HIMSS Privacy Policy
Introduction
Healthcare Information and Management Systems Society, Inc. and its affiliated entities (collectively, “HIMSS”) is a global advisor, thought leader and member-based society committed to reforming the global health ecosystem through the power of information and technology. When we mention "HIMSS," "we," "us," or "our" in this Policy, we are referring to the relevant company in the HIMSS Group responsible for processing your data. HIMSS is ultimately the data controller or a joint controller along with another company of the HIMSS Group.
Individuals use our platform to connect, share resources and information pertaining to their areas of expertise, and showcase their professional growth. This Privacy Policy (the “Policy”) explains how we collect, use and protect personal information; it applies to registered users and visitors to our site.
HIMSS takes your privacy seriously. This Policy applies to HIMSS-owned websites, HIMSS-branded mobile applications, and all communications and services offered by HIMSS or in conjunction with HIMSS or its services (collectively, the “Services.”)
To best explain your rights and our obligations under this Policy, we have included more information about your rights and our obligations below, along with definitions for key terms that we use throughout the Policy. If you have any questions about this Policy, you can contact us at dpo@himss.org.
International Coverage and Variation
HIMSS operates in the U.S. and globally and many countries have unique data protection laws. This Policy applies to all HIMSS businesses around the world except to the extent country-specific requirements supplement this Policy.
Under certain U.S. state privacy laws, certain sharing of information for advertising purposes may be considered a “sale” of personal information. If you attend our partnered events or download partner content, personal information including your name, email, and phone number may be “sold” to our partners for their own use.
Certain states including California, Colorado, Connecticut, Montana, Tennessee, Texas, and Delaware give their residents the right to opt out of the “sale” of your personal information. To do so, contact us at dpo@himss.org.
Services
This Policy applies to the Services, including, without limitation, off-site Services, such as our ad services, websites, newsletters, webinars, events and content syndication. Additional disclosures required by law may be found in separate privacy disclosures.
Privacy Policy Change
HIMSS reserves the right to modify this Policy and will notify you of any changes and provide you with the ability to opt out or close your account if you object to any changes.
You acknowledge that your continued use of our Services after we notify you of changes to this Policy means that the collection, use and sharing of your personal data is subject to the updated Policy as of its effective date.
Data We Collect
In order to offer you Services, we have to collect certain information about you. That information includes:
Registration Information
To create an account with HIMSS, you will need to provide certain personal information. That information may include some or all of this information: Your name, city, state, country, email address, and/or site password. We may also require verification of your identity through a HIMSS associated identification number or through the provision of a personal link sent to your email address. To register for some Services ( e.g., membership, events), we may also ask for payment information. This information is subject to our privacy and security protocol under this Policy. We will never charge you for Services that you do not request.
In addition to required information, we may ask for additional optional information. Such optional information may include your profession, photo, headline, professional goals, topics of interest, and more. Whether you provide this information or not is entirely up to you, but by providing this information, you allow us to provide you with a better and more tailored experience.
Sponsored Content
When you download sponsored content or attend certain events, we may collect personal information including your name and contact information, order and payment information, online account username, and information about your browsing habits. We collect this information to ensure that our content is better tailored to your interests.
Webinars
When you register for a HIMSS Webinar, we may ask for attendance records, course completion information and metrics related to your access. We do this to ensure that our offerings are engaging and helpful and so partners are aware of opportunities to host additional webinars, and more.
Events
HIMSS hosts several online and in person events. When you sign up for our online events, we may collect information including but not limited to username and password, first name, middle initial, last name, user's company/organization, title/professional degree or designation, photo, physical address, phone number, email, age bracket, gender, and disability status.
We may also collect demographic information, including but not limited to, professional title, worksite, length of time in the field, purchasing authority, previous conference attendance, name of the hotel (if attending an in-person/live event), and/or discount code.
