A letter from our Chief Regulatory Officer, Deven McGraw
My name is Deven McGraw, and I’m the former Deputy Director for Health Information Privacy at the Office for Civil Rights of the U.S. Department of Health and Human Services. In my role, I was responsible for enforcing HIPAA and issuing guidance on how to comply with its rules.
I spent two years with the U.S. government working on behalf of patient rights regarding personal health data, and now I’m the Chief Regulatory Officer at Ciitizen to further that mission. I’m here to make sure you know your rights regarding your health information:
It’s yours. You have the right to all of it.
When I first interviewed for the position at HHS, I brought up the patient’s right of access under HIPAA and how it would be a goal of mine to issue additional guidance to those entities required to comply with the law. HIPAA (or the Health Insurance Portability and Accountability Act of 1996) is the piece of U.S. legislation that provides data privacy and security provisions for safeguarding our medical information. It was important to me that hospitals, health professionals, and insurers better understand their obligation to patients under this act. I also wanted patients to be more aware of their rights under HIPAA so that they could exercise them. Within my first year on the job, we issued comprehensive guidance on the patient’s right of access and we worked with the Office of the National Coordinator for Health IT to develop consumer friendly materials, including brochures and videos that you can view online today. Within my first year here at Ciitizen, I’ve made a similar goal.
If you’ve requested a copy of your health record and found getting a copy to be difficult, I have some good news for you regarding your rights. You have plenty of them:
- You have the right to all the health information generated as part of a visit to the doctor or a stay in the hospital. You have the right to a copies of your lab tests. You have the right to the results and underlying data from your genome sequence. You have a right to your x-rays, CT scans, and MRIs, too.
- Not only do you have the right to all your data, you have the right to it within 30 days of the request (in most circumstances), in the format you want it (so long as the entity can produce it). If you want that information digitally, you have the right to have it digitally.
You have the right to a copy of all your health information for no more than the reasonable cost of making that copy. You have the right to have that information emailed to you if that’s most convenient. The institution at hand may have some security concerns, but if they provide you with a light warning of that risk and you agree to it, it’s your right to have it emailed. If you do have concerns about using your insecure email, then you have the right to get that information in a secure way. Most importantly, you have the right to get all of it. Every bit of medical information that is generated about you is your right. It’s also your right to request a correction to it. Information that is incomplete may also be wrong, so you have the right to request additional information be added if you think there’s something missing.
All of these rights have been in existence since the early 2000s, so most of them are almost twenty years old at this point. However, most people don’t fully realize it. Many institutions and medical practices have not paid attention to the HIPAA right of access and therefore have not established practices allowing for people to easily exercise it.
That being said, I know what your rights are. I’m now here on behalf of our users (ciitizens) to make sure you have full access to your complete health information.
Deven McGraw, JD, MPH, LLM
Ciitizen Corporation, (“Ciitizen,” “we,” “us,” “our”) enables individuals to collect, maintain and share all of their health information as they see fit and under their control via its website located at www.ciitizen.com and other technologies (collectively, the “Service”). We’re empowering the world’s citizens to conquer disease – by making it possible for all of us to gather, use, and share our health information to improve lives.
Ciitizen understands that health information is powerful, valuable, and sensitive, so securing and maintaining the trust of our users is mission critical to our success. We are committed to maintaining strong and meaningful security systems and privacy protections as a bedrock principle of our company. Complying with applicable law is just our starting point; our commitment to serving you includes regularly thinking about how we can improve how well we are both protecting information about you – and also sharing it according to your wishes.
For your convenience, we provide the following summary of some key aspects of the policy:
- We collect some personal information about you – including, when you ask us, your medical records – to enable you to open a Ciitizen account and have all of your health information organized and at your fingertips.
- We turn the information in your medical records into digitized, summarized and standardized data that you can use to seek treatment options, to share with a caregiver, or to contribute to medical research, if you choose.
