Privacy Policy

Health eTools for Schools ("this Site") is powered by Population Health Innovations, LLC. We take the issue of privacy very seriously. We want to assure Users of this Site (meaning any individual, including site visitors as well as those individuals who provide personal information via this Site) that their information is secure and maintained in confidence, consistent with applicable state and federal laws.


This Online Privacy Policy (“Privacy Policy”) is meant to tell you what information we collect, how we protect it, and about your use of this Site. Please read this Policy carefully.


About This Privacy Policy; Use of This Site and Tools. We hope that our Privacy Policy is clear to you. To help your understanding, we have included a glossary of many of the capitalized terms you see in this statement.

When you register with this Site, you can submit Personally Identifiable Information and Personal Health Information. You are responsible for ensuring the accuracy of the Personally Identifiable Information and Personal Health Information you submit to this Site. Inaccurate information will affect the information you store and receive when using this Site and our ability to contact you as contemplated in this Privacy Policy. For example, your email address should be kept current because that it is how we communicate with you.

This Site contains links to other sites. Once you enter another site through a link, this Privacy Policy no longer applies, and we are not responsible for the linked site's privacy practices. We encourage you to review the privacy statements of each site you visit.


Non-Personal Information We Collect about You. We also collect Non-Personal Information about your use of this Site, and special promotions and newsletters, if applicable.

Cookies. We collect Non-Personal Information about your use of this Site through the use of Cookies. Every computer that accesses this Site is assigned a different Cookie by this Site. The information collected by Cookies (i) helps us dynamically generate content on Web pages, (ii) allows us to statistically monitor how many people are using this Site, (iii) how many people open our emails, and (iv) for what purposes these actions are being taken. We might use Cookie information to determine the popularity of certain content. Cookies are also used to facilitate a user's login, as navigation aides and as session timers.

Most browser software can be set to reject all Cookies, and this Site will still operate for you in that event. Most browsers offer instructions on how to reset the browser to reject Cookies in the "Help" section of the toolbar. If you reject our Cookies, certain of the functions and conveniences of this Site might not work properly, but you do not have to accept our Cookies in order productively to use this Site. We do not link Non-Personal Information from Cookies to Personally Identifiable Information without your permission and do not use Cookies to collect or store Personal Health Information about you.

Web Beacons. We also might use Web Beacons to collect Non-Personal Information about your use of this Site. The information collected by Web Beacons (i) allows us statistically to monitor how many people are using this Site, (ii) how many people open our emails, and (iii) for what purposes these actions are being taken. These Beacons are not used to track your activity outside of this Site. We do not link Non-Personal Information from Web Beacons to Personally Identifiable Information without your permission and do not use Web Beacons to collect or store Personal Health Information about you.


Personally Identifiable Information We Collect about You. We collect Personally Identifiable Information that you provide to us when you register with this Site. We use the Personally Identifiable Information that you provide to respond to your questions, provide you the specific services you select, send you emails about Web site maintenance and updates, and inform you of significant changes to this Privacy Policy.

Emails to You. After registration, you might receive email from this Site that deal with site support matters and/or directly from third parties. These emails will not contain Personal Health Information.


In some cases, when you click on a link, your browser might be momentarily directed to the web site of a third party which, acting on behalf of this Site (see Disclosure to Third Party Contractor Web sites, below), notes or "counts" your response to the e-mail before re-directing your browser to your selected destination; this re-direction process will not be apparent to you.


Emails You Send to This Site. This Privacy Policy does not apply to content, business information, ideas, concepts, or inventions that you send to this Site by email. DO NOT SEND ANY PERSONAL HEALTH INFORMATION BY EMAIL. If you want to keep content or business information, ideas, concepts or inventions private or proprietary, do not send them in an email to this Site. We save emails for appropriate action and response, and then we delete them. We try to answer every email within 48 business hours, but are not always able to do so.

Any information shared (including Personally Identifiable and Personal Health Information) that you reveal in a chat room, message board, or online discussion is, by design, open to the public, and is not a private, secure service. You should think carefully before disclosing any Personally Identifiable or Personal Health Information in any public forum. What you write might be seen, disclosed to, or collected by third parties and might be used by others in ways we are unable to control or predict, including to contact you for unauthorized purposes.

