Privacy Policy

Improvity Medical Privacy Policy


This Privacy Policy applies to the website, which also includes the Patient Manager. The website contains links to other sites. Once you enter another website (whether through an advertisement, service, or content link), be aware that is not responsible for the privacy practices of such other sites. We encourage you to look for and review the privacy statements of each and every web website that you visit through a link or advertisement on

We hope that reading our Privacy Policy gives you a clear idea of how we manage information about you. Throughout our Privacy Policy, we have underlined various terms and hot-linked them to our Glossary or to the corresponding Section within the Privacy Policy to help you better understand their meaning.

While you may use some of the functionality of without registration, many of the specific tools and services on our website require registration. If you use our website without registering, the only information we collect will be Non-Personal Information through the use of Cookies or Web Beacons. If you choose to register with our website for certain Interactive Tools or other services, we require you to submit Personally Identifiable Information. Depending on the tool or service you have selected, we may also collect Personal Health Information. You are responsible for ensuring the accuracy of the Personally Identifiable Information and Personal Health Information you submit to Inaccurate information will affect the information you receive when using our site and tools and our ability to contact you as contemplated in this Privacy Policy. For example, your email address should be kept current because that it is how we communicate with you.


Even if you do not register with, we collect Non-Personal Information about your use of our website, special promotions and newsletters.

A. Cookies

We collect Non-Personal Information about your use of our website and your use of the websites of selected sponsors and advertisers through the use of Cookies. Every computer is assigned a different Cookie by The information collected by Cookies (i) helps us dynamically generate advertising and content on web pages or in newsletters, (ii) allows us to statistically monitor how many people are using our website and selected sponsors' and advertisers' sites, (iii) how many people open our emails, and (iv) for what purposes these actions are being taken. We may use Cookie information to target certain advertisements to your browser or to determine the popularity of certain content or advertisements. Cookies are also used to facilitate a user's log-in, as navigation aides and as session timers, but not to retain Personal Health Information about you. Cookies used by Manager are also used to restrict underage use of the tools.

Your browser software can be set to reject all Cookies. Most browsers offer instructions on how to reset the browser to reject Cookies in the "Help" section of the toolbar. If you reject our Cookies, certain of the functions and conveniences of our website may not work properly but you do not have to accept our Cookies in order to productively use our site. We do not link Non-Personal Information from Cookies to Personally Identifiable Information without your permission and do not use Cookies to collect or store Personal Health Information about you.

B. Web Beacons

We also may use Web Beacons to collect Non-Personal Information about your use of our website and the websites of selected sponsors and advertisers, and your use of special promotions or newsletters. The information collected by Web Beacons (i) allows us to statistically monitor how many people are using our website and selected sponsors' and advertisers' sites, (ii) how many people open our emails, and (iii) for what purposes these actions are being taken. Our Web Beacons are not used to track your activity outside of our websites or those of our sponsors'. We do not link Non-Personal Information from Web Beacons to Personally Identifiable Information without your permission and do not use Web Beacons to collect or store Personal Health Information about you.


We collect Personally Identifiable Information that you provide to us when you register as a member of and/or when you update your member profile. We use the Personally Identifiable Information that you provide to respond to your questions, provide you the specific services you select, send you emails about website maintenance and updates, and inform you of significant changes to this Privacy Policy.

A. Newsletters & Emails to You

At registration and at various times as you use, you will be given the option of receiving recurring informational/promotional newsletters via email from and/or directly from third parties. These emails will be of a general nature and will not disclose your unique health characteristics. At the time you sign up for our email newsletters or any time thereafter, you can choose to Opt-out of receiving additional promotional emails from

In order to subscribe to such newsletters via email, we need your contact information, such as name and email address. You can unsubscribe from the newsletters by simply clicking on the "unsubscribe" link at the bottom of any email newsletter. An email to our automated unsubscribe service will be created on your computer. Click the "send" button. You will then be unsubscribed from that newsletter within two to three business days. You may also unsubscribe or change any of your email preferences by clicking on the applicable links in your email newsletter or by changing your profile within the Manager. If you are experiencing difficulties with our automated unsubscribe service, please use our new Customer Support Form. Customer Service will unsubscribe you from that newsletter in two to three business days.

In some cases, when you click on a link or an advertisement in an e-mail or newsletter, your browser may be momentarily directed to the website of a third party which, acting on behalf of, notes or "counts" your response to the e-mail or newsletter before re-directing your browser to its proper destination; this re-direction process will not be apparent to you.

