Verify My Identity Privacy Policy

Verify My Identity ("VMI" or the "Service") takes very seriously its obligation to protect the confidentiality of, and to limit the uses and disclosure of user (“Users”) Personal Information. This Privacy Policy explains:

Capitalized terms used in this Privacy Policy have the meanings set forth in the Definitions section found at the end of the policy. This Privacy Policy does not apply to Non-personal Information.

Personal Information VMI collects and how it is used

Creating User Service Accounts

When Users register to create a Service Account, they provide certain Personal Information including name, date of birth, and a valid email address. Users also select a username and password for the Service Account, and provide other information (such as answers to security questions and a security phrase). VMI will use the information Users provide to confirm a User’s eligibility to establish a Service Account, to protect against unauthorized access to a User’s Service Account, and to communicate with Users regarding the Service. For example, when VMI sends Users an email, it will include the User-supplied security phrase; if a User receives an email purporting to be from VMI that does not contain the security phrase, the User should not trust that the email was sent by VMI.

Linking to 3rd Party Services / Relying Parties

VMI is a identity service based on the OpenID Connect and OAuth2 standards. VMI allows participant organizations to register their own applications and hence rely on VMI as an Identity Provider. These applications are Relying Parties but may also be referred to as client applications, or 3rd party applications. 3rd party apps may user VMI for login or they may just user it as a way to verify your identity and get other important information that may help facilitate some transaction between you and them. These Relying Party client applications receive an “identity token” from the VMI which contains information about you. Relying Parties may be functioning on behalf of organizations including vut not limited to:

VMI helps you share of information with organizations with 3rd parties with whom you want to share information. If you do not wish to share your information with a given Application, simply to not authorize or approve it. Instead click cancel. Only Authorize applications from Organizations and Application You trust and have a need to share information.

Use of Tracking Technologies and Cookies

VMI may also collect and record certain information from a User’s browser each time a User connects to the Service such as IP address, browser type and language, date, time and duration of connection, and actions performed. That information becomes part of VMI’s Audit Files, which VMI uses only in connection with providing, monitoring or improving the performance of the Service, and in offering any technical support or assistance User’s might request in connection with use of the Service. VMI also stores some information in cookies (small text files) that are created on a User’s device. The information stored there is retrieved when a User connects to the Service and used to improve or simplify User experience on subsequent visits. Most web browsers allow a User to decline cookies, and if a User has chosen to do so, some features or conveniences otherwise available when using the Service may not work.

Other Personal Information

If a User has established a VMI Services Account, the User can enter, upload and transfer from other locations a wide variety of other Personal Information to his or her account for storage, maintenance, editing, organization and sharing with others as directed by the User. That Personal Information might include health records available to the User through VMI accounts, other health information that a User wants to organize or share as part of his or her personal health record, as well as documents, X-rays, other electronic images, and data from various medical monitoring devices such as blood pressure or blood glucose monitors.

How VMI uses the Personal Information Users provide and store in User Service Accounts

VMI will not use, sell, rent, lease or disclose any User Personal Information for the purpose of allowing third parties to advertise to a User or otherwise attempt to sell Users products or services or solicit a User for business of any kind. In addition to the ways listed above, VMI may also use User Personal Information as follows: * To provide the Service to Users; * To provide assistance or technical support in connection with use of the Service; * To audit, monitor, improve and further develop the Service.

VMI reserves the right to use User Personal Information to investigate possible violations of the Terms of Service that govern a User’s use of the Service, to protect VMI’s property and rights, to investigate potential fraud or security issues, and to communicate with Users regarding the Service or use of the Service.

How VMI share your information with Organizations

Agents of Organizations with whom you are affilated may view and alter your account details. These persons are also sometimes refered to as Trust Agents. These Trust Agents may, for example, verify your identity and add a level 2 identity assurance flag to your account. They may also be able update information on your behalf such as your address.

Special Terms apply to Trust Agents outlines in the Terms of Sercie.

Organizations may programaticly add/update your information on your behalf. These means the organiozation's application is updating some piece of data. An example would be a health information exhange adding their master patient index identifier to an account so that subsequent patient-linking and matching is no longer needed.

How VMI protects the security of your Personal Information

VMI employs a wide variety of administrative, physical and technical safeguards to protect the confidentiality, integrity, and availability of User Personal Information.

For example, only authorized VMI employees, agents, or representatives who have a need, such as those assigned to operate and provide support for the Service, are provided electronic access to the VMI Servers on which User Personal Information is stored. Those VMI Servers are kept in secure locations and physical access to them is highly-controlled and tracked. VMI use Secure Sockets Layer (SSL) certificate technology so that Users have assurance when using the Service that it is genuine and operated by VMI. That technology also allows us to establish a secure, encrypted connection between the Service and the web browser Users use when they connect to the Service. When the secure, encrypted connection exists, the address appearing in a browser’s address bar will begin with https:// (not just http://). In a high-security browser, the browser address bar will turn green to indicate a secure connection.

Please note, however, that if the Service re-directs a User to web sites operated by other organizations (such as a healthcare organization or healthcare applications at which a User has an active account) or a User can clicks on a third-party link, Users no longer are connected to the Service. At that point, the nature of the User’s connection is governed and controlled by the technology adopted and put into place by the organization operating the web site to which the User has been re-directed.

Other technical safeguards that are employed at VMI to protect User Personal Information include the following: Service Account passwords are stored in an encrypted format. VMI provides Users guidance on how to create secure passwords. VMI can be accessed only when Users use high-security browsers of certain versions, all of which must be SSL-compatible. All transfers of data between systems made via the Internet in connection with use of the Service occur in encrypted form using SSL protocol or similar technology, which is widely regarded to be secure and reliable. Firewalls and audit trails are used to safeguard User information further.

