HSS Website and Applications Privacy Policy

Last Updated August 15, 2022

Your online privacy is important to Hospital for Special Surgery and The Hospital for Special Surgery Fund, Inc. (collectively, “HSS”, “we,” “our,” or “us”). This privacy policy (our “Privacy Policy”) explains the types of information we gather, what we do with it, and how you may correct or change information that we may collect.

This Privacy Policy describes the privacy practices for our site at https://www.hss.edu/ (our “Website”), our MyHSS Portal at https://myhss.hss.edu/, and the, HSS Safe App, LupusMinder App, our deployment through the Epic MyChart App, and the MyHSS App (our “Applications”) (collectively the “HSS Sites”). 

This Privacy Policy applies to information we collect:

• on our HSS Sites;
• in email, text, and other electronic messages between you and our HSS Sites; or
• when you interact with our advertising and applications on third-party websites and services, if those advertising or applications include links to this Privacy Policy.

It does not apply to information collected by:

• us offline or through any other means, including on any other website operated by any third-party; or
• non-service provider third-parties, including through an application or other content (including advertising) that may link to or be accessible from or on the HSS Sites.  While HSS does not, as of the date of this Privacy Policy, incorporate non-service provider third party links on HSS Sites, it reserves the right to do so in the future.

 

For information about our privacy practices regarding Protected Health Information (“PHI”) that we collect through our HSS Sites and for our HSS Virtual Care and other telemedicine or telehealth services, please refer to our Notice of Privacy Practices here https://www.hss.edu/notice-of-privacy-practices.asp.  PHI is individually identifiable health information that is protected by the Health Insurance Portability and Accountability Act of 1996, as amended, and its implementing regulations (“HIPAA”).  If there is a conflict between this Privacy Policy and the HSS Notice of Privacy Practices, if applicable, the Notice of Privacy Practices will apply.  If you are an individual located in the European Union, Iceland, Liechtenstein, or Norway (the “European Economic Area” or “EEA”), please refer to our General Data Protection Regulation Privacy Disclosures (“GDPR”) located here https://www.hss.edu/files/GDPR-Privacy-Disclosures.pdf. 

Please read this Privacy Policy carefully to understand our policies and practices regarding your information and how we will treat it. This Privacy Policy is incorporated by reference into the HSS Website Terms of Use available at https://www.hss.edu/terms-of-use.asp, the Terms of Use for MyHSS and the HSS deployment through Epic MyChart available at https://myhss.hss.edu (follow the link at the bottom of the page), HSS SAFE App (available through the application), LupusMinder App (available through the application), or such other location as we may make available.  By accessing or using our HSS Sites, you acknowledge the terms of this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our HSS Sites after we make changes is deemed to be acknowledgment of those changes, so please check this Privacy Policy periodically for updates.

Table of Contents

• Collection of Your Information
  • Information that We Collect Automatically
  • Information that You Provide to Us
  • Use of Your Information
  • How We Disclose Your Information
    • Physician Referrals (through “Request an Appointment”)
    • Emails to Physicians
    • Information Requests (through “Contact HSS - Email HSS”)
    • Insurance Inquiries
    • “Sign up for eNewsletter”
    • Registration for Education Institute Programs (through Authorize.Net™)
    • Giving to HSS - Online Donations
    • “Back in the Game”
    • Use of “Email-this Article” Feature
    • Wayfinding
    • Employer MoveBetter Programs
    • Remote Second Opinion
    • Use of “Cookies” and Other Technologies
• Access to Your Own Information/Opt-Out
• Our Commitment to Children's Privacy
• Links to Other Sites
• Third-Party Service Providers
• Security
• Legal Disclaimer
• Changes to this Policy
• Contact Us

Collection of Your Information

The goal of the HSS Sites is

• to provide current and useful information about, and access to, HSS, our services, our educational and research activities, our physicians and other healthcare providers;
• to provide information for physicians, other healthcare providers, and members of the public in the broad area of musculoskeletal medicine;
• to provide HSS patients with access to their medical record, as described below; and
• to provide scheduling for access to HSS care concierge, healthcare providers and affiliated physician services.

