iDOC Privacy Policy

iDOC understands how important the privacy of personal information is to you. iDOC is committed to honoring your privacy, and to offering special protections for any information you choose to share with us. The document you are reading is our Privacy Policy for our website accessible by physicians, nurses, and healthcare professionals, and it describes what information we may collect about you, what uses we may make of it, how you can tell us what to do with your information, and what precautions we take against unauthorized access or use of your information.

About This Privacy Policy

Reference to “iDOC," “iDOC.org,” or "We" means the Institute for Diabetes, Obesity, and Cardiovascular Disease. We may share information among contractors who develop and/or produce content for iDOC.org, but it is always protected under the terms of this Privacy Policy.

You should read the privacy policy at each website that you visit after you leave iDOC.org. We are not responsible for how other websites treat your privacy, once you leave the iDOC website.

Privacy Policy Changes

If our Privacy Policy changes in significant ways, we will make every effort to notify you of the changes. Minor changes to the policy may occur that will not affect our use of individually identifiable information. For these instances, iDOC may not notify you of such minor changes. When the Privacy Policy changes in a way that significantly affects the way we handle personal information, we will not apply the new policy to information we have previously gathered without obtaining consent from the appropriate individual. We will post Privacy Policy changes on our website in a timely manner.

Information We Collect

In this section of our Privacy Policy, we discuss the different types of information we may collect about you, and the ways in which we collect it.

Information We Collect From Unregistered Visitors

As a visitor to our website you can access the website's home page and browse some areas of the site without disclosing any personally identifiable information. We do track information provided to us by your browser, including the website you came from (known as the "referring URL"), the type of browser you use, the time and date of access, and other information that does not personally identify you.

Information We Collect When You Register

Users registering for services on our website are asked to provide us with identifying information, such as name, contact information, and other personal information. On our registration screens, we clearly label which information is required for registration, and which information is optional and may be given at your discretion. You will also be given a choice about whether or not you want to receive other information that we distribute from time to time. The website will explain how personally identifiable information will be used and ask for your consent before collecting it.

Information From Outside Sources

We may also collect information about persons who register on our Web site from other sources in order to verify their licensure status and identity.

Other Information

• Discussion Boards: When you use a discussion board on our Web site, you may post a message and your user name, which is available for all registered users to see. When you are posting publicly, any user of our Web site can see your message. You should not post any information you want or are required by law to keep private to a discussion board or other public forum on our Web site.
• Tools: On some of our Web site, we offer clinical tools that require you to provide information for the tools to operate. Our tools may provide you with the option of storing the information that you provide on our servers. We will always make it clear to you when information you provide to us through a tool will be saved.
• Member Lookup: When you are registering on our Web site, you may have a choice about whether or not you want other members to be able to look you up and send you messages. If you opt not to be listed, no other members will be able to look you up.
• Additional Forms and Emails: We may also ask you to provide additional information after you register if you want to obtain additional services or information or to resolve complaints or concerns.

In addition, we gather information about you that is automatically collected by our Web server, such as your IP address and domain name. We will use this information to personalize its offerings and presentations to you, facilitate your movements throughout our Web site, provide personalized services, and to communicate with you individually.

Continuing Medical Education

When you register for a Continuing Medical Education (CME) or a Continuing Education (CE) activity through our website, we collect certain personally identifiable information from you such as your name, email address, and mailing address. If you are a nurse or a pharmacist and wish to receive CE credit, you may also be required to provide the state in which you are licensed and your license number. In addition to personally identifiable information, we collect aggregated non-personally identifiable information about the activities undertaken by our users. We use the information that we collect through CME/CE activities in several ways:
We have not accounted for the highlight in the current CME design. Needs to be a data field – possible STATE in which person is licensed is different from STATE in which person is living, so will be a different data point. This may require user add to registration profile AFTER taking CME. We need to discuss.

(i) We provide personally identifiable information to accredited CME/CE providers who certify CME/CE activities posted on our Web site, as required by accrediting bodies such as the Accreditation Council for Continuing Medical Education (ACCME). These reports may include personally identifiable information about you and credits issued to you, for the purpose of maintaining records that you can request from the accredited provider for up to six (6) years;

(ii) Commercial supporters of CME/CE activities on our Web site will receive only aggregated data about CME/CE activities that are relevant to their interests and/or the courses they support, not personally identifiable information about any of our users;

(iii) Our Editorial and Customer Support Staff will have internal access to files containing personally identifiable information, including evaluation forms and aggregated CME/CE participant information. These files can be accessed in order to respond to your questions or comments. Our staff may also use personally identifiable information, including registration information and evaluation data, in assessing educational needs and planning marketing activities; and we may use the information we collect as otherwise permitted in this Privacy Policy.

Use of Cookies and Web Beacons

Cookies are a technology we use to keep track of users as they move through our Web site. Your browser allows us to place some information on your computer's hard drive that is associated with the computer you are using. We use cookies to personalize our Web site and to track your usage across all of our Web site. Your Web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. If your browser is set to reject cookies, iDOC.org will not recognize you when you return to the website, and some website functionality may be lost. The Help section of your browser will tell you how to prevent your browser from accepting cookies.

Although cookies do not normally contain personally identifiable information, if you are a registered user, we may elect to associate your registration information with cookies our website places on your computer's hard drive. Associating a cookie with your registration data allows us to offer increased personalization and functionality. For example, you can elect to have our website "remember" your user name and password and bypass the sign-in process on each visit to the site. Without cookies, this functionality would not be possible.

