Privacy Policy Effective Date: 10/14/2016

Table of Contents

  1. Privacy Statement

  2. Information Collected by United Hospital Fund

  3. United Hospital Fund’s Do Not Track Policy

  4. How Is Personal Information Used?

  5. Who Can Access the Information We Collect?

  6. Selling of Personal Information

  7. Children and Privacy

  8. Security, Storage, & Retention

  9. Changes to this Privacy Policy

  10. Information Correction, Removal, and Opting-Out

  11. Contact Us


A. Privacy Statement.

United Hospital Fund (“United Hospital Fund” or “we” or “us” or “our”) values the organization’s, the account holder and/or user, as appropriate (“you” or “your”) privacy and the privacy of the individuals (“Clients” or “Clients”) whose information is stored in the HI Database. The “HI Database” allows community organizations to populate, collect, interpret, and use relevant data to inform and target systematic efforts to measurably reduce the risks to healthy aging among the people served by such community partners. This Privacy Policy (“Privacy Policy”) applies to the HI Database’s treatment of “personal information” that is stored in the HI Database. “Personal Information” is information that uniquely identifies an individual or otherwise contains information that can be reasonably expected to identify an individual. “Personal Information” may contain, without limitation, information regarding (i) an individual’s past, present, or future health condition, and (ii) health care services accessed by the individuals whose personal data it is. The HI Database treats Personal Information and such health-related information in the same way, without distinction, and makes no special provision for the privacy or security of health-related information, except that which is described in Section H.1. Security.

This Privacy Policy provides information about (a) the information that United Hospital Fund collects when you interact with the NORC Blueprint website (www.norcblueprint.org) and the related HI website and/or PIHI Database (www.aginghealthindicators.org) (collectively referred to as the “Service”); (b) the ways in which United Hospital Fund uses that information; and (c) choices regarding use and disclosure of Personal Information stored in the HI Database. By using our site, you consent to the policies and practices described in this Privacy Policy.

By accessing the Service, you agree to be bound by this Privacy Policy. If you do not agree to the terms of this Privacy Policy, do not use our Service. Each time you use our Service, the current version of the Privacy Policy will apply. Accordingly, whenever you use our Service, you should check the date of this Privacy Policy (which appears at the top) and review any changes since the last version. This Privacy Policy is applicable to all Service visitors, registered users, and all other users of the Service (including, without limitation, Account Holders and Users).

Further, you acknowledge that this Privacy Policy is part of our HI Database Terms of Use, which is hereby incorporated by reference, and by accessing or using our Service, you agree to be bound by the Terms of Use (“Terms of Use”). If you do not agree to our Terms of Use, do not access or use our Service.

If you have any questions about our privacy practices, please refer to the end of this Privacy Policy for information on how to contact us.

B. Information Collected by United Hospital Fund.

When you access and use our Service, United Hospital Fund may collect information that you knowingly and voluntarily provide or that is sent to us automatically by your web browser.

1. Information that you Knowingly and Willingly Provide. United Hospital Fund collects the information that you knowingly and voluntarily provide as an Account Holder (noted in the HI Database as “Health Indicators Manager”)or User of the HI Database when you use our Service (such as through web forms or profile screens), including, without limitation, registration/account setup information and profile details. We primarily use this information so that we can communicate with you. You can choose not to provide us with certain Personal Information, but then you will not be able to use the Service at all. The information that we collect and use may include, without limitation, the following kinds of Personal Information:

  • First and Last Name of Account Holder and title

  • Phone number and email address of Account Holder

  • Organization’s Name and Postal Address

  • Account Holder user name

  • Names of Users to whom you will grant access to the Database

  • First and last name of User

  • Email address of User

  • Login and/or user name of User

Information From and/or About Others. We also store the Personal Information of the Clients about whom you collect and enter into the HI Database (“Client Personal Information”). If you or other users using our Service upload, share and/or distribute content (including, without limitation, Client answers to surveys, names of interviewer and Clients, age and date of birth of Clients, and interview dates, time and duration), and such content contains Client and/or User Personal Information, such information may be stored in order to allow for such uploading, sharing and/or distribution. As a requirement to use our Service, you acknowledge that you are solely responsible to follow your organization’s (i.e., the Account Holder’s) policies regarding appropriate consent(s) from any individual, in order to share such individual’s Personal Information with us. You also agree that every Client for whom you are entering data will be no younger than 18 years of age.

