Effective June 22, 2023.
- Information We Collect and How We Use It
- Members’ Information
- Third Party Advertisers and Analytics
- “Do Not Track” and Global Privacy Control Signals
- Social Media Interactions and Third Party Links
- Information Sharing
- Information Security
- Children’s Privacy
- Consent to Transfer
- Accessing and Updating Personal Information
- Marketing Emails and Mobile Messages
- Contact Information and Opt-Out Requests
- LISTSERV® Email Lists and Social Media Sites
1. Information We Collect and How We Use It
AHA collects information from several sources that enables AHA to identify or contact you (“Personal Information”). An AHA website collects Personal Information in a variety of manners and the types of Personal Information we may collect from you will depend on the products and services you choose.
Our Web server automatically collects the domain name and Internet Protocol (“IP”) address for each visitor to our websites. We collect information about the usage of our websites. In addition, we may request or require you to provide Personal Information and/or create an account in order to access certain services or engage in certain activities on an AHA website. The information collected depends on how you choose to use our services and our websites, as detailed below.
The types of Personal Information we collect includes, but is not limited to:
- General information (e.g., your name, date of birth, home and business address, email address, phone number, and other types of demographic information)
- Professional information (e.g., occupation, place of employment, professional history)
- Financial information (e.g., credit card information, billing information)
- IP addresses
- Individual responses to surveys
- Topical areas of interest
- Website usage (e.g., search terms, referring/exit pages, time on a website, number of clicks)
AHA also collects information that is about you individually, but that does not directly identify you as you interact with an AHA website (“Non-Personal Information”). The types of Non-Personal Information we collect includes, but is not limited to:
- Products and services viewed
- Internet service provider
- Geolocation data
a. Commonly Accepted Practices
Personal Information collected may be used for commonly accepted practices, including:
- Product service fulfillment, such as the use of addresses for shipping and credit card information for payment;
- Sending electronic publications to online subscribers;
- Administration of our websites and monitoring usage of our websites;
- Internal operations, such as the use of identity-verification technologies, and the review of server logs;
- Legal compliance and public purposes, such as subpoena compliance and credit reporting;
- Registration and participation in AHA products, services, and communities; and
- Marketing of products and services to you by AHA, such as the recommendation of products or the delivery of coupons based upon prior purchases.
We use Non-Personal Information to improve the usability of our websites and for other business reasons. We or other third party companies also use the Non-Personal Information to provide advertisements and targeted advertisements to you based on the Non-Personal Information.
b. Information Collected to Create an Account
There are times when AHA may request or require you to create an account with us in order to obtain certain services. In such cases we may collect user name or ID and password information from you. We use this information to verify users’ identities in order to prevent unauthorized access to users’ personal information. AHA allows account holders to elect to have the AHA website remember their login information between visits so they do not have to log in each time. This is done by checking a box labeled “remember me” on the login page. This feature requires the placement of a small text file called a cookie (see next section) on the user’s hard drive. The cookie tells the site that the user has logged in before. As part of registering for some of AHA’s products and affiliates, we may collect contact and demographic information such as your name, address, email address, etc. We may also collect information regarding your personal and professional history, interests, activities, experiences and interests in health care products and services. Certain information may be required in order to complete the registration process.
d. Email Addresses and Mailing Lists
AHA collects and uses the email addresses and mailing addresses of its members (see Section 2. Members’ Information, below) for purposes of providing membership benefits and services to members. In addition, AHA collects email and mailing addresses in connection with registration for and attendance at conferences, webinars and other events, subscriptions for publications, the purchase of products and services, and in other circumstances. We may use your email address or other Personal Information to send commercial or marketing messages to you regarding AHA’s products or services. In addition, we may also use your name, mailing address, e-mail address, or other Personal Information (i) to send commercial or marketing messages on behalf of our affiliated organizations or on behalf of unrelated third parties, and/or (ii) in a mailing list sold to third parties for the marketing of their products and services. For example, we may share contact information you provide when you register for a conference or webinar with conference exhibitors or webinar sponsors so that they may send you commercial messages. You may opt-out of any or all of such disclosures as provided below.
Our online surveys may ask respondents for contact, demographic and other Personal Information. The ways in which such information may be used or disclosed will be described in the survey materials. We also may use contact information from our surveys to send the user information about products and services of AHA, our affiliated organizations and/or unrelated third parties.
f. Information from Other Sources
The information we collect is gathered from several sources. Such sources may include, but are not limited to: membership enrollment; conference, webinar, distance learning and other event registration; website visits; newsletter and magazine subscriptions; and product sales. We may combine the information you submit when using one of our services with information (i) collected from your use of other AHA services, (ii) collected by AHA affiliated organizations, or (iii) obtained from third parties. The combined information may be used in a similar manner to any other information we collect.
