Solutions

Solutions powered by
Learn More.
Frame 586 (1)

Quality Manager formerly known as abaqis®

Mitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.

Learn More

NEW TO THE STORE

hStream Content Marketplace

Connecting you to the Best Content. Access to 75 Partners and 35,000+ Courses in our Industry-Leading Marketplace. Streamline content purchasing, updates, hosting and connectivity for your organizational needs.

NurseGrid Learn

Online store for Clinical Learners. Individual CE Credit and industry products for Clinical Learners are now available through NurseGrid Learn (Beta). Explore our robust collection of courses that provides an unparalleled level of flexibility and choice.

DEA MATE Opioid and Substance Use for Practitioners

Meet the DEA's new requirement under the Medication Access and Training Expansion (MATE) Act in an online and self-paced 8-hour DEA MATE Act course specifically designed for practitioners, including Physicians, PAs, NPs, Pharmacists, Dentists and others.

LATEST & POPULAR

BLOG

Join Us at Thrive24: The Ultimate HealthStream Credentialing User Group Conference!
BLOG

Gen Z Enters the Workforce: How Healthcare Can Adapt Training Programs for the Next Generation
BLOG

Telehealth: From Pandemic Tool to Preferred Option
On-Demand Webinar

State of the Industry: What’s Next for Healthcare Quality & Safety in 2024?
CUSTOMER STORY

Quantifiable results highlight switch to jane®
ARTICLE

10 Trends for 2024: Absorbing New Technology, Facing New Realities, and Solving Old Problems

Privacy Statement

Last updated October 20, 2023

HealthStream values you and your privacy. This Privacy Statement explains how we collect and treat information when we provide our Services to hospitals, universities, healthcare organizations, associations, and other customers (each an “Organization”) for use by the Organization’s administrator or other representative (“Administrator”) and the healthcare practitioners, students, or other individuals that the Organization permits to register as users (each a “User”). Our “Services” include healthstream.com and other websites we own or operate (the “Site”), our web-based services, digital properties, and applications, as well as your communications with us. The Site primarily serves the purpose of informing current and potential new customers about the various Services we offer on a business-to-business basis, though we may designate certain areas of the Site to serve as a platform from which HealthStream provides consumer access to specified products or services. 

 

Our Privacy Promise

HealthStream understands that your privacy is important, and we want you to have a clear understanding of how we collect and treat your information. We encourage you to read this Privacy Statement in full to understand in detail how we collect and use information. Here is a summary of our practices, as detailed in this Privacy Statement:

  • You can always control your data, either directly through your account or with help from your Organization.
  • Access to your information is strictly limited to you, the Organization granting you access to HealthStream, us, and others who must have it for the Services to function properly. If we offer any social or sharing features, we will make sure you always know when you are doing something that other users can see.
  • Privacy is the default status. You or your Organization determine whether and how your information will be viewable or accessible by others. If we need to disclose your information to provide our services, we explain that in this Privacy Statement or within the Services.
  • HealthStream does not sell your Personal Information to anyone for any purpose.
  • Any reporting we do on trends or content consumption is in the aggregate and will not identify you individually.
  • Registered Users should submit privacy inquiries to their Organization. Otherwise, you may contact HealthStream at privacy@healthstream.com or submit a Consumer Privacy Request if you have questions about our Services.

 

About HealthStream

In this Privacy Statement, HealthStream, Inc. and our affiliates, corporate parent(s), and subsidiaries are collectively called “HealthStream,” “we” or “us.” This Privacy Statement is part of and governed by our Terms of Use.

This Privacy Statement describes how HealthStream collects and treats information through all of our Services, except for Keener, Nursegrid or myClinicalExchange, each of which is governed by its own privacy statements, not this one.

Any additional, separate privacy notices that we provide to you will also be considered part of this Privacy Statement. Please note that this Privacy Statement does not apply to information collected by a hospital, university, healthcare organization, association, or other third party, even if the third party is an Organization that uses HealthStream.

 

Your Consent

By using or accessing HealthStream Services in any manner, you acknowledge and accept this Privacy Statement, and you consent to our collection, use, and disclosure of your information as described below. If you do not agree with this Privacy Statement, do not use our Services.

