This Policy addresses the following topics:
- Data Collected by the Software
- Uses of Data Maintained Within the Software
- How Clearwater May Share Data Maintained Within the Software
- Security for Data Maintained Within the Software
- Retention of Data Maintained Within the Software
- Rights with Respect to Data Maintained Within the Software
- Links to External Web Sites
- Changes to This Policy
Data Collected by the Software
Subscribers can enter the following information into the Software (“Subscriber Data”):
- The name, address, and telephone number of Subscriber’s primary location and any additional locations;
- Names, job titles, email addresses, and other contact details of authorized users of the Software within Subscriber’s organization (“Authorized Users”);
SUBSCRIBER IS RESPONSIBLE FOR ENSURING THAT PERSONAL IDENTIFYING INFORMATION OF SUBSCRIBER’S PATIENTS, CUSTOMERS OR CLIENTS IS NOT ENTERED INTO THE SOFTWARE.
The Software also collects the following information about Authorized Users (“Authorized User Data”):
- Job title
- Login credentials;
- Business email address;
- Business phone number (optional);
- Business address (optional).
Please view our Cookies Policy (https://clearwatercompliance.com/privacy-policy/) to understand the information that Clearwater collects automatically using cookies when you use the Software.
Uses of Data Maintained Within the Software
Clearwater uses Subscriber Data for the following purposes:
- To provide Subscriber with the services offered by the Software that include, but are not limited to, helping Subscriber identify, rate and manage risks to its information systems resulting from gaps in security controls; assessing Subscriber’s compliance with the HIPAA Privacy, Security and Breach Notification Rules; and other functions.
- To provide Authorized Users with training on the Software and/or technical support to resolve reported issues.
- To analyze Subscriber’s use of the Software in order to improve the Software’s functionality and the Subscriber’s experience.
- To compile anonymous benchmarking data to provide insight into the risks faced by HIPAA-covered entities, for the purpose of improving the Software to help address these risks.
Clearwater uses Authorized User Data for the following purposes:
- To set up account profiles for the Authorized Users who will access the Software;
- To contact Authorized Users in order to determine whether the Subscriber has feedback concerning the Software;
- To provide newsletters and information about other solutions and services from Clearwater that may be of interest to the Subscriber;
- To provide best practice tips, updates, release notes, security alerts, security information and other technical notices concerning the Software (“Technical Emails”).
Authorized Users can opt out of receiving newsletters and information about other Clearwater products by submitting an email to email@example.com stating that he/she is no longer interested in receiving email communications. Authorized Users cannot opt out of receiving Technical Emails from Clearwater.
How Clearwater May Share Data Maintained within the Software
All Subscriber and Authorized User Data is considered to be confidential and Clearwater will protect the confidentiality of such Data. It is Clearwater’s policy to never share data entrusted to it with third parties for any reason.
Security for Data Maintained within the Software
All data entered into or created by the Software is stored and maintained in secure facilities that limit access to authorized personnel only. As part of Clearwater’s continuous risk management process, the Software is regularly tested to assess vulnerabilities and controls, remediate deficiencies, and to ensure that all data maintained within the Software is secure from unauthorized access or modification. Information is protected in transit via HTTPS and TLS security. Data maintained within the Software is backed-up at an off-site remote location, consistent with Clearwater’s business continuity plan. While Clearwater will exert all commercially reasonable efforts to protect the confidentiality, integrity and availability of the data stored in the Software, Clearwater cannot guarantee that such efforts will prevent an unauthorized breach of your Data.
Retention of Data Collected By The Software
Clearwater will retain Subscriber Data for as long as Subscriber maintains its subscription to the Software, and for a reasonable period of time thereafter to ensure the Subscriber has downloaded all data and reports it wishes to maintain for its own records. Clearwater will retain Authorized User Data for as long as the Authorized User is authorized by Subscriber to access the Software.
At the time of termination or discontinuance of the Software subscription for any reason, Clearwater will make reasonable efforts to ensure all data entered into the Software will be available for Subscriber’s designated representative (“Account Owner”) to download from the Software in CSV format, including where possible, extracts of all charts and reports provided by the Software in PDF format, as of the date of termination or discontinuation. Clearwater will delete all Subscriber and Authorized User Data it maintains within ninety (90) days of Subscriber’s termination of the Software subscription, provided however, that it is understood that information in an intangible or electronic format cannot be immediately removed, erased or otherwise deleted from system back-ups, but that such information will cycle off the back-ups and until it does will continue to be maintained in strict confidentiality.
Users’ Rights with Respect to Data Maintained Within the Software
Subscribers have the ability to access, update, or delete Authorized User data at any time through the Software, or by the Account Owner submitting a request to firstname.lastname@example.org.
Links to External Web Sites
The Software may contain links to external websites owned and maintained by third parties. If you click on one of these links, you will be directed to a third-party website that is not owned or operated by Clearwater. Before entering any information into a third-party website you should carefully review that website’s privacy statement. Clearwater is not responsible for any data entered into external websites.
In an effort to market the Software and other Clearwater solutions, Clearwater requests that Subscribers, through Authorized Users, provide feedback on the Software (“Testimonials”) that Clearwater can publish on its IRM|Pro® website (https://clearwatercompliance.com/hipaa-solutions/irm-pro-software-suite/). Clearwater will not publish Testimonials on its website without first obtaining the Authorized User’s written consent.
Changes to this Policy
 The IRM|Pro® Software Suite is comprised of IRM|Analysis®; IRM|Security®; IRM|Privacy®; IRM|Framework®.
 All information that is not explicitly marked as “optional” is essential to the operation and/or the administration of the Product(s); and for this reason, there is no opt-out available for the collection and storage of the Information.