2. Members’ Information
a. Public Profiles
Some or all of the information AHA collects from you as part of registrations of certain products and affiliates may be maintained in your account profile. This account profile will be visible to third parties accessing an AHA website except as set forth herein. We may make tools available for you in your account settings that will enable you to limit some of the data that will appear to third parties in your account profile.
3. Third Party Advertisers and Analytics
These third parties may view, edit, or set their own cookies. They may also collect non-personal and personal information concerning your online activities over time and across different websites. The information they may collect includes the other sites you have visited or applications that you have downloaded to your mobile device, and other information about you or your device in order to help analyze and serve targeted advertising on the AHA website and elsewhere. For more information about third party ad servers and your ability to opt-out of targeted advertising from such third parties, please visit the Network Advertising Initiative and/or the Digital Advertising Alliance Self-Regulatory Program for Online Behavioral Advertising.
AHA does not provide any Personal Information to these third party ad servers or ad networks without your consent or except as part of a specific program or feature for which you will have the ability to opt-in or opt-out.
4. “Do Not Track” and Global Privacy Control Signals
Note that your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. When you choose to turn on the “Do Not Track” settings in your browser, your browser will send a signal to websites, analytics providers, advertisements networks, plug-in providers, and other web service providers you encounter while browsing to stop tracking your activity. To find out more about “Do Not Track,” please visit www.allaboutdnt.com.
Global Privacy Control (“GPC”) is a technical specification in your browser settings that you can use to automatically inform websites of your privacy preferences with regard to third party online tracking. To find out more about and set up GPC, please visit https://globalprivacycontrol.org/#about.
5. Social Media Interactions and Third Party Links
6. Information Sharing
In the unlikely event that AHA or one of its affiliated organizations is acquired, or substantially all of the assets of AHA or one of its affiliated organizations are acquired, by a third party either in a sale, bankruptcy court proceeding or otherwise it is possible that Personal Information of website users and customers would be one of the assets transferred. In such an event, AHA would take reasonable steps to require the third party to maintain our privacy policies and practices.
In addition, AHA may disclose Personal Information to third parties, but only:
- to contractors we use to support our business, provided they only use the Personal Information for AHA purposes;
- to respond to law enforcement requests, where required by applicable laws, court orders, warrants, subpoenas (whether civil or criminal) or governmental regulations;
- in situations involving threats to the physical safety of any person;
- in connection with joint ventures with third parties; or
- as necessary to enforce our rights in connection with an AHA website.
7. Information Security
AHA implements commercially reasonable security measures to help protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. Please understand that no one can give an absolute assurance that information intended to be maintained as private, whether transmitted via the Internet or otherwise, cannot be accessed inappropriately or unlawfully by third parties. It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a computer.
8. Children’s Privacy
The AHA website is not intended for children under eighteen (18) years of age. AHA does not knowingly solicit or collect personal information from or about any such children, and AHA does not knowingly market its products or services to any such children. If AHA becomes aware that it has inadvertently received personal information from a User under the age of eighteen (18), it will delete such personal information from its records.
9. Consent to Transfer
AHA is based in the United States and the information we collect is governed by United States law. By accessing or using an AHA website or providing us with any information, you consent to the transfer, processing and storage of your information in and to the United States and other countries, jurisdictions in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen.
IF FOR ANY REASON AHA WOULD LIKE TO USE THE INFORMATION YOU HAVE SUBMITTED FOR SUBSTANTIALLY DIFFERENT PURPOSES OTHER THAN THOSE OUTLINED AT THE TIME YOU ORIGINALLY SUBMITTED YOUR INFORMATION, AHA WILL AFFIRMATIVELY REQUEST PERMISSION FROM YOU TO USE SUCH DATA FOR THOSE SUBSTANTIALLY DIFFERENT PURPOSES PRIOR TO USING THE DATA.
11. Accessing and Updating Personal Information
You may request access to your Personal Information, corrections and/or deletions of the same by using the Contact Information set forth below. We will use reasonable, good faith efforts to promptly address your concerns, subject to legal retention obligations and legitimate business needs.