How Users control the sharing of their Personal Information

VMI allows Users to transfer their Personal Information to and from their Service Account to Service Providers. Users control those transfers through the features provided within the Service. For instance, a User can authorize healthcare providers at the organizations where they have VMI Accounts to pull designated portions of their Personal Information from their Service Account for inclusion in electronic medical records at those organizations. Only those provider organizations that Users authorize will be able to initiate such transfers, and they will be able to transfer only the Personal Information from User Service Accounts that Users choose to make available to them. To enable this functionality, the Service makes the fact that Users are a VMI Service Account holder known to those organizations where Users have linked VMI Accounts.

Users are also able to download their Personal Information to their local computer or portable storage devices, or to direct that such Personal Information be transmitted to other entities. Again, all such transfers of User Personal Information will be solely in their control, as directed by Users through their use of the Service.

Please note that VMI cannot control and is not responsible for the privacy and security of User Personal Information once it has left VMI in accordance with User requests and directives when using the Service. VMI cannot retrieve that information after a User has shared it (or directed it to be shared), and cannot control or restrict the use of Personal Information by other organizations. For instance, designating within your VMI Services Account that portions of User Personal Information are not to be shared restricts only the transfer of the Personal Information via the Service; it does not extend those restrictions to organizations to which a User has sent that information or from which their VMI Services Account has received it, such as a healthcare organization where a User has a VMI Account. How such organizations treat User Personal Information is determined by their own privacy practices.

How VMI discloses User information

There are very few instances in which User Personal Information ever will be disclosed by VMI other than as directed by Users through their use of the Service. VMI may disclose User Personal Information if, in good faith, it considers necessary to: * comply with any applicable law compelling a disclosure of the information, to comply with legal process served on us, or in response to the request of a law enforcement or government regulatory agency in circumstances that VMI believes warrant the disclosure; * protect the personal safety or health of the public or users of the Service; * protect and defend VMI’s rights and property, including the enforcement of the Terms of Service that govern a User’s use of the Service; * protect against or address fraud or security breaches; or * fulfill its obligations as part of any actual or proposed purchase, merger or acquisition of any part of our business, provided that use of such Personal Information shall be limited to those purposes disclosed in this Privacy Policy.

In addition, VMI may at times engage other companies or individuals to perform certain activities on its behalf and related to its provision of the Service, such as assistance in improving software, off-site storage of information for disaster recovery, web site hosting, or technical assistance regarding operating systems, web browsers or other non-VMI software with which the Service might interact. VMI will provide such third parties access to User Personal Information only (i) when such access is necessary to accomplish the activity for which VMI has engaged the third party; and (ii) when the third-party is contractually bound to us: (a) to use the information only in connection with accomplishment of the activity for which they’ve been engaged and (b) to provide administrative, physical and technical safeguards to protect the confidentiality and security of the information.

What happens to User Personal Information when they close a Service Account

A User can choose to close a Service Account at any time. If they choose to do so, VMI will retain such User’s Personal Information until they request permanent deletion. Note that closing a Service Account affects only that User’s Personal Information that is stored on VMI Servers. It does not affect, alter or accomplish the deletion of any Personal Information that is stored or maintained on other systems, such as those of the User’s healthcare providers or the organizations at which they have VMI Accounts. After deletion, a User’s Personal Information may persist in Backup Files for up to a year and in the Audit Files for longer periods of time based upon government agency and private organization guidelines and recommendations that pertain to analogous categories of data and information. Backup and Audit Files are never stored on computers connected to the Internet and the data in such files is not readily or even easily accessible. VMI therefore reserves the right to decline to process requests to provide access to, to delete or to correct inaccurate Personal Information if such requests would be impractical, require disproportionate technical efforts, jeopardize the security of other individuals’ personal information or interfere with VMI’s legal obligations or its legitimate efforts to protect its business interests.

VMI is designed and intended for those who are at least 18 years old. By using VMI, a User affirms that he or she is at least 18 years of age or older. VMI is not liable for any damages that may result from a User’s misrepresentation of age.

VMI allows existing members to create accounts for family members, including those who are not yet 18 years old.

Access to User information

VMI will make good faith efforts to provide Users access to their Personal Information. VMI allows Users to delete or correct inaccuracies in their Personal Information that is stored on the Production Servers. Upon request, VMI will provide Users a summary of any Personal Information retained by VMI. Users may modify, correct, change, or update their Personal Information or cause their Personal Information to be removed from the database.

Organizations with whom you have a relationship may access your personal information. Other Users with whom you have a relationship, such as family, may also have access to your personal information. For example, a daughter may have access to her mother's account.

International users

Please know that Personal Information will be collected, stored, and processed in the United States of America. If a User is accessing VMI from outside the United States of America, please be advised that U.S. law may not offer the same privacy protections as the laws of other jurisdictions. VMI does not knowingly collect Personal Information about individuals residing in the European Union. If a User believes VMI has collected or processed information about any individuals in the European Union, please contact VMI immediately at privacy@videntity.com with ‘Privacy Policy: EU’ in the subject. You may also call out support desk at +1 888.871.1071 x 2.

Changes to this Privacy Policy

VMI may make changes to this policy from time to time by posting revised versions on this page. User’s continuing to use the Service will be deemed to have accepted their agreement that their information may be used in accordance with the new policy.

Questions and concerns

If Users have any questions regarding this Privacy Policy or concerns about VMI’s use, disclosure or handling of User Personal Information, they may contact us by emailing privacy@videntity.com with 'Privacy Policy' in the subject. You may also call out support desk at +1 888.871.1071 x 2.

Definitions