B. Emails You Send to

This Privacy Policy does not protect you when you send content, business information, ideas, concepts or inventions to by email. If you want to keep content or business information, ideas, concepts or inventions private or proprietary, do not send them in an email to We try to answer every email within 48 business hours, but are not always able to do so.

C. Message Boards and other Public Forums

D. Website Registration and Interactive Tools on

After you have registered as a member of, you may choose to use certain interactive content, tools and services that may ask you to voluntarily provide other types of information about yourself including Personal Health Information. Some of the tools (like certain quizzes or calculators) do not retain your Personal Health Information, while others (like Ovulation Calendar) store your Personal Health Information in accordance with the authorization you provide at the time you use the tool.

E. Subscription Services

From time to time, offers users the opportunity to register for paid subscription services. Each subscription service has its own Service Agreement that governs your use of the service and the information we collect to provide the service, including your credit card information. The Service Agreement will be disclosed to you at the time of registration for that subscription service.

F. Children

We are committed to protecting the privacy of children. Neither nor any of its services are designed or intended to attract children under the age of 13. We do not collect Personally Identifiable Information from any person we actually know is under the age of 13. A parent or guardian, however, may use Manager to establish a personal health record and a Manager home page for a minor. The parent or guardian is solely responsible for providing supervision of the minor's use of Manager. The parent or guardian assumes full responsibility for ensuring that the registration information is kept secure and that the information submitted is accurate. The parent or guardian also assumes full responsibility for the interpretation and use of any information or suggestions provided through Manager for the minor.

G. Market Research

From time to time the market research department, or its operations contractors acting on its behalf, conducts online research surveys in order to gather feedback about our site, our sponsors and opinions on important healthcare issues, through email invitations, pop-up surveys and online focus groups.

When participating in a survey, we may ask you to submit Personally Identifiable Information. This Personally Identifiable Information is used for research purposes, and is not used for sales solicitations. When a survey is sponsored by a third party, Aggregate Information of the survey results is reported to the sponsor. Personally Identifiable Information collected through market research will only be used by and its operations contractors and will not be given or sold to a third party without your consent. While this site is not intended for anyone under the age of 13, for market research surveys we will not knowingly accept survey responses from or conduct interviews with any person under the age of 18. Some surveys may provide remuneration to participants such a small cash fee for your time or an entry into a sweepstakes for a larger prize. Each survey will disclose whether or not there it is a paid survey.

In addition to collecting survey responses from our members, Cookies may be used to authenticate respondents or to help you pick up where you left off in a survey. If you have Cookies disabled you may not be able to participate in some studies. Cookies may be used to connect survey data with site usage characteristics. You will be notified when we would like to use Cookies in this way and your consent will be requested for these Cookies.

ARTICLE 5: - REGISTRATION, USE AND TOOLS Manager allows you a secure place to store your Personal Health Information and provides tools and services in order to better manage your health and the health of your family. Manager requires additional registration whether you access it through (i), (ii) your employer's website or (iii) your healthcare sponsor's website. Regardless of how you access the Manager the following apply:

A. Manager Home Page

Personal Health Information that you enter into one of the Manager tools is used to provide you personalized and clinically relevant information on your personalized Health Manager home page and throughout the Health Manager product. Manager creates a personal home page specifically for you. You control and authorize who can gain access to this page.

B. Concept Unique Identifiers Manager tailors the information you receive on your personal Health Manager home page to reflect your interests, concerns and personal health characteristics. We attach a concept unique identifier (CUI) to every piece of information that you provide us. For example, if you complete the HealthQuotient and indicate that you have diabetes, that single piece of information is tagged with a CUI that is specific to diabetes. Every user that indicates he or she has diabetes receives this CUI tag. Each time you view your personalized Health Manager pages, this CUI tag is matched to content from about diabetes, and if our automated algorithms determine that this is likely to be an important topic to you, it will appear on your personalized pages.

C. Aggregate Data Manager may combine, in a non-identifiable format, the Personal Health Information you provide with information from other users to create Aggregate Data that may be disclosed to third parties. Aggregate data does not contain any information that could be used to contact or identify you. For example, Manager may use information gathered to create a composite profile of all the users of a particular partner site. Partnering websites may use this information to understand community needs and to design appropriate programs and activities on their site. Manager will not disclose your Personal Health Information to any third party without your prior permission.