“Personal Information”
When we say, “Personal Information,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household. For our purposes, Personal Information typically falls within one or more of these categories: 

  • Identifiers (e.g., name, email address, address, telephone number, username);
  • Sensitive Personal Information (e.g., racial or ethnic origin; biometrics; union membership; state ID; precise geolocation; contents of messages when we are not the recipient; as well as protected health information, personal health information, PHI, EPHI, and similar data protected by health privacy laws; and other health information generally);
  • Protected classification information (e.g., race, citizenship, marital status, medical condition, sex, sexual orientation, veteran or military status);
  • Biometric information (e.g., image, keystrokes, behavioral or biological characteristics);
  • Internet or other similar activity (e.g., general location, content interactions, browsing history);
  • Employment-related information (e.g., current or past employment);
  • Non-public educational information, including information protected under the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99);
  • Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies); and
  • Inferences drawn from Personal Information to create a profile about preferences, characteristics, trends, predispositions, behavior, attitudes, intelligence, and aptitudes.

Note that information may not be protected by privacy laws if it is: (i) publicly available (ii) aggregated, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified so that it cannot be easily linked back to the individual.

 

Collecting and Using Your Personal Information

About Personal Information Collection
How we collect and use your Personal Information depends on which of our Services you use and how you use them. We only collect, use, retain, and disclose Personal Information as reasonable and necessary and proportionate to provide you with the Services, or we might use it in other compatible ways that we would tell you about first.

During the last 12 months, we have collected (i) identifiers; (ii) employment-related information; (iii) non-public educational information; (iv) biometrics; (v) protected information; (vi) sensitive Personal Information; (vii) commercial information; (viii) internet activity; and (ix) inferences. We collect this information from:

Directly from you, with your consent. You must register for your hStreamID and create an account to use some of our Services. HealthStream collects and uses Personal Information as follows to facilitate your registration and use of these Services:

  • To create your hStreamID and account, we collect identifiers like your name, email address, mailing address, and phone number, as well as your login credentials. We also collect your employment and educational information like your title, credentials, specialty, and your education and work status and history. 
  • If you include a photograph to your account profile, we will collect the biometrics contained in the photograph you upload. 
  • Our Store Services allow you to purchase and access Content through our Site as a consumer. To use the Store Services, you will be prompted to connect your existing hStreamID or create a new hStreamID. The hStreamID will give you access to your purchased Content. The Store Services will collect commercial history from your Content purchases and internet activity from your interactions with the Store Services. See the Store Services Terms of Use  for details. 

As instructed by your Organization and collected from you with your consent. Your Organization may instruct us to collect additional Personal Information via the Services. We collect this information as a service provider to your Organization.

  • Employment and educational information like your educational credits, licenses, health facility privileges, or medical board profile.
  • Biometrics like your health data.
  • For certain Services, sensitive Personal Information or protected information like health information, healthcare license identification number, tax ID or other government ID, military status, citizenship, birth country, ethnicity, or visa information. In some cases, your Organization may instruct us to collect protected health information subject to health privacy laws.

We use this information to provide the Services, identify and administer your account, and communicate with you. If you use our Services via a Organization, the Organization is responsible for obtaining your consent and the Organization’s Administrator may be able to access, maintain, and share any Personal Information associated with your User account. You can refuse to supply requested Personal Information, but doing so may impede your ability to use the Services or participate in your Organization’s program. 

From your Organization, in our role as a service provider. Your Organization might create your User account or submit information about you to the Services, such as:

  • Employment or non-public educational information.
  • Sensitive Personal Information like health information (e.g., immunizations, health records, or drug screening results), background investigations, and credit reports.

HealthStream collects this Personal Information as part of our contract as a service provider to the Organization. Note that we do not control or verify the information a Organization submits to us. If you have any questions about information on your account not input by you directly, please contact your Organization.  

When you participate in a chat with HealthStream. If you participate in a live chat with us on the Site or any other Services, we collect and record any information, including Personal Information, that you choose to include in your chats with us, such as:

  • Identifiers like your name, username, or email address.
  • Any other Personal Information you choose to include in your communication. 

Please note that our live chat feature is made possible through our relationship with a third-party service provider, and your chats may be accessible simultaneously and in real-time by that third-party service provider. BY INITIATING OR CONTINUING A LIVE CHAT ON THE SITE, YOU CONSENT TO OUR THIRD-PARTY SERVICE PROVIDER ACCESSING YOUR CHATS. If you do not consent to such access to your chats, you should not initiate or participate in a chat on our Site or through any of our Services.

From your communications with us, with your consent. If you contact HealthStream using the forms or links on the Site or by email or other means, you voluntarily provide us with your:

  • Identifiers like your name, email address, telephone number, and any other Personal Information you choose to include in your communication.
  • Employment information like your title and organization type (e.g., hospital, home health facility, etc.).
  • If you make a purchase on the Site, we will collect the commercial history of your purchase(s) and use a PCI-compliant payment processor or bank to process any payments related to your purchase.

