ACP Analytics, PII, and PHI

Introduction

This document defines what we do and do not track when ACP Decisions videos are viewed.

What information do you track when a video is viewed?

  • The time the viewing occurred;
  • The patient code associated with the viewing;
  • The clinician username that originally issued the code;
  • When the user plays, pauses, fast forwards, and rewinds the video;
  • What % of the video was viewed;
  • Anonymized IP Address of the Internet Service Provider (ISP). We do not collect patients' IP addresses;
  • Estimated Regional Information based on Anonymized IP Address;
  • Device Information, specifically and limited to:
    • Browser Name;
    • Browser Version;
    • Operating System Name;
    • Whether the Device was Desktop or Mobile;

How is each piece of information used by ACP Decisions?

We practice data minimization practices, and collect only what is necessary to provide and continuously improve our services and support.  We do not rent, sell or share this information with other individuals or non-affiliated organizations.

Code Status and Reporting

The time of the viewing, the code, the clinicians username, and the % of the viewing are used to verify utilization. This information is displayed when viewing the status of a patient code. This information can also be downloaded in the code status report by administrators.

Internet Service Provider and Video Streaming Services

We used a video streaming service and platform called Wistia. This technology allows us to provide fast and reliable video services with thoughtful attention to accessibility. The ISP Information (anonymized IP address and anonymized regional information) is used by our video technology system Wistia for diagnostic and troubleshooting purposes.

We offer products for Web, iOS, and Android devices. We keep track of the browser name, browser version, and whether the device is desktop or mobile in order to better understand how our products are being used and for improvement purposes.

The browser name and browser version allow us to quickly diagnose and troubleshoot issues.

Do you collect PHI?

No, we do not collect Protected Health Information (PHI). Patients interact with My ACP Decisions in a very limited capacity. Their experience is as follows:

  1.  The patient clicks the Use my Code button at https://my.acpdecisions.org
  2.  The patient enters their code;
  3. The patient accepts or declines the medical disclaimer;
  4. The patient views the video(s) and/or document(s); and 
  5. If your account has this feature enabled, the patient can fill out an anonymous multiple choice survey.

At no point during this interaction is the patient able to enter any personal information.  

Do you collect other private or sensitive information?

We offer two workflows for giving your clinicians access to My ACP Decisions; simplified or individualized.

If you opt for a simplified login scheme, you can set simple usernames and passwords without entering individual employee emails.

If you decide to enroll individual clinicians in the system, we will ask for their name and email address. The email address is used to sign into the platform and allows the clinician to issue codes, reset their password, view their order history, and access reporting.

Where do I contact if I have additional questions?

Please reach out to support@acpdecision.org.