We collect information about our users to understand their interests in order to update the information we provide. In this Privacy Policy, we do not include PHI in the definition of Personal Information below because PHI has different treatment under HIPAA and other applicable laws. As noted above, you acknowledge that HSS’s use and disclosure of your PHI collected through our HSS Sites will be governed by the HSS Notice of Privacy Practices, available at https://www.hss.edu/notice-of-privacy-practices.asp. 

Generally

We may collect several types of information from and about users of our HSS Sites, specifically information:

• that alone or when in combination with other information may be used to readily identify, contact, or locate an individual including information such as name, postal address, billing address, work address, shipping address, geolocation (when accessing location services), e-mail address, home, work, and mobile telephone numbers, MyHSS account information and numbers, date of birth, credit or debit card number (for payment purposes only), biometrics, information about your race and ethnicity, and information regarding your religious beliefs (“Personal Information”);
• about your access and use of our HSS Sites, including traffic data, location data, logs, referring/exit pages, date and time of your visit to our Website or use of our Applications, error information, clickstream data, and other communication data and the resources that you access and use on our HSS Sites;
• with respect to the MyHSS Portal and the MyHSS App, about your use of HSS services, including medical or wellness services, to the extent that such information becomes part of your electronic medical record stored in Epic (“EMR”); and/or
• about your internet connection, the equipment you use to access our HSS Sites and usage details.

We may collect this information:

• directly from you when you provide it to us;
• automatically as you navigate through our HSS Sites; and
• from third-parties, for example, our business partners or service providers.

Information that We Collect Automatically.  Each time a user comes to or uses our HSS Sites, we automatically collect some information to help us assess what users wish to know. We collect a user’s IP address(es) and the types of domains from which the user visits the HSS Sites (for example, whether the user logged on from a .com, .gov, .edu, or other domain), referral data (for example, the address of the last URL a user visited prior to clicking through to the HSS Sites), browser and platform type (for example, a Microsoft browser or an Apple platform), and information regarding how frequently our users request or indicate an interest in certain types of information on our HSS Sites. We collect this information to improve our content and keep it in line with the needs of our users. We will use this information to direct our efforts to better meet the needs of our users, by analyzing how often users are accessing certain features of the HSS Sites.

Information that You Provide to Us.  Our HSS Sites may also collect Personal Information about you that you provide to us and/or Personal Information, including health and demographic information, we may gather in preparation for, at or in relation to your visiting our facilities, including medical facilities. We use that Personal Information for the purpose of providing information, services, or materials to you that you have requested, unless you specifically consent to (or, if required by applicable law, authorize in writing) other uses of your information.  If you register at any of the HSS Sites in order to use special services for registered users only, we will require that you provide your name and e-mail address, and may also require that you provide additional information, such as your address, and indicate your affiliation with HSS.  We use this information to improve your experience at the HSS Sites and to enable you to maintain and gain access to your specially personalized areas of the HSS Sites. We share your Personal Information with authorized HSS employees and staff, health care providers affiliated with HSS, certain third-party vendors who provide services to HSS (as described more fully below), and other third-parties as required by applicable law.  We do not otherwise share your Personal Information without your consent (or, if required by applicable law, written authorization).  If you are using our HSS Sites to register and pay for an educational program, please read “Registration for Education Institute Programs Through Eventbrite® or HSS eAcademy® below.  If you are using the HSS Sites to make a charitable donation to HSS, please read “Giving to HSS - Online Donations” below.

Health Information, including COVID-19 Information  

As mentioned above, our collection of Personal Information may include our collection of your health information, including, but not limited to, COVID-19 historical or current symptoms, diagnosis, testing, and/or vaccination status, to the extent such information becomes part of your EMR at any time when you are under the care of a healthcare provider at HSS (which may include your provision of such information in advance of an appointment), or if you otherwise provide such information to us through the MyHSS Portal or MyHSS App. The MyHSS Portal and the MyHSS App both give you the ability to view and share health information which is stored in the EMR, communicate with your healthcare providers, schedule appointments, learn about health and wellness, and other related activities.    

