InXite Privacy Policy

InXite Health Systems Privacy Policy Effective Date: November 27, 2018

InX­ite takes its oblig­a­tion to pro­tect the con­fi­den­tial­i­ty of, and to lim­it the uses and dis­clo­sure of your Per­son­al Infor­ma­tion very seri­ous­ly.

This Pri­va­cy Pol­i­cy lets you know:

  • what infor­ma­tion we col­lect about you when you reg­is­ter for and use the Ser­vices and how that infor­ma­tion is used;
  • what addi­tion­al infor­ma­tion you can pro­vide and orga­nize to take advan­tage of the Ser­vices;
  • the lim­it­ed ways in which we use the addi­tion­al infor­ma­tion you pro­vide;
  • the ways in which we pro­tect the secu­ri­ty of your infor­ma­tion;
  • the ways in which you con­trol the shar­ing of your infor­ma­tion with oth­ers, and the very lim­it­ed cir­cum­stances in which we might ever dis­close your infor­ma­tion to oth­ers with­out a direc­tion from you to do so;
  • what hap­pens to your infor­ma­tion when you choose to close an account;
  • ways in which you can fur­ther pro­tect your infor­ma­tion;
  • how this pri­va­cy pol­i­cy can change and its scope.

Cap­i­tal­ized terms used in this Pri­va­cy Pol­i­cy have the mean­ings set forth in the Def­i­n­i­tions sec­tion found at the end of the pol­i­cy. This Pri­va­cy Pol­i­cy does not apply to Non-per­son­al Infor­ma­tion.

Personal Information we collect and how it is used

When you reg­is­ter to cre­ate a Ser­vice Account, you must pro­vide cer­tain Per­son­al Infor­ma­tion includ­ing your name, your date of birth, and a valid email address. You also will select a user­name and pass­word for the Ser­vice Account, and pro­vide oth­er infor­ma­tion (such as answers to secu­ri­ty ques­tions and a secu­ri­ty phrase). We use the infor­ma­tion you pro­vide to con­firm your eli­gi­bil­i­ty to estab­lish a Ser­vice Account, to pro­tect against unau­tho­rized access to the Ser­vice Account you cre­ate, and to com­mu­ni­cate with you regard­ing the Ser­vices. For exam­ple, when we send you email, we will include the secu­ri­ty phrase that you pro­vid­ed; if you receive an email pur­port­ing to be from InX­ite Ser­vices that does not con­tain the secu­ri­ty phrase you set on your Ser­vice Account, you should not trust that the email was sent by InX­ite Ser­vices.

For InX­ite Ser­vices Ser­vice Accounts, you also will need to pro­vide the user­name and pass­word you use for each InX­ite Account that you wish to have linked to your InX­ite Ser­vices Account. Please note we do not store or retain any of your InX­ite Account user­names or pass­words on InX­ite Servers. Instead, we use that infor­ma­tion to cre­ate secure cre­den­tial­ing mech­a­nisms to ensure accu­rate future sys­tem iden­ti­fi­ca­tion between InX­ite Ser­vices and your InX­ite Account provider orga­ni­za­tions’ web sites in con­nec­tion with your use of the Ser­vices.

We also col­lect and record cer­tain infor­ma­tion from your brows­er each time you con­nect to our Site, such as your IP address, brows­er type and lan­guage, date, time and dura­tion of your con­nec­tion, and the actions that you per­form. That infor­ma­tion becomes part of our Audit Files, which we use only in con­nec­tion with pro­vid­ing, mon­i­tor­ing or improv­ing the per­for­mance of the Ser­vices, and in offer­ing any tech­ni­cal sup­port or assis­tance you might request in con­nec­tion with your use of the Ser­vices.

We also store some infor­ma­tion in cook­ies (small text files) that are cre­at­ed on your com­put­er. The infor­ma­tion stored there is retrieved when you con­nect to our Site and used to improve or sim­pli­fy your user expe­ri­ence on sub­se­quent vis­its. Most web browsers allow you to decline cook­ies, and if you’ve cho­sen to do so then some fea­tures or con­ve­niences oth­er­wise avail­able when using the Ser­vices will not work for you.

Other Personal Information you can provide to take advantage of the Services

If you’ve estab­lished an InX­ite Ser­vices Ser­vice Account, you can enter, upload and trans­fer from oth­er loca­tions a wide vari­ety of oth­er Per­son­al Infor­ma­tion to your account for stor­age, main­te­nance, edit­ing, orga­ni­za­tion and shar­ing with oth­ers as you direct. That Per­son­al Infor­ma­tion might include health records avail­able to you through InX­ite accounts, oth­er health infor­ma­tion that you want to orga­nize or share as part of your per­son­al health record, as well as doc­u­ments, X‑rays, oth­er elec­tron­ic images, and data from var­i­ous med­ical mon­i­tor­ing devices such as blood pres­sure or blood glu­cose mon­i­tors.