Newsletters
If you subscribe to HIMSS's Newsletters, we add your name and email address to HIMSS's mailing list, which is managed by Marketo. Please note that the Marketo Privacy Policy governs Marketo’s practices. Each individual newsletter you receive contains a quick and easy unsubscribe link. When you opt out from receiving those emails, HIMSS and Marketo, which manages HIMSS's Newsletters, may retain a record of your past receipt. If you want HIMSS to delete these historical records, contact us directly at dpo@himss.org.
When users contact HIMSS via phone number or email portal, we may collect personal information included but not limited to first and last name, phone number, time, date, and email address. We will also record the reason for the call or email.
Profile Information
By using HIMSS's Services, you have the opportunity to connect with colleagues, share information about professional development opportunities, maintain professional credentials, enroll in course certifications, register for events and conferences, and more. HIMSS Members can choose to share information such as their photo, headline, current role and workplace, experience level, personal websites, certifications, professional goals and affiliations, and more. Whether or not to fill out certain sections of your profile is up to you, however the more details you provide, the more likely it is that opportunities for collaboration, professional development, and relevant information will find their way to you.
Information Gathered from Cookies and Other Similar Technologies
HIMSS uses cookies and other similar technologies (such as pixels and advertising tags) to ensure the quality of your visit. Specifically, HIMSS uses cookies to recognize users and their behaviors across our Services, streamline the login process, and remember user-specific preferences. You can always set your browser not to accept cookies; however, you should be aware that in some cases, some of our Services may not function as a result.
When leaving or coming to our sites, HIMSS may also collect information concerning both the site you came from and the one you go to, as well as the time of your visit. We collect this information in accordance with this Policy, and endeavor to utilize privacy preserving technologies such as Internet Protocol ("IP") masking, which allows us to only collect the information we need, in anonymous or aggregate form, about your site visit.
When using our Services from a mobile device, your device will send us data about your location based on your mobile device's settings. We endeavor to cooperate with "Do Not Track" ("DNT") signals. When you choose to turn on the DNT setting in your browser, your browser sends a signal to websites, analytics companies, ad networks, plug in providers, and other web services you encounter while browsing to stop tracking your activity. DNT signals are not universal, and in special circumstances, HIMSS reserves the right to refrain from complying with signals, such as when the signal is indecipherable or incompatible with our processes. Similar to our note about cookies, if you choose to turn on your DNT setting within your browser, some of our Services may not function as a result; furthermore, we may not be able to send you some of the advertisements or sponsored opportunities you may value.
Unless relevant law provides otherwise, we also collect ( or rely on others who collect) information about your device when you have not engaged with our Services (e.g., ad ID, IP address, operating system and browser information) so we can provide you with relevant ads and better understand their effectiveness. You can always opt-out from our use of data from cookies and similar technologies that track your behavior on the sites of others for ad targeting and other ad-related purposes, and you can do so by visiting your Settings.
Partners and Related Offering Information
HIMSS shares personal data with partner organizations, sponsors, vendors, third-party service providers and agents who work on our behalf or closely with us to offer content such as courses, training opportunities, webinars, advertisements, conferences, and career specific newsletters. We may tailor these opportunities to the specific information you have provided to us, as well as information HIMSS has gathered based on your previous interactions with our Services.
In certain instances, your employer or another organization may provide you with access to HIMSS Services. In those cases, those entities will only receive aggregate information, and not personal information about your engagement with our Services. For example, we may share that a majority of employees registered with HIMSS have fulfilled a certain certification course; however, we will not provide employers with information about which of their employees fulfilled a particular course or which employees are open to recruitment opportunities. HIMSS reserves the right to alert your employer or other organization to your having been banned from HIMSS Services. These instances will occur only following a breach of our Terms of Service or community standards (i.e., egregious harassment of another member, repeated instances of fraud, etc.).
How We Use Your Data
By choosing to provide HIMSS with your personal data, we can connect you with colleagues and employers, find opportunities and share resources, and share news about conferences and trainings and more. Without data such as your name, email address, and password, HIMSS would be unable to provide our Services, including the ability to register you for events, verify your credentials, and more.
How we use your data depends on the HI MSS Services you use, how you choose to use or engage with those Services, and the choices you make upon registering and within your user-specific settings.