Health Information. The purpose of the HI Database is to organize health information that you provide about your clients. Health information may only be accessed by and disclosed to our employees and our website consultants who have a legitimate business “need to know” in accordance with applicable laws and regulations. Health information may be transmitted to such parties electronically. Whether in paper or electronic form, health data are subject to physical, electronic, and procedural safeguards, and must be stored, transmitted, and disposed of in accordance with Section J (Information Correction, Removal, and Opting-Out) below.

2. Non-Personal Information. United Hospital Fund may collect information that is sent to us automatically by your web browser. United Hospital Fund may use this information to generate aggregate statistics about visitors to the Service. This information typically includes, without limitation, details about when the account was created and when database content was last modified.

United Hospital Fund may use non-Personal Information for various business purposes such as providing customer service, and improving our Service. The information we receive depends on the settings on your browser. Please check your browser if you want to learn what information your browser sends or how to change your settings.

3. Aggregate Information. We may aggregate and/or anonymize all information that we collect from you, including, without limitation, Personal Information, for the purpose of analysis about the effectiveness of the program.

C. United Hospital Fund’s Do Not Track Policy.

Your navigation of our Service is not tracked by United Hospital Fund.

D. How Is Personal Information Used?

We may use Client or User Personal Information that we collect about you and your Clients, or from you on its own, or combine it with other information we have about you or your Clients or from you, in order to:

  • Create user accounts and/or profiles through registration;

  • Provide support;

  • Resolve disputes between Users and/or a User and United Hospital Fund as set forth in our Terms of Use;

  • Assess the database’s functionality and troubleshoot technical problems;

  • Conduct analysis about the effectiveness of the program using aggregate data; or

  • Comply with legal requirements, such as in response to a subpoena or similar investigative demand.

We may also disclose Client or User Personal Information as otherwise set forth in this Privacy Policy, as permitted by law, or with your consent.

E. Who Can Access the Information We Collect?

United Hospital Fund may disclose Client or User Personal Information in the following instances:

Agents. We employ other companies and individuals to provide website programming and technical support on our behalf. In accessing the code it is possible that they could access all information entered on the HI Database.

Employees. Only authorized employees of United Hospital Fund have access to Client and User Personal Information.

To Comply with Legal Process, Protect United Hospital Fund, or Enforce our Rights. We may release Client and/or User Personal Information when it is necessary to (i) conform to legal requirements or comply with legal process; (ii) enforce or apply our conditions of use and other agreements; (iii) protect the rights, safety or property of United Hospital Fund, our service providers, our users, or the public; or (iv) prevent a crime or protect national security (including, without limitation, exchanging information with other companies and organizations for fraud protection and credit risk reduction).

As Part of a Merger or Sale of Business. We may review, use, or disclose Personal Information (i) in connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale (and once disclosed to a third party pursuant to such a transaction described in this item (i), the Personal Information may be reviewed, used, or disclosed by such third party, or (ii) or in the unlikely event of bankruptcy. Any third party to which Personal Information is disclosed pursuant to this paragraph may not be subject to the terms of this Privacy Policy.

F. Selling of Personal Information.

We will not sell Client or User Personal Information to third parties for their use without your consent.

G. Children and Privacy.

Our Service is not directed to children under the age of 18. If you or your Client are not 18 years or older, do not use our Service. We do not knowingly collect Personal Information from children under the age of 18. If we learn that User or Client Personal Information of persons less than 18 years-of-age has been collected from (or about) a minor through our Service, we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child or a minor under the age of 18 has posted, submitted or otherwise communicated Personal Information to our Service without your consent, then you may alert us at dlally@uhfnyc.org so that we may take appropriate action to remove the minor's Personal Information from our systems.