We will make good faith efforts to pro­vide you access to your Per­son­al Infor­ma­tion through the Site. InX­ite Ser­vices allow you to delete or cor­rect inac­cu­ra­cies in your Per­son­al Infor­ma­tion that is stored on the Pro­duc­tion Servers.

How we use the Personal Information you provide and store in your Service Accounts

InX­ite will not use, sell, rent, lease or dis­close any of your Per­son­al Infor­ma­tion for the pur­pose of allow­ing third par­ties to adver­tise to you or oth­er­wise attempt to sell you prod­ucts or ser­vices or solic­it you for busi­ness of any kind.

We use your Per­son­al Infor­ma­tion in sev­er­al ways:

  • To pro­vide the Ser­vices to you;
  • To pro­vide assis­tance or tech­ni­cal sup­port in con­nec­tion with your use of the Ser­vices;
  • To audit, mon­i­tor, improve and fur­ther devel­op the Ser­vices.

We also reserve the right to use your Per­son­al Infor­ma­tion to inves­ti­gate pos­si­ble vio­la­tions of the Terms of Ser­vice that gov­ern your use of the Ser­vices, to pro­tect InXite’s prop­er­ty and rights, to inves­ti­gate poten­tial fraud or secu­ri­ty issues, and to com­mu­ni­cate with you regard­ing the Ser­vices or your use of the Ser­vices.

How we protect the security of your Personal Information

InX­ite employs a wide vari­ety of admin­is­tra­tive, phys­i­cal and tech­ni­cal safe­guards to pro­tect the con­fi­den­tial­i­ty, integri­ty, and avail­abil­i­ty of your Per­son­al Infor­ma­tion.

For exam­ple, only InX­ite employ­ees who have a need, such as those assigned to oper­ate and pro­vide sup­port for the Ser­vices, are pro­vid­ed elec­tron­ic access to the InX­ite Servers on which your Per­son­al Infor­ma­tion is stored. Those InX­ite Servers are kept in secure loca­tions and phys­i­cal access to them is high­ly-con­trolled and tracked.

We use Secure Sock­ets Lay­er (SSL) cer­tifi­cate tech­nol­o­gy so that you have assur­ance when using the Ser­vices that our Site is gen­uine and oper­at­ed by InX­ite. That tech­nol­o­gy also allows us to estab­lish a secure, encrypt­ed con­nec­tion between our Site and the web brows­er and/or mobile app you are using when you con­nect to the Site. When the secure, encrypt­ed con­nec­tion exists, the address appear­ing in your browser’s address bar will begin with https:// (not just http://). If you use a high-secu­ri­ty brows­er, your brows­er address bar will turn green to indi­cate your secure con­nec­tion.

Please note, how­ev­er, that when the Ser­vices re-direct you to web sites oper­at­ed by oth­er orga­ni­za­tions (such as a health­care orga­ni­za­tion or health­care appli­ca­tions at which you have an active account), you no longer are con­nect­ed to our Site. At that point, the nature of your con­nec­tion is gov­erned and con­trolled by the tech­nol­o­gy adopt­ed and put into place by the orga­ni­za­tion oper­at­ing the web site to which you’ve been re-direct­ed.

Other technical safeguards that we employ at InXite to protect your Personal Information include the following:

  • Ser­vice Account pass­words are stored in an encrypt­ed for­mat.
  • We pro­vide you guid­ance on how to cre­ate secure pass­words.
  • The Site can be accessed only when you are using high-secu­ri­ty browsers of cer­tain ver­sions, all of which must be SSL-com­pat­i­ble.
  • All trans­fers of data between sys­tems made via the Inter­net in con­nec­tion with your use of the Ser­vices occur in encrypt­ed form using SSL pro­to­col or sim­i­lar tech­nol­o­gy this is wide­ly regard­ed to be secure and reli­able.
  • Fire­walls and audit trails are used to safe­guard your infor­ma­tion fur­ther.

