there are external links provided on our website/portal, we are not responsible for the content of the sites on those links.
g)You can link to our site; however, you may not reuse the information on our website without our written permission.
4. DATA RIGHTS AND USAGE
a)If you are utilizing Geisinger APIs on the behalf of an entity, you attest that you have authority to accept the Terms on behalf of the entity, and you are doing as such in the interest of that entity (and all references to "you" in the Terms refer to you and that entity).
b)In order to access Geisinger APIs you will need to provide certain information (such as identification or contact details) as a component of the registration process, and/or as a feature of your continued utilization of Geisinger APIs.
c)You agree to give Geisinger accurate and complete Registration Information, and to inform Geisinger about any updates or other changes to your data so we can keep you informed about any incremental changes or improvements to Geisinger APIs or the Terms, which may affect your use of Geisinger APIs.
d)Developer credentials, (for example: password(s); secret keys; tokens; customer IDs) issued to you are expected to be utilized only by you and to identify any software which you are utilizing with Geisinger APIs. You agree to keep your developer credentials confidential and to implement reasonable safeguards to prevent and discourage other people or entities from accessing or utilizing your developer credentials. Developer credentials may not be embedded in open source projects.
e)You may only access Geisinger APIs by the means described in the documentation of those APIs. If Geisinger assigns you developer credentials, you must use them with the applicable APIs only.
f)If you are granted production application credentials for Geisinger APIs, you may use only those credentials with the application that passed the production access review. Geisinger may revoke your production application credentials if you use or attempt to use them with another application or product that has not been reviewed and approved by Geisinger.
g)At the time of request for access to production APIs, third-party must attest to the responses provided for Risk assessment questionnaire.
h)Access to production APIs will only be provided once Risk assessment review process is concluded.
i)Geisinger may reject, revoke, terminate, or modify your registration at any time for inappropriate use as determined by us or for any reason, in Geisinger’s sole discretion and without notice.
a)You may use Geisinger APIs to develop a service to search, display, analyze, retrieve, view, and/or otherwise obtain certain information or data about Geisinger beneficiaries.
b)Information or data about Geisinger beneficiaries available from Geisinger APIs is subject to the Privacy Act of 1974, the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other laws, and require special safeguarding. You must comply with all applicable federal and state laws regarding the protection and disclosure of information obtained through a Geisinger API.
c)You further acknowledge that when records regarding an individual are obtained through a Geisinger API, you may not disclose any information or data regarding the individual to any other individuals or third parties without specific, explicit consent from the individual or his or her authorized representative. The terms “individual” and “record” have the meanings given in the Privacy Act at 5 U.S.C. § 552a(a).
You agree to use Geisinger APIs in a manner consistent with The CARIN Alliance Code of Conduct unless otherwise provided by applicable law or as specified above.
a)You agree to make information on your record keeping systems, repository containing beneficiaries’ data, and the description of the main purposes and uses of data publicly available.
c)You agree to be clear with users regarding their rights to change or annotate personal data or to disclose portions of their personal data and whether any such changes, annotations, or notices of lack of completeness are communicated to any downstream recipients authorized by the user.
a)You agree that there should be limits to the collection of personal data of Geisinger beneficiary and such data should be collected by lawful and fair means. Where appropriate, it should be collected with the knowledge or consent of the Geisinger beneficiary. Personal data must not be communicated externally without the consent of the beneficiary or as otherwise permitted by state and federal law.
b)You agree to obtain informed, proactive consent from users before disclosing any personal data, to avoid default personal data sharing. Such consent shall clearly describe how user personal data will be collected, used and disclosed. A separate, informed, proactive opt-in consent shall be obtained to use or disclose personal data from any individual or other individual identified in the personal data for marketing purposes.
d)Provide users with an easy process to withdraw their consent with the application used to access personal data and will clearly communicate that process. Allow the user to always indicate the destination for disclosing their personal data.
5.3. Use and Disclosure
a)You agree to contractually bind third-party vendors and contractors to your commitments to users regarding use or disclosure of user data and prohibit uses or disclosures of user data for any purposes not consistent with those commitments without users ‘informed, proactive consent. Except for the contracted third-party vendors identified above, or as required by law, prohibit the use or disclosure of user personal data without user consent.
b)You agree to limit the collection of personal data only to what the user has expressly consented that the application can collect and to collect, use, and disclose personal data in ways that are consistent with reasonable user expectations given the context in which the users provided (or authorized the provision of) the health information.
5.4. Individual Access
You agree to provide the ability for users to access all personal data about the user collected by the application and a clear and easy process for requesting corrections to any inaccurate data. You also agree to establish and clearly communicate to users, clear policies for how the application will handle personal data it collects that may not be timely, accurate, relevant, or complete. Upon user request, you agree to securely dispose of the user’s personal data completely and indefinitely to allow the user the “right to be forgotten” with respect to any future uses or disclosures of user’s personal data.
a)You agree to maintain the safeguards of personal data against such risks as loss, unauthorized access, destruction, use, modification or disclosure of user’s personal data, your Registration Information and Secret keys, whether or not you authorize such activities.
b)You agree to store and retain personal data in a manner consistent with the best practices associated with the protection of personal data and protect personal data through a combination of mechanisms including, at a minimum: secure storage, encryption of digital records both in transit and at rest, data-use agreements and contractual obligations, and accountability measures that could be made available to the user.
c)You agree to comply with applicable breach notification laws and provide meaningful remedies to address security breaches, privacy, or other violations incurred because of misuse of the user’s personal data. The HIPAA Breach Notification Rule requires covered entities to provide notification to consumers, the Secretary of HHS, and, in some cases, the media following a breach of unsecured PHI. Business associates must provide notice to the HIPAA covered entity. The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third-party service providers, pursuant to section 13407 of the HITECH Act. For additional guidance on whether HIPAA applies to your mobile app, see OCR's health app developer portal.
d)Notification by a Business Associate to Geisinger
If a breach of unsecured protected health information occurs at or by a business associate (Third Party Application Developer), the business associate must notify the covered entity following the discovery of the breach. A business associate must provide notice to the covered entity without unreasonable delay and no later than 60 days from the discovery of the breach. To the extent possible, the business associate should provide the covered entity with the identification of each individual affected by the breach as well as any other available information required to be provided by the covered entity in its notification to affected individuals. Business associate must notify Geisinger regarding the Breach on email@example.com.
e)You agree to, on behalf of users, request a copy of their health data from the HIPAA designated record set maintained by a health care provider, health plan, or health information exchange by a) relying on a health care provider or health plan portal identity credential using SMART or accept a digital identity credential for the user that is at least NIST Identity Assurance Level 2 (IAL2) and Authenticator Assurance Level 2 (AAL2) and b) clearly indicating the destination for sending the personal data. You agree to adopt internal policies and secure contractual commitments with third parties to prohibit the re-identification of de-identified or anonymized data and to establish and implement a policy for dormant user accounts handling.
a)Personal data should be relevant to the purposes for which they are to be used, and should be accurate, complete, and timely.
b)You agree that where possible, as data is changed, you shall continue to maintain the provenance of the data to provide users, their caregivers, and authorized recipients information about who or what entity originally supplied the data and, where relevant, who made changes to the data, and what changes were made.
a)Record keepers should be accountable for complying with fair information practices and with all applicable federal and state laws.
b)You agree to designate a responsible executive officer within the company who is committed to these data principles and ensure these commitments are publicly facing to allow oversight enforcement by the Federal Trade Commission (FTC), State Attorneys General, or other applicable authorities.
c)You agree to establish and clearly communicate a process for collecting and responding to user complaints, to train your staff on these principles and ensure compliance by regularly evaluating your performance internally. You shall notify the public when you have received any certification or accreditation from any independent certifying organizations along with the timing/duration of such certifications.
You agree to inform users about their personal data disclosure choices and the consequences of those choices including the risks, benefits, and limitations of data disclosure by providing educational materials yourselves or pointing to appropriate third-party resources.
6. RIGHT TO LIMITATION
This website is for your personal and non-commercial use only. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer or sell any information, software, products or services obtained from this website. Accordingly, Geisinger grants you a limited license to access and use this website solely for your personal, non-commercial use, provided you do not modify the website, its content, or any copyright or other proprietary notices. In addition, you agree that you will not use this website in any manner that could damage, disable or impair this website or interfere with other users’ use of this website. Your use of this website is at the discretion of Geisinger and we may terminate your use at any time.
7. RESTRICTIONS ON USE AND OWNERSHIP
1)All pages within this website and any material made available for download (collectively referred to as "the Site") are the property of Geisinger and/or its subsidiaries and affiliates.
2)Geisinger hereby grants site visitors, including patients and members, a nonexclusive license to use the Site solely for personal, informational, and non-commercial use.
3)Use of certain features of the Site, including obtaining access to your protected health information, require registration and creation of a user name and password.
a)Competitive Advantage: You shall not use the Site to obtain materials, data, or information for purposes of gaining a competitive advantage; -
b)Commercial Benefit / Financial Gain (Payment): You shall not use the Site for commercial purposes, or provide you login credentials in exchange for payment; - or
c)Non-Personal Use: The Site is intended for personal use only. You shall not provide your login credentials, including user name and/or password to third parties.
7)Geisinger expects third-party application developer to provide Geisinger timely response to any outreach that is a part of a follow-up protocol. Failing to respond in a timely manner may cause Geisinger to disable the application’s API production
8. WARRANTY DISCLAIMER
1)THIS SITE, INCLUDING ANY CONTENT OR INFORMATION CONTAINED WITHIN IT OR ANY SITE-RELATED SERVICE, IS PROVIDED "AS IS," WITH ALL FAULTS, AND WITH NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT. YOU ASSUME TOTAL RESPONSIBILITY AND RISK FOR YOUR USE OF THIS SITE, SITE-RELATED SERVICES, AND HYPERLINKED WEBSITES. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY GEISINGER OR GEISINGER’S AUTHORIZED REPRESENTATIVES SHALL CREATE A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THIS WARRANTY.
2)GEISINGER CANNOT ENSURE THAT THE INFORMATION CONTAINED ON ITS SERVER WILL BE AVAILABLE AT ALL TIMES, AND BECAUSE YOU ARE RESPONSIBLE FOR INPUTTING INFORMATION ONTO GEISINGER’S SERVER, GEISINGER CANNOT ENSURE THAT THE INFORMATION PROVIDED ON ITS WEBSITE WILL BE ACCURATE. THUS, GEISINGER MAKES NO REPRESENTATIONS OR WARRANTIES AS TO THE ACCURACY OF CONTENT OF THIS INFORMATION. GEISINGER HAS PROVIDED THE INFORMATION ON AN "AS IS" BASIS, WITHOUT WARRANTEES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY OR FITNESS FOR A PARTICULAR PURPOSE. GEISINGER NEITHER WARRANTS THAT THE USE OF THE SITE WILL BE UNINTERRUPTED OR ERROR-FREE, NOR THAT ERRORS WILL BE CORRECTED.
9. WAIVER, RELEASE AND LIMITATION OF LIABILITY
1)IN ADDITION, YOU AGREE THAT NEITHER GEISINGER, NOR ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS OR SUPPLIERS SHALL HAVE ANY LIABILITY TO YOU UNDER ANY THEORY OF LIABILITY OR INDEMNITY IN CONNECTION WITH YOUR USE OF THE SITE OR ANY RELATED APPLICATIONS. YOU HEREBY RELEASE AND FOREVER WAIVE ANY AND ALL CLAIMS YOU MAY HAVE AGAINST GEISINGER, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS OR SUPPLIERS (INCLUDING BUT NOT LIMITED TO CLAIMS BASED UPON THE NEGLIGENCE OF ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, INFORMATION PROVIDERS OR SUPPLIERS) FOR LOSSES OR DAMAGES YOU SUSTAIN IN CONNECTION WITH YOUR USE OF THE SITE.
