Quality Systems, Inc. | Privacy Policy

Privacy Policy

Home Privacy Policy

This policy explains how We treat personal information We obtain from You, as users of Our various Company Sites, including but not limited to www.qsii.com and www.nextgen.com, but does not apply to any third party sites that may be linked to them.

We use the Company Site to make information, products and services available to You. The term “personal information” means information that You provide to us which personally identifies You to be contacted or identified, such as Your name, phone number, email address, and any other data that is tied to such information.

  1. The Information We Obtain. We collect the information We need to provide You with the information, products and services that You request and to update, promote, and distribute Our products and services to meet Your needs as they evolve.

    If You request information, products or services from Us, We will ask You to provide the information We need to respond to Your request. No one is required to provide any information to Us at any time. However, if You do not provide Us with the information We request, We may be unable to provide You with the information, products or services You have asked for. In other cases, Your decision not to provide Us with information may preclude Your access to certain features and functions of products and services We offer.

    We also obtain information through the Company Site, by using forms posted on or linked to the site that seek information including Your interests and concerns, preferences for products and services, or contact information. We also seek information through email, and in other routine, lawful operations that We conduct in the ordinary course of operating our business.

    These operations may include the use of common data gathering functionality, such as cookies and other devices that collect certain standard information generated by Web browsers pertaining to users of the Company Site, such as IP addresses, access times, and their experience using one or more web sites operated by or on behalf of Us. We may use the information We collect in connection with Your use of the Company Sites (including Your personal information) in order to investigate, enforce, and apply our Terms and Conditions and Privacy Policy.

    We use Google Analytics™ web analytics services on some Company Site. Google Analytics is a service provided by Google, Inc. (“Google”). Google uses the data collected to track and examine the use of Company Site, to prepare reports on its activities and share them with other Google services. Google may use the data collected to contextualize and personalize the ads in its own network or advertisers. The information collected by Google is used to inform, optimize, and customize advertising based on user patterns while on Company Site. This activity is performed by tracking use data and by using cookies, information that is transferred to partners that manage the remarketing and behavioral targeting activities. Google Analytics for display advertising is a remarketing and behavioral targeting service provided by Google that connects the tracking activity performed by Google Analytics and its cookies with the AdWords™ advertising network and DoubleClick™ cookies. For more information see Privacy Policy. To opt-out see https://tools.google.com/dlpage/gaoptout.

    We use Clickale® web analytics service on some Company Sites. Clicktale may record mouse clicks, mouse movements, and scrolling activity as well as any text you type in this website. Clicktale does not collect personally identifiable information that you do not voluntarily enter in this website. Clicktale does not track your browsing habits across websites which do not use Clicktale services. For more information see Privacy Policy for Information Collected by the Clicktale Web Analytics Service. We are using the information collected by Clicktale service to evaluate the usability of the applicable Company Site. You can choose to disable the Service at http://www.clicktale.net/disable.aspx.
  2. Customers and Other Authorized Users. Customers of Our products and services may use the sections of the Company Site reserved for customer use (login required) solely as their respective agreements permit. Other authorized users of information resources available on or through this site may use them solely as and to the extent that have been authorized to do so. We request information from customers and other authorized users to authenticate them and verify their authorized use of the, products, services and other resources We provide.
  3. Promotional Offers. Promotional offers are governed by their terms and conditions. We may request information from those responding to offers to determine eligibility and to process and fulfill eligible responses.
  4. How We Use The Information Provided. We do not request any patient information through general Company Site such as www.nextgen.com. Certain web-based services provided by Us, such as NextGen Patient Portal, NextGen Health Quality Measures, NextGen Health Information Exchange and NextGen Revenue Cycle Management Services and certain support operations involve access to, and the processing of, patient information. This information is provided to Us lawfully by: (i) medical professionals who have obtained their patients’ consent to provide Us with their patient information or (ii) by the patient themselves (or, if the patient is a minor, through their parent or guardian).

    The Company Site is not designed to be used by children. The general Company Sites are not intended to collect or retain any patient data. However, use of certain web-based services (e.g. NextGen Patient Portal) We provide may allow and/or require the collection of certain patient data. Children under the age of thirteen (13) should not use any of Our services that requires and/or collects patient data unless they are doing so under the direction of their parent/guardian or medical professional.

    We use the information We obtain to provide the Company Site, provide Customers and authorized users with:
    • Products, services and information resources;
    • The development of new and updated products, services and information resources;
    • The administration of, protection of, and management of the Company Site, Our products, services and information resources; and
    • Communications concerning Our products, services and information, which includes marketing and promotions, including the processing and where applicable, fulfillment of promotional offers.
    These uses may involve disclosure of this information to vendors, technology and marketing partners, resellers, medical professionals and others who assist Us in the development, marketing, sales, and support of our products and services. We may use and disclose aggregated, non-personal information derived from our operations for a variety of development, promotional, communications, and other business purposes. If We wish to use Your name, likeness, or other personally identifiable information for promotional purposes or corporate communications, We will seek Your permission before doing so.
  5. Disclosures of Information. We may disclose certain information We obtain in order to provide certain products, services and information resources and to develop, promote, and support our products and services, solely as our agreements with our customers, other authorized users, vendors, technology partners, marketing partners and others permit. In order to ensure continuity of the Company Site and the integrity and availability of the information required to provide it and our products and services, information provided to Us may be backed up or archived, and this may include the storage of information at facilities operated by our vendors. Finally, We may disclose information as We believe necessary to: (a) comply with applicable law and regulations, which may include disclosures made in response to any subpoena, document request, or other legal request seeking the disclosure of information that appears to have been lawfully issued; (b) perform under and enforce the terms and conditions under which Our products and services are provided; (c) exercise Our legal rights in its products, services and resources and to otherwise protect its assets; and (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public. The information We obtain in connection with the Company Site is not sold, rented, or otherwise disclosed to any person or entity except as this policy states.
  6. Third Party Links. The Company Site may contain links to third party sites to provide additional, value added services. Except as set forth herein, We do not share Your personal information with those third parties, and are not responsible for their privacy practices. We therefore have no responsibility or liability for the content and activities of these linked sites. We suggest You read the privacy policies on all such third party websites.
  7. Regulation & Security. We use appropriate security measures to protect the information We obtain from unauthorized alteration, loss, disclosure, or use, including technological, physical and administrative controls over access to the systems We use to provide the Company Site and our products and services. As an example, We restrict access to particular systems and information to those employees and independent contractors whose duties require them to have it. To obtain this access, employees and independent contractors are required to agree not to: (a) disclose that information; or (b) use their access or any confidential information except to exercise their rights or discharge their obligations under their respective agreements.