How you control the sharing of your Personal Information and the limited circumstances in which we may disclose it to others

InX­ite Ser­vices allow you to trans­fer your Per­son­al Infor­ma­tion to and from your Ser­vice Account. You con­trol those trans­fers through the fea­tures pro­vid­ed with­in the Ser­vices. For instance, you can autho­rize health­care providers at the orga­ni­za­tions where you have InX­ite Accounts to pull des­ig­nat­ed por­tions of your Per­son­al Infor­ma­tion from your Ser­vice Account for inclu­sion in your elec­tron­ic med­ical record at those orga­ni­za­tions. Only those provider orga­ni­za­tions that you autho­rize will be able to ini­ti­ate such trans­fers, and they will be able to trans­fer only the Per­son­al Infor­ma­tion from your Ser­vice Accounts that you choose to make avail­able to them. To enable this func­tion­al­i­ty, the Ser­vices make the fact that you are an InX­ite Ser­vice Account hold­er known to those orga­ni­za­tions where you have linked InX­ite Accounts.

You also will be able to down­load your Per­son­al Infor­ma­tion to your local com­put­er or portable stor­age devices, or to direct that such Per­son­al Infor­ma­tion be trans­mit­ted to oth­er enti­ties. Again, all such trans­fers of your Per­son­al Infor­ma­tion will be sole­ly in your con­trol, as direct­ed by you through your use of the Ser­vices.

Please note that InX­ite can­not con­trol and is not respon­si­ble for the pri­va­cy and secu­ri­ty of your Per­son­al Infor­ma­tion once it has left InX­ite in accor­dance with your requests and direc­tives when using the Ser­vices. We can­not retrieve that infor­ma­tion after you’ve shared it; and we can­not con­trol or restrict the use of Per­son­al Infor­ma­tion by oth­er orga­ni­za­tions. For instance, des­ig­nat­ing with­in your InX­ite Ser­vices Ser­vice Account that por­tions of your Per­son­al Infor­ma­tion are not to be shared restricts only the trans­fer of the Per­son­al Infor­ma­tion via the Ser­vices; it does not extend those restric­tions to orga­ni­za­tions to which you’ve sent that infor­ma­tion or from which your InX­ite Ser­vices Account has received it, such as a health­care orga­ni­za­tion where you have a InX­ite Account. How such orga­ni­za­tions treat your Per­son­al Infor­ma­tion is deter­mined by their own pri­va­cy prac­tices.

There are very few instances in which your Per­son­al Infor­ma­tion ever will be dis­closed by us oth­er than as direct­ed by you through your use of the Ser­vices. We may dis­close your Per­son­al Infor­ma­tion in the fol­low­ing cir­cum­stances:

  • As we in good faith con­sid­er nec­es­sary for us to com­ply with any applic­a­ble law com­pelling a dis­clo­sure of the infor­ma­tion, to com­ply with legal process served on us, or in response to the request of a law enforce­ment or gov­ern­ment reg­u­la­to­ry agency in cir­cum­stances that we believe war­rant the dis­clo­sure;
  • As we in good faith believe is nec­es­sary or appro­pri­ate in order to pro­tect the per­son­al safe­ty or health of the pub­lic or users of the Ser­vice;
  • As we in good faith believe is nec­es­sary or appro­pri­ate to pro­tect and defend our rights and prop­er­ty, includ­ing the enforce­ment of the Terms or Ser­vice that gov­ern your use of the Ser­vices;
  • As we in good faith believe is nec­es­sary to pro­tect against or address fraud or secu­ri­ty breach­es.

In addi­tion, InX­ite may at times engage oth­er com­pa­nies or indi­vid­u­als to per­form cer­tain activ­i­ties on our behalf and relat­ed to our pro­vi­sion of the Ser­vices, such as assis­tance in improv­ing soft­ware, off-site stor­age of infor­ma­tion for dis­as­ter recov­ery, web site host­ing, or tech­ni­cal assis­tance regard­ing oper­at­ing sys­tems, web browsers or oth­er non-InX­ite soft­ware with which the Ser­vices might inter­act. InX­ite will pro­vide such third par­ties access to your Per­son­al Infor­ma­tion only (i) when such access is nec­es­sary to accom­plish the activ­i­ty for which we have engaged the third par­ty; and (ii) when the third-par­ty is con­trac­tu­al­ly bound to us: (a) to use the infor­ma­tion only in con­nec­tion with accom­plish­ment of the activ­i­ty for which they’ve been engaged and (b) to pro­vide admin­is­tra­tive, phys­i­cal and tech­ni­cal safe­guards to pro­tect the con­fi­den­tial­i­ty and secu­ri­ty of the infor­ma­tion.