2)GEISINGER AND ITS AFFILIATES, SUPPLIERS, AND OTHER THIRD PARTIES MENTIONED ON THIS SITE ARE NEITHER RESPONSIBLE NOR LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, PUNITIVE, OR OTHER DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM LOST PROFITS, LOST DATA, OR BUSINESS INTERRUPTION) ARISING OUT OF OR RELATING IN ANY WAY TO THE SITE, SITE-RELATED SERVICES AND PRODUCTS, CONTENT OR INFORMATION CONTAINED WITHIN THE SITE, AND/OR ANY HYPERLINKED WEBSITE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. YOUR SOLE REMEDY FOR DISSATISFACTION WITH THE SITE, SITE-RELATED SERVICES, AND/OR HYPERLINKED WEBSITES IS TO STOP USING THE SITE AND/OR THOSE SERVICES. FURTHER, GEISINGER IS NOT RESPONSIBLE OR LIABLE FOR ANY DEFAMATORY, OFFENSIVE OR ILLEGAL USE OR CONDUCT OF A USER OF THIS SITE.
11. TRADEMARK NOTICE
This Site displays multiple trademarks and service marks which are owned by Geisinger. You agree not to display, reproduce, duplicate, copy, sell, resell, exploit or use in any manner any trademark, service mark or logo displayed on this Site without the express written permission of Geisinger or the third party that may own the trademark, service mark or logo. Use or misuse of these trademarks is expressly prohibited and may violate state or federal trademark law.
12. CLAIMS OF COPYRIGHT INFRINGEMENT
1)In accordance with the Digital Millennium Copyright Act (17 U.S.C. § 512), Geisinger is registered with the United States Copyright Office as a Service Provider. Any notifications of claimed copyright infringement must be sent to Geisinger’s Legal Department, 100 N Academy Avenue, Danville, PA 17822-4031.
13. NO MEDICAL ADVICE
1)Nothing on this Site may be considered medical advice, diagnosis or treatment. All health and health-related information contained within this Site is intended to be general in nature and should not be used as a substitute for a visit to a healthcare professional. The information you obtain from this Site might be inappropriate for your own situation, or might be misinterpreted. Geisinger assumes no responsibility for how you use the information you obtain from this Site.
2)If you have an emergency, or think you need to speak to someone urgently, please do not rely on the email communication options provided to you through this Site. Neither email nor any other application available through this Site is a substitute for appropriate and timely contact with your physician. The Site is not a substitute for consultation with your physician. You should never change or stop any course of treatment prescribed by your physician without first consulting him or her. Only your physician can properly diagnose and treat your illness.
3)Also, please note that although we strive to keep our information up to date, information changes rapidly, and some information may be out of date.
14. ONLINE PAYMENT
1)In order to use the online payment service, you are required to complete the enrollment process by providing Geisinger with complete and accurate information as prompted by the applicable enrollment form provided on the enrollment screen. By completing the enrollment form, and clicking the "I Agree" button, you authorize Geisinger to display your statement and payment information on a secured Internet site. You are responsible for keeping your correct and current email address information in your customer profile. You are entirely responsible for maintaining the confidentiality of your password, banking information, credit card information and account information.
2)FURTHERMORE, YOU ARE ENTIRELY RESPONSIBLE FOR ANY AND ALL ACTIVITIES THAT OCCUR UNDER YOUR ACCOUNT. YOU AGREE TO NOTIFY GEISINGER IMMEDIATELY UPON YOUR DISCOVERY OF UNAUTHORIZED USE OF YOUR ACCOUNT AND ANY OTHER BREACH OF SECURITY. GEISINGER WILL NOT BE RESPONSIBLE FOR ANY LOSS YOU MAY INCUR AS A RESULT OF SOMEONE ELSE MISUSING YOUR PASSWORD, BANKING INFORMATION, CREDIT CARD INFORMATION AND ACCOUNT EITHER WITH OR WITHOUT YOUR PERMISSION.HOWEVER, YOU COULD BE HELD LIABLE FOR LOSSES INCURRED BY GEISINGER OR ANOTHER PARTY DUE TO SOMEONE ELSE USING YOUR PASSWORD. YOU MAY NOT USE ANYONE ELSE'S ACCOUNT AT ANY TIME WITHOUT THE PERMISSION OF THE ACCOUNT HOLDER.
3)Geisinger reserves the right to change the terms and conditions of its online payment service. You are responsible for regularly reviewing these terms and conditions. Your continued use of the on-line payment service constitutes your agreement to all such terms.