We use this information to respond to your inquiries and to communicate with you about HealthStream according to your communication preferences.

Automatically from your use of the Site, with legitimate interest.

  • When you interact with the Site, we automatically collect technical data about your internet activity such as your IP address, the content with which you interact and, for some Services, your geolocation. Like most online services, the Site uses analytics cookies as described in our Cookie Declaration. We collect this information to achieve our legitimate interest of managing and improving our Services. We use this information to administer the Site, provide and improve the Services, analyze usage, protect the Services and its content from inappropriate use, and improve the nature and marketing of the Services.

In addition to the specific uses above, we might also use your Personal Information to (i) provide the Services and personalize your experience; (ii) send you support and administrative messages; (iii) monitor your compliance with any of your agreements with us; (iv) protect your privacy and enforce this Privacy Statement; (v) identify, contact, or bring legal action against persons or entities who may be causing injury to you, to HealthStream, or to others if we believe it is necessary; (vi) comply with a law, regulation, legal process or court order; or (vii) fulfill any other purpose to which you consent. HealthStream will update this Privacy Statement or otherwise notify you and obtain your consent where required under applicable law before we collect additional categories of Personal Information or use your Personal Information for purposes that are incompatible with the purpose stated at the time of collection.

About Retention Periods
HealthStream retains Personal Information for the minimum period necessary to fulfil the purpose for which it was collected. Sometimes our retention periods are determined by the regulations or policies that apply to the Organizations or Users of a given Service. This means HealthStream may be required to retain Personal Information for a specified period or indefinitely, unless or until a User requests that we delete some or all of their Personal Information. HealthStream’s data retention practices are designed to ensure that our Services to serve as a secure repository of information in healthcare settings, comply with regulatory requirements, and support a policy of good data hygiene.

About Disclosure to Third Parties
We only disclose your Personal Information in limited circumstances and for specific purposes. If any Service allows for social connectivity or sharing, we will notify you of the privacy implications of using the feature before you proceed. In the last 12 months, HealthStream has disclosed all categories of Personal Information that we collected for a business purpose to these recipients:

Your Organization

  • If you use a HealthStream Service for your job or role in an educational or healthcare program with an Organization, HealthStream is a service provider to your Organization. We may disclose any Personal Information associated with your account to your Organization so that you and your Organization can manage your role within the organization or so the Organization can provide you with other services.

Our Service Organizations

  • We use a variety of service providers such as data hosting companies, analytics services, email hosting services, and payment processors. We prohibit our service providers from selling or disclosing the Personal Information we provide, and we require all service providers to maintain confidentiality standards that are commercially reasonable to ensure the security of your Personal Information. The type of information that we provide to a Service Organization will depend on the service that they provide to us. 

Our Chat Provider 

  • To enable the chat feature available through the Site and other Services, we may transfer certain data to our third-party chat service provider simultaneously and in real-time. Our chat service provider will only use your chat data to facilitate your chat and provide you with support, to provide us with the live chat feature, or for internal operations purposes. BY PARTICIPATING IN A LIVE CHAT, YOU CONSENT TO THE DISCLOSURE OF YOUR CHATS, AND THE DATA YOU INCLUDE IN THOSE CHATS, TO OUR THIRD-PARTY SERVICE PROVIDERS, AND YOU WAIVE ANY POTENTIAL EAVESDROPPING OR WIRETAPPING CLAIMS.

Our Affiliates

  • As a part of the HealthStream family of services, we may disclose the Personal Information we collect about you to our affiliates or subsidiaries. If we do disclose your Personal Information to our affiliates or subsidiaries, their use and disclosure of your Personal Information will be subject to this Privacy Statement. 

Law enforcement or other governmental agencies as permitted or required by law.

Cookie information recipients subject to their respective privacy statements.

Other Third Parties, as permitted by applicable law.

  • For example: if we go through a business transition (e.g., merger, acquisition, or sale of a portion of our assets); to comply with a legal requirement or a court order; when we believe it is appropriate in order to take action regarding illegal activities or prevent fraud or harm to any person; to exercise or defend our legal claims; or for any other reason with your consent.