Personalizing Your Experience
HIMSS may use your data to personalize your experience, including offering you specific opportunities and bettering HIMSS's automated systems and inferences, so that our Services can be more relevant and useful to you.
HIMSS offers personalized experiences through tailored career guidance, specific course offerings, and by suggesting individuals who you may know. HIMSS and its vendors, partners or publishers may also tailor advertisements to you.
Marketing
HIMSS uses data and content for invitations, communications and promoting our Services. HIMSS shares your personal data with sponsors for marketing purposes, unless you opt-out. HIMSS will add your personal information to mailing lists, where you might receive promotional materials such as newsletters, educational materials, information on other HIMSS activities, services, and/or partner solicitations for events or services.
HIMSS offers opportunities to speak and participate in events. We reserve the right to communicate those offers directly to you. The choice over whether to register for an event or serve as a speaker is entirely up to you. If you do decide to speak at an HIMSS-related event, including events such as the HIMSS Global Health Conference, we may request additional data from you, such as a new headshot, preferred title, and more. The collection and use of this information will be within the context of the particular opportunity for which you have registered, and we reserve the right to make that information public for marketing and similar purposes.
HIMSS reserves the right to show you sponsored content, which may or may not look like non-sponsored content, although we will alert you to the nature of the content by adding a tag (such as "sponsored content" or "advertisement"). If you choose to comment, share or similarly engage with sponsored content, your action may be viewable by your connections on your feed as well as by the sponsor. The choice over whether to engage with sponsored content is yours.
HIMSS's advertising practices align with industry best practices for internet-based advertising. We provide you with the ability to opt out of tailored or targeted advertising; however, by opting out of such advertising on your settings, you are not opting out of advertising altogether. You will continue to receive advertisements; however, those advertisements may not be tailored to your specific interests. If you would like, you can choose to opt-out of specific uses of certain categories of personal data while allowing advertising uses of other categories.
HIMSS may generate insights based on information that does not identify you or is not personal to you. For example, HIMSS may monitor usage patterns across our Services in order to make platform improvements or monitor our content in order to ensure that the tools and services we provide are of interest to you (e.g., how often users watch the videos we offer or click sponsored content.) In such cases, we do not use this data in a way that would identify you. However, if you view or click on an ad on or off our Services, the ad provider may get a signal that someone visited a page which displayed the ad, and they may, through the use of their own mechanisms such as cookies, determine that the user is you. In such instances, we endeavor to ensure that the advertising services that operate on HIMSS's platforms comply with this Policy and, if the advertiser has their own policy, we encourage you to consult that policy as well.
Pursuant to this Policy, HIMSS may contract with Google Analytics (or other such services) to utilize anonymous data (such as: ad serving domains, browser type, demographics, language settings, page views, time/date a site has been visited), and pseudonymous data (IP address).
Other Instances (Monitoring for Fraud, Complying with Lawful Requests for Data, and More)
In certain circumstances, we may be required by law to provide information about you and your engagement with HI MSS. We will never turn over your data to the government or to law enforcement unless we are required by subpoena, warrant or other legal process or legal order.
In those cases, we will turn over your personal data only when we have a good faith belief that we are required by law to do so and that the disclosure is narrowly tailored and reasonably necessary to (1) investigate or prevent suspected or actual illegal activity; (2) enforce our agreements with you; (3) defend ourselves against legal claims or allegations; (4) protect the security of our Services (such as preventing a similar fraud across different departments) and (5) to exercise or protect the rights and safety of HIMSS, our Members, personnel or others. We attempt to notify users about legal requests for their personal data when appropriate and permitted, unless prohibited by law or court order or when the request is an emergency. We may dispute such requests when we believe, in our discretion, are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.
Finally, we may be required to share personal data for archival purposes in order to maintain HIMSS, or third-parties' records (for example, maintaining a list of individuals registered for an event, or those who have achieved an expert-level certification for verification purposes).
Our Obligations and Your Choices
Based on the applicable laws of your country and state, under this Policy, you maintain certain rights.