- You own the information in your medical records and only you decide whether or not to share these records with any third parties.
- We do not share your personal information (including your medical records, whether identifiable or with identifiers removed) without your explicit permission.
- We protect your information with comprehensive security safeguards, including encryption.
If you have any questions or concerns about this Policy, please contact us at firstname.lastname@example.org.
Your Health Records
Ciitizen is the technology service that allows you to request access to copies of your historical health information and records (“Health Records”) through the “right of access” granted under the Health Insurance Portability and Accountability Act (“HIPAA”), as well as through online portal accounts made available to you by some health care providers or health plans. Ciitizen then aggregates and standardizes your Health Records, transforms them into digital data (what we call “Refined Health Information”), and analyzes the information to offer you opportunities to share your information (for example, with caregivers, with your medical professionals, to find treatment, or to power research). You maintain your ownership of all Health Records, documents, and other materials you upload (or uploaded on your behalf by Ciitizen) to the Service. These Health Records belong to you; you can remove them anytime you want. When you ask us to delete your account, your information (Basic Account Information and Ciitizen Record Information as those are defined below) will be permanently expunged from our servers and securely deleted, and further access to your account will not be possible. Ciitizen will not keep any copies of this data unless required by law, or in cases where you have consented to share your data for a research project and the research is not yet completed (in that case, your data will remain available for that research until it is completed, after which your data will be securely deleted). You have the right to access and receive copies of your personal information – and to consent – or not – to sharing of your information with any third party, subject to the exceptions set forth in this document.
Please see Ciitizen’s Terms of Service for more details.
Information we collect
Personal Information for Basic Ciitizen Account Creation & Maintenance (“Basic Account Information”)
“Personal information” is data that can be used to identify you or contact you. We collect some personal information from you for account creation and maintenance. Such information includes your name, address, e-mail address, and telephone number, and may also include contact preferences, device identifiers and IP address.
The Service is a technology platform that allows you to request access to your historical health information and records from medical providers and health plans that are collected and stored in users’ Ciitizen accounts. Before we can collect this information on a user’s behalf, we will need to confirm the user’s identity, and we may work with third party identity service providers in order to do so. If you are invited to and opt to participate as a user, Ciitizen will also collect additional personal information about you which will be used to verify your identity, including a copy of your driver’s license or other official government photo ID, cell phone identifier or a social security number. Users will also be asked to provide additional personal information, such as prior names, addresses, phone numbers or e-mail addresses; birth date; gender; race or ethnicity; medical or health plan record numbers; and information about medical providers such users have seen for care and the users’ health plans. This information will help us locate users’ health records and help the providers and health plans accurately match and send the right information to collect for a user’s Ciitizen account. Users opening accounts for family members may be required to produce documentation such as a birth certificate, death certificate, health care proxy or power of attorney, and other documentation to demonstrate familial relationship and legal authorization to obtain medical records.
If you decide you want to enable friends or family members or others to have access to your Ciitizen account, we will collect personal information about those individuals (name and e-mail address) in order to fulfill your request.
From time to time, Ciitizen will send you emails that communicate information about your account or about products, services, or offers that may be of interest to you. When you open one of these e-mails or click on links within the e-mail, we may collect and retain information to provide you with future communications that may be more interesting to you. You will have the option of opting out of all e-mail communications except those that Ciitizen reasonably deems are required by law or necessary to prevent or mitigate a security or fraud risk, or to continue to provide you with the Service.
You may opt-in to receive occasional text messages from Ciitizen to receive updates on our services. Message frequency will vary. You agree that by providing your mobile phone number and opting in to receive text messages, you expressly consent to receive automated text messages from us to the mobile phone number you provide. Consent to receiving text messages is not required in order to be a Ciitizen user. Message and data rates may apply, and you should check the rates of your mobile carrier. Your mobile carrier is not liable for delayed or undelivered messages. You can opt out of receiving text messages by texting STOP in response to any text message. You can also text HELP and we will respond with instructions on how to opt-out of or sign up for text messages from Ciitizen. We share your mobile phone number with service providers with whom we contract in order to send you automated text messages, but we will not share your mobile phone number with third parties for their own marketing purposes without your express consent. Contact us at email@example.com if you have any questions about our text message program.