About Aggregated and Deidentified Information
HealthStream may use fully anonymized, deidentified or aggregated data generated using Personal Information to assist with our research, marketing, advertising, or other purposes. This information is not your Personal Information, so we may do this for our purposes and without restriction. If we ever have a data collection mechanism specifically intended for a Organization’s use, we will notify you that the data is being collected for that specific purpose and help you understand the privacy implications before you use it. 

 

Health and Educational Privacy

Most of HealthStream Services are not designed to collect or process information that is protected under health privacy laws or education privacy laws. In some cases, we contract with an Organization to provide our Services in compliance with HIPAA or FERPA or equivalent or complimentary laws. This means Users should never submit protected health information or educational information unless instructed to by the User’s Organization. If HealthStream collects or processes protected health information, we do so as a “business associate” to the Organization as the “covered entity” under HIPAA. If your Organization is an educational institution and instructs us to collect your FERPA-protected educational information, HealthStream is considered a “school official” to the Organization under FERPA and equivalent laws. In either case, your Organization instructs our activities with this data and your Organization (not HealthStream) is responsible for all decisions for its use, disclosure, and security. Your Organization is solely responsible for ensuring that its and your use of the Services comply with applicable health and education privacy laws. Please contact your Organization if you have questions. 

 

Children's Privacy

Our Services are designed for individuals aged 16 and older. We do not knowingly collect Personal Information from children under 16 without verification of parent or guardian consent. If you believe we might have any information collected online from a child under 16, or if you become aware of any unauthorized submission of information to us, please contact us at privacy@healthstream.com and we will delete that information from our systems.

HealthStream cannot control the privacy practices of Organizations. If a Organization chooses to input children’s Personal Information on the Services, it is done under their own privacy practices, not ours. We are not responsible for any Organization’s or other party’s compliance or noncompliance with laws or regulations. Please contact the Organization directly if you have questions about their privacy practices. 

 

HealthStream Is Offered in the U.S.

HealthStream is owned and operated in the United States and is designed to serve Users and Organizations in the United States and Canada. We do not market the Services to Organizations or residents in the European Union or any other jurisdiction outside of the United States and Canada. However, if a Organization incidentally permits an EU resident to register as a User, the Organization does so under its own (not HealthStream’s) privacy practices. 

If you are a registered User who is a non-US resident or if you visit the Site from outside of the United States, you acknowledge that Personal Information we collect about you will be transferred to our servers in the United States and maintained there in accordance with our retention policy. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement, or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to this Privacy Statement and the transfer and processing of your Personal Information as described in this paragraph, and you waive any and all remedies that you may have based on the laws of your jurisdiction.

Your Privacy Choices and Controls
HealthStream provides you with methods to directly control your Personal Information on the Services. 

Your Account Profile and Device Settings
Users can sign into their accounts at any time to change or delete certain Personal Information. As an information repository for Organizations, some of the Personal Information on your account cannot be deleted. Please contact your Organization if you wish to make changes to your account but are not able to do so yourself. You can also control the data we collect by adjusting your device settings.

HealthStream Emails
If you provide us with your email address, we may send you informational or support emails or, if you opt-in, marketing emails about the Services. You can opt-out of marketing emails but not our support or transactions emails. To opt-out, change your preferences via the links provided in the emails, email privacy@healthstream.com or submit a Consumer Privacy Request.

Texting Consent
If you provide us with your wireless number, you consent to HealthStream sending you text messages for informational or authentication purposes. The number of texts that we send to you will be based on your circumstances and requests. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.

Do Not Track Requests
Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. If this changes in the future, we will update this Privacy Statement.

Consumer Privacy Requests
If you are a User and you wish to exercise your rights beyond the methods provided, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information, please contact your Organization. USERS MUST DIRECT PRIVACY INQUIRIES TO THEIR ORGANIZATION.

Otherwise, you may send us a Consumer Privacy Request or email HealthStream at privacy@HealthStream.com. We will relay your request to your Organization or fulfill it directly if we can. HealthStream does not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. In that case, we will tell you the cost estimate and why we are charging the fee before completing your request. We may be unable to fulfill some or all of your request, for example, if your request falls within a statutory exception or if fulfilling your request would prevent us from complying with a statutory or contractual obligation.

 

Your Privacy Rights

Depending on where you live or are located, you may have certain rights over your Personal Information. If you visit our Site or inquire about our Services on behalf of a Organization, HealthStream collects and processes your Personal Information as a business or data controller. For all other purposes, HealthStream acts as a service provider or data processor of your Personal Information. The following sections outline legally required and courtesy notices of privacy rights that may be available to you depending on where you live and how you interact with HealthStream. 