H. Security, Storage, & Retention.

1. Security

United Hospital Fund takes reasonable technical and organizational precautions to protect the confidentiality, security and integrity of Client and User Personal Information. Although we use security measures to help protect Client and User Personal Information against loss, misuse or unauthorized disclosure, we cannot guarantee the security of information transmitted to us over the Internet. There is no guarantee that information may not be accessed, disclosed, altered or destroyed. You are responsible for maintaining the secrecy of your password and account information, and for controlling access to your email communications.

2. Storage

The Client and User Personal Information that you provide to United Hospital Fund is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once Client and User Personal Information is submitted through our Service, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place.

3. Retention

We will retain your information for as long as your account is active or as needed to provide you with our Service, except that United Hospital Fund may periodically clean data from the HI Database for purposes of maintaining an effective and efficient database. Prior notification of maintenance will be provided to each Account Holder by email with instructions on how to export the associated data. If you wish to cancel your account or request that we no longer use your information to provide the Service to you, contact Debra Lally, Director, Information Systems at 212-494-0700. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. However, please be aware that United Hospital Fund will retain some information that you provide through our Service even after you have closed your account.

We may retain Client and User Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. If you wish to cancel your account, contact Debra Lally, Director, Information Systems at 212-494-0700.

We aim to maintain our Service in a manner that protects information from accidental or malicious destruction. Because of this, after information is deleted (see Section J (Information Correction, Removal, and Opting-Out)) from our Service, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

I. Changes to this Privacy Policy.

From time to time, United Hospital Fund may update this Privacy Policy to reflect feedback from our users or changes to United Hospital Fund policies. If there are material changes to this Privacy Policy or how United Hospital Fund uses, shares or collects Personal Information, we will notify you by revising the “Effective Date” at the top of this Privacy Policy. Users are bound by any changes to the Privacy Policy when using the Service after notice of such changes has been communicated. We encourage you to review this Privacy Policy regularly to ensure that you are familiar with our current practices.

J. Information Correction, Removal, and Opting-Out.

1. Correction & Removal.

If any User information that you provide to us is incorrect, or you wish to have User information (including, without limitation, Personal Information) removed from our records, please make the changes to this information by logging in to the HI Database and changing or removing said information. Should you need assistance in this regard contact Debra Lally, Director, Information Systems at 212-494-0700. We will respond to such inquiries within fifteen (15) business days.

You are responsible for ensuring the accuracy of Client data and information prior to submission. Should you wish to remove any Client data or information from the HI Database, please contact Debra Lally, Director, Information Systems at 212-494-0700.


2. Opting Out-Marketing Purposes.

We do not release Client or User Personal Information to third parties for direct marketing purposes.

FOR RESIDENTS OF CALIFORNIA ONLY. Section 1798.83 of the California Civil Code requires select businesses to disclose policies relating to the sharing of certain categories of Personal Information with third parties. If you reside in California and have provided Personal Information to United Hospital Fund, you may request information about our disclosures of certain categories of Personal Information to third parties for direct marketing purposes. Such requests must be submitted to us using one of the following contact methods:

Call Debra Lally, Director, Information Systems at 212-494-0700 or

Send a letter in writing addressed to:

Ms. Debra Lally, Director, Information Systems

United Hospital Fund of New York
Attn: California Privacy Rights
1411 Broadway, 12th Floor
New York, NY 10018


Within thirty (30) days of receiving such a request, we will provide a list of the categories of Personal Information disclosed to third parties for third-party direct marketing purposes, if any, during the immediately preceding calendar year, along with the names and addresses of those third parties. This request may be made no more than once per calendar year. We reserve our right not to respond to requests submitted other than to the address specified in this Section.

K. Contact Us.

If you have any questions about this Privacy Policy or our privacy practices, please contact us as follows:

  • By email to dlally@uhfnyc.org; or
  • By U.S. Mail post to: Ms. Debra Lally, Director, Information Systems United Hospital Fund 1411 Broadway, 12th Fl. New York, NY 10018