Microsoft HealthVault Account Privacy Statement

Please read the Service Agreement and Code of Conduct for the Service.

You explicitly consent to the use of your health and other personal information as part of the Service.

The Service asks you to enter an identifier and password to sign in. The Service currently accepts Windows Live ID.

When you sign in using Windows Live ID, we refer to the e-mail address and password you use as your Windows Live ID or your Microsoft Passport Network credentials. After you create your Windows Live ID, you can use the same credentials to sign in to many different Microsoft sites and services, as well as those of select Microsoft partners that display the Windows Live ID or Microsoft Passport Network logos. When you sign in to one Microsoft site or service, you may find that other Microsoft sites and services automatically sign you in when you visit those sites and services. To learn more about how websites use your Windows Live ID credential information when you sign in to participating sites, please read the Microsoft Online Privacy Statement.

The first time you sign in to the Service, the Service asks you to create an account. To create an account, you must provide personal information such as name, date of birth, e-mail address, postal code and country/region.

We will use the e-mail address you provide when you create your account to send you an e-mail requesting that you validate your email address, to include in sharing invitations you send through the Service and to send you Service notifications, such as e-mail notification that information is available to add to your account. As described in their privacy statements, Programs may also use your e-mail address.

An account allows you to manage one or more health records, such as the ones you create for yourself and your family members. You choose what information to put in your records. Examples of the types of information you can store in a record include:

You can use Programs to enter a wide range of health information into a record. You can give Programs permission to view, add, modify, and/or delete information in a record. Some Programs store their own copy of the information they access. The Service provides links to each Program's privacy statements and terms of use at the time the Service asks you to authorize the Program's access. Please read those for information such as where and how the Program may use, store and transfer your information; what additional information it may collect; how you can review, edit and delete the information it holds; and other choices you may have. You can also store documents, and can add or edit some information directly when logged into your Service account.

By default, you are the custodian of any records you create. You may invite additional people to be custodians. Each custodian can add and remove other custodians and users who can view and modify the record. Some of the information stored in the records you manage may be highly sensitive, so you need to consider carefully with whom you choose to share the information. A record may have multiple custodians.

A key value of the Service is the ability to share your health information with people and services who can help you meet your health-related goals. For example, you can share health information from records you control:

You can share information in a health record you are custodian of with another person by sending a sharing invitation e-mail through the Service. If the person accepts your sharing invitation and has or creates a Service account, you have given him or her access to that information. You can specify how long they have access (custodian access does not expire but, like all sharing access, it can be revoked at any time) and whether they can modify the information in the record. Each person who accepts a sharing invitation can grant Programs the same level of access that the person has.

You can also choose to grant custodian access to other persons, such as your spouse, for any record of which you are a custodian. Custodian access is the broadest level of access, so you should think carefully before you grant custodian access to a record. Every custodian of a record has the same access to the record, including accessing, modifying, deleting, and sharing all the information in the record. A custodian can also revoke access to a record from any other custodian of the record, including you.

You can also share personal information and health information with Programs. You decide which Programs you want to use. You must approve (or deny) the Program's access. The access request will include (a) the type of information the Program will access and (b) what the Program wants to do with the information (view, add, modify). You can access programs listed at HealthVault.com and you can access Programs directly through their own Web sites. A Program will inform you of what personal and other health record information it wants access to, and the Program informs you, generally through a privacy statement, how it uses your data. A user who has the appropriate level of access must affirmatively authorize a Program's access to any health record in your account. Microsoft requires Program providers to (i) agree not to disclose your data without express consent unless (ii) a healthcare provider, insurer, or other entity that is subject to laws governing the use and disclosure of health information operates the Program, in which case Microsoft requires that the Program comply with those laws. You can read the Program's privacy statement for more information. You can freely grant and revoke a Program's access to the records stored in the Service. The access you grant a Program through the Service is valid until you revoke that access.

Service users with whom you have shared your records can also give a Program access to those records. You can see a complete history of how Programs have accessed the information in your records by using the History feature in your HealthVault account.

We use personal information collected through the Service, including health information, to provide the Service, and as described in this privacy statement. We do not use or disclose your information except as described in this privacy statement.

In support of these uses, Microsoft may use personal information:

Microsoft occasionally hires other companies to provide limited services on our behalf, such as answering customer questions about products and services. We give those companies only the personal information they need to deliver the service, such as IP address or e-mail address. Microsoft requires the companies to maintain the confidentiality of the information and prohibits them from using the information for any other purpose.

Microsoft may access and/or disclose your personal information if we believe such action is necessary to: (a) comply with the law or legal process served on Microsoft; (b) protect and defend the rights or property of Microsoft (including the enforcement of our agreements); or (c) act in urgent circumstances to protect the personal safety and welfare of users of Microsoft services or members of the public.

Personal information collected on the Service is stored and processed in the United Kingdom. Some Programs may store information in other countries, please read their privacy statements for information

Microsoft may use aggregated information from the Service to improve the quality of the Service and for marketing of the Service (for example, to tell potential advertisers how many Service users live in the United Kingdom). This aggregated information is not associated with any individual account. Microsoft does not use your individual account and record information from the Service for marketing without Microsoft first asking for and receiving your opt-in consent.

You choose whether to create an account with the Service. The required account information consists of a small amount of information such as your name, e-mail address, region, and Service credentials. We may request other optional information, but we clearly indicate that such information is optional. You can review and update your account information. You can modify, add, or delete any optional account information by signing into your HealthVault account and editing your account profile.

You can close your account at any time by signing into your HealthVault account and editing your account profile. We wait 90 days before permanently deleting your account information in order to help avoid accidental or malicious removal of your health information.

