By accessing and using the Service, you agree and acknowledge that you are providing to us your Account Information including, without limitation, Personal Health Information (“PHI”). TPA Stream administers this data in a manner that is consistent with applicable state and federal laws, rules, regulations, or other legal obligations.
Except as set forth below, TPA Stream will not share Personal Information and PHI with any third party unless you authorize the third party to access such information; or if you are provided access to the application as part of your services.
You acknowledge and accept that TPA Stream may disclose Personal Information in response to legal process to appropriate legal or private parties to respond to claims and legal process (including but not limited to subpoenas) to protect the property and rights of TPA Stream or a third party, to protect the safety of the public or any person, or to prevent or stop activity it may consider to be, or to pose a risk of being, any illegal, unethical or legally actionable activity.
For information on third parties with which the Personal Information is being shared send an email to support@TPAStream.com.
You acknowledge and accept that TPA Stream may aggregate information and provide it as part of the Service. By aggregate information we mean information provided by at least two individuals as part of their use of Service, such as zip code, or utilizing their accessed Healthcare and Financial Information; where the information is cleansed to remove all individual identifying information.
You acknowledge and accept that TPA Stream may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform improvements to the Service (e.g., without limitation, maintenance services, database management, web analytics and improvement of the TPA Stream web site’s features) or to assist us in analyzing how our Service is used. These third parties have access to personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
You acknowledge and accept that TPA Stream may sell, transfer or otherwise share some or all of its assets, including Personal Information, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
Security & HIPAA
TPA Stream implements administrative, physical, and technical safeguards to protect the confidentiality of Healthcare and Financial Information in its databases; and TPA Stream maintains reasonable policies to limit access and detect, contain and correct security violations. TPA Stream maintains HIPAA level confidentiality of identifiable data as noted in the previous section.
Consent to the use of cookies.
For our website to function properly we use cookies. To obtain your valid consent for the use and storage of cookies in the browser you use to access our website and to properly document this we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
CookieFirst is used to obtain the legally required consent for the use of cookies. The legal basis for this is article 6(1)(c) of the General Data Protection Regulation (GDPR).
Data processing agreement
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or the withdrawal of consent
- Your anonymised IP address
- Information about your Browser
- Information about your Device
- The date and time you have visited our website
- The webpage url where you saved or updated your consent preferences
- The approximate location of the user that saved their consent preference
- A universally unique identifier (UUID) of the website visitor that clicked the cookie banner