Last Updated April 26, 2022
Welcome to VerityStream! This Privacy Notice explains how we collect and treat information when you use the VerityStream application provided by HealthStream, Inc. along with its subsidiaries and affiliates (collectively, “ HealthStream,” “us” or “we”). This Privacy Notice is part of and governed by the VerityStream Terms of Service. Any additional notices we may provide about our privacy practices will be considered to form part of this Privacy Notice. If you have questions about our privacy practices or would like to make a complaint, please contact us at provider.solutions@healthstream.com or toll free at 1-800-521-0574 opt. 2.
We value you and your privacy and we want you to understand how we treat and protect your information. Here is a summary of our promise to you, as detailed in this Privacy Notice:
We encourage you to read this Privacy Notice to understand in detail how we collect and use your information.
This Privacy Notice describes how we collect and treat information through your use of VerityStream and your interactions with us as a VerityStream user by any means (our “Services”). This Privacy Notice DOES NOT apply to information collected while using a website or platform owned or operated by a third party, or other services offered by HealthStream. By using or accessing our Services in any manner, you consent to the privacy practices described in this Privacy Notice. If you do not agree with this Privacy Notice, do not use the Services.
When we say, “Personal Information,” we mean information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual consumer or household. Personal Information falls within these categories:
Not everything about you is your Personal Information. Specifically, Personal Information does not include (i) publicly available information (ii) aggregate information, meaning data about a group or category of services or users from which individual identities and other Personal Information has been removed; or (iii) deidentified information that cannot be easily linked back to the individual.
Like most applications, VerityStream uses Personal Information to give you a great experience. We only collect, use, retain, and disclose your Personal Information as reasonable and necessary for you to use VerityStream and only with your consent or another lawful basis. The Personal Information we collect will depend on how you use VerityStream, whether as an individual user or a Business Subscriber offering VerityStream to your nursing staff. We only collect your Personal Information for VerityStream with your consent, as a service provider to a Business Subscriber, or as authorized or required by law. During the last 12 months, we have collected Personal Information like identifiers, employment information, biometric information, commercial history, and internet activity. We have collected this information from a variety of sources including:
In addition to the uses described above, we might also use your Personal Information to: (i) provide, maintain, and improve the Services; (ii) personalize the user experience and provide customer service; (iii) send you support and administrative messages; (iv) monitor your compliance with any of your agreements with us; (v) detect, investigate, and prevent fraudulent transactions and other illegal activities and protect our or others’ rights and property; (vi) protect your privacy, enforce this Privacy Notice, and comply with applicable laws, regulations, legal processes or court orders; (vii) if we believe it is necessary, to identify, contact, or bring legal action against persons who may be causing injury to you, to us, or to others; or (viii) fulfill any other purpose to which you consent.
VerityStream is designed for users aged 18 and older. We do not knowingly collect Personal Information from children under 18. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our systems. If you believe we might have any information collected online from a child under 18, or if you become aware of any unauthorized submission of information to us, please contact us at provider.solutions@healthstream.comor 1-800-521-0574 opt. 2.
VerityStream only retains Personal Information as necessary to provide you with the Services you request. For example, if you contact us for information or support, we will retain the information you provide for the necessary length of time to respond to your inquiry. We will retain your account information, such as your identifiers and employment information, as long as your account remains active. We regularly review and deidentify unnecessary Personal Information, and we periodically delete data associated with inactive accounts.
We only disclose your Personal Information in limited circumstances and for specific purposes. In the last 12 months, we have disclosed all categories of Personal Information that we collected for a business purpose to these recipients:
We reserve the right to disclose aggregated, anonymized, or deidentified information about any individuals with nonaffiliated entities for business development, marketing, advertising, research or other purposes, without restriction.
We believe you should have the ability to readily control the Personal Information we collect and hold about you. If you have questions or need help, please contact your Business Subscriber, send us a Consumer Privacy Request or email us at provider.solutions@healthstream.com.