D. Secure Message Center Manager has the ability to use Personally Identifiable Information that you provide to send you personalized emails or secure electronic messages. During registration for the Manager, you have the option of choosing whether you receive emails pertaining to your health interests, including news, announcements, reminders and opportunities. The Manager email service requires an "Opt-in" authorization from you.

Information that Manager deems related to your personal health characteristics, such as illnesses, diseases, medications and health risks, will be delivered to you through the Secure Message Center on your personal health home page.

If you decide, that you would prefer not to receive email or secure electronic messaging from the Manager tool, you may "Opt-out" of the service by clicking on the settings tab on your Health Manager home page and changing your email preference. If your employer has implemented the Manager on your behalf, you will receive email at your work-related email address that has been authorized by your employer but to which you have not specifically Opted-in. These emails will be sent in accordance with instructions from your employer and you are not be able to Opt-out of receiving such emails.

E. Interactive Tools on Manager

Interactive tools within the Manager, gather self-reported Personal Health Information. In addition, certain of these tools can store Personal Health Information coming from third party data interchange agreements between your employer, health plan, pharmacy benefits manager and other third parties that provide data interchange services. We maintain and limit the use of that information to the Opt-in permission you have provided at the time you use the tool.

F. Data Warehouse Analysis

Upon authorization by your health plan, healthcare provider or employer, Health Manager may send your Personal Health Information in a form that cannot be used to personally identify or contact you to a data warehouse for analysis of health trends and effectiveness of health programs. We require these data warehouses to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.

ARTICLE 6: Information Collected by Third Parties Not Acting on Improvity Medical's Behalf

Sponsors or advertisers on may use their own Cookies or Web Beacons in the banner advertisements served on and in emails, special promotions or newsletters we send you. Some advertisers use companies other than to serve their ads and to monitor users' responses to ads, and these companies ("Ad Servers") may also collect Non-Personal Information through the use of Cookies or Web Beacons on our website. In certain situations, information collection may be facilitated by momentarily directing your browser to the website of an Ad Server or other third party acting on behalf of the sponsor, partner, or advertiser before re-directing your browser to its proper destination (e.g., back to to show the ad, or to the advertiser's website); this re-direction process will not be apparent to you.

We do not control these third parties' use of cookies or web beacons, or how they manage the non-personal information they gather through them. However, we do require sponsors, advertisers and Ad Servers who collect cookie or web beacon information through our Website to agree that they will not collect any Personal Information from our site without your consent. They have promised us they will not link any non-personal cookie or web beacon information collected by them on our site to Personal Information they or others collect in other ways or from other sites except as may be described in connection with a particular program. For example, in connection with "Ad Links" furnished by Google, non-personal information sent by your browser to Google when you click on an ad link or submit a query may be used by Google as described in its privacy policy. In addition, Improvity Medical's Advertising Policy is posted on our Website and will provide additional detail about our relationship with advertisers and the companies that serve ads. You should review the privacy policy of other sites you visit or link to from our site to understand how these other sites use cookies and how they use the information they collect through the use of cookies or web beacons on their own sites. Certain Ad Servers allow you to prevent them from collecting data through the use of cookies. In order to do so, you must opt-out of such data collection with each individual site. Currently, you can Opt-out of Cookies for several Ad Servers by visiting the Network Advertising Initiative gateway Opt-out site. This website will also allow you to review the Ad Server's privacy policies.


Except as set forth in this Privacy Policy or as specifically agreed to by you, will not disclose any Personally Identifiable or Personal Health Information it gathers from you on our website. We will only release Personally Identifiable or Personal Health Information to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena or court order; or (2) in special cases, such as a physical threat to you or others. In the event that we are legally compelled to disclose your Personally Identifiable or Personal Health Information to a third party, we will attempt to notify you unless doing so would violate the law or court order. In addition, we may disclose Personal Information as described below.

A. Disclosure to Operations and Maintenance Contractors operations and maintenance contractors sometimes have limited access to your Personally Identifiable Information in the course of providing products or services to These contractors include vendors and suppliers that provide us with technology, services, and/or content related to better operation and maintenance of our website. Unless you have Opted-out of receiving emails and newsletters from, these contractors also may have access to your email address to send newsletters or special promotions to you on our behalf or to send emails to you for purposes such as conducting market research on our behalf. Access to your Personally Identifiable Information by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for We also contractually require that our operations and maintenance contractors 1) protect the privacy of your Personally Identifiable Information consistent with this Privacy Policy, and 2) not use or disclose your Personally Identifiable Information for any purpose other than providing us with products and services.