 

Privacy Rights Available in the United States

In the United States, consumer privacy is governed by state laws providing general consumer privacy rights, as well as federal laws addressing specific industries or data uses. This section provides notices of consumer privacy rights available through the state laws of California, Colorado, Connecticut, Nevada, Utah, Virginia, and other states with similar requirements. If you reside in a state offering privacy protections (“Consumer”), you may be entitled to some or all of these rights:

  • Right to Correct. You have the right to request that we correct inaccurate Personal Information about you on our systems. If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (e.g., you change address), please inform us and we will update our records. You can correct your Personal Information through your account or by contacting your Organization.
  • Right to Delete. You have the right to request that we delete your Personal Information that we collected from you and retained, with certain exceptions. In response to your request, we may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete. Note that, as an information repository for Organizations, HealthStream is not permitted to delete some types of Personal Information.
  • Right to Access. You may have the right to receive confirmation that we have collected Personal Information about you and copies of the requested pieces of Personal Information in a portable and readily usable format. HealthStream may be legally prohibited from disclosing certain pieces of Personal Information, and we may be limited in the number or frequency of requests we must fulfill. 
  • Limited Use and Disclosure of Sensitive Personal Information. HealthStream does not seek to collect your sensitive Personal Information, though your Organization may use the Services to collect this information about you or you may choose to input some sensitive Personal Information to the Services. In no case will we use or disclose your sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Statement and provide you with methods to limit use and disclosure of Sensitive Personal Information.
  • No Selling or Sharing Personal Information. HealthStream does not, and will not, sell the Personal Information collected about you or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. HealthStream may use data collected from cookies on the Site or applications for marketing or retargeting, which may qualify as “sharing” Personal Information under some laws. To opt-out of this sharing, adjust your settings on our Cookie Declaration or cookie banner to opt-out of Marketing Cookies.
  • No Profiling. HealthStream does not use any form of automated processing of Personal Information to evaluate, analyze, or predict your performance, preferences, choices, or behavior. If this changes in the future, we will update this posting to describe our use of profiling and your options to opt-out.  
  • Right to Disclosure. You may have the right to receive details about the collection and use of your Personal Information via the Services, such as: (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business purpose for collecting, using, processing, sharing or selling that Personal Information, as applicable; (iv) the categories of third parties with whom we share that Personal Information; and (v) if we sold or shared your Personal Information under the California Consumer Privacy Act, two separate lists stating: (a) sales or sharing, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. To learn more, please contact your Organization. Certain laws may limit the number or frequency of requests we must fulfill. 
  • Right to Nondiscrimination. HealthStream will not discriminate against you for exercising your privacy rights. For example, unless permitted by law we will not: (i) deny you goods or services; (ii) charge you different prices or rates for goods or services; (iii) provide you a different level or quality of goods or services; (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under applicable privacy laws.
  • Right to Disclosure of Marketing Information. California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.

If you are a User, please contact your Organization to exercise these rights or inquire further. Otherwise, you may send us a Consumer Privacy Request or email us at privacy@HealthStream.com.

 

Canadian Privacy Rights

This section provides information to residents of Canada (“Canadian Consumers”) in compliance with Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). Canadian Consumers to whom PIPEDA applies have a: 

  • Right to know why HealthStream collects, uses, and distributes Personal Information. The required notices are set in this Privacy Statement. We may provide additional notices about other ways we process your Personal Information via the Services. Your Organization is responsible for providing you with all additional details about your Personal Information processing.
  • Right to expect us to collect, use, or disclose Personal Information responsibly and not for any other purpose other than which you have consented. We use this Privacy Statement to explain our privacy practices, and the Services are designed to collect express or implied consent at key points, but the User’s Organization is ultimately responsible for setting expectations and collecting necessary consents for the User’s privacy on the Services. Users may withdraw consent by contacting their Organization. In all other cases, you may withdraw your consent at any time with reasonable notice by submitting a Consumer Privacy Request or contacting us at privacy@healthstream.com.
  • Right to accuracy of your Personal Information. We take steps to reasonably ensure that your Personal Information we are using is accurate. In most cases, we rely on you and your Organization to ensure that your information is current, complete, and accurate. We offer methods for you or your Organization to correct, update, and delete inaccurate Personal Information in your account, and we will provide you with reasonable assistance to ensure that your Personal Information is accurate in our systems and with our service providers.
  • Right to access your Personal Information. Upon written request and identity authentication, we will provide you with your Personal Information under our control, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed. We will make the information available within 30 days or provide written notice where additional time is required to fulfil the request. If limited by law or potential infringement on another’s privacy rights, we may not be able to provide access to some or all of the Personal Information you request. If we must refuse an access request, we will notify you in writing, document the reasons for refusal and outline further steps that are available to you.