You can sign into your account to access, change, or delete your Personal Information at any time. If you require assistance to access or make certain changes, please contact provider.solutions@healthstream.com. You can also control the data we collect about you by adjusting your device settings.
If you provide us with your email address, we may send you informational or support emails. If you opt-in to receive VerityStream marketing communications, we may send you emails, push notifications or in-app messages related to your VerityStream activity, to inform you about VerityStream features, or for direct marketing purposes. We will only send you these communications in ways that are compatible with your privacy choices. To opt-out, change your preferences via the links provided in the emails or email provider.solutions@healthstream.com.
If you provide us with your wireless number, you consent to VerityStream sending you text messages for informational or authentication purposes. The number of texts that we send to you will be based on your circumstances and requests. You can unsubscribe from text messages by replying STOP or UNSUBSCRIBE to any of these text messages. Messaging and data charges may apply to any text message you receive or send. Please contact your wireless carrier if you have questions about messaging or data charges.
Do Not Track signals are signals sent through a browser informing us that you do not want to be tracked. Currently, our systems do not recognize browser “do-not-track” requests. If this changes in the future, we will update this Privacy Notice.
If you wish to exercise your rights beyond the methods provided, express concerns, lodge a complaint, or obtain additional information about the use of your Personal Information, please contact your Business Subscriber. Alternatively, you can send us a Consumer Privacy Request or email us at provider.solutions@healthstream.com.
We will relay your request to your Business Subscriber or fulfill it directly if we can. We do not charge a fee to process or respond to a verifiable request unless we have legal grounds to do so. In that case, we will tell you the cost estimate and why we are charging the fee before completing your request. We may be unable to fulfill some or all of your request, for example, if your request falls within a statutory exception or if fulfilling your request would prevent us from complying with a statutory or contractual obligation.
This section provides the disclosures and notices required under the California Consumer Privacy Act of 2018 (“CCPA”) and offers informational notices to residents of Virginia, Colorado, Utah, Nevada, and other U.S. states with laws providing similar protections. The following paragraphs apply solely to residents of the State of California and other states to the extent the same legal protections apply (each a “Consumer”). Consumers may exercise the following rights over their Personal Information, subject to our receipt of a verifiable request and any exceptions and limitations that may apply:
You have the right to request that we disclose information to you about our collection and use of your Personal Information over the past 12 months, such as (i) the categories of Personal Information we have collected about you; (ii) the categories of sources for the Personal Information we have collected about you; (iii) our business purpose for collecting or selling that Personal Information; (iv) the categories of third parties with whom we share that Personal Information; and (v) if we sold or disclosed your Personal Information for a business purpose, two separate lists stating (a) sales, identifying the Personal Information categories that each category of recipient purchased; and (b) disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained. Depending on the laws that apply to you, we may only be required to respond to a certain number of disclosure requests within a 12-month period.
You have the right to request that we correct inaccurate Personal Information about you on our systems. If you become aware that the Personal Information that we hold about you is incorrect, or if your situation changes (e.g., you change address), please inform us and we will update our records.
You have the right to request that we provide you with access to specific pieces of Personal Information we have collected about you over the past 12 months (also called a data portability request). If you submit a right to access request, we will provide you with copies of the requested pieces of Personal Information in a portable and readily usable format. Please note that VerityStream is prohibited by law from disclosing copies of certain pieces of Personal Information (e.g., government identification numbers, financial account information, and passwords or security questions and answers) because the disclosure would create a substantial, articulable, and unreasonable risk to the security of the information, our business systems, or your account. If you are a resident of the State of California, your request is limited to specific pieces of Personal Information we have collected about you over the past 12 months, and we are only required to respond to two such requests within a 12-month period.
You have the right to request that we delete any of your Personal Information that we collected from you and retained, with certain exceptions. VerityStream may permanently delete, deidentify, or aggregate the Personal Information in response to a request for deletion. If you submit a right to deletion request, we will confirm the Personal Information to be deleted prior to its deletion, and we will notify you when your request is complete.
