Our Commitment to Privacy

Your privacy is important to us.  College of Healthcare Information Management Executives (“CHIME“) has developed this Privacy Policy to provide you information about how the CHIME Organizations collect and process the information (including personal information) you provide us by personal interaction, post, email or through a CHIME Organization website (including www.chimecentral.org, www.aehit.org, www.aehis.org, and www.aehia.org) (collectively referred to herein as the “CHIME Website“) or otherwise.  

Who We Are

This Privacy Policy is issued on behalf of CHIME and its affiliates, so the terms “CHIME Organization“, “we“, “us” and “our” mean, collectively, CHIME, College of Healthcare Information Management Executives Foundation (“CHIME Foundation“), CHIME Technologies, Inc., CHIME Education Foundation, CHIME Healthcare Innovation Trust, membership groups of the CHIME Organizations and any other future organizations formed by CHIME.   

CHIME is the controller and is responsible for your personal information collected and processed as described in this Privacy Policy.  Any other CHIME Organization may also act as controllers and processors of your personal information.

Information We Collect

Information collected directly

We may collect personal information about you – such as your name, address, telephone number, fax number, email address, etc. – directly from you. For example, personal information may be collected when you apply to become a member of (or renew a membership in) CHIME or CHIME Foundation, register for programs or events hosted by a CHIME Organization itself or with others, participate in an online survey or competition, subscribe for a service or publication we provide, provide online feedback, post comments on our blogs, download whitepapers or other content, create an account on the CHIME Website or otherwise provide us information.  Generally, the information we collect includes your:

  • Identity information, such as your name, gender, birthdate and headshot.
  • Contact information, such as company you work for, your title, phone and email address.
  • Demographic information, such as your race/ethnicity, educational degrees and professional certifications.
  • Profile information, such as your username and password, feedback and survey responses, social profile information (e., socialcharacteristics that identify you on social media sites such as LinkedIn and Facebook) and preferences and interests.
  • Financial information, such as payment information (credit card numbers and bank account information), as well as information about payments to and from you and the details of benefits, events, programs and services purchased by you.
  • Other information relevant to the provision of benefits, events, programs and services offered by the CHIME Organizations.

Automatically-collected information

We use cookies and other similar technologies to automatically collect information when you access or use an online benefit or service or visit the CHIME Website, such as an IP address, browser type, domain name, page views, a date/time stamp, clickstream data, links clicked, features used and similar device and usage information.

Third Parties or Publicly Available Sources

We may receive personal information about you from collaboration or affiliation partners of a CHIME Organization, CHIME Chapters outside of the United States, and other third parties, such as analytics providers, advertising networks, social media platform providers and search information providers. We also may receive personal information about you from public sources.

Our Use of Your Personal Information

Personal information means information about an individual from which that person can be identified. It does not include information where the identity (or identifiers) has been removed (anonymous information).

We may use personal information for the following purposes:

  • To Process Transactions

We use personal information to process transactions in the ordinary course of our business, such as membership applications and registrations for events, programs and services. 

  • To Provide Membership Benefits, Events, Programs and Services

Personal information (such as members’ names and contact information, “Membership Information“) is used by CHIME Organizations to support and provide, and enable you to participate in, membership benefits, events, programs (e.g., educational programs, survey programs, testing and certification programs, etc.) and services.    

  • To Manage Our Relationship with You

CHIME Organizations may use your personal information to provide you with support; respond to your requests; solicit your feedback (e.g., through a review or survey); notify you about changes to our website terms of use or privacy or cookie policy; verify your identity; store preferences; and otherwise manage our relationship with you.

  • To Enable Member-to-Member Communication, Networking and Analytics

CHIME Organizations may use your personal information to enable members to communicate, network and share information with each other on social media platforms, through online benefits and services (including online surveys and analytics tools) and otherwise.  For example, CHIME makes available an online analytics tool to allow members to view and compare other member organizations’ data in categories such as organization type and location; budgetary spending and financials; and technology vendors and products used by the organizations.  CHIME Foundation members also have access to the Membership Information of other CHIME Foundation members and CHIME members through the membership directories maintained by CHIME. 

  • To Invoice and Enable Payment

CHIME Organizations use personal information to invoice and process payments for benefits, events, programs and services and to collect and recover money owed to us. 

  • For Marketing and Promotions

We may use personal information for marketing and promotional purposes, such as to send you news and newsletters, or to otherwise contact you about memberships, benefits, events, programs or services we think may interest you.  You may specify, as part of your online member profile, the type of emails you want to receive from us.  You may also unsubscribe from all communications from us. However, electing not to receive any of these communications may mean that you will not receive important notices about your membership or benefits, events, programs or services that may be useful to you.

  • For Analytics and Improvement

CHIME Organizations may use your personal information and data analytics to better understand your preferences and how you access and use the CHIME Website and our online content, benefits, events, programs and services, to assess and improve the CHIME Website and our online content, benefits, events, programs and services, and to assess and improve member programs, events, relationships and experiences. We may use personal information and the insights we have derived to develop new content, benefits, events, programs or services, or news or information that may be of interest to members, prospective members, site users and others. 