For example, in some regions, such as the European Economic Area, you have rights under the EU General Data Protection Regulation (the "GDPR") which allow you greater access to and control over your personal information. These rights include the right to access and port your data, delete your data, change or correct your data, as well as the right to object to or limit the ways in which your data is used.
Depending on your state of residence within the United States, your privacy rights and our obligations may differ. For example, residents of California, under the California Consumer Privacy Act (the "CCPA") have the right to know which categories of data HIMSS holds about them, as well as the categories of third-parties to which that date is sold or shared. Furthermore, California residents are able to opt-out of the disclosure of their sensitive personal information upon registration and can exercise that right anytime throughout their engagement with HIMSS Services by accessing their settings. Californians may also designate a representative to act on their consumer rights, although HIMSS retains the right to verify that the representative is acting under your direction. Residents of Nevada too, have heightened privacy rights over their personal information when used in combination with another identifier (like a financial account number). Rest assured that, regardless of your state of residence, HIMSS upholds our obligation to protect your personal data to the fullest extent of applicable law.
We aim to fulfill every request from you, unless those requests are frivolous or would be impractical to address, jeopardize the rights of others, or if we are not required to by law. However, in such circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include personal data, in order to verify your identity. HIMSS will never deny you the use of our Services or provide you with a different level or quality of Services for exercising any of your rights.
If you have any questions about this Policy, or if you would like to exercise any of your rights outlined below, contact us at:
We will respond to your request as soon as we are able, and in any case, within 30 days or sooner, as prescribed under applicable law.
Access or Port Your Data
You have the right to request more information about the personal data we hold about you anytime, as well as request a copy of that data. We will send a copy of your personal information in machine readable format to the email address associated with your account, unless you direct us otherwise. You can also request that we transmit the data to another platform where technically feasible.
Delete Your Data
You have the right to delete the data you have previously shared with us. Once a deletion request is fulfilled, neither you nor HI MSS will have access to your historical data, unless we are required to retain such information by law. Filing a deletion request means that your data will be permanently and irreversibly erased, which may limit our ability to communicate with you in meaningful ways. If you would prefer to change or correct your information instead or ask that we change the ways in which we use your data, such restrictions allow us to continue offering you the Services you value.
Change or Correct Your Data
You have the right to correct, change, or modify the personal data we hold about you anytime if you believe that data to be incorrect or incomplete.
Object to, Limit, or Restrict the Use of Your Data
You have the right to contact us anytime and object to the further use or disclosure of your personal data for certain purposes, such as for direct marketing. You can also ask us to restrict further processing of your personal data.
Other Things We Think You Should Know
Lawful Bases for Processing
Pursuant to the GDPR, which governs the collection, use, and transfer of personal data within the European Economic Area and in certain other circumstances, HIMSS processes personal data in line with specific lawful bases. Those bases include performance of a contract ( e.g., the new Member registration process), when necessary to comply with our legitimate interests ( e.g., to manage past payments or to collect owed money, keep our services updated, and inform our market and marketing strategies); when necessary to comply with legal obligations (e.g., notifying you when our Privacy Policy changes, or when responding to your inquiries).
Depending on your country of residence, we may be subject to other obligations not mentioned here. Furthermore, there may be other sector-specific privacy and security laws (for example, those governing health and financial data) that we do not mention within this Policy, but do have bearing on how we collect, use and share your data.
If we are relying on your consent to process your personal information, you have the right to withdraw that consent at any time. Please note however that this will not affect the lawfulness of the processing that occurred before your withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Security
HIMSS implements appropriate technical and organizational security measures designed to protect the security and safety of your personal data.
Data Localization and Cross-border Data Transfers
As a multinational organization, HIMSS recognizes the need to meet GDPR requirements, and ensure that your personal data is protected when transferred across borders. The GDPR restricts the transfer of personal information outside of the European Economic Area, except in cases where adequate protections are in place to guarantee that your personal information is sufficiently protected.