We do not, and will not, sell the Personal Information we collect about you from your use of VerityStream or share your Personal Information with third parties for cross-contextual behavioral advertising purposes. If our practices change, we will update this posting and provide you with opt-out methods.
VerityStream does not require you to provide any Sensitive Personal Information. If you choose to input Sensitive Personal Information, such as your union or other organizational memberships, we will only use this information to complete your user profile, to facilitate your choice to use certain VerityStream features, or for our internal business purposes. VerityStream does not use or disclose Sensitive Personal Information for the purpose of inferring characteristics about you. If this ever changes in the future, we will update this Privacy Notice and provide you with methods to limit use and disclosure of Sensitive Personal Information.
We do not use any form of automated processing of Personal Information to evaluate, analyze, or predict your performance, preferences, choices, or behavior. If this changes in the future, we will update this posting to describe our use of profiling and your options to opt-out.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by law, we will not (i) deny you goods or services, (ii) charge you different prices or rates for goods or services, (iii) provide you a different level or quality of goods or services, (iv) retaliate against you as an employee, applicant for employment, or independent contractor for exercising your privacy rights; or (v) suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services, because you exercised a right under the CCPA.
California’s Shine the Light Act (Civil Code sections 1798.83-1798.84) entitles California residents to request certain disclosures regarding Personal Information sharing with affiliates and/or third parties for marketing purposes.
To exercise these rights or inquire further, please contact your Business Subscriber, send us a Consumer Privacy Request or email us at provider.solutions@healthstream.com. Please note that Personal Information we collect about you is often in a business-to-business context when you are acting as an employee to a current or potential Business Subscriber in the performance of your job duties is not protected Personal Information under the CCPA.
To exercise these rights or inquire further, please contact your Business Subscriber, send us a Consumer Privacy Request, email us at provider.solutions@healthstream.com, or call us toll free at 1-800-521-0574 opt. 2.
VerityStream is owned and operated in the United States and is designed to serve Business Subscribers and their users located in the United States and Canada. We do not market the Services to residents of the European Union or any other jurisdiction outside of the United States and Canada. If you are an EU resident, please do not submit any Personal Information to VerityStream. If you are a VerityStream user who is a non-US resident or if you visit the website from outside of the United States, you acknowledge that Personal Information we collect about you will be transferred to our servers in the United States and maintained there in accordance with our retention policy. This may require the transfer of your Personal Information out of your country of origin with laws governing data collection and use that may differ from or be more restrictive than U.S. law, or may result in governments, courts, law enforcement, or regulatory agencies having access to or obtaining disclosure of your Personal Information pursuant to the laws of the applicable foreign jurisdiction. By allowing us to collect Personal Information about you, you consent to this Privacy Notice and the transfer and processing of your Personal Information as described in this paragraph, and you waive any and all remedies that you may have based on the laws of your jurisdiction.
VerityStream implements reasonable and appropriate technical, organizational, and physical security measures to help protect your Personal Information from unauthorized or illegal access, destruction, use, modification, or disclosure. VerityStream employees responsible for handling user inquiries are informed of applicable privacy law requirements. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions are processed on a PCI-compliant third-party application. Please note, however, that no transmission of data over the internet is 100% secure. We cannot guarantee that unauthorized third parties will not defeat our security measures or use your Personal Information for improper purposes. It is your responsibility to keep your account secure from unauthorized access. We are not responsible for any lost, stolen, or compromised passwords, or any unauthorized activity on your account. We also have no control over any Business Subscriber or other third party’s security measures or practices, and we make no representations or guarantees that your Personal Information is secure once transmitted or stored on their systems.
The Services may include links to other websites whose privacy practices may differ from ours. If you submit Personal Information to any of those websites, your information is governed by the privacy policies of those other websites. You should carefully review the privacy policy of any website you visit.
We may periodically update this Privacy Notice. If we make any material changes, we will notify you through the Services or by updating this posting. The date that this Privacy Notice was last revised is identified at the top of the page. Your continued use of the Services after the effective date will be subject to the new Privacy Notice. You are responsible for periodically checking this Privacy Notice for changes.