Epic USCDI on FHIR
Information You Provide to the Services
Information That You Give Us
We collect your personal information in order to set up a User Account, and you send this information to Epic when you request your account. Specifically, Epic may collect the following information:
- Phone number;
- Business legal name, email, address, incorporated state or country, and website URL;
- A security question and corresponding answer to assist with account information retrieval and password resets; and
- Information about the application you plan to submit to either of the Services.
Additionally, you have the option of contacting Epic about via the open.epic email address (email@example.com), the Epic USCDI on FHIR email address (firstname.lastname@example.org), other Epic email addresses, phone, mail, or other methods, and we may keep a record of your communication to help answer or resolve the matter you contacted us about. You can decide how much additional information you want to share with us in those cases.
Our Website and Servers, Your Use of Browsers
Your browser or device may tell us:
- Your browser type;
- Language preference;
- The Internet Protocol (IP) address (which may tell us generally where you are located); and
- The type of device or system you used.
Your browser may also tell us information such as:
- The time and date of your request;
- The page that led you to the Services; and
- The search terms you typed into a search engine that led you to the Services, if applicable.
- Your IP address;
- The pages of our site that you visit;
- The time and date of your visit;
- The time you spend on certain pages on our websites; and
- Various other statistics.
How Do We Use Your Information?
The information that you provide us, whether through the creation of a User Account or in other ways as you use the Services, will be processed by Epic for as long as you are enrolled in the Services and after you cease using the Services. In addition to using your information to provide you access to the Services, we will use your information for purposes such as:
- Creating and managing your User Account;
- Providing you access to the Services;
- Contacting you to resolve any technical difficulty, if needed;
- Providing your contact information to Epic customers that use or are interested in your application;
- Processing and storing your data for Epic’s internal tracking metrics; and
- Improving the Services.
For users of the Services based in Europe, Epic has a legitimate interest in processing your data in order to allow you to use the Services.
Who Has Access to Your Information?
When you provide your information directly to Epic via the Services, your information will be accessed by Epic staff, and your contact information may be made available to Epic’s customers. The Epic staff that will regularly access your information is limited to those that provide technical or operational support for the Services, those that develop the Services, and Epic’s information technology and operations teams.
How Long Does Epic Keep Your Information?
Epic will retain your information for as long as it makes use of such information as a part of your continued use of the Services and to carry out Epic’s legitimate business or legal purposes. By creating your User Account, you agree to allow us to retain your information in accordance with this policy.
If you are a data subject as defined by the General Data Protection Regulation, (EU) 2016/679, you have a number of rights and can do any of the following by contacting Epic at EUPrivacyInquiries@epic.com:
- Request a copy your data Epic has received about you;
- Request that Epic changes incorrect or incomplete data we have about you;
- Request that Epic delete or stop processing your data; and
- Express any concerns or objections you have about Epic’s use of your data.
Please note that if you contact us to assist you, for your safety and ours, we may need to authenticate your identity before fulfilling your request.
How We Protect Your Information
We use a combination of process, technology, and physical security controls to help protect your information from unauthorized access, use, or disclosure, but remember that no method of transmission over the Internet, or method of storage, is 100% secure.
When we collect your information through operation of the Services, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the top or bottom of your web browser, or looking for "https" at the beginning of the URL address of the web page. Employees or partners of Epic who have access to your personal information in connection with providing the Services are required to keep the information confidential and are not permitted to use your information for any purpose other than carrying out the services they are performing. However, despite our efforts, no security controls are 100% effective, and we cannot completely ensure or warrant the security of your information.
Links to Other Sites
The Services may contain links to other websites beyond the control of Epic. Epic is not responsible for the content or privacy practices of those websites. We encourage you to be aware when you leave Epic’s websites and to read the privacy statements of any other website that collects your information.
Your California Privacy Rights
If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit our CCPA privacy notice for California residents.
If you need to contact Epic’s Data Protection Officer or EU Representative as defined by the General Data Protection Regulation, (EU) 2016/679, please email EUPrivacyInquiries@epic.com or call +1 608-271-9000.