We will let you know at the time of collection when it is optional for you to provide personal information and when it is necessary to do so in order to use certain Ciitizen services.
Health Records to Populate Your Ciitizen Account (“Ciitizen Record Information”)
Ciitizen’s mission is to enable individuals to collect all of their health information in one place and use it and share it as they please. The Service is a technology platform that: (i) allows you to request access to your historical health information and records (“Health Records”) through the “right of access” granted under the Health Insurance Portability and Accountability Act (“HIPAA”), as well as through online portal accounts made available to you by some health care providers or health plans; (ii) asks you to directly input information about your health, such as information about how you’re feeling or pain management (“Content”); (iii) aggregates,standardizes (to the extent possible) such Health Records and Content, transforms them into digital data (what we call “Refined Health Information”) and analyzes it to offer you opportunities to share it; (iv) allows you to decide whether and how to use and share any such Health Records, Content, and Refined Health Information (collectively, “Ciitizen Record Information”) with third parties, including caregivers, medical professionals and researchers; and (v) allows you to post content and interact with other users.
Records Collection. As part of the Service, Ciitizen collects your Health Records on your behalf and populates them in your Ciitizen account. We find your Health Records using one or more of the following processes: (i) Asking you to identify the medical providers and institutions where you have received care; (ii) Asking you to identify the health plans that have provided you with health insurance; (iii) Having you connect Ciitizen to the online portal hosted by your healthcare provider(s) or health plan(s) in order to obtain any medical or health plan records that can be accessed to populate your Ciitizen account (you will need to enter your portal credentials (your portal username and password); (iv) Sending a request for your medical records to networks – commonly known as health information exchanges or HIEs; (v) Sending a request for your records to another medical provider that is identified in your medical records (for example, sending a request for a copy of a lab test result from the laboratory identified in the doctor’s medical record); and (vi) You can also choose to obtain your own records and upload them into your Ciitizen account.
Information we collect when you use the Ciitizen Website and Service
How we use your information
As a company, Ciitizen will use your personal information to create and manage your Ciitizen account, as also for the following purposes:
- To keep you posted on available clinical trials, products, services, software updates, and upcoming events. You can opt out of these communications at any time.
- To help us create, develop, operate, deliver and improve our products and services, and, when necessary, for loss prevention and anti-fraud purposes and account and network security purposes.
- To send important notices regarding Ciitizen products, including changes to our terms, conditions, and policies. You may not opt out of receiving this information as long as you continue to have a Ciitizen account.
Ciitizen does not make decisions based solely on automated processing, including profiling, which have legal consequences for, or significantly affect, our users.
Ciitizen may access information about your use of our website or services in order to prepare, for both internal use and in some cases public dissemination, aggregate statistics about use and users of Ciitizen. Such statistics will not contain any personally identifying information about any Ciitizen users.
When we disclose information to third parties
The mission of Ciitizen is to enable individuals to collect their health records, so they can control it – and use it and share it as they wish.
In general, it is Ciitizen policy that we do not use or share your personal information except with your consent; however, there are circumstances where some of your personal information will need to be shared without an opportunity to first obtain your consent. For example, Ciitizen may share your personal information – both Basic Account Information and Ciitizen Record Information –
- to comply with valid legal process including subpoenas, court orders or search warrants, and as otherwise authorized by law;
- to outside auditors and regulators; and
- to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of or subscription to our products and services and to protect our services and users from such use.
In addition, we may need to disclose personal information to third party contractors who need that information in order to perform services or functions that enable Ciitizen to function as a company. In those cases, third party contractors will be bound by contract limiting their use or disclosure of the information and obligating them to protect it. In addition, we will share only the minimal amount of information necessary to accomplish the intended purpose.