If you are a User, please contact your Organization to exercise these rights or inquire further. Otherwise, you may send us a Consumer Privacy Request or email us at privacy@HealthStream.com.

 

EU and UK Privacy Rights

HealthStream does not offer or market the Services in the European Union or the United Kingdom. However, Organizations may incidentally offer access to the Services to residents of the European Economic Area (“EEA”) and the United Kingdom (“Data Subjects”) pursuant to the Organization’s own privacy practices. In such cases, the Organization (not HealthStream) is responsible for compliance with the General Data Protection Regulation and its counterpart regulation applicable to residents of the United Kingdom. DATA SUBJECTS MUST CONTACT THEIR ORGANIZATION TO INQUIRE ABOUT PRIVACY MATTERS. This section lists the rights available to Data Subjects as a courtesy only.

  • Right to know how your Personal Information is processed. HealthStream provides details about our privacy practices in this Privacy Statement. We may provide additional notices in the Services, by email, or other communications from time to time. Please contact your Organization for further details.
  • Right to access your Personal Information. Upon request from your Organization, we will provide a copy of your Personal Information and details about the types of Personal Information we process, why we process it, and any third parties we work with to collect Personal Information on our behalf. We may have one or more legally valid reasons to refuse a request in whole or in part, for example, to protect the rights of other individuals.
  • Right to restrict processing of your Personal Information. You can request that your Organization require HealthStream to restrict the processing of your Personal Information if: (a) the data is inaccurate; (b) the processing is unlawful; (c) we no longer need the Personal Information; or (d) you exercise your right to object.
  • Right to rectify your Personal Information. If you become aware that the Personal Information that we hold about you is incorrect, or if your information changes, you may update your Personal Information on your account or request that your Organization update it on the Services for you.
  • Right to data portability. In some circumstances, your Organization may be required to facilitate HealthStream providing your Personal Information to another organization in a structured, commonly used and machine-readable format.
  • Right to erasure (a.k.a. the “right to be forgotten”). Upon request by your Organization, HealthStream will delete your Personal Information in certain circumstances and where required by law. This right is not absolute, and HealthStream or your Organization may be entitled to retain and process your Personal Information despite this request.
  • Right to object to certain processing of your Personal Information. Upon your Organization’s request, we will limit our processing of your Personal Information as you request in certain circumstances and where we are required to do so by law. 
  • Right not to be subject to automated decision-making. HealthStream does not use automated decision-making to provide the Services. If this changes in the future, we will update this Privacy Statement to describe our use of automated decision-making and your options to exercise your privacy rights related to your Personal Information processed using automated decision-making.
  • Right to lodge a complaint with a supervisory authority. Data Subjects can submit requests, questions, or complaints to their Organization. Data Subjects that feel a privacy issue has not been resolved may file a complaint with a supervisory authority applicable to their Organization, for example the Data Protection Officer of Ireland.

Data Subjects must contact their Organization to exercise these rights or inquire further.

     

    Data Security

    HealthStream implements reasonable and appropriate technical, organizational, and physical security measures to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. We employ a series of security measures, including secure login, multifactor authentication, encryption in transit and at rest. We ensure that HealthStream personnel responsible for handling Personal Information and privacy matters are informed of applicable privacy law requirements. Our security measures are appropriate to the volume, scope, and nature of the Personal Information processed and designed to meet our duty of care with respect to your Personal Information. Please note, however, that no transmission of data over the internet is 100% secure. We cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes. It is your responsibility to keep your account secure from unauthorized access. HealthStream is not responsible for any lost, stolen, or compromised passwords, or any unauthorized activity on your account. We also have no control over any Organization’s security measures or practices, and we make no representations or guarantees that your Personal Information is secure once transmitted or stored on their systems.

     

    Third Party Websites

    The Services may include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those websites, your information is governed by the privacy policies of those other websites. You should carefully review the privacy statement of any website you visit.

     

    Privacy Statement Updates

    We may periodically update this Privacy Statement. If we make any material changes, we will notify you through the Services or by updating this posting. The date that this Privacy Statement was last revised is identified at the top of the page. Your continued use of the Services after the effective date will be subject to the new Privacy Statement. You are responsible for periodically checking this Privacy Statement for changes.