B. Disclosure to Third Party Contractor Websites

Certain content and services offered to you through our website are served on websites hosted and operated by a company other than ("Third Party Contractor Websites"). does not disclose your Personally Identifiable Information to these Third Party Contractor Websites without your consent, but you should be aware that any information you disclose once you access these other websites is not subject to this Privacy Policy. does not endorse and is not responsible for the privacy practices of these Third Party Contractor Websites. You should review the privacy policy posted on the other website to understand how that Third Party Contractor Website collects and uses your Personally Identifiable Information. makes an effort to make it obvious to you when you leave our website and enter a Third Party Contractor Website, either by requiring you to click on a link or by notifying you on the site before you visit the third part site. In addition, if you see a phrase such as "Powered by" or "in association with" followed by the name of a company other than, then you are on a website hosted by a company other than also provides links to sites provided by Third Party Contractor Websites that have business arrangements with to pay commissions based on sales of products or services generated through An example of this would be Veritas Medicine in our Clinical Trials channel.

C. Disclosure to or by Co-branded Channel Partners is a contractor and provides co-branded content and services to websites hosted and operated by companies other than Channel Partner Websites. You can only access these co-branded content and services through the Channel Partner Website, and usually from the health section of these other websites. The co-branded pages that you may access through a Channel Partner Website have different registration processes and opportunities for information collection, and Personally Identifiable Information that you provide on these pages may be shared with the Channel Partners. does not share Personal Health Information with Channel Partner Websites without your consent. Each of these co-branded websites has its own privacy policy posted on that site, which explains what information is disclosed by to the Channel Partner and vice versa. If you visit one of these co-branded sites, please read the privacy policy that is posted on that site, as well as the individual privacy policy of the Channel Partner Website.

D. Disclosure to Linked Sites

In addition to the Third Party Contractor Websites that you may access as described above, for your convenience there are links to websites operated by companies other than ("Third Party Websites") that are not contractors who provide content or services through our website. These links may be found in advertisements, referenced within content, or placed beside the names or logos of sponsors. does not disclose your Personal Information to these Third Party Websites without obtaining your consent. Health does not endorse and is not responsible for the privacy practices of these sites. If you choose to link to one of these Third Party Websites, you should review the privacy policy posted on this other website to understand how that Third Party Website collects and uses your Personally Identifiable Information.

E. Disclosure of Aggregate Information may provide Aggregate Information to third parties. For example, we might inform third parties regarding the number of users of our website and the activities they conduct while on our site. We might also inform a pharmaceutical company (that may or may not be an advertiser on our site) that "30% of our users live east of the Mississippi" or that "25% of our users have tried alternative medicine." Depending on the circumstances, we may or may not charge third parties for this Aggregate Information. We require parties with whom we share Aggregate Information to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.


Listed below are some of the security procedures that uses to protect your privacy:

  • Requires both a personal username and a password in order for users to access their Personally Identifiable Information or Personal Health Information.
  • Uses firewalls to protect information held in our servers.
  • Utilizes Secure Socket Layer (SSL) encryption in transmitting Personally Identifiable Information to our servers. In order to take advantage of encryption technology, you must have an Internet browser which supports 128-bit encryption.
  • Closely monitors the limited number of employees who have potential access to your Personally Identifiable Information.
  • Requires all employees to abide by our Privacy Policy and be subject to disciplinary action if they violate it.
  • Backs-up our systems to protect the integrity of your Personally Identifiable and Personal Health Information. Manager provides additional protection for your Personal Health Information as follows:

  • Maintains Audit Trails so you can know who has accessed your Manager record. This can be viewed by clicking on "Activity" in the Settings window, which is accessible from your Manager home page.
  • Provides secure messaging within the Manager tool so that information related to your personal health related characteristics is sent through a secure, encrypted connection.
  • Provides geographic redundancy of Manager servers which enhances your ability to access your information by storing identical information at two separate, secure locations. Both sites maintain physical security through pass code locked door access and pass code authority.
  • Limits access to Personally Identifiable Information to authorized users. Health enables you to have full control over who has access to your Personal Health Information. For example, you may decide to permit your physician or other health care professional access to the personal health information you maintain within our tools. Only the person who creates a record can grant access to other users.

Despite's efforts to protect your Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third party may find a way around our security systems or that transmissions of your information over the Internet will be intercepted.