If you are invited to and opt into being a user and have Ciitizen obtain your medical records, we will share Basic Account Information (see above) to a third-party that you have authorized to verify your account information and when you have authorized others to authenticate you or verify your account information.
Except as stated above, Ciitizen will not share your Ciitizen Record Information (e.g., the health and medical information populating your Ciitizen account), whether identifiable or with identifiers removed) with a third party unless you have given us permission to do so.
We also will not ever sell your personal information to a third party, whether identifiable or with identifiers removed, except with your consent.
If Ciitizen enters into a merger, acquisition or sale of all or a portion of its assets or business, user information will also be transferred as part of or in connection with the transaction. Where possible, Ciitizen will notify you in advance of such a transaction and you will be offered an opportunity to opt-out of having your information transferred.
In any circumstance where your consent is sought prior to Ciitizen sharing your information, you will be able to withdraw that consent at any time. Such withdrawal of consent will apply only to new uses or disclosures of your personal information within 48 hours after Ciitizen has received the withdrawal.
Keeping children safe
Ciitizen recognizes that online service providers must be vigilant in protecting the safety and privacy of children online. We do not knowingly market to or solicit personal information from children under the age of 13 without first obtaining clear parental consent.
How we secure information
Although we work hard to protect personal information that we collect and store, no program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal information. To alleviate this, the Ciitizen security team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and your data, and Ciitizen maintains security and incident response plans to handle incidents involving unauthorized access to private information we collect or store.
We also ask you to do your part: Please guard against unauthorized access to your Coiitizen account by maintaining strong passwords and protecting against the unauthorized use of your own computer or device.
Blogs and social networking and educational or promotional content
Ciitizen regularly publishes blog posts and invites any individual to sign up to receive these posts via e-mail. E-mail addresses are collected from these individuals and used by Ciitizen or a contracted service provider solely to send these blog posts and other Ciitizen marketing or promotional material. Note that individuals who create an account on our service will receive e-mails that contain newsletters, links to blog posts and other marketing or promotional content. Any individual – whether or not a Ciitizen account holder – may opt out of receiving any communications from us by following the unsubscribe link in the communications.
The Ciitizen website may from time to time allow you to participate in blog discussions, message boards, chat rooms, and other forms of social networking and to post reviews. These forums are accessible to others and information you post can be read, collected, shared, or otherwise used by anyone who accesses the forum. If you post content to information sharing forums, including any information about your health, you are doing so by choice and you are providing consent to the disclosure of this information.
Integrity and Retention of Personal Information
Ciitizen makes it easy for you to keep your Basic Account Information accurate, complete and up-to-date and will work with you to keep your Ciitizen Record Information similarly accurate, complete and up-to-date. Information in a Ciitizen user account sourced directly from a third-party such as a medical provider, health plan, or other health data source cannot be changed by an individual Ciitizen user; however, in the future Ciitizen users will have opportunities to provide additional information to dispute potential inaccuracies or provide additional context for the information.
Changes to this policy
Updated January 1, 2021: Made a number of changes to improve the readability and understandability of the policy, including providing: 1) a brief summary up top of key aspects of the policy; 2) greater details on how Ciitizen uses the HIPAA Right of Individual Access to obtain your medical records for your Ciitizen account; 3) greater details on user’s rights to control whether and when personal and health record information, whether identifiable or with identifiers removed, is shared with third parties and rights to have this information deleted; 4) greater detail on how Ciitizen uses health records to create actionable (or Refined) Health Information, which the user can decide whether to share with third parties to benefit themselves or others; and 5) links to resources on consumer data privacy.
Updated April 23, 2020: Added paragraph regarding opportunity for users to opt-in to receive automated text messages from Ciitizen.
Additional consumer resources
We encourage our users to educate themselves on the privacy risks of sharing personal information and steps you can take to protect your privacy. We recommend the following resources: