Information We Collect
Personal Health Information
It is Privia Health’s policy never to disclose any of your personally identifiable Protected Health Information (“PHI”) without your direct authorization.
If you join Privia Health as a member, you will provide a limited authorization for the use of your PHI to Privia Health and its employees, contractors, and authorized partners This authorization will be governed by the terms of your Membership Agreement, and by any associated “Authorizations for Release of Health Information” which you may decide to provide to us.
Non-PHI Personally Identifiable Information
Security and Protection of Your Information
Providing security for the personal information you submit to us is a top priority for Privia Health. We spend a great deal of time, attention, and resources to help protect your privacy. Here are some of the security procedures we employ:
- We use one of the highest standards of Secure Socket Layer (SSL) encryption technology in transmitting Personally Identifiable Information to our servers with a 256 Bit Extended Validation security certificate. In order to take advantage of encryption technology, you must have an Internet browser that supports at least 128-bit encryption.
- We require both a personal username (log-in name) and a password in order for users to access their Personally Identifiable Information or Personal Health Information.
- Our servers are located in state-of-the-art secure data centers designed to protect some of the country’s most sensitive data, with professional security measures such as:
- 24x7x365 security guards
- 24x7x365 video surveillance
- 24x7x365 network operations monitoring center and on-site network engineering support
- Biometric security access through hand scanners
- Servers located in locked cages
- Hurricane proof buildings
- Redundant electrical systems and redundant emergency power generators
- Redundant HVAC systems
- We use firewalls to protect the information held in our servers
- We back-up our systems and data regularly to a redundant off-site secure data center located in another city
- We maintain audit trails so you can know who has accessed your information
- We provide a secure messaging tool so that your communications with your health team are sent through a secure, encrypted connection
- We closely monitor the limited number of Privia Health employees who have potential access to your Personally Identifiable Information.
Despite Privia Health's efforts to protect your Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet may be intercepted. You should, therefore, always use caution when submitting personal information online.
A “cookie” is a small text file that a Web site can place on your computer’s hard drive in order, for example, to collect information about your activities on the site or to make it easier to use certain site functions. The cookie transmits this information back to the Web site’s computer. Many users do not know that “cookies” are being placed on their computers when they visit Web sites. If you want to know when this happens, or prevent it from happening, you can set your browser to warn you when a website attempts to place a “cookie” on your computer.
The information collected by cookies (i) helps us dynamically generate advertising and content on Web pages or in newsletters, (ii) allows us to statistically monitor how many people are using our Web site and selected sponsors' and advertisers' sites, (iii) let’s us know how many people open our emails, and (iv) for what purposes these actions are being taken. We may use cookie information to target certain advertisements to your browser or to determine the popularity of certain content or advertisements. Cookies are also used to facilitate a user's log-in, as navigation aides and as session timers.
Web Site Analytics
Information Automatically Collected By Our Sites
Our servers automatically collect certain non-personally identifying information, such as your computer’s IP address, the type of browser in use, and pages viewed, when you visit our Sites. We use this information to understand how visitors navigate through our Sites, to enhance your experience while using our Sites, and to make the materials we post as valuable to visitors as possible. We do not link this information to personally identifiable information.
Personal Information Sharing
We will share your personal information with third parties in the ways that are described above in this privacy statement. We will also share your personal information if we are required to do so by law, or if we believe that doing so is necessary in order to conform to the law, cooperate with law enforcement agencies, comply with legal process served on Privia Health, or otherwise protect Privia Health’s legal rights. From time to time we employ service providers to perform various functions involving personal information on our behalf. These service providers are prohibited from using this personal information for any other purpose.
Access to your Personal Information
Privia Health will provide you reasonable access to your personally identifiable information, at no cost to you, within 30 days of your access request. If we cannot provide access within the 30-day period, we will tell you when we will provide access. In the unlikely event that we cannot provide you access to this information, we will explain why we cannot do so. To request access to your personally identifying information, contact us by email at firstname.lastname@example.org or by writing us at the following address:
107 S West Street, #409
Alexandria, VA 22314
How to Update or Delete Your Personal Information
Privia Health’s personal health record tools allow you to correct, update or review information you have submitted by going back to the specific tool, logging-in and making the desired changes. If you terminate your membership in Privia Health or ask to have your profile deleted, we’ll attempt to delete your current profile and its associated PHI. Note that we may store your information in an inactive back-up medium for a period of not less than six (6) years. If you specifically direct us to erase you record from our back-up medium, we will attempt to do so to the point it is reasonable and technically feasible.
Note that it's not technically feasible for us to remove from our servers every record of the information you've provided to us. The need to back up our systems to protect information from inadvertent loss means that a copy of your Personal Information may exist in a nonerasable form, making the information difficult or impossible for us to locate.
To request deletion of your personally identifying information, contact us by email at email@example.com or by writing us at the following address:
107 S. West Street, #409
Alexandria, VA 22314
Links to Other Web Sites
Changes in this Privacy Statement
107 S. West Street, #409
Alexandria, VA 22314
If you have technical difficulty using our websites, please contact Privia Support at firstname.lastname@example.org