Electronic Medical Record Privacy and Confidentiality Policy

1. Our Philosophy. Your trust is our greatest asset. We make every reasonable effort to ensure that information held by the PinnacleCare electronic medical record website is confidential and secure. We disclose our information-security practices to you as clearly and fully as possible. These practices receive continuous oversight, and many of our business decisions, including Web design, technology selections, and third-party business relationships, begin and end with considerations for your privacy.

2. Changes to Policy. While our philosophy will not change, the details of the policy will change over time as we add additional services and form relationships with new business partners. Please refer back to this page periodically. The date the policy was last revised will always appear at the top of the policy pages.

3. Contacting Us. If you have any questions about this Privacy and Confidentiality Policy, the practices of the PinnacleCare electronic medical record website, your dealings with PinnacleCare, or would like to provide comments, please contact us at or by phone, toll-free, at 1-866-752-1712.

4. Site Ownership, Scope, and Applicability of The Policy. This Policy applies only when you are within the PinnacleCare electronic medical record website and only to information that PinnacleCare collects.

5. Activity Tracking. We collect and use activity statistics so we can understand the ways in which our site and services are being utilized. Activity related data is stored anonymously and it is only used in the form of aggregated statistics. This aggregated, anonymous data may also be shared with business partners. Activity related data cannot be used to target you with solicitations of any kind.
With the exception of your User ID and Secure Messages, you have full, online access to any and all information that you provide to us for purposes of viewing and changing it.

6. Collection and Stewardship of Other Information. We only collect information that is required in order to provide you with services. We design our site so that you must make express, informed choices to use services that ask for personal information and authorize us to have access to your personal information. If you do choose to provide us with personal information, we will hold that information in the strictest confidence taking all reasonable steps to protect your personal health information.
At any time, you can opt out of using PinnacleCare's electronic medical record service and revoke your authorization for online medical record access. We monitor and adopt best practices from industry guidelines and applicable statutes, and we follow appropriate information security practices as detailed below.

7. Third Parties. We work with business partners to provide the highest-quality service available. Our business partner contracts include protective language regarding consumer privacy in those cases where we feel the nature of the partner's role demands it. We do not disclose personal information to any third party without clearly noting the purpose of such disclosure at the point where you choose to use the service and obtain your authorization.

8. Use of Cookies. We use non-persistent session state cookies to establish and sustain login sessions. These cookies disappear after you close your browser. The cookies are used to monitor your session and to automatically log you out of our service if you exceed 60 minutes of inactivity. Other site cannot use cookies created by our site, and we do not use cookies to track your activities outside of our own site.

8.1 A cookie is a small text file that website use to recognize a user. At its simplest, cookie technology works by carrying a unique ID generated by the server that creates the cookie. A cookie does not pose a threat to the computer that accepts it.

9. Legal Requests. PinnacleCare cooperates with law enforcement inquiries as a matter of policy. We will use IP addresses and other available information to attempt to identify a user when we are legally compelled to do so or when we feel it is necessary to protect our services, site, customers, or others.

Legal Disclaimer. Unfortunately, no data protection method or combination of methods can be guaranteed 100 percent secure. We take all reasonable steps to protect your personal information as described throughout this policy, but we cannot ensure or warrant our ability to do so. As a result, you use PinnacleCare content, products, and services at your own risk. PinnacleCare will not be liable for disclosures of your personal information due to errors in transmission or unauthorized acts of third parties.

How PinnacleCare Protects Your Trust

Encryption: We use all reasonable means to provide secure transmission of your information from your computer to our servers. When you transmit personal information to us, we encrypt it using 128 bit encryption, the current industry-standard encryption technology. Encryption provides a secure means to protect your information as it passes over the Web to our servers.

Firewalls. Our servers and other technical infrastructure are protected from network intrusion using firewalls and other means.

Internal Access. Our employees and contractors have occasional, legitimate needs to access our data servers for purposes of system troubleshooting and maintenance. We ensure that such access is granted only to those who have such needs. All such individuals have signed confidentiality agreements with PinnacleCare and are continually made aware of their obligations regarding user information. Access is controlled via preassigned user accounts that require multiple levels of authentication and only the minimum amount of access necessary is permitted. All staff are periodically trained regarding security protection of their personal workstations.

Physical Site Security. The facilities that house our servers, network devices, backup data storage media, and other equipment and information are physically secured and attended. Access is strictly limited to only those individuals who require it for a legitimate purpose.

Policies and Procedures. We continuously evolve and update our internal information security policies and our business continuity and disaster recovery plans. We perform risk assessment, security audit, and system test activities on an ongoing basis. Our employees and contractors receive frequent training and/or reminders regarding information security and protecting the confidentiality of your information.

Standards and Regulations. Although not required by law to do so, we are committed to meet or exceed regulatory and industry self-regulatory guidelines regarding privacy, confidentiality, and information security. On an ongoing basis we will review and adapt to relevant statutes, regulations, formal private-sector standards, and informal policy guidelines as they apply. In particular, we strive to meet all applicable provisions of the final Health Insurance Portability and Accountability Act (HIPAA) rules for information privacy and security.

User Passwords. If you register with us, your personal information is password-protected, so only you have access to it. It is your responsibility to ensure the security of your User ID and password. If you believe this security has been violated, please contact PinnacleCare by e-mail at, or by phone, toll-free, at 1-866-752-1712.