When making a request, individual users are asked to identify themselves and the information requested to be accessed, corrected or removed. Please note that there may be circumstances where we are not required to comply with your requests (e.g., if AHA has an ongoing requirement to retain your Personal Information for our own business or legal compliance purposes). We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical, or for which access is not otherwise required. Correcting or removing data is done free of charge to the user unless doing so requires a disproportionate effort. After deleting your information from active servers, copies may remain in our backup system.
Nevada provides its residents with a limited right to opt-out of certain Personal Information sales. Residents who wish to exercise this sale opt-out rights may submit a request to the AHA Compliance Officer at the contact information provided below in Section 13. However, please know AHA does not currently sell data triggering that statute’s opt-out requirements.
12. Marketing Emails and Mobile Messages
You may opt out of receiving marketing e-mails by following the opt-out instructions provided to you in those e-mails. Please note that we reserve the right to send you certain communications relating to your account or use of an AHA website or other AHA services, such as administrative and services announcements. These transactional account messages may be unaffected if you choose to opt out from marketing e-mails.
If you sign up to receive SMS or MMS messages from AHA, you may unsubscribe from any SMS or MMS messages received by replying “STOP”.
13. Contact Information and Opt-Out Requests
- American Hospital Association
c/o Compliance Officer
155 N. Wacker Dr., Suite 400
Chicago, IL 60606
We also welcome users’ requests not to receive certain forms of communication from AHA and third parties and not to have certain information shared with nonaffiliated third parties. If you prefer that we not disclose your Personal Information to nonaffiliated third parties, you may request us not to make those disclosures (except as required by law) by contacting us as described above. If you elect to opt out of certain disclosures, we may not be able to offer you certain services and products. Please note that Personal Information does not include publicly available information that is lawfully made available to the general public from federal, state or local government records, widely distributed media or disclosures to the general public required by law.
14. LISTSERV® Email Lists and Social Media Sites
Health Forum Inc. Privacy Notice for California Residents
Effective Date: June 22, 2023
Information Health Forum Inc. Collects
Health Forum Inc. may have collected the following categories of personal information from its consumers within the last 12 months:
|A. Identifiers.||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).||
A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||YES|
|D. Commercial information.||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information.||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity.||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data.||Physical location or movements.||YES|
|H. Sensory data.||Audio, electronic, visual, thermal, olfactory, or similar information.||NO|
|I. Professional or employment-related information.||Current or past job history or performance evaluations.||NO|
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
Personal information does not include:
- Publicly available information from government records.
- Deidentified or aggregated consumer information.
- Information excluded from the CCPA’s scope, like personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA), clinical trial data, or other qualifying research data.
Collection, Use, Disclosure, Sharing and Retention of Personal Information
Health Forum Inc. may collect, use, disclose, and/or share the personal information we collect for one or more of the business purposes disclosed in our Privacy Notice.
Health Forum Inc. will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Health Forum Inc. will retain your information as long as we need it for business, tax or legal purposes, including the legal bases described in this Policy. After that, we either delete it, deidentify or aggregate the information.
Sharing Personal Information
Health Forum Inc. may share your personal information by disclosing it to a third party for a business purpose. Health Forum Inc. only makes these business purpose disclosures under written contracts that describe the purposes, require the recipient to keep the personal information confidential, and prohibit using the disclosed information for any purpose except performing the contract. In the preceding twelve (12) months, Health Forum Inc. may have disclosed personal information for a business purpose to the categories of third parties indicated in the following chart:
|Personal Information Category||Disclosures|
|B: California Customer Records personal information categories.||
|C: Protected classification characteristics under California or federal law.||
|D: Commercial information.||
|E: Biometric information.||None|
|F: Internet or other similar network activity.||
|G: Geolocation data.||
|H: Sensory data.||None|
|I: Professional or employment-related information.||None|
|J: Non-public education information.||None|
|K: Inferences drawn from other personal information.||
Sale of Personal Information
Health Forum Inc. does not sell personal information to third parties.
Your Rights and Choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Right to Know and Data Portability Rights
You have the right to request that Health Forum Inc. disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity (see Exercising Your Rights to Know, Correct or Delete), we will disclose to you:
- The categories of personal information Health Forum Inc. collected about you.
- The categories of sources for the personal information Health Forum Inc. collected about you.
- Health Forum Inc.’s business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom Health Forum Inc. shares that personal information.
- The specific pieces of personal information Health Forum Inc. collected about you (also called a data portability request).