A. Updating Your Personally Identifiable Information tools that collect and store self-reported data allow you to correct, update or review information you have submitted by going back to the specific tool, logging-in and making the desired changes.

B. Removing your Personal Information

If you have a complaint or problem, please use our new Customer Support Form. Our customer service department will forward your complaint to the appropriate internal department for a response or resolution. We try to answer every email within 48 business hours, but may not always able to do so. If you want to (1) delete your Personally Identifiable Information from our systems, (2) update the Personally Identifiable Information that you have provided to us, or (3) change your preferences with respect to marketing contacts or other activities, you can email us at

If you do not receive adequate resolution of a privacy related problem, you may write to's Privacy Help Desk at:
Attn: Office of Privacy
6170 Research Rd.
Frisco, TX 75034
Or call: 866-856-6827

C. Updating Your Personal Health Information in Patient Manager

Self Reported Information - Please log-in to the Patient Manager, access your "settings" tab, and the functions will show you how to correct, update or review your information. We remove Personal Health Information only at the request of the authorized user. In order to verify that it is the authorized user requesting removal of his/her Personal Health Information, we require you to send a signed statement, including your name, address, email address and birth date, to the address below authorizing Patient Manager to remove your Personal Health Information from our active databases and other readily searchable media. Upon receiving your request, your personal health identifiers stored in active databases and other readily searchable media will be removed so that you cannot be identified or associated with any Personal Health Information you previously provided. Mail your requests to:
Attn: Record Removal
6170 Research Rd.
Frisco, TX 75034

We will notify you after your personal health identifiers have been removed.

Professionally Sourced Health Information - For Personal Health Information at Patient Manager, your ability to correct, update or remove previously provided Personally Identifiable or Personal Health Information only covers information within the reasonable control of Patient Manager. We place certain restrictions on your ability to correct, update or remove professionally sourced health information that you have authorized to be entered into your Patient Manager record. You may potentially authorize physicians, other health care providers, health plans, hospital systems, pharmacists or laboratories (or their respective websites) to provide data into your Patient Manager record. While you can remove this professionally sourced information from your record for the purpose of controlling the viewing or sharing of that information, Patient Manager will maintain an audit log, a notice of that transaction and a copy of the information deleted.

D. Limitations on Removing or Changing Information

Upon your request, we will delete your Personally Identifiable or Personal Health Information from our active databases and where feasible from our back-up media. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to from our servers.

E. TRUSTe Watchdog

If you have contacted about a privacy related concern and you do not believe that the problem has been addressed, you may file a complaint with TRUSTe.


Personally Identifiable Information - We will inform you if a material change to the Privacy Policy is made that involves the use of your Personally Identifiable Information. Your continued use of the Web site will indicate acceptance of the changes. You may of course choose to Opt-out of continuing to use the Web site. Please exit the site immediately if you do not agree to the terms of this Privacy Policy or any revised policy.

Personal Health Information - We will inform you if a material change in the Privacy Policy is made that involves the use of your Personal Health Information, and your express Opt-in authorization will be requested. If you choose to not accept the new privacy policy, then the current privacy policy conditions will remain in effect, so long as Patient Manager continues to make the functionality available. reserves the right to discontinue or limit functionality in all its products including and Patient Manager.

Non-Significant Changes – may make non-significant changes to the Privacy Policy that do no affect Personally Identifiable Information or Personal Health Information. For these instances, may not notify the user of such non-significant changes.


Aggregate Information or Data: As a website gathers individual pieces of Non-Personal Information (see definition below) from its users, it may combine similar data from many or all the users of the website into one big "batch". For example, the site may add up the total number of people in Peoria, Illinois, (but not their names) who are seeking information about weight loss and compare that to the number of people in Petaluma, California seeking the same information.

This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Websites may use aggregate data or share it with their business partners so that the information and services they provide best meet the needs of the users. Aggregate data also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.

browser: Short for web browser, a browser is software application used to locate and display web (Internet) pages. The three most popular browsers are AOL, Microsoft Internet Explorer, and Netscape Navigator. In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats.

cache (also called cache memory): Once your web browser accesses a web page, it references that page and the graphics on it within your computer's "cache" (or more simply, your computer takes a "snapshot" of every page you visit and stores it in the "cache".) The next time you visit that same page, your download time will be quicker as the images and much of the page is already available on your computer for your browser to reference instantly instead of waiting for the page and images to download again. Patient Manager does not cache pages.

Channel Partner Website: A third party website to whom Health provides content and services for that website's health channel. Current Channel Partner Websites include AOL, MSN and Lycos.