    1. HIPAA Information. Certain information provided to Us may be Protected Health Information as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), American Recovery and Reinvestment Act (“ARRA”), Health Information Technology for Economic and Clinical Health Act (“HITECH”) and in regulations promulgated there under and it may also be subject to regulation under state law (“PHI”). We offer and provide the Company Site and our products and services in a manner that complies with all applicable laws and regulations we are aware of and/or become known to us and will continue to do so. As an example, We have Business Associates Agreements in place with our customers, partners and vendors that govern the disclosure and use of PHI that is required for Us to provide them with the products and services they have requested.

      If You order services from Us that require You to provide to Us personal health information that is protected under any federal or state laws (including HIPAA), You grant to Us a non-exclusive, perpetual, irrevocable, royalty-free right and license to use de-identified patient and administrative data (“De-Identified Use Data” as defined under 45 C.F.R. § 165.514) collected or provided through your use of the Company Site for any lawful business purpose, provided that such data is not personally identifiable. We shall have the right to de-identify such patient and administrative data and then utilize the De-Identified Use Data for any lawful purpose, including but not limited to creating statistical norms and reports de-identified score cards, regional or national benchmarking, or to be used for research considerations, provided however that the data shall not include member identities and claims information that is unprotected. Personally identifiable patient, physician and Your information shall remain confidential and shall not be released. Further, should We choose to place the De-Identified Use Data in its national database or in any way incorporate such data in studies and/or analyses conducted directly or indirectly by Us, no such data shall be identified as originating from You, or Your patients, members, or physicians. The De-Identified Use Data shall also not be utilized in any study, report or publication without first being integrated with a significant body of other data such that neither You or Your patients or physicians can be identified, unless appropriate, advance and written consents to such identification are obtained.
    2. EU Safe Harbor Information. The EU Directive on Data Protection requires EU member states to adopt laws protecting Personal Data collected within their borders. These laws must, among other provisions, restrict the transfer of Personal Data only to countries that have data protection laws deemed adequate under standards established in the EU Directive. The U.S. Department of Commerce and the European Commission have agreed on the Principles to enable U.S. Companies to satisfy the requirement under EU law that adequate protection be given to Personal Data transferred from the EU to the U.S.

      In regard to Personal Data transferred from the European Union (EU) to the United States, the Comapny will adhere to the Safe Harbor Principles and Frequently Asked Questions published by the U.S. Department of Commerce (collectively referred to as the Principles) at http://export.gov/safeharbor/ with respect to all such data, and will self-certify to the U.S. Department of Commerce compliance with the Principles. If there is any conflict between the policies in this statement and the Principles, the Principles will govern. This statement outlines the general policy and practices for implementing the Principles, including the types of information the Company gathers, how the information is used, and the choices affected individuals have regarding the Comapny’s use of, and their ability to correct, that information.

    Definitions


    • Identifiable Person - means a natural person that is or can be identified, directly or indirectly, as a particular person by reference to an identification number or to one or more aspects of the person’s physical, physiological, mental, economic, cultural or social identity. Identifiable Persons may include individuals whose Personal Data is collected by clients and business associates of the Company as well as any employee, applicant, former employee, or retiree of the Company, its operating divisions, or subsidiaries.
    • Personal Data - is any information about an Identifiable Person that
      • is within the scope of the EU Directive or other applicable laws,
      • is received by Company in the U.S. from the EU,
      • is recorded in any form and is about, or pertains to, a specific individual; and can be linked to that individual.
      Personal Data does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Data.
    • Processing - means any online, offline or manual processing and includes such activities as copying, filing, and inputting Personal Data into a database.
    • Sensitive Data - is data that pertains to medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or any other data that is identified as sensitive by the Identifiable Person.
  8. Access and Changes to Information; Deletion of Information. Customers and authorized users of our products, services, and information resources have access to the information We store about them, and may change that information at no charge, provided that doing so is consistent with their respective agreements with Us. Certain information services We provide may reflect patient information as it appears in the medical records of those patients that are maintained by the medical professionals they consult. We may retain the information We obtain for a period sufficient to provide the products and services that our customers request, as necessary to comply with our legal obligations, and as Our management deems appropriate.
  9. Compliance, Questions and Concerns. We monitor our compliance with this policy. Questions or concerns should be directed to privacy@qsii.com.

    Complaints will be acknowledged, investigated, resolved between Us and the parties concerned when possible, and reported to governmental authorities as the applicable law requires and as appropriate.

Policy Effective Date: October 22, 2015