Privacy statement

Cyberderm (www.Cyberderm.com) is strongly committed to protecting the privacy of its Users (Physician-Members and Patients). We have created the following privacy statement to inform you of the type of information we collect, how the information is used and how the information is safeguarded.

A. INFORMATION – What we collect and why

What information we collect
Information can be collected on a Website in a variety of ways. In some cases, Cyberderm asks Users directly for information in order for them to use our services. And, in other cases, information is collected as Users are using Cyberderm.net services.

Information entered by Users
For example, when a User registers or uses certain Cyberderm.net services, he/she must supply different types of information, such as:
· Contact information, such as name, mailing address, email address and phone number
· Demographic information, such as zip code, age and gender
· Medical information, such as health background and health status (supplied directly by patients)
· Education information, such as physician educational background
· Information you enter in forms and surveys
· Correspondence physicians enter in threaded discussions with other physicians.

Information collected, but not entered by Users
Some types of information are collected, but do not require Users to directly enter the information. It is important to note that Cyberderm must store this information in order to ensure its Users receive optimal service while using Cyberderm.net services. This type of information collected can include:

· Log files information, such as IP addresses, browser type, domain names, number of page views, login frequency, page or section accesses. Log files are used to track member usage and engagement and to gauge the effectiveness of our different services. We also give aggregated site utilization data to our Member-physicians about how patients are using their Practice’s Websites. We use your IP address to help diagnose problems with our server and to administer our Website.

· Cyberderm uses cookies, which are electronic pieces of information used to keep track of information such as login name and password. Cyberderm services are not accessible unless users have their browsers configured to accept cookies. Specifically, cookies are used to:

· Store session state information
· Authenticate users
· Help customize content delivery
· Provide context-sensitive help
· Collect information on the origin of User registration (Users are registered at trade shows and association-sponsored events).
· Protect Website security and login time-outs

Why we collect this information
The information we collect depends on the nature of the service a person is using. For instance, we must store information patients enter, such as insurance information, in order for patients to be able to later retrieve and change the information they have provided. Similarily, we must store a physician’s educational background so it can be displayed on their Practice Website. Otherwise, a physician would have to enter the information each time he or she enters the Website. Here is a brief explanation of why different types of information are collected:

Patient information
· Information is collected on behalf of patient’s personal physician as a service to the practice. The information is stored on our secure server so the physician’s office can access it. That way, a physician’s office can accept information a patient has updated, such as billing information, and incorporate it into their files. As a result, patients can experience the convenience of updating their records from home. It is also forwarded via secure email to the physician’s medical e-mail account that resides on our secure server.

· Cyberderm also collects information to enable physicians to deliver customized medical information to patients. Then, patients can access the information in a secure area within their physician’s Practice Website.

Physician information
Information, such as a physician’s educational background, is stored so that it can be displayed on the physician’s Practice Websites and used to authenticate a physician’s standing as a practicing physician during registration. All physician contact and biography information is used to build the website for the practice. (Cyberderm authenticates physicians by using the American Medical Association database and other resources. Non-physicians will not be able to use Cyberderm core services unless they are registered as staff by a verified physician. Minors will not be able to use Cyberderm services. ) Physician association memberships are used to help us target our marketing efforts. We also provide bulletin boards for physicians and sponsors. We collect usage data, but not data on what gets posted.

Who is collecting this information?
We currently engage in sponsorship relationships with medical assocations and present the relationship to Users as: “Brought to you by.” Sponsors pay to put their logo on the Cyberderm.net Member Center and have it viewed by physicians with a particular specialty. They also receive the right to participate in online marketing discussions with those physicians. They do not receive any patient data.

Use of the information collected
Cyberderm strictly adheres to state, local and federal laws regarding the preservation and archiving of information collected. Here are some ways Cyberderm uses the information:
· When Users receive correspondence from other Users (such as a physician to a patient), the correspondence will appear in a secure area of their physician’s Website. They will also be notified via their personal email that a secure message is waiting for them at a specific URL. Users will also receive welcome kits, e-mail newsletters and customized Web content.

· Users will receive email newsletters and updates when Cyberderm has significant product features or enhancements or significant news to relay to our users.

· To help target our marketing, we combine aggregated physician usage data with aggregated physician association data.