Children
HIMSS Services are not intended to be used by children. By using HIMSS Services, you affirm that you are an adult over eighteen years of age. If we learn that we have collected personal data from a child, we will delete that information as quickly as possible. If you believe that a child may have provided us with their personal data, please contact us at dpo@himss.org.
Chapters
HIMSS supports many chapters and works to bring health professionals together. Each HIMSS Chapter is a separate legal entity. HIMSS Members receive the benefit of being a member of one HIMSS chapter of your choice. When you register for a HIMSS chapter, we may collect information included but not limited to profession, headline, professional objectives, and topics of interest. We collect this information to ensure our platform includes applicable chapter activities. Users have discretion in providing all or some of this information, but providing this information is aimed at providing you with a more tailored user experience. Visit your local HIMSS chapter for more information and specific privacy policies.
Media
HIMSS's platform provides full-service media and events on the relationship between technology and innovation. HIMSS users will have access to account-based marketing, custom content.
Additionally, this Service includes access to HIMSS TV and HIMSS Global Health Conference Solutions.
- Account-Based Marketing: HIMSS Media and Account-Based Marketing Service provides clients with unparalleled insights into key account activities across media, mobile, video, and other high impact channels.
- Custom Content: The HIMSS Custom Content studies buyer personas and the buying process through an in-depth analysis of research.
- HIMSS Editorial Brands: Healthcare IT News, Healthcare Finance News, and MobiHealthNews provide users with news, commentary, research, and insights for the digital health community. These platforms provide daily news updates on digital health and health care innovation coverage on a breadth of issues.
We may be required to share personal data for archival purposes to maintain HIMSS, or third-parties' records.
List of Data Processors
HIMSS uses the following types of data processors to design, create, and implement IT processes and symptoms that would enable the data controller to gather personal data about HIMSS users. While HIMSS uses many data processors, below is a list of the categories of processors we use to gather your data.
- User Experience: Data Processors will implement tools to analyze user engagement and interaction on the HIMSS' platform. These tools will analyze our products and service utility, ease of use, and efficiency.
- Brand Management: Data Processors will implement techniques and tools to increase the HIMSS’ platform brand value. These processors will work towards building out strong brand associations.
- Content Strategy: Data Processors will collect analytics and data around user's interactions and engagement with HI MSS content.
Key Terms
Anonymous or Aggregate Information
Anonymized data is information that has been irreversibly altered in such a way that an individual can no longer be identified directly or indirectly by its use. Aggregate information, similarly, cannot identify an individual, and is the process of combining data sets in order to obscure the identity of an individual.
Cookies
A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the site again, the cookie allows that site to recognize your browser. Cookies may store user preferences and other information. You can configure your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies.
IP Address
Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned to geographic blocks. An IP address can often be used to identify the location from which a device is connected to the Internet.
Pixel Tag
A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking certain activity, such as views of a website or when an email is opened. Pixel tags are often used in combination with cookies.
Partner or Partner Organization
HIMSS works with vendors, third-party advertisers and sponsors, healthcare organizations, and employers to offer content, conferences, courses, and more. Our partners are held to this Policy.
Personal Information
Personal Information means any information that can identify an individual, including, but not limited to, information that relates to a person's name, email address, health, finances, education, business, mailing address, telephone numbers, license numbers, and any financial identifiers.
Sensitive Personal Information
This is a particular category of personal information relating to topics such as confidential medical information, racial identity, ethnic origins, political or religious beliefs, trade union membership, or sexual orientation.
About This Policy
This Policy applies to all Services offered by HIMSS and its partners, as well as services we offer on third-party sites. However, this Policy does not apply to services with separate privacy policies that do not incorporate these provisions. Furthermore, this Policy does not apply to other companies, individuals, and organizations that choose to advertise our services or to services offered by other companies, individuals, or other organizations.
To keep this Policy up-to-date and to remain compliant with relevant laws, we may make changes that reflect our current practices. We will not reduce your rights under this Policy without your consent, and if we make significant changes, we will post a prominent notice or directly send you a notification. We encourage you to review this privacy notice with reasonable frequency to stay informed regarding the ways that we protect your information.
This Privacy Policy was last updated in July 2024.