The following Privacy Policy (“Policy”) summarizes the various ways that Epividian, Inc. (“Epividian” or “us” or “we”) use the information you provide to us or we gather from you while you access or use the CHORUS website at http://chorus.epividian.com (the “site”), or CHORUS mobile application (“App”), and our related sites and online services (collectively, the “Services”). It is our goal to provide you with information that is tailored to your individual needs and, at the same time, respect your privacy.

Please read this Policy carefully. Your access to or use of any part of the Services will constitute your notice about our collection, use, and disclosure of your information in accordance with this Policy. If you do not wish for us to collect, use, and disclose your information in accordance with this Policy, please do not access or use the Services. This Policy does not cover information collected elsewhere, including, without limitation, offline or on sites linked to through the Services. We may add to or amend this Policy with other notices. We may also post different privacy statements for some Services, and when we do so, this Policy does not apply.

This Policy applies solely to information collected by us through the Services and does not apply to any third-party activities, including third-party websites linked from our Services, third-party social networking platforms or features we make available through our Services, or third-party ads displayed on our Services. We are not responsible for the privacy practices or content of such third parties. We encourage you to read the privacy statements of those third parties.

1. What Information We Collect from You
When your organization or clinical practice enters into an agreement with us to provide CHORUS services, all of the information we collect and share about you and your activity as you utilize our Services are bound by the terms of that agreement. If your organization has not entered into a services agreement with us, the information we collect about you includes your name, organization, mailing address, company name, e-mail address, and phone number(s). For all Site visitors or App users, not just registered users, we collect information such as IP address, device identifier, browser type, device type, domain name, access times, duration of visit, referring URL, platform, new and repeat information, time stamp, exit page information, and other information about how you use the Service.

2. How Your Information Is Used
We may use your personal information to respond to your comments and questions and provide customer service and we may send you information related to your requests.

3. How Your Information Is Protected
We maintain data handling and storage practices and procedures that are designed to promote the integrity and confidentiality of the personally identifiable information. No method of transmission over the Internet or method of electronic storage is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

4. Data Retention

  • CHORUS is used by healthcare organizations and their authorized workforce members. User accounts are created and managed on behalf of customer (i.e. healthcare) organizations.
  • Epividian retains user account information, authentication records, audit trails, access logs, security events, and records of access to patient information as necessary to satisfy applicable legal, regulatory, security, auditing, contractual, operational, and investigational requirements.
  • Information retained may include usernames, email addresses, telephone numbers used for multi-factor authentication, login history, security events, and records of access to patient information.
  • User accounts that are no longer active may be disabled or deactivated by the customer’s organization administrator. However, certain records, including audit trails, security logs, authentication history, and records of access to patient information, may be retained after account deactivation to support healthcare compliance requirements, security monitoring, auditing, fraud prevention, incident investigation, legal obligations, and contractual requirements.
  • Audit logs, authentication records, access logs, and related security records are retained for a minimum of twelve (12) months and may be retained longer as necessary to satisfy applicable legal, regulatory, security, auditing, contractual, operational, and investigative requirements. Other information is retained in accordance with applicable laws, customer agreements, and business requirements.

5. Data Deletion Requests

  • Because CHORUS is operated on behalf of healthcare organizations and maintains records required for compliance, security, auditing, legal, contractual, operational, and investigative purposes, deletion of information is subject to applicable legal, regulatory, and contractual requirements.
  • Users seeking deletion, modification, or deactivation of account information should first contact their healthcare organization administrator, who is responsible for managing user accounts and access within CHORUS. Users may also contact Epividian at support@epividian.com with questions regarding their information.
  • Epividian will evaluate requests for deletion or modification of information in accordance with applicable laws, healthcare customer agreements, healthcare compliance obligations, security requirements, and contractual commitments.
  • Certain information may be retained where required for legal, regulatory, security, auditing, research integrity, contractual, fraud prevention, incident investigation, healthcare compliance, or other legitimate business purposes. In such cases, deletion requests may be limited or denied to the extent permitted or required by applicable law.