· Inquiries Cyberderm receives via email for information regarding our services are a one-time correspondence. These addresses are not retained unless we are requested to do so. Sharing of information· Partners and investors receive reports on number of Users, service use by type and by physician specialty, page views, logins, etc. They do not receive medical data on patients.

· Patient data is only released to patient’s personal physicians.

· Demographic, insurance, emergency contact information and medical history is transferred from patients to their personal physicians. Choice/opt-out

· Personally Identifiable Information is not shared with third parties.

· Website features give Users the ability to opt-out of receiving future mailings.

B. SECURITY

The following outlines different types of security procedures Cyberderm has in place to protect the loss, misuse or alteration of the information collected.

Identification
· Access to the data is assigned to specific individuals in order to maintain strict control over access
· We do not grant general access to data within our organization
· Access to data is not granted to parties outside our organization

Authentication
· We verify the identity of the persons accessing the data by using a login name password
· Passwords are required to be eight characters and include a non-alphabetic character
· Login session times-out after a period of time to prevent unauthorized use

Authorization/access control
· Only authorized personnel have access to restricted data
· Access to sensitive data is revoked in a timely manner for employees who change function or resign
· Nondisclosure Agreements – pertaining to sensitive data – in place with contractors and third parties
Data confidentiality
· 128-bit encryption and a security firewall are in place to ensure customer information confidentiality, during transmission between the browser and our secure server
· Physicians and staff may store practice-related files in their dedicated area on the Cyberderm server. These files are password protected and not visible to others outside their practice.
· Cyberderm email between Cyberderm members including patients is protected by encryption and the firewall and is completely private. Email forwarded outside of Cyberderm is no longer privacy protected.
Data integrity
· We implement full database backups by our certified Database Administrator to insure data consistency, integrity and permanence
· We grant Users access to their information in order to verify that the data is still accurate and has not been modified or corrupted
Data access and sharing
· Physicians/super users control how their data are shared. Each practice has one or more super users who grant other registered staff members access to various Cyberderm services · Practice files posted to the member center are shared by each member of the practice
· Discussions and discussion files are shared by each invited member of a discussion
· Super users designate one or more staff members who can access each of the medical messaging inboxes
Data retention
· Data are stored on our secure server and backed up to tape
· Data are stored to the extent required by state, federal and local laws
· Web servers are located in a secure and environmentally controlled room/location
· Backups are automated and scheduled using industry-standard net backup software
· Backup tapes are continuously stored in a secure location off-site
Overall management, policies and procedures
· All employees of Cyberderm, Inc. are aware of the company’s security policy
· New hires are briefed on security and privacy issues. Security policies are covered in the employee manual.
· Cyberderm departments review security measures at regular department meetings
Monitoring/oversight
· Security and privacy threats, operational and technical vulnerabilities have been assessed, and countermeasures have been taken to eliminate or reduce these vulnerabilities
· New threats are consistently evaluated and measures are taken to prevent them from occurring at Cyberderm
· A security firewall screens access events and non-valid attempts are denied and logged
Data modification
· To assure that the information you collect is accurate and up-to-date, we provide users with a mechanism to correct and update their pertinent personally identifiable information
· Users can access and correct any inaccuracies in the information submitted online and via email
· Users can access and correct: demographics, insurance info, emergency contacts and medical history (for patients)
· Physicians may alter their Websites to modify personal bios, change addresses and policy information
· Users will be informed via their personal email if there is a change in the use of personally identifiable information
Linking
· Our Website offers links to other Websites
· Our partners may deliver cookies while our Users are on their own Websites
· Once users navigate to a partner site they have left Cyberderm, even though the site may appear similar. We recommend users read the privacy statements provided by partner sites
Changes in the privacy policy
· Cyberderm will notify users on the Cyberderm website and via personal email of any changes in our privacy policy including changes in the use of personally identifiable information.
ADDRESSING PRIVACY & SECURITY CONCERNS
If you have any questions about this privacy statement, the practices of this site or your dealings with this Website, please contact us:Security/Cyberderm
Joel A. Sabean, M.D.
350 Cottage Road
South Portland, Maine 04107
E-mail: info@Cyberderm.com
Fax: (503) 242-0241