Market Research. From time to time our market research department, or our operations contractors acting on our behalf, will conduct online research surveys in order to gather feedback about this Site and opinions on important issues, through email invitations, pop-up surveys, and online focus groups.


When participating in a survey, we might ask you to submit Personally Identifiable Information. This Personally Identifiable Information is used for research purposes, and is not used for sales solicitations. When a survey is sponsored by a third party, Aggregate Information of the survey results is reported to the sponsor. Personally Identifiable Information collected through market research will be used only by Population Health Innovations and its service providers and contractors and will not be given or sold to a third party without your consent or as otherwise permitted by this Privacy Policy. For market research surveys, we will not knowingly accept survey responses from or conduct interviews with any person under the age of 18.


In addition to collecting survey responses from our members, Cookies might be used to authenticate respondents or to help you pick up where you left off in a survey. If you have Cookies disabled you might not be able to participate in some studies. Cookies might be used to connect survey data with site usage characteristics. You will be notified when we would like to use Cookies in this way and your consent will be requested for these Cookies.


Registration, Use, and Tools. This Site provides you a secure place to store Personal Health Information and provides tools and services in order better to manage the health of students in your school.


Aggregate Data. We might combine, in a non-identifiable format, the Personal Health Information you provide with information from other users to create Aggregate Data that might be disclosed to third parties. Aggregate data does not contain any information that could be used to contact or identify anyone. For example, Population Health Innovations might use such data to assess the effectiveness and reach of this program, and third parties might use such data to create a composite profile of all students of a particular district, to understand community needs and to design appropriate programs and activities. We will not disclose Personal Health Information to any third party without prior permission, except as otherwise permitted by this Privacy Policy or as permitted or required by law. .


Secure Message Center. This Site has the ability to use Personally Identifiable Information that you provide to send you personalized emails or secure electronic messages. If you decide that you would prefer not to receive personalized email or secure electronic messages from this Site, you can "Opt-out" of the service by clicking on the settings tab on your home page and changing your email preference. If your employer has implemented this Site on your behalf, you will receive email at your work-related email address that has been authorized by your employer but to which you have not specifically Opted-in. These emails will be sent in accordance with instructions from your employer and you are not able to Opt-out of receiving such emails.


Spyware. This Site does not knowingly engage in business with a company that uses Spyware, nor do we provide Users with downloadable software that collects or uses any PII without full disclosure and consent


Information Collected by Third Parties Not Acting on Our Behalf. Third parties who appear on this Site might use their own Cookies, Web Beacons, or other online tracking technologies. Some might use companies other than us to serve their notices and to monitor users' responses to notices, and these companies might also collect Non-Personal Information through the use of Cookies or Web Beacons on this Site. In certain situations, information collection might be facilitated by momentarily directing your browser to the Web site of a third party acting on behalf of the other party before re-directing your browser to its selected destination (e.g., back to this Site or to the third party's web site); this re-direction process will not be apparent to you.


We do not control these third parties' use of Cookies or Web Beacons, or how they manage the non-personal information they gather through them. However, we do require third parties who collect Cookie or Web Beacon information through this Site to agree that they will not collect any Personally Identifiable Information from this Site without your consent. They have promised us they will not link any non-personal Cookie or Web Beacon information collected by them on this Site to Personally Identifiable Information they or others collect in other ways or from other sites except as might be described in connection with a particular program.. You should review the privacy policy of other sites you visit or link to from this Site to understand how these other sites use Cookies and how they use the information they collect through the use of Cookies or Web Beacons on their own sites. Certain third-party Web sites allow you to prevent them from collecting data through the use of Cookies. In order to do so, you must opt-out of such data collection with each individual site.


Disclosure of Information. Except as set forth in this Privacy Policy or as specifically agreed to by you or as permitted by law, Population Health Innovations will not disclose any Personally Identifiable or Personal Health Information it gathers from you on this Site. We would only release Personally Identifiable or Personal Health Information to third parties: (1) to comply with valid legal requirements such as a law, regulation, search warrant, subpoena, or court order; or (2) in special cases, such as in response to a physical threat to you or others, to protect property, or defend or assert legal rights. In the event that we are legally compelled to disclose Personally Identifiable or Personal Health Information to a third party, we will attempt to notify you unless doing so would violate the law or court order. In addition, we might disclose Personal Information as described below.