- If Health Forum Inc. sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Right to Delete
You have the right to request that Health Forum Inc. delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once Health Forum Inc. receives your request and confirm your identity (see Exercising Your Rights to Know, Correct or Delete), we will review your request to see if an exception allowing us to retain the information applies. Health Forum Inc. may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which Health Forum Inc. collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
- Debug products to identify and repair errors that impair existing intended functionality;
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
- Comply with a legal obligation; or
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Health Forum Inc. will delete or de-identify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Right to Correct
You have the right to request that Health Forum Inc. correct inaccurate information we hold about you. Once we receive your request and confirm your identity (see Exercising Your Rights to Know, Correct or Delete), we may deny your request if we find that the nature of and/or purpose for processing the personal information require us to preserve our existing records. Factors that may determine whether Health Forum Inc. modify information include (without limitation):
- How the personal information was collected;
- The source of the personal information;
- The sensitivity of the personal information;
- Documentation concerning the accuracy of the personal information; and/or
- Evidence that a correction request may be fraudulent or abusive.
Exercising Your Rights to Know, Correct or Delete
To exercise your rights to know, correct or delete, please submit a request by submitting the information in the Health Forum Inc. California Consumer Privacy Act Request Form online, or providing the information in the following manner:
- Calling us at 1-800-424-4301
- Visiting us at Health Forum Inc California Consumer Privacy Act Request Form
Only you, or someone legally authorized to act on your behalf, may make a request to know, correct or delete related to your personal information. To designate an authorized agent, please provide the Health Forum Inc. California Consumer Privacy Act Request Form and the power of attorney form or other written document which permit the authorized agent to make requests on your behalf.
You may only submit a request to know twice within a 12-month period. Your request to know, correct or delete must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom Health Forum Inc. collected personal information or an authorized representative:
- Provide all information included in the Health Forum Inc. California Consumer Privacy Act Request Form. Health Forum Inc. will use this information to compare with the information stored in our technology systems.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Health Forum Inc. cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
You do not need to create an account with us to submit a request to know, correct or delete. However, Health Forum Inc. does consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.
Health Forum Inc. will only use personal information provided in the request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see Personal Information Sales Opt-Out and Opt-In Rights.
Response Timing and Format
Health Forum Inc. will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact us at firstname.lastname@example.org.
Health Forum Inc. endeavors to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 days), we will inform you of the reason and extension period in writing.
If you have an account with us, Health Forum Inc. may deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures Health Forum Inc. provides will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, Health Forum Inc. will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Health Forum Inc. does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales Opt-Out and Opt-In Rights
If you are age 16 or older, you have the right to direct us to not sell your personal information at any time (the “right to opt-out”). Health Forum Inc. does not sell the personal information of consumers we actually know are less than 16 years old. Consumers who opt-in to personal information sales may opt-out of future sales at any time.
To exercise the right to opt-out, you (or your authorized representative who provides written documentation authorizing to act on your behalf) may submit a request to us by visiting the following Internet Web page link:
Do Not Track/Global Privacy Control (“GPC”)
Do Not Track (“DNT”) and Global Privacy Controls (“GPC”) offered by some web browsers are settings that automatically inform websites of your privacy preferences with regard to third party online tracking, including exercising your rights and requesting the web application to disable tracking you. When you choose to turn on the DNT/GPC setting in your browser, your browser sends a special signal to websites, analytics companies, ad networks, plug in providers, and/or other web services you encounter while browsing to exercise your privacy rights and stop tracking your activity. You can learn more about and set up Do Not Track and set up GPC. There is no clear consensus on what it means to comply with these signals and Health Forum Inc. typically does not take additional steps in response to them, but we comply with DNT and GPC as specifically required under applicable law.
Limit the Use of Sensitive Personal Information
Health Forum Inc. does not process sensitive personal information that is subject to this limitation. Health Forum Inc. only uses and discloses sensitive personal information that it collected about the consumer for the purposes specified in the section 7027, subsection (m), of the California Consumer Privacy Act Regulations.
Health Forum Inc. will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
Health Forum Inc. reserves the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this Privacy Notice, we will post the updated notice on the AHA website and update the notice’s effective date. Your continued use of the AHA website following the posting of changes constitutes your acceptance of such changes.
- Calling us at 312-422-3000
- Emailing us at email@example.com
- Visiting us at aha.org
- Postal Address:
- American Hospital Association
155 N. Upper Wacker Drive
Chicago, IL 60606
Attention AHA Compliance
- American Hospital Association