What happens to your Personal Information when you close a Service Account

You can choose to close a Ser­vice Account at any time. If you choose to do so, we will retain your Per­son­al Infor­ma­tion until you request per­ma­nent dele­tion. Please note that clos­ing a Ser­vice Account affects only your Per­son­al Infor­ma­tion that is stored on InX­ite Servers. It does not affect, alter or accom­plish the dele­tion of any Per­son­al Infor­ma­tion that is stored or main­tained on oth­er sys­tems, such as those of your health­care providers or the orga­ni­za­tions at which you have InX­ite Accounts.

After dele­tion, Your Per­son­al Infor­ma­tion may per­sist in Back­up Files for up to a year and in our Audit Files for longer peri­ods of time based upon gov­ern­ment agency and pri­vate orga­ni­za­tion guide­lines and rec­om­men­da­tions that per­tain to anal­o­gous cat­e­gories of data and infor­ma­tion. Our Back­up and Audit Files are stored on servers that are not read­i­ly or even eas­i­ly acces­si­ble. We there­fore reserve the right to decline to process requests to pro­vide access to, to delete or to cor­rect inac­cu­rate Per­son­al Infor­ma­tion if such requests would be imprac­ti­cal, require dis­pro­por­tion­ate tech­ni­cal efforts, jeop­ar­dize the secu­ri­ty of oth­er indi­vid­u­als’ per­son­al infor­ma­tion or inter­fere with InXite’s legal oblig­a­tions or its legit­i­mate efforts to pro­tect its busi­ness inter­ests.

Changes to this Privacy Policy

We may make changes to this pol­i­cy from time to time by post­ing revised ver­sions on this page.

Questions and concerns

If you have any ques­tions regard­ing this Pri­va­cy Pol­i­cy or con­cerns about our use, dis­clo­sure or han­dling of your Per­son­al Infor­ma­tion, please con­tact us by email­ing, with ‘Pri­va­cy Pol­i­cy’ in the sub­ject.


  • Audit Files refers to files in which logs are made to track the activ­i­ty occur­ring on a Ser­vice Account, which can be use­ful in pro­vid­ing sup­port to account hold­ers.
  • Back­up Files refers to copies of InX­ite Servers peri­od­i­cal­ly made and retained for the pur­pose of being able to restore our sys­tems in the event of an occur­rence that would neces­si­tate such restora­tion.
  • InX­ite refers to InX­ite Health Sys­tems, Inc.
  • InX­ite Servers means all tan­gi­ble com­put­er equip­ment and stor­age media of any kind owned and con­trolled by InX­ite.
  • InX­ite Ser­vices refers to the ser­vices InX­ite pro­vides allow­ing you to estab­lish, store, main­tain and share a per­son­al health record.
  • InX­ite Account refers to web- and/or mobile-based patient access and ser­vices accounts that you hold at health­care orga­ni­za­tions offer­ing such accounts using
    InXite’s per­son­al health record soft­ware.
  • Non-per­son­al Infor­ma­tion refers to infor­ma­tion that can­not rea­son­ably be iden­ti­fied as per­tain­ing to any par­tic­u­lar Ser­vice Account or rea­son­ably be used to iden­ti­fy any indi­vid­ual per­son.
  • Per­son­al Infor­ma­tion refers to any infor­ma­tion that rea­son­ably could be iden­ti­fied as per­tain­ing to you or your Ser­vice Accounts or oth­er­wise used to iden­ti­fy you, whether that infor­ma­tion is infor­ma­tion that we col­lect­ed about you or that you pro­vid­ed or direct­ed to be trans­ferred into your Ser­vice Accounts when using the Ser­vices.
  • Pro­duc­tion Servers refer to those InX­ite Servers through which the Ser­vices are active­ly being pro­vid­ed via the Inter­net and on which Ser­vice Account hold­ers’ live, up-to-date infor­ma­tion is stored and active­ly accessed in con­nec­tion with the pro­vi­sion of the Ser­vices, includ­ing any real-time copies of such servers that we might main­tain and oper­ate for the pur­pose of pro­vid­ing con­ti­nu­ity of ser­vice in the event of a dis­as­ter at our prin­ci­ple serv­er site.
  • Ser­vice Accounts refers to active InX­ite Ser­vices and InX­ite Ser­vices accounts resid­ing on InX­ite Servers and acces­si­ble via the Inter­net in which you man­age and access the infor­ma­tion you enter or trans­fer into the accounts.
  • Site means the web sites, appli­ca­tions, and inter­faces through which InX­ite pro­vides the Ser­vices and for which InX­ite is the reg­is­tered own­er.
  • Terms of Ser­vice means the InX­ite Sys­tems Cor­po­ra­tion Terms of Ser­vice for Web-Based Ser­vices to which you agree when you estab­lish a Ser­vice Account.