15. VISITOR CHAT ROOMS AND OTHER INTERACTIVE AREAS
Geisinger may, but is not obligated to, monitor or review any areas of the Site where visitors transmit or post Communications or communicate solely with each other, including, but not limited to, chat rooms, bulletin boards, and other user forums, and the content or any such Communications. Geisinger, however, will have no liability related to the content of any such Communications, whether or not arising under the laws of copyright, libel, privacy, obscenity, or otherwise. Geisinger retains the right to remove, in its sole discretion, Communications that include any material deemed abusive, defamatory, obscene, illegal, discriminatory or otherwise inappropriate.
16. LINKS OR POINTERS TO OTHER SITES
Geisinger makes no representations whatsoever about any other website that you may access through this Site or any entity that may post its advertisements on this Site. When you access a non-Geisinger site, please understand that it is independent from Geisinger, and that Geisinger has no control over the content on that website. In addition, a hyperlink to a non-Geisinger website does not mean that Geisinger endorses or accepts any responsibility for the content, or the use, of the linked site or its privacy practices that may be different from Geisinger. Geisinger does not represent or endorse the accuracy or reliability of any of the information, content or advertisements contained on, distributed through, linked, downloaded or accessed from any of the services contained on this Site, nor the quality of any products, information or other materials displayed, purchased or obtained by you as a result of an advertisement or any other information or offer in or in connection therewith. It is up to you to take precautions to ensure that whatever you select for your use or download are free of such items as viruses, worms, Trojan horses, and other items of a destructive nature. If you decide to access any of the third-party sites linked to this Site, you do this entirely at your own risk.
17. HYPERLINKS TO THIS SITE
Persons constructing other websites may of course link to any of the pages on this Site. However, you may not copy any of the materials from this Site onto your own Web server for any reason. Also, you may not link to isolated elements on this Site (including photographs, illustrations, diagrams, buttons, text, or any other elements whatsoever) for the purpose of "in lining" them into the context of other web pages, or for linking such isolated elements to other web pages. In other words, link to entire pages on this Site, or don't link at all. Any other use will be a violation of copyright and could subject you to legal action.
Web mirror sites, and commercial online services, may request written permission to cache this entire Site to their hard drives for the purpose of enabling people to access it more easily or view it more rapidly. Note, however, that under no circumstances will they be granted the right to copy parts of the Site piecemeal, but only to copy the entire Site, preserving all the interior and exterior links, and not employing any of the materials out of their original context.
19. DISPUTES, CHOICE OF LAW, VENUE AND CONFLICTS
20. THIRD PARTY RIGHTS
The provisions of Section-9 Waiver, Release and Limitation of Liability and Section-10 Indemnification are for the benefit of Geisinger and its affiliates, officers, directors, employees, agents, suppliers and licensors. Each of these individuals or entities shall have the right to assert and enforce those provisions directly against you on its own behalf.
24. ENTIRE AGREEMENT
1)“Personal Data” Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2)“Data (or Information)” Any information relating to a natural person (includes personal data and de-identified and pseudonymized information).
3)“De-identified information” Personal data that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.
4)“Pseudonymized or Pseudonymize or Pseudonymization” means the processing of personal data in a manner that renders the personal data no longer attributable to a specific consumer without the use of additional information, provided that the additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable consumer.
5)“API” means any Geisinger application programming interface offering or available Geisinger service, and any related documentation, materials, tools, and systems provided or made available to you as part of the Program or through the Portal.
6)“Application” means any application, website, interface, or other communication method you develop or use to interact with an API or with Content.
7)“Confidential Information” means any non-public or otherwise restricted information available or provided to you pursuant to your Participation, and includes without limitation, any API, Content, and/or Key.
8)“Content” means agreement or permission to do something on your data that you transmit to Geisinger through the API, and the data made available by Geisinger to you through an API or other interaction with a Geisinger Site.
9)“Geisinger Sites” means the Geisinger.org site and all affiliated websites that are operated by or on behalf of Geisinger or its partners and affiliates.
10)“Portal” means the Geisinger Developer Program website at developer.Geisinger.com.
11)“Registration Information” means personal and other information you provide to register for the Program and to establish user identification credentials and a password
12)“Use” Use means, with respect to personal data, the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information.
13)“Disclosure” means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information.