Disclosure to Operations and Maintenance Contractors. This Site's operations and maintenance contractors sometimes have limited access to your Personally Identifiable Information in the course of providing products or services to this Site. These contractors include vendors and suppliers that provide us with technology, services, and/or content for the operation and maintenance of this Site. These contractors also might have access to your email address to send newsletters or special promotions to you on our behalf or to send emails to you for purposes such as conducting market research on our behalf. Access to your Personally Identifiable Information by these contractors is limited to the information reasonably necessary for the contractor to perform its limited function for this Site. We also contractually require that our operations and maintenance contractors (1) protect the privacy of your Personally Identifiable Information consistent with this Privacy Policy, and (2) not use or disclose your Personally Identifiable Information for any purpose other than providing us with products and services or as required by law.


Disclosure to Third Party Contractor Web sites. Certain content and services offered to you through this Site are served on Web sites hosted and operated by a company other than Population Health Innovations ("Third Party Contractor Web sites"). Population Health Innovations does not disclose your Personally Identifiable Information to these Third Party Contractor Web sites without your consent, but you should be aware that any information you disclose once you access these other Web sites is not subject to this Privacy Policy. This Site does not endorse and is not responsible for the privacy practices of these Third Party Contractor Web sites. You should review the privacy policy posted on the other Web site to understand how that Third Party Contractor Web site collects and uses your Personally Identifiable Information. Population Health Innovations makes an effort to make it obvious to you when you leave this Site and enter a Third Party Contractor Web site. In addition, if you see a phrase such as "Powered by" or "in association with" followed by the name of a company other than Population Health Innovations, then you are on a site hosted by a company other than Population Health Innovations.


Disclosure to Linked Sites. In addition to the Third Party Contractor Web sites that you might access as described above, for your convenience there are links to Third Party Web sites operated by companies that are not affiliated with Population Health Innovations and that do not have contracts to provide content or services through this Site. These links might be referenced within content, for example. This Site does not disclose your Personal Information to these Third Party Web sites without obtaining your consent. We do not endorse and are not responsible for the privacy practices of these sites. If you choose to link to one of these Third Party Web sites, you should review the privacy policy posted on this other web site to understand how that Third Party Web site collects and uses your Personally Identifiable Information.


Disclosure of Aggregate Information. We might provide Aggregate Information to third parties. For example, we might inform third parties regarding the number of users of this Site and the activities they conduct while on this Site. Depending on the circumstances, we might or might not charge third parties for this Aggregate Information. We require parties with whom we share Aggregate Information to agree that they will not attempt to make this information personally identifiable, such as by combining it with other databases.


How We Handle Privacy And Security Internally. Listed below are some of the security procedures that we use to protect privacy:
· Require both a personal username and a password in order for users to access Personally Identifiable Information or Personal Health Information. 
· Use firewalls to protect information held in our servers. 
· Utilize Secure Socket Layer (SSL) encryption in transmitting Personally Identifiable Information to our servers. In order to take advantage of encryption technology, you must have an Internet browser which supports 128-bit encryption. 
· Closely monitor the limited number of our employees who have potential access to Personally Identifiable Information. 
· Require our employees to abide by our Privacy Policy and to be subject to disciplinary action if they violate it. 
· Back up our systems to protect the integrity of your Personally Identifiable and Personal Health Information. 
· Require our employees, by written confidentiality statements, corporate policies, and state or federal laws and regulations, to maintain the confidentiality of personal information and to use strict standards of care in handling the information. Employees who do not conform to these confidentiality requirements are subject to disciplinary sanctions that may include dismissal.