  • For General Business Administration, Legal Compliance and IT Support

We may use your personal information for general business administration (including accounting and recordkeeping) and legal compliance purposes (including to enforce, establish or defend our legal rights, or to protect the rights of third parties) and to support the CHIME Website and other CHIME Organization computing systems (including troubleshooting, testing, system maintenance, support, reporting and hosting of data). 

  • For De-Identification, Aggregation and Analysis

We may de-identify your personal information and aggregate it with information provided by others to conduct analyses (such as to understand how an industry or a segment is growing, changing and adapting), to analyze information about CHIME Organization benefits, events, programs and services, and for other purposes. De-identified data may be derived from your personal information but is not considered personal information under law as this data does not directly or indirectly reveal your identity.  

If you Fail to Provide Personal Information

If you fail to provide personal information we need to perform a legal or contractual obligation, we may have to restrict or cancel your participation in the applicable benefit, event, program or service to be provided pursuant to a membership agreement with you or your organization or other agreement.  

Third-Party Websites

The CHIME Website and many print and electronic communications and publications delivered by CHIME Organization contain links to other websites. These other websites may send their own cookies to users, collect data or solicit personal information. CHIME Organization is not responsible for the privacy practices or the content of these other websites.  Please check with the other sites to determine their privacy policies and how they may collect or use information.

Sharing Your Personal Information

We may share your personal information with the following categories of third parties:

  • Our professional advisors, such as lawyers, accountants and auditors;
  • Government and/or regulatory authorities;
  • Third parties to whom we outsource certain services, such as IT services (compute power, database storage, applications, and other IT resources);
  • Third parties with whom we have a collaboration, affiliation or other contractual arrangement and who use your information to provide (or assist CHIME Organization in providing) benefits, events, programs and services to CHIME Organization members or use your information for their own purposes;
  • CHIME Chapters outside of the United States;
  • Accreditation or certification bodies;
  • Other members (and representatives of such members) and sponsors of the CHIME Organizations;
  • Data aggregation and analytics companies;
  • Third party processors (such as payment service providers, shipping companies, );
  • Debt collection agencies and tracing agencies;
  • Any relevant party, claimant, complainant, government agency or court, to the extent necessary for the establishment, exercise or defense of legal rights in accordance with applicable law;
  • Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law; and
  • Any relevant third-party acquirer(s), in the event we sell or transfer all or any portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

Cross-Border Data Transfer

The CHIME Organizations are located in the United States.  When you submit personal information to us, or when others provide personal information to us, we will receive it and process it in the United States.  In order to provide the benefits, events, programs and services, we also may need to transfer your personal information to locations in other jurisdictions.  If you are based in the European Economic Area (EEA), this will involve transferring your personal information to individuals and entities located in countries outside the EEA.  

CHIME Chapters located outside of the United States are owned, managed and/or operated by an association located in the particular country or region and are not owned, managed and/or operated by a CHIME Organization. Accordingly, personal information received by a CHIME Chapter located outside of the United States will be governed by the privacy policies of the association that owns and manages that CHIME Chapter.

Security

CHIME has implemented safeguards designed to protect the integrity, security and confidentiality of your personal information from unauthorized use or disclosure.  Access to personal information is limited to select personnel and the information is stored in an encrypted format.  Each CHIME Organization is required to follow the same rules when processing your personal information.  Please note, however, that no transmission over the Internet is completely secure or error-free and that the safeguards and controls utilized and maintained by us may be subject to compromise.

Data Retention Period

In general, we will retain relevant personal information of you for at least two (2) years from the date of our last interaction with you or for longer where required by our regulatory obligations or where we believe necessary to establish, defend or protect our legal rights and interests or those of others.  We may then destroy such files without further notice or liability.

Your Legal Rights

You have the following rights in relation to the personal information we hold about you:

Your right of access

If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details). If you require additional copies, we may charge a reasonable fee.

Your right to correction (rectification)

If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible. If you ask us, we will also tell you, where possible and lawful to do so, with whom we have shared your personal information so that you can contact them directly.

Your right to erasure

You can ask us to delete or remove your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal information with others, we will let them know about the erasure where possible. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information with so that you can contact them directly.

Your right to restrict processing

You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to us. If you are entitled to restriction and if we have shared your personal information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, we will also tell you, where it is possible and lawful for us to do so, with whom we have shared your personal information so that you can contact them directly.

Your right to data portability

You have the right, in certain circumstances, to receive a copy of personal information we’ve obtained from you in a structured, commonly used and machine-readable format (Microsoft Word or Microsoft Excel), and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Your right to withdraw consent

If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time.

Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we’ve handled your personal information, you can report it to the relevant supervisory authority.

Please note that some of these rights may be limited where we have an overriding legitimate interest or legal obligation to continue to process the personal information, or where the personal information may be exempt from disclosure due to applicable law.

Contact Details

If you have any questions about this Privacy Policy or want to exercise your rights set out in this Privacy Notice, please contact us at privacyteam@chimecentral.org.  Your request will be forwarded to the CHIME Organization Data Protection Manager.