Use of Your Information

We may use information that we collect about you or that you provide to us, including any Personal Information:

• to present our HSS Sites to you;
• to provide you with information, products, or services that you request from us;
• to enhance your experience, for example, by personalizing your experience when you use the HSS Sites, such as by tailoring content and advertising and remembering your preferences;
• to process, fulfill, and administer transactions and orders for products and services ordered by you;
• to contact you in response to a request;
• to fulfill any other purpose for which you provide it;
• to verify your identity;
• to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
• to notify you about changes to our HSS Sites, or any products or services we offer or provide though them;
• in any other way we may describe when you provide the information; and
• for any other purpose with your consent.

We may also use your information to contact you about goods and services that may be of interest to you, including through newsletters that you request. If you wish to opt-out of receiving such communications, you may do so at any time by clicking unsubscribe at the bottom of these communications.

As discussed in more detail below we may use information we collect about how you browse or use our HSS Sites in order to show you ads for HSS or our advertising partners that are more relevant to your interests. We may use cookies and other information to provide relevant interest-based advertising to you. Interest-based ads are ads presented to you based on your browsing behavior in order to provide you with ads more tailored to your interests. These interest-based ads may be presented to you while you are browsing our site or third-party sites not owned by HSS.

Additional Information About Our Android and Apple Mobile Applications

If you choose to add a profile photo to our Applications, you may select an existing photo on your device or take a new photo using the camera app on your device. If you select an existing photo on your device, we store a copy of your chosen photo in app-private storage on your device. If you use the camera app on your device to take a new photo, the photo you take is first saved to your camera app and then also saved to app-private storage on your device. If you remove the photo from your profile or delete our Applications, the copy of the photo is deleted from the app-private storage, but the photo saved to your camera app remains available in your camera app until you choose to delete it. 

When you choose to use Apple’s HealthKit or Google Fit, we create encrypted identifiers to identify recipients of your Apple’s HealthKit or Google Fit data and store them on your device in app-private storage. If you choose to stop using Apple HealthKit or Google Fit or delete our Applications, the identifiers are deleted.

When you choose to view documents from your healthcare provider at HSS (such as letters or images) using our Applications, to make the files viewable for you we temporarily store copies on your device in app-private storage. The temporary copies are deleted when you close your session on our Applications.

If you enable automatic appointment arrival, we temporarily store identifiers and times for your upcoming appointments in app-private storage to detect when you arrive for an upcoming appointment. If you choose to stop using our Applications or you disable automatic appointment arrival, the identifiers are deleted.

We may provide functionality that offers location-based check in for in-person appointments, or allows you to find healthcare providers near you. You may choose to allow our Applications to interact with your location data for those purposes. We do not store your location data.

If we allow you to notify front desk staff electronically when you arrive for an appointment, you may choose to allow our Application to interact with your Bluetooth data for this purpose. We do not store your Bluetooth data.

While you use our Applications, we collect non-identifying information so we can provide customer service to you and understand how people use our Applications so we can improve our products. This information includes the time you began using the Application, any error messages or codes, the model of device used and its operating system, and the version of our Application used. If you use Android devices, we also collect your connection type (cellular or WiFi) during an error.

You may contact us through the methods listed under “Contact Us” below. If you contact us, we may keep a record of the communication. You can decide how much information you want to share with us in those cases.

Our Applications interact with your microphone only if you choose to use your microphone to navigate our Applications. Our Applications interact with your camera roll only if you choose to add a profile photo to a profile in our Applications. 

Our Applications were not created specifically for the COVID-19 pandemic. They existed before the COVID-19 pandemic to allow you to access your health information on file with HSS. We may allow you to access COVID-19-related vaccination information, laboratory test results, and documents with illness-related information using our Applications. You may choose if or how you want to access, display, or use the information – just like you can make those decisions about health information relating to other conditions, services, tests, or vaccinations.

We may allow you to use our Applications to conduct telehealth appointments with your healthcare providers at HSS. Our Applications only provide the technical support for those appointments to happen. We do not interact with any health information about you exchanged during any telehealth appointments.