We provide additional protection for Personal Health Information as follows: 
· Provide secure messaging within this Site so that information related to personal health related characteristics is sent through a secure, encrypted connection. 
· Limit access to Personally Identifiable Information to authorized users
· Maintain an internal privacy compliance program to ensure compliance with this privacy policy. This program includes oversight of the compliance program by a Chief Privacy Officer whose function is to create, maintain, and enforce privacy procedures in accordance with this policy and who oversees our information security systems and procedures. Additionally, our compliance programs include on-going employee training, on-going maintenance and updating of security systems and practices, and maintenance of customer feedback and complaint resolution process. 
Despite our efforts to protect Personally Identifiable Information and Personal Health Information, there is always some risk that an unauthorized third party might find a way around our security systems or that transmissions of information over the Internet might be intercepted.


Updating Information and Contacting This Site

Updating Personally Identifiable Information. This Site's tools that collect and store self-reported data allow you to correct, update, or review information you have submitted by going back to the specific tool, logging in, and making the desired changes, as long as that file remains active.


Removing your Personal Information. If you have a complaint or problem, please contact our customer service department. We try to answer every email within 48 business hours, but might not always able to do so. If you want to (1) delete Personally Identifiable Information from our systems, or (2) update Personally Identifiable Information that you have provided to us, you can email us at

If you do not receive adequate resolution of a privacy related problem, you might write to our Privacy Help Desk at:


Population Health Innovations.
Attn: Chief Privacy Officer
313 West Liberty Street, Suite 350
Lancaster, PA 17603
Or call: 866.522.5487


Limitations on Removing or Changing Information. Upon your request, we will delete Personally Identifiable or Personal Health Information from our active databases and where feasible from our back-up media. You should be aware that it is not technologically possible to remove each and every record of the information you have provided to this Site from our servers.


Changes to This Privacy Policy. We may amend this policy at any time.

Personally Identifiable Information. We will inform you of a material change to the Privacy Policy, which means a change that expands the permissible uses or disclosures of Personally Identifiable Information allowed by the prior version of the Privacy Policy. Your continued use of the Population Health Innovations Site will indicate your acceptance of the changes. You might of course choose to Opt-out of continuing to use this Site. Please exit this Site immediately if you do not agree to the terms of this Privacy Policy or any revised policy.

Personal Health Information. We will inform you if a material change in the Privacy Policy is made that involves the use of Personal Health Information, and your express Opt-in authorization will be requested. If you choose not to accept the new privacy policy, then the current privacy policy conditions will remain in effect, so long as this Site continues to make the functionality available. We reserve the right to discontinue or limit functionality in all its products including this Site.

Non-Significant Changes. We might make non-significant changes to this Privacy Policy that do no affect Personally Identifiable Information or Personal Health Information. For these instances, we might not notify the User of such non-significant changes.


Questions and Concerns. If you have questions about this online privacy policy, or concerns regarding your personal information, please send us your question by clicking Contact Us from the top of any of our web pages.



Aggregate Information or Data: As a web site gathers individual pieces of Non-Personal Information (see definition below) from its users, it might combine similar data from many or all the users of the web site into one big "batch." For example, the site might add up the total number of people in Peoria, Illinois, (but not their names) who are seeking information about weight loss and compare that to the number of people in Petaluma, California seeking the same information.


This sort of statistical information is called Aggregate Data because it reflects the habits and characteristics of a large group of anonymous people. Web sites might use aggregate data or share it with their business partners so that the information and services they provide best meet the needs of the users. Aggregate Data also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.


Browser: Short for web browser, a browser is software application used to locate and display web (Internet) pages. The most popular browsers are Mozilla Firefox and Google Chrome. In addition, most modern browsers can present multimedia information, including sound and video, though they require plug-ins for some formats.


Cache (also called cache memory): Once this browser accesses a web page, it references that page and the graphics on it within your computer's "cache" (or more simply, your computer takes a "snapshot" of every page you visit and stores it in the "cache.") The next time you visit that same page, your download time will be quicker as the images and much of the page is already available on your computer for your browser to reference instantly instead of waiting for the page and images to download again. This Site does not cache pages.


Click Stream Information: A record of all the pages you have visited during your visit to a particular Web site or the services you accessed from the site or from an email. Click Stream Information is associated with your browser and not with you personally. It records the archives of your browser.