Click Stream Information: A record of all the pages you have visited during your visit to a particular website or the services you accessed from the site or from an email. Click Stream Information is associated with your browser and not with you personally. It records the archives of your browser.

Cookie: A small data file that is stored on the hard drive of the computer you use to view a website. Cookies are placed by that site or by a third party with a presence on the site, such as an advertiser using a Web Beacon (see definition below) and are accessible only by the party or site that placed the Cookie (i.e. a Cookie placed on your computer by isn't accessed by any other site you visit but a Cookie placed on your computer by an advertiser may be accessed by any site on which that same advertiser has a presence). Cookies can contain pieces of Personally Identifiable Information (PII). encrypts any PII it stores in its Cookies. These Cookies often are used to make the site easier to use. For example, if you check a box to ask that we store your user name on your computer so that you don't have to enter it each time you visit the site, it's stored in a Cookie on your computer.

encryption: The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. This is typically done by secure computer systems.

firewall: A system designed to prevent unauthorized access to or from a public or private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private portions of public networks. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Non-Personal Information: Information that is not traceable back to any individual and cannot be used to identify an individual. For example, Click Stream Information is Non-Personal Information, as is information such as gender, age, city and state when not linked with other Personally Identifiable Information.

Opt-In: Means you are actively indicating your preference to participate in a program, email, feature, tool, or enhancement on a website. Typically, if you "Opt-in" you must provide certain information, usually Personally Identifiable Information, to the website or otherwise actively indicate your choice or preference to participate in the website program. For example, if you wish to receive an appointment reminder by email from, you must enter your email address and choose the reminder duration by checking a box next to a statement such as: "Yes, I'd like to receive appointment reminders."

Opt-Out: Means that if you do not take some action you are indicating your preference to participate in a program, email, feature, tool or enhancement on a website. Typically, if you "Opt-out" you must uncheck a box next to a stated preference or otherwise take some indicate action to indicate your preference not to participate in a program. For example, if you do not wish to receive promotional emails from or its sponsors, you must uncheck the box in your email preference center that states: "Please send me special offers and communications from and/or its partners that would interest me."

password: A secret series of characters, typically alphanumeric (meaning it consists of both letters and numbers) that enables a user to access a file, computer, or program. The user must enter his or her password before the computer or system will respond to commands. The password helps ensure that unauthorized users do not access the system. In addition, data files and programs may require a password.

Ideally, the password should be something that nobody could guess. In practice, many people choose a password that is easy to remember, such as their name or their initials. This is one reason it is relatively easy to break into many computer systems.

Personal Health Information (PHI): When your Personally Identifiable Information (PII) is combined with known health characteristics. For example, if you indicated that you have a certain disease or condition, when that information is combined with your PII, it becomes Personal Health Information.

Personally Identifiable Information (PII) (also called Personal Information): Information that can be traced back to an individual (contrast with Non-Personal Information and Aggregate Information). Examples of PII include your name, home address, telephone number, email address, and Social Security number.

If other pieces of information are linked to PII, they also become PII. For example, if you use a nickname to chat online and give out your real name while chatting, your nickname becomes PII when linked with other PII.

server: A computer that provides services to other computers. A "web server" stores web site files and "serves" them to people who request them.

SSL (Secure Sockets Layer): A security protocol developed by Netscape for transmitting private information via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Microsoft Internet Explorer ( and Netscape Navigator ( support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that utilize an SSL connection start with https: instead of http.

username: A name used to gain access to a computer system or program. Usernames, and often passwords, are required in shared systems, such as the Internet. In most such systems, users can choose their own usernames and passwords.

Usernames are also required to access some bulletin board and online services such as Patient Manager.

virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also "replicate" themselves by copying their code to other computers. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. There are numerous virus protection programs available. See the "How You Can Protect Yourself" section.

Web Beacons (also often referenced as "clear GIFs", "web bugs", "1-by-1 GIFs", "Single-Pixal GIFs", "1 x 1 Pixals", or "clear Pixals"): Tiny graphic image files, imbedded in a web page in GIF, jpeg or HTML format, that provide a presence on the web page and send back to its home server (which can belong to the host site, a network advertiser or some other third party) information from the Users' browser, such as the IP address, the URL of the page on which the beacon is located, the type browser that is accessing the site and the ID number of any Cookies on the Users' computer previously placed by that server. Web Beacons can also be used to place a Cookie on the Users' browser.