When you close your account, the Service deletes all records for which you are the sole custodian. If you share custodian access for a record, you can decide whether to delete the record from the Service. You should think carefully before you grant custodian access to your records. Contact Customer Service at http://www.healthvault.com/support to reopen an account.

The Service allows an account to contain multiple health records. This feature enables, for example, family health managers to create and manage records for family members.

When you create a record, you become a custodian of that record. As a custodian, you decide what level of access to grant other users of the Service or Programs. The Service creates a fixed list of each access or change by Programs and users, which the Service keeps as a full history of the record. You can view and update records you are custodian of and can examine the history of access and changes to those records.

Sharing records with other Service users

The level of access you can grant as a custodian include:

Access becomes active only when the recipient accepts the invitation.

Custodian access is the highest level of access. A custodian of a health record can:

Because inappropriate granting of access could allow a grantee to violate your privacy or even revoke your access to your own records, we urge you to consider all the consequences carefully before you grant access to your records.

When you grant someone non-custodian access, that person can grant the same level of access to Programs (for example, someone with view-only access can grant a Program view-only access).

Sharing records with Programs through the Service

We provide you with information about Programs that connect with the Service. You can view the Programs and should examine their privacy statements and terms of use prior to using them or allowing them access to any of your health information. In order to access the Service, the Program provider must commit to protecting the privacy of your health data. Microsoft can revoke a Program provider's access to the Service if a Program does not meet its privacy commitments to Microsoft. We encourage you to contact us if you believe a Program is not protecting the privacy or security of your health data.

No Program has access to your information through the Service unless and until an authorized user opts in through the Service to grant it access. Microsoft requires Program providers to (i) agree not to disclose your data without express consent unless (ii) a healthcare provider, insurer, or other entity that is subject to laws governing the use and disclosure of health information operates the Program, in which case Microsoft requires that the Program comply with those laws.

You control what health information you allow Programs to access and the length of time they can access the information. If a Program requires information you are uncomfortable sharing, you can choose not to authorize that Program access to the record. The Service allows you to control (by accepting or denying Program requests for access) which health information types in a specific health record you choose to share with each Program and what actions you allow each Program to perform on the health information.

Deleting records

You can delete any health record that you are a custodian of by signing in to your HealthVault account and editing a record's profile. If other users had any level of access to that record, the record no longer appears in their accounts. The Service deletes the record from all users. We wait 90 days before permanently deleting the record information in order to help avoid accidental or malicious removal of your health information.

Deleting health information

When a Program or person moves a piece of health information to the trash, custodians may still view it there, and can restore it or delete it permanently from there at any time. Please note that Programs and non-custodial persons with whom you have shared your information are not able to see or restore items in the trash, nor may they permanently delete health information.

Permanently deleting health information removes it from the trash. Once an item has been permanently deleted, it cannot be restored. Whenever an item is permanently removed, the Service adds an entry in your record history noting the name of the person who deleted information and the date the deletion occurred.

To keep you informed of the latest improvements, the Service will send you a newsletter. If you do not want to receive the newsletter, you can uncheck the box that requests the newsletter when you sign up for the Service, uncheck the box in your account profile page at any time, or unsubscribe through a link at the bottom of the newsletter. If you later decide that you want to receive the newsletter, you can request it by checking the box on the account profile page.

Microsoft is committed to protecting the security of your personal information. We use a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, and disclosure. For example, we store the personal information you provide on computer servers with limited access that are located in controlled facilities.

Additionally:

If you have questions regarding this statement, you should contact us by using our Web form.

We use cookies with this Service to enable you to sign in and to help personalize the Service. A cookie is a small text file that a web page server places on your hard disk. It is not possible to use cookies to run programs or deliver viruses to your computer. A Web server assigns cookies uniquely to you and only a Web server in the domain that issued the cookie to you can read the cookies.

One of the primary purposes of cookies is to provide a convenience feature to save you time. For example, if you personalize a Web page, or navigate within a site, a cookie helps the site to recall your specific information on subsequent visits. Using cookies simplifies the process of delivering relevant content, eases site navigation, and so on. When you return to the Web site, you can retrieve the information you previously provided, so you can easily use the site's features that you customized.

You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline some or all cookies if you prefer. If you choose to decline all cookies, you may not be able to use interactive features of this or other Web sites that depend on cookies.

Microsoft Web pages may contain electronic images known as Web beacons sometimes called single-pixel gifs that may be used:

We may include Web beacons in promotional e-mail messages or in our newsletters in order to determine whether you opened or acted upon those messages.

Microsoft may also employ Web beacons from third parties to help us compile aggregated statistics and determine the effectiveness of our promotional campaigns. We prohibit third parties from using Web beacons on our sites to collect or access your personal information. We may collect information about your visit to account.HealthVault.com, including the pages you view, the links you click, and other actions taken in connection with the Service. We also collect certain standard, non-personally identifiable information that your browser sends to every Web site you visit, such as your IP address, browser type and language, access times, and referring Web site addresses.

We may occasionally update this privacy statement. When we do, we will also revise the "last updated" date at the top of the privacy statement. For material changes to this privacy statement, we will notify you either by placing a prominent notice on the home page of the HealthVault Web site or by sending you a notification directly. We encourage you to review this privacy statement periodically to stay informed about how we are helping to protect the personal information we collect. Your continued use of the service constitutes your agreement to this privacy statement and any updates. Please be aware that this privacy statement and any choices you make on the Service do not necessarily apply to personal information you may have provided to Microsoft in the context of other, separately operated, Microsoft products or services.

We also encourage you to provide feedback and comments about the Service by using the Feedback link in the footer of each Service web page or by using the contact information below.

Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please contact us by using our Web form. If you have a technical or general support question, please visit http://support.microsoft.com to learn more about Microsoft Support offerings.

Microsoft Privacy, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 USA 425-882-8080