How We Disclose Your Information

We do not share, sell, or otherwise disclose your Personal Information for purposes other than those outlined in this Privacy Policy. However, we may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose Personal Information that we collect or you provide as described in this Privacy Policy:

• to contractors, service providers, and other third-parties we use to support our business. The services provided by these organizations include providing IT and infrastructure support services; website operation, web hosting, and providing analytics services; and fraud prevention, fulfillment, billing, ordering, marketing, and payment processing services;
• to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, or other affiliation, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by HSS about users of our HSS Sites are among the assets transferred;
• to fulfill the purpose for which you provide it (for example, we may disclose your Personal Information to a healthcare provider);
• for any other purpose disclosed by us when you provide the information; and,
• to third-parties, including outside companies, organizations or individuals, when we have your consent to do so.

We may also disclose your Personal Information:

• to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
• to enforce or apply our Website Terms of Use or MyHSS  Terms of Use  and other agreements, including for billing and collection purposes; and
• if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of HSS, our customers, or others (including the exchange of information with other companies, organizations or government entities for the purposes of fraud protection, credit risk reduction, or to prevent or address criminal activity).

Instances when we collect Personal Information from you through the HSS Sites, and how we may use and/or disclose that information in those instances, include, without limitation:

• • Physician Referrals.  If you are a healthcare provider and request a physician referral for one of your patients, we may collect your name and email address, and your patient’s mailing address, e-mail address, telephone number, condition/syndrome and its area/location, and type of insurance.
  • Electronic Communication with HSS Healthcare Providers and Medical Staff. 
    • • • • Via MyHSS.  If you send information to your HSS healthcare provider through the MyHSS messaging function, any Personal Information you send will become part of your medical record and subject to access by other HSS healthcare providers or medical staff involved with your care, subject to applicable laws, including HIPAA.
          • Via Email.  If you send information to a physician e-mail address that is available through hyperlinks on the HSS Sites, then any Personal Information that you submit electronically to those e-mail addresses will be transferred from the HSS Sites to the offices of physicians who are members of the HSS medical staff.  Many of these physicians and their staff are not employees of HSS in their practice of medicine, and thus your information, when received by them, will be subject to their policies and procedures, and not this Privacy Policy, the HSS Notice of Privacy Practices or any other HSS policies and procedures. You understand and acknowledge that emails you send outside of MyHSS are not necessarily secure and are subject to compromise or access by others when sent through unencrypted email.
  • Information Requests (Through “Contact HSS - Email HSS”).  When you communicate with us through “Contact HSS - Email HSS,” we will collect your name and email address, and request that you select a subject from a drop-down menu and provide additional information about your request in a message field.  If you request a physician referral through “Contact HSS - Email HSS”, we will use your information to contact you with the name of a physician. If you use “Contact HSS - Email HSS” to request information from us, we may link your name or your email address to the types of information you provide or request from us so that we may send you materials that you may request or that may be of interest to you.  We also may share your information within HSS and with our affiliated physicians, in order to provide you with the information that you request.  Whether you are requesting a physician referral or information, HSS personnel may contact you regarding your request, for example, to help set up an appointment or to better determine the referral or information that is appropriate for you.  As noted above, to the extent information you provide is PHI, you acknowledge that HSS’s use and disclosure of your PHI collected through our HSS Sites will be governed by the HSS Notice of Privacy Practices, available at https://www.hss.edu/notice-of-privacy-practices.asp.  Please note that, similar to email correspondence with physicians and their staff who are not employed by HSS mentioned above, correspondence with such physicians and staff will be subject to their policies and procedures, and not this Privacy Policy, the HSS Notice of Privacy Practices or any other HSS policies and procedures.
  • Insurance Information. If you use the secure form at https://www.hss.edu/secure/insurance-question-form.asp to contact the HSS Insurance Advisory Service, we may collect your name, email address, and daytime phone, and insurance-related information. You will also be asked, but not required, to provide your mailing address, information about the type of insurance you have, your insurance identification number, and your date of birth.  HSS, through its Insurance Advisory Service, will use the information you provide to serve as a liaison service among you, your insurance carrier(s), and HSS, and to provide information to you regarding your insurance coverage for services at HSS.  HSS may use the information internally and also disclose it externally to your insurance carrier(s) and persons working on their behalf.  As noted above, to the extent information you provide is PHI, you acknowledge that HSS’s use and disclosure of your PHI collected through our HSS Sites will be governed by the HSS Notice of Privacy Practices, available at https://www.hss.edu/notice-of-privacy-practices.asp. 
  • “HSS Newsletter Registration”.  When you sign up for our eNewsletter, we may collect your email address, status (patient, physician or other health care professional, pharma or device industry, or press/media), your zip code, and your country.  The email address you provide will be used to send you a free, monthly eNewsletter highlighting new content featured on the HSS Sites.  If you identify yourself as a physician or other health care professional, you will also be asked for your specialty, and HSS may use this information for internal tracking purposes.  If you identify yourself as a member of the press/media, you will also be asked for your name, address, phone number and affiliation, and the HSS Public Relations Department may use this information as contact information for future press releases by HSS.
  • Registration for Education Institute Programs .  If you wish to register for our Education Institute programs, including Continuing Medical Education (CME) courses, we may ask that you provide us with certain Personal Information, including your name, e-mail address, mailing address, and other information as may be required to process the CME certification. When you choose to purchase a course by credit card using our Website, you will be taken to a separate, secure site operated by a third party that will process your credit card transaction. You will not be providing your credit card information to the HSS Sites.  The third party server sends that data to your credit card's financial institution for authorization. After your card's financial institution responds to the third party with approval of the transaction, the transactions are then batched and sent to an HSS bank account. Your credit card information may be stored on the secured third party database for access by HSS personnel in accordance with the third party’s policies and procedures.  HSS restricts its access to that database to authorized HSS employees and staff who will use the database information solely for purposes of enrollment, administration of enrollment, and the processing of refunds for Education Institute programs. 
  • Giving to HSS - Online Donations. If you wish to make an online charitable donation to HSS, you will be taken to a secure area of the HSS Sites created using third party software.  A secure server sends your credit card data to third-party credit card transaction processing services that will contact your credit card's financial institution for authorization.  After your card's financial institution responds with approval of the transaction, the transaction is then batched with other donors' approved transactions and sent to an HSS bank account. The secure server will also send your name, address, email address, and giving history to our fundraising database, where it will be stored; your credit card number will not be stored in our fundraising database. HSS will restrict its access to that database to HSS employees and officers who will use the database information solely for purposes of verifying that the third party is processing the transactions correctly.  We retain the other information that we collect in connection with your online donation (your name, address, and giving history), and use that information for our internal operations (including recordkeeping, and analysis and reporting), and also to send you follow-up correspondence and information about HSS.
  • “Back in the Game”. If you visit https://backinthegame.hss.edu/ and click on “Share Your Story”, you will be taken to a fillable form where you will be asked to provide your contact information (name, email address, and phone number), hometown (city, state, and country), age, the name of procedure(s) you had at HSS, and the name of your physician/therapist, and then there is a free-form box for you to tell your story as well as a place for you to submit photos or videos. If you then check a box to specifically authorize HSS to use and disclose information you submit about your HSS experience (including any photo or video that you submit), if HSS accepts your story, we will electronically post it to the Website and/or HSS social media channels.  Patient stories that are accepted will be searchable so that others with similar conditions or injuries can learn more from your story. The fillable form also contains a check box to receive more information from HSS. If that box is checked, you will receive our monthly newsletter and other information from HSS.
  • We use Google Analytics to analyze traffic and usage on our HSS Sites.  Google Analytics collects information using Cookies and other technologies.  Google provides users choice on how their data is collected by Google Analytics by developing an Opt-out Browser Add-on, which can be located at: http://tools.google.com/dlpage/gaoptout?hl=en.  By installing this Add-on, no information is being sent to Google.  Our Website does not presently respond to “Do Not Track” signals.
  • Use of “Email This Article” Feature. If you elect to use the HSS Sites to send a friend an article, we ask for your friend's name and email address, and HSS will use that information to automatically send your friend a one-time email containing the article. HSS does not store this information; it is only used to send this one-time email.
  • Wayfinding. When you access our HSS Sites through a mobile phone or other device with enabled location-based services, we may collect information about your location in order to help you navigate to certain destinations of interest during your visit to our facilities or during an appointment that you schedule with us.  For example, we may provide interactive step-by-step directions both outdoors and indoors to guide you to HSS departments, HSS physician offices and points of interest at or near our HSS facilities such as restrooms, dining options and local amenities.  If you do not enable location-based services, we cannot provide these Wayfinding services to you.
  • Employer HSS MoveBetter Programs. If you are an employee of a company that participates in the HSS MoveBetter program, we may collect Personal Information such as your name and email address from your employer in order to verify your identity when you create an account or request services through our HSS Sites.  We may use your email address to contact you regarding your appointments and to provide information and about programs that may be of interest to you.  We may share aggregate data from you and other employees of our partners in the HSS MoveBetter program to help them evaluate and customize the offerings of the HSS MoveBetter program. If you access and use the Care Concierge tool through HSS MoveBetter, we may use the Personal Information you provide to contact you in order to provide Care Concierge services.
  • Remote Second Opinion. If you use our HSS Sites to request a remote second opinion from one of our physicians or partners, we may ask for your location and state of residence or use location-based services in order to help select a practitioner to meet your needs.  In some cases, you may be directed to our service provider’s third-party website, and the third-party will collect additional information, which will be shared with HSS, in order to provide the remote second opinion services.
  • Use of “Cookies” and Other Technologies. A “cookie” is a small data file that websites store on your hard drive when you visit them. ”Web beacons” or “transparent gifs” (hereafter referred to as “beacons”) are usually a 1-pixel by 1-pixel transparent image that are served by websites when you visit them or by third-party vendors such as Google and Facebook. The HSS Sites use cookies and beacons to record aggregate and anonymous information about you.  These files allow us to measure activity on the HSS Sites, which we use to improve your use of them.  The HSS Sites also use these files to track movement to and on the HSS Sites, and to determine which areas and features of the HSS Sites are most popular by measuring user activity.  We use this information to make improvements and updates to improve users’ experience on the HSS Sites.  HSS also uses cookies and beacons to track the use of digital advertising and to tailor advertisements to you (HSS advertising that appears on other websites) based on your interactions with the HSS Sites (retargeting or remarketing). For example, we may use these files to transmit website usage information to third-parties in order to show you advertising for HSS when you visit other websites. Most computers' internet browsers (such as Microsoft Internet Explorer® and Edge®, Mozilla Firefox®, Apple Safari®, and Google Chrome®) are set to accept cookies. If you prefer, you may set your computer's internet browser to refuse cookies or to alert you when cookies are being sent. We use “Cookie” to generically refer to cookies and other of the aforementioned technologies.  We may use the following types of Cookies:

Strictly Necessary Cookies: These cookies would be necessary for our HSS Sites to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.  You can set your browser to block or alert you about these cookies, but some parts of the HSS Site will not then work.

Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our HSS Sites. They help us to know which pages are the most and least popular and see how visitors move around the HSS Sites. These cookies collect and aggregate data. If you do not allow these cookies we will not know when you have visited our Sites, and will not be able to monitor its performance.

Advertising Cookies: These cookies may be set through our HSS Sites by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Access to Your Own Information/Opt-Out

If you would like to review the Personal Information collected about you through our HSS Sites, you may contact us at the contact information provided below (“Contact Us”).

Any e-mail that you receive from the HSS Sites will also offer the option of removing your name and e-mail address from our mailing lists. If you would like to advise us of changes required in the Personal Information that you have submitted through the HSS Sites, or to remove your e-mail address from any e-mail services on this site to which you have subscribed, you may contact us at the contact information provided below (“Contact Us”).

Our Commitment to Children's Privacy

Protecting the privacy of children is important to HSS.  We do not knowingly collect information provided by children under the age of eighteen (18) years of age through our HSS Sites without verified parental consent.

Links to Other Sites

In order to provide our users with other valuable information, the HSS Sites contain links to websites other than our own. Unless otherwise indicated, HSS does not control the content that appears on linked websites that are not clearly identified as part of the HSS Sites. These links are provided only for your convenience and, accordingly, you access these linked websites at your own risk. However, we try to ensure the integrity of the HSS Sites and our destination links, so any comments pertaining to the HSS Sites or any websites accessed through the HSS Sites' destination links would be greatly appreciated.  HSS exercises no authority over and is not responsible for any of these linked third-party websites, each of which maintains independent privacy and data collection policies and procedures, and each of which is responsible for its own content.  These websites may send their own cookies to you, and may collect information from you and use it in a way that may be inconsistent with this Privacy Policy (which applies only to the HSS Sites). When you access a link to a website other than the HSS Sites, you should review that website's Terms of Use and Privacy Policy.