Cookie: A small data file that is stored on the hard drive of the computer you use to view a Web site. Cookies are placed by that site or by a third party with a presence on the site, such a partner using a Web Beacon (see definition below) and are accessible only by the party or site that placed the Cookie (i.e. a Cookie placed on your computer by this Site isn't accessed by any other site you visit but a Cookie placed on your computer by an outsider might be accessed by any site on which that same party has a presence). Cookies can contain pieces of Personally Identifiable Information (PII). This Site encrypts any PII it stores in its Cookies. These Cookies often are used to make the site easier to use. For example, if you check a box to ask that we store your user name on your computer so that you don't have to enter it each time you visit the site, it's stored in a Cookie on your computer.


Encryption: The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. This is typically done by secure computer systems.

Firewall: A system designed to prevent unauthorized access to or from a public or private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private portions of public networks. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.


Non-Personal Information: Information that is not traceable back to any individual and cannot be used to identify an individual. For example, Click Stream Information is Non-Personal Information, as is information such as gender, age, city, and state when not linked with other Personally Identifiable Information.


Opt-In: Means you are actively indicating your preference to participate in a program, email, feature, tool, or enhancement on a Web site. Typically, if you "Opt-in" you must provide certain information, usually Personally Identifiable Information, to the Web site or otherwise actively indicate your choice or preference to participate in the Web site program.


Opt-Out: Means that if you do not take some action you are indicating your preference to participate in a program, email, feature, tool, or enhancement on a Web site. Typically, if you "Opt-out" you must uncheck a box next to a stated preference or otherwise take some indicate action to indicate your preference not to participate in a program.


Password: A secret series of characters, typically alphanumeric (meaning it consists of both letters and numbers) that enables a user to access a file, computer, or program. The user must enter his or her password before the computer or system will respond to commands. The password helps ensure that unauthorized users do not access the system. In addition, data files and programs might require a password.

Ideally, the password should be something that nobody could guess. In practice, many people choose a password that is easy to remember, such as their name or their initials. This is one reason it is relatively easy to break into many computer systems.


Personal Health Information (PHI): This arises when your Personally Identifiable Information (PII) is combined with known health characteristics.


Personally Identifiable Information (PII) (also called Personal Information): Information that can be traced back to an individual (contrast with Non-Personal Information and Aggregate Information). Examples of PII include your name, home address, telephone number, email address, and Social Security number.


If other pieces of information are linked to PII, they also become PII. For example, if you use a nickname to chat online and give out your real name while chatting, your nickname becomes PII when linked with other PII.


Server: A computer that provides services to other computers. A "web server" stores web site files and "serves" them to people who request them.


SSL (Secure Sockets Layer): A security protocol developed by Netscape for transmitting private information via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Mozilla Firefox and Google Chrome support SSL and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that utilize an SSL connection start with "https" instead of "http."


Username: A name used to gain access to a computer system or program. Usernames, and often passwords, are required in shared systems, such as the Internet. In most such systems, users can choose their own usernames and passwords.


Virus: A program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also "replicate" themselves by copying their code to other computers. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. There are numerous virus protection programs available.


Web Beacons (also often referenced as "clear GIFs", "web bugs", "1-by-1 GIFs", "Single-Pixel GIFs", "1 x 1 Pixels", or "clear Pixels"): Tiny graphic image files, imbedded in a web page in GIF, jpeg, or HTML format, that provide a presence on the web page and send back to its home server (which can belong to the host site, a network advertiser or some other third party) information from the users' browser, such as the IP address, the URL of the page on which the beacon is located, the type browser that is accessing the site, and the ID number of any Cookies on the Users' computer previously placed by that server. Web Beacons can also be used to place a Cookie on the Users' browser.


PLEASE NOTE: This Site does not provide medical advice, diagnosis, or treatment. The information described in these Web pages is accurate, to the best of our knowledge, at the time of publication. It should be noted that this information is provided for informational purposes only and is not a substitute for medical, legal, or other professional advice. Population Health Innovations, LLC. shall not be liable to any person or entity for any damages of any kind for any reason pursuant to any legal theory, incurred by the User as a result of its/her/his use or reliance on the information.