ACP Analytics, PII, and PHI

Introduction

This document defines what we do and do not track when ACP Decisions videos are viewed.

What information do you track when a video is viewed?

  • The time the viewing occurred
  • The patient code associated with the viewing
  • The clinician username that originally issued the code
  • When the user plays, pauses, fast forwards, and rewinds the video
  • What % of the video was viewed
  • Anonymized IP Address of the Internet Service Provider (ISP). We do not collect patients' IP addresses.
  • Estimated Regional Information based on Anonymized IP Address
  • Device Information, specifically and limited to:
    • Browser Name
    • Browser Version
    • Operating System Name
    • Whether the Device was Desktop or Mobile

How is each piece of information used by ACP Decisions?

We practice data minimization practices, and collect only what is necessary to provide our services. 

Code Status and Reporting

The time of the viewing, the code, the clinicians username, and the % of the viewing are used to verify if the content has been viewed by the patient. This information is displayed when viewing the status of a patient code. This information can also be downloaded in the code status report by administrators.

Internet Service Provider and Video Streaming Services

We used a video streaming service called Wistia. This technology allows us to provide fast and reliable video services with thoughtful attention to accessibility. The ISP Information (anonymized IP address and anonymized regional information) is used by our video technology system Wistia for diagnostic and troubleshooting purposes.

We offer products for Web, iOS, and Android devices. We keep track of the browser name, browser version, and whether the device is desktop or mobile in order to better understand our products are being used. 

The browser name and browser version allow us to quickly diagnose and troubleshoot issues.

Do you collect PHI?

No, we do not collect Protected Health Information (PHI). Patients interact with My ACP Decisions in a very limited capacity. Their experience is as follows:

  1.  The patient clicks the Use my Code button at https://my.acpdecisions.org
  2.  The patient enters their code;
  3. The patient accepts or declines the medical disclaimer;
  4. The patient views the video(s) and/or document(s); and 
  5. If your account has this feature enabled, the patient can fill out an anonymous multiple choice survey.

At no point during this interaction is the patient able to enter any personal information.  

Do you collect other private or sensitive information?

We offer two workflows for giving your clinicians access to My ACP Decisions; simplified or individualized.

If you opt for a simplified login scheme, you can set simple usernames and passwords without entering individual employee emails.

If you decide to enroll individual clinicians in the system, we will ask for their name and email address. The email address is used to sign into the platform and allows the clinician to issue codes, reset their password, view their order history, and access reporting.