Third Party Service Providers

Our HSS Sites may direct you to applications of third-party service providers who provide information and services to you on our behalf, including but not limited to services relating to telehealth, wayfinding, and access of health records or test results.  For example, our HSS Virtual Care and other telemedicine or telehealth services may direct you to an application provided by our service provider, Zoom Video Communications, Inc.  In addition, our Applications may direct you to a third-party application to access images of test results.  These third-party service providers of such applications may each maintain separate privacy policies and terms of use that you should review before using such application.  For information about how we limit our third-party service providers’ collection and use of PHI, please refer to our Notice of Privacy Practices here https://www.hss.edu/notice-of-privacy-practices.asp.

Security

The HSS Sites use a variety of measures to maintain the security of your Personal Information. Protocols have been developed to comply with the security requirements of government agencies and commercial organizations.

The HSS Sites are secured to preserve the privacy of your Personal Information. However, please remember that no transmission of data over the Internet or any wireless network (for example, a publicly accessible WiFi Hotspot in a coffee shop or airport) can be guaranteed to be 100% secure. In addition, our security is dependent upon your efforts to protect the security of any computer you use to access the HSS Sites, including any wireless network you use, and also the confidentiality of the password you use to access the areas of the HSS Sites that require you to register and log-in.  As a result, while we strive to protect your Personal Information, the HSS Sites cannot guarantee the absolute security of any information that you transmit to us or receive from us, and you therefore agree to use the HSS Sites at your own risk. Once we receive your transmission, we do make reasonable efforts to ensure its security on our systems.  All Personal Information about you that HSS creates, receives, stores, or transmits through the HSS Sites is covered by our Privacy Policy.

We take steps to help protect the integrity of any credit card information you submit to and through the HSS Sites. As noted above, we use third parties to facilitate confidential online business transactions, which includes, without limitation, billing and collecting for healthcare services you receive, enrollment in Education Institute programs, and making charitable online donations. When linking through the HSS Sites, your credit card information is encrypted using secure socket layer (SSL) technology and sent to the applicable third party server. The third party uses security technologies to facilitate secure on-line transactions and to protect your credit card information when it transfers it to the appropriate financial institutions. In some cases, HSS may have access to information maintained by the third party.  In such instances, access to the third party database by designated HSS employees and officers is limited to those with a need to know such information, through the use of restricted passwords. 

Legal Disclaimers

Although we make efforts to preserve user privacy, we may need to disclose Personal Information when required by law or when we have a good faith belief that such action is necessary to comply with a judicial proceeding, a court order, or other legal process.  In addition, we reserve the right to report to law enforcement agencies any activities that we reasonably believe to be unlawful, and to release to such agencies information about users of the HSS Sites who we reasonably believe to be engaged in or involved with such activities.

Finally, in the event that HSS is (or all or substantially all of our assets are) acquired by a third-party, merges or affiliates with a third-party, or is bankrupt or ceases operations and dissolves, you should expect that any information you submitted through the HSS Sites may be disclosed to a third-party in connection with such business transaction, and will be transferred to a third-party.

Changes to this Policy

The HSS Sites may update this Privacy Policy from time to time by posting revisions to this Privacy Policy on this site.

We encourage you to check this page regularly. If you provide information to us, access, or use our HSS Sites in any way after this Privacy Policy has been changed, you will be deemed to have consented and agreed to such changes. The most current version of this Privacy Policy will be available on the web page at all appropriate times and will supersede all previous versions of this Privacy Policy.

Your continued use of the HSS Sites after changes to this Privacy Policy are posted constitutes acceptance of each revised Privacy Policy regarding any information that we collect from you after the Privacy Policy is posted. If you do not agree to the terms of this Privacy Policy or any revised Privacy Policy, please do not use the HSS Sites.

Contact Us

If you have questions or concerns regarding this Privacy Policy, you should contact the HSS Web Director by e-mail at webmanager@hss.edu, fax at (212) 774-7240, or mail to Web Director, Hospital for Special Surgery, 535 East 70th Street, New York, NY 10021.