The following principles reflect the Lexington Medical Society’s commitment to maintain the Web site visitor's rights to privacy and the confidentiality of personal information. In this context, privacy refers to the right of the individual site visitor to choose whether to allow personal information to be collected, by the host site (in this case, LMS) or by third parties, and to know what type of information is collected and how that information is used. Confidentiality is the right of an individual to not have personally identifiable medical or other information disclosed to others without that individual's express informed consent.
The Internet has the potential to allow information about Web site use to be tracked in aggregate (which can help site developers understand site use and improve the experience of the viewer) and at the individual user level. Individual user information can improve the visitor's experience of the site by permitting personalization of the site related to the individual's particular interests or concerns. However, tracking of personal medical and health information (ie, medical conditions, health-seeking behaviors and questions, and requests about drug therapies or medical devices or information pertaining to them) could breach an individual's personal privacy and reveal an individual's health data.
Thus, health and medical Web sites have a particular obligation to protect the privacy and confidentiality of individuals. Patients and individuals with interest in particular medical conditions should feel confident in obtaining information and using resources on the site, without concern that such use will be identified with them without their permission. LMS believes all site visitors should have the opportunity to opt in or out of allowing personal information to be tracked. In addition, LMS takes measures to ensure the safety and security of its Web site servers and to guard against divulging private information.
- The site does not collect name, e-mail address, or any other personal information unless voluntarily provided by the visitor after the visitor is informed about the potential use of such information.
- The process of opting in to any functionality that includes collection of personal information includes notice that personal information will be saved, with explanation of how the information will be used and by whom. The opt-in statement is explicit and clear to the viewer.
- Collection, retention, and use of nonmedical personal information about site visitors may be offered to viewers when LMS believes that such information would be useful in providing site visitors with products, services, and other opportunities, provided such use adheres to these principles and is within bounds of current regulations and law (http://www.ftc.gov/privacy/index.html). Individuals may agree to have such nonmedical personal information collected or may choose not to, with the understanding that opting out of having such information collected prevents the site from being tailored to their particular needs and interests. Such information will not include personal health information, such as any information about medical conditions or medications purchased.
- Names and e-mail addresses of site visitors are not provided or released to a third party without the site visitor's express permission.
- E-mail information, personal information about specific visitor's access and navigation, and information volunteered by site visitors, such as survey information and site registration information, may be used by LMS to improve the site but are not shared with or sold to other organizations for commercial purposes.
- LMS will use e-mail addresses voluntarily provided by site visitors to notify them about updates, products, services, activities, or upcoming events. Site visitors who do not wish to receive such notifications via e-mail may opt out of receiving such information at any time.
- LMS makes names and addresses of LMS members available (according to the Guidelines for Data Release) only for communications that are germane to the practice of medicine or of interest to physicians or medical students as consumers. E-mail addresses are excluded from such agreements.
- Nonidentifiable Web site visitor data may be collected and used in aggregate to help shape and direct the creation and maintenance of content.
- A cookie is a small file stored on the site user's computer or Web server and is used to aid Web page navigation. Two types of cookies are commonly used. A session cookie is a temporary file created whenever a Web site is accessed and is self-terminated based either on an expiration date (eg, 3 hours from creation of the cookie) or by closing the Web browser. A persistent cookie is a permanent file and must be deleted manually. Cookies referred to in the context of these Guidelines are persistent cookies. A cookie function may be used on the site to track visitor practices to help determine which site features and services are most important and guide editorial direction. The cookie makes it possible for the user to access the site without requiring entry of a user name or password, allows the user to view different restricted areas of the site without reregistering, allows the user to personalize the site for future use, and permits the user to make subsequent purchases without reentering credit card information. Users who do not desire the functionality created by the cookie should have the option to disable the cookie function, either by indicating when asked that they do not wish to have a cookie created or by disabling the cookie function on their browser. Individuals should be able to opt out of cookie functions that permit tracking of personal information at any time.
- E-mail messages sent to a Web site may not be secure. Site visitors are discouraged from sending confidential information by e-mail. Site visitors sending e-mail accept the risk that a third party may intercept e-mail messages.
- Market research conducted by the site or its agent to enhance the site is clearly identified as such.
- E-mail alerts and newsletters contain an "unsubscribe" option.