We also may use web beacons to collect non-personally identifiable information about your use of our website, and your use of special promotions or newsletters. Web beacons are tiny graphic image files, embedded in a web page in GIF, jpeg, or HTML formats, that provide a presence on the web page and send back to its home server (which can belong to the host site or some other third party) information from a user's browser, such as the IP address, the URL of the page on which the beacon is located, the type browser that is accessing the site, and the ID number of any cookies on the user's computer previously placed by that server. Web beacons can also be used to place a cookie on the user's browser. The information collected by web beacons (i) allows us to statistically monitor how many people are using our website, (ii) how many people open our emails, and (iii) for what purposes these actions are being taken. Our web beacons are not used to track your activity outside of our website. We do not use web beacons to collect personally identifiable information without your permission.

Uses We Make of Information

In this section of our Privacy Policy, we identify the ways we may use information about you that we have collected.

Aggregate Data

We create aggregate data about visitors to our website for development and improvement activities. We also use it for market analysis. We may provide information from our website in aggregate form, with identifying information removed, to third parties. For example, we may tell a health care partner what percentage of our registered users reside in a particular geographical area. When aggregated health information is provided, we pool it from many individual records and strip it of any data that could be used to identify an individual before it is used. Any third party that receives aggregated healthcare data must agree not to attempt to re-identify the people to whom it belongs.

Marketing and Advertising

We may target our marketing depending on information we have about you. For example, a pharmacist registered on iDOC.org may receive marketing for ACPE programs developed specifically for pharmacists that endocrinologists would not see. We may also personalize our website based on your interests. For example, you may see different articles in different places on our website based on information you have shared with us, or information we have gained by observing your previous behavior. We use information for our own internal marketing, research, and related purposes.

Third Parties

In addition to aggregate information (discussed previously), some kinds of personally identifiable information may be shared with third parties as described below.
• Other Companies: We have strategic relationships with other companies who offer products and services on our website. When you are interacting with those companies, different rules and privacy policies may apply. For example, if you order an article from a journal identified through our website, you will be asked to provide identifying information and credit card information to the company that owns that journal. We do not control the collection or use of information you provide under those circumstances, but we do require that those companies clearly state their policies so you can decide whether to give them any information.
• Companies and People Who Work for Us: As a non-profit organization, we contract with other companies and individuals to help us provide services. For example, we may host some of our website on another company's computers, hire technical consultants to maintain our web-based information, or work with companies to remove repetitive information from customer lists, analyze data, provide marketing assistance, and provide customer service. In addition, if you are a healthcare professional, we may validate your licensure status and other information against available databases that list licensed health care professionals. In order to perform their jobs, these other companies may have limited access to some of the personal information we maintain about our users. We require all such companies to comply with the terms of our Privacy Policy, to limit their access to any personal information to the minimum necessary to perform their obligations, and not to use the information they may access for purposes other than fulfilling their responsibilities to us. We use our best efforts to limit the use of other companies in areas where personally identifiable healthcare information may be involved.
• Legal Requirements: We may release account and other personal information when we believe release is required to comply with law. We may release personal information, if, in our judgment after review by an attorney, the release is compelled by law or regulation, or if the release is necessary to prevent the death or serious injury of an individual.
• Consent. We may release personally identifiable information to a third party in accordance with your consent, subject to the purposes and limits that we disclose when we request your consent. When we share information with third parties, we ask that they agree in writing to abide by our Privacy Policy. If we discover that a third party inadvertently disclosed personal information about any of our users, we will take immediate action to prevent further occurrences.

Protection of Information

In this section of our Privacy Policy, we discuss the security measures we take to protect information that we have collected about you.

General Policies

We have implemented technology and security policies, rules and other measures to protect the personal data that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. We also protect your information by requiring that all our employees and others who have access to or are associated with the processing of your data respect your confidentiality. We use security methods to determine the identity of its registered users, so that appropriate rights and restrictions can be enforced for that user. Reliable verification of user identity is called authentication. We use both passwords and usernames to authenticate users. Users are responsible for maintaining their own passwords.

Storage of Information

Personally identifiable information you share with us is stored on our database servers at our data centers or hosted by third parties who have entered into agreements with us that require them to observe our Privacy Policy. We have a firewall to prevent unauthorized access. Data centers are physically secure and protected from unauthorized access by unauthorized persons. Physical access to the servers requires individual authorization and authentication. Information in our data centers is backed up routinely, in order to aid in the recovery of information in the event of accidental damage of information or due to a natural disaster.

Access to Information and Choices

In this section of our Privacy Policy, we tell you how to obtain and correct information we have about you, and how to choose what types of information you may share with us.

Correction of Information We Have About You

If you believe that registration information collected by our website is in error, you may edit your personal profile any time that you like. You can directly edit your user profile on our Web site. Requests for deletion of your record may result in your removal from the registry, but we may keep certain demographic information about you for product improvement purposes. You may contact Web Customer Support and ask for the changes that you would like to make.

Our Employees

Our employees are required to keep customer information private, as a condition of their employment with the company. All employees and contractors must abide by our Privacy Policy, and those who violate that policy are subject to disciplinary action, up to and including termination of their employment and legal action.

Privacy Questions or Concerns

For privacy questions or concerns about our website, please contact privacy@iDOC.org.
Effective date: April 10, 2008