Privacy Policy

Privacy Policy
Your privacy, and your patients’ privacy, is important to Arcos. We collect the smallest amount of information that we believe is necessary to ensure our website users are getting the service they expect and to protect our website, our servers and your patient data, from unauthorized groups.

Patient Data
Burn Nav Web software is HIPAA de-identified; it does not collect patient identifiers listed in the de-identification Safe Harbor section of the HIPAA regulations. As an essential part of its service, Arcos keeps de-identified patient records for hospitals, healthcare providers and clinicians to access during and after a care episode. These patient records are tied to a particular hospital or user group (hereafter “hospital”), to ensure that unauthorized users do not access your hospital’s de-identified records. Arcos has agreements with select business partners to provide customer service in some countries and regions. Arcos shares the de-identified data with its customer service partners so they can best support your needs and inquiries. We also support advancing the science and care of burn resuscitation by making de-identified patient data available to researchers. However, we take steps to ensure that de-identified patient data is also hospital de-identified before providing the data to researchers. We protect your patient data by using different databases for each hospital. We also protect your patient data by ensuring that only authorized users can view your hospital’s de-identified data. To do that, we collect and store some user data.

User Data & Information Collected
By registering on our website, you provide and we collect your email address, password, name, credentials, hospital and your hospital’s location. To keep your password safe, we salt and hash your password, storing it encrypted in our database. We keep your password and any patient data you enter safe during transit by using encrypted, https secure data transfers, using the highest level of TLS 1.2, 1.1 or 1.0 that your browser offers. We use your email address along with your password to verify that you are an authorized user. We associate your email address with your hospital so that you have access to your hospital’s patient records and others in your hospital has access to any patient records you create for that hospital. Arcos may share your email address, name, credentials and hospital with its customer service provider in your country or region so they can follow up on customer service issues. We follow country and regional requirements for storing user and patient information in a particular country or region.

General Information
We collect IP addresses of visitors to our website. We use this information as a way to protect our website and may block visitors from certain IP addresses for security purposes. We also use IP address and, if available, associated city/state/country information to see where people are interested in our software and products.

What do we not do?
We do not sell your user data. We do not share your user data with anyone other than our customer service provider for you in your country or region. We do not use your information for any kind of web browser tracking or advertising.

Rights Reserved
If your hospital is using one of our products or services, we reserve the right to publicly list your hospital as one of our customers. We reserve the right to view and use your de-identified patient data for our own purposes, including, but not limited to, improving the features and functionality of our software and advancing the science of burn resuscitation. We reserve the right to share de-identified data with researchers and other third parties, including for publication and public presentations, after taking steps to de-identify the hospital associated with the de-identified patient data. If we receive a law enforcement or a court request for your user data or de-identified patient data, we may share such data with the requestors. The requestor might forbid us from notifying you in that situation.

Consent and Opting Out
When users register on our website, we ask them to agree to this privacy policy. You may opt out of providing user data by not registering and opt of providing any data by not using our website.

Our privacy policy may change from time to time without notice.

If you have any concerns or comments, please contact us.

Updated March 2017