Integrated workflows ease staff burden and satisfy regulatory mandates.
Privacy Policy & ONC Certification Disclosure
DrFirst.com, Inc. (“DrFirst”) is committed to safeguarding your privacy. This Policy explains what information we gather, use, and share when you visit any website controlled and operated by DrFirst, including when you access our websites via your mobile device. By accessing our website, you agree to be bound by the terms of this Policy. If you disagree with this Policy or with the DrFirst Website Terms of Use, or do not agree to be bound by them, you are not authorized to access any DrFirst website.
Information DrFirst Collects
We may collect Personal or Non-Personal Information from you. “Personal Information” refers to any information that specifically identifies you as an individual that you provide in connection with your use of our website. Personal Information may include, but is not limited to, your name, telephone number, email address, postal address, location and the name of your organization. “Non-Personal Information” is any information you provide to us that cannot be used to determine your identity. The types and amount of information collected for the features listed above will vary depending on the website and activity. The requested Personal Information may include: first and last name, email address, home address (including city and state), telephone number (work or home), and (for those purchasing products online) credit card information. For some activities, you may be asked to create a username and/or password and/or to provide additional, demographic information, including: (i) your age or date of birth, (ii) gender, (iii) frequency of use, purchase, and consumption of certain DrFirst products and/or other similar products, (iv) facts about your business, and/or, (v) other information relevant to the DrFirst product you’ve purchased or the specific website which you are visiting.
How DrFirst Collects Information About You
We only obtain Personal Information that you provide to us, such as when you request information from DrFirst. By using any DrFirst website and submitting Personal Information, you consent to the collection and use of your Personal Information by us as described in this Privacy Policy. In addition, when you access or visit our website, we and our service providers and others who host our website may use technology that can recognize, collect, and transmit information that is associated with you, but which does not personally identify you.
How DrFirst Uses Information Collected From You
We use information collected or obtained when you use our website, including Personal Information for the purposes set out below:
- Market research;
- Creating new features and services;
- The development of services, new and updated products;
- Responding to feedback, questions, and communications concerning our products or services;
- Informing you about our services which may include contacting you by telephone;
- Maintenance and administration of our website.
Means of Collecting Information
Cookies. We use cookies to improve the use and functionality of our website. A cookie is a small text file that may be placed in your browser by websites you visit and the content partners for those websites. You can use the preferences in your browser to view, control and delete the cookies you have by, for example, emptying the cache in your browser. You may check the “Help” menu on your Internet browser for more information, or check with your browser provider.
Cookies help websites remember visitors when they return to the website. For example, a cookie can help a website remember that you’ve already registered, so you don’t have to sign in again each time you visit. Essentially, cookies are used to customize websites based on the content you view and the preferences you have indicated.
We may use cookies to (i) allow us to personalize information for certain segments of our customer base, (ii) allow us to associate individual customers with their information profiles, (iii) keep track of and administer your status, preferences, business information and other information provided by you, (iv) for security purposes, and (v) to understand visitor usage of our websites on an anonymous basis.
You may remove any cookies as described above or “opt out” of receiving advertisements or other cookies by using services such as those provided by the Digital Advertising Alliance or Network Advertising Initiative. You may find more information about their members and the “opt out” process by going to their websites at www.aboutads.info/choices or www.networkadvertising.org.
IP Addresses. We may keep track of Internet Protocol (IP) addresses to (among other things): (i) troubleshoot technical concerns, (ii) maintain website safety and security, (iii) restrict access to our website to certain users, and, (iv) better understand how our website is utilized. An IP address is a number that is used by computers on the network to identify your computer every time you log on to the Internet.
Log Files. We (or a vendor on our behalf) may collect information in the form of logs. Logs are files that record website activity and gather statistics about web users’ browsing habits. These entries are generated anonymously, and help us gather (among other things) (i) a user’s browser type and operating system, (ii) information about a user’s session (such as the URL they came from, the date and time they visited our website, and which pages they’ve viewed on our website and for how long), and, (iii) other similar navigational or click-stream data. We also use information captured in log file for our internal marketing and demographic studies, so we can constantly improve and customize the online services we provide you. Log files are used internally only, and are not associated with any particular user.
Web Beacons. We may use web beacons (or clear GIFs) on our websites or include them in the e-mail messages we send you. Web beacons (also known as “web bugs”) are small strings of code that provide a method of delivering a graphic image on a web page or in an email message for the purpose of transferring data back to us. The information collected via web beacons may include some of the information described in the IP Address section directly above, as well as information about how a user responds to an email campaign from XXXX (e.g., the time the email is opened, where does the user link to from the email, etc.). We use web beacon information for a variety of purposes, including but not limited to, website traffic reporting, unique visitor counts, advertising and email auditing and reporting, and personalization.
Newsletters and Communication. If you provide us your email address and/or mailing address (whether as part of our general website registration or for a specific newsletter or communication), or provide your contact information on a form intended as a request for information regarding our products and services, the contact information you provide will be used to send you the specific newsletter, communication, or literature requested. In addition, you may receive communications introducing you to other DrFirst brands or websites. These materials may come in the form of regular mail or email, depending on the website you register on and the information you provide during registration.
We may also use your email address to send you transactional or administrative communications (e.g., confirmation email when you purchase a product online or when you sign up for, or unsubscribe from, a specific registration or activity), as well as certain service-related announcements (e.g., notices about updates to our Privacy Policy, discontinued features or programs on our websites, changes to our online services or technical support policies, or other related changes). Collectively, these types of communications are referred to in this Privacy Policy as “Administrative Communications.”
Business Interests. We may combine (aggregate) your Non-Personal information with other consumers’ information or other publicly available information to help us satisfy our legitimate business interests, such as performing trend analysis or market studies; identify consumer preferences or interests; set prices; perform billing functions; establish credit; or comply with government regulations. We may also share anonymized data, such as statistical or demographic information in aggregate form, with third parties for research or marketing purposes. However, this anonymized data will not contain your individually identifiable Personal Information.
Disclosure of Information to Third Parties
We disclose your Personal Information to our service providers that we engage to provide certain services, such as hosting and maintenance, data storage, customer management and disaster recovery. We expect our service providers to use reasonable measures in order to protect your privacy and Personal Information from unauthorized access.
We also reserve the right to make your Personal Information available:
- To third party marketing and advertising companies;
- To comply with any applicable law, regulation, a court or other legal process, or enforceable government request;
- To take appropriate action regarding any use of our website that may violate any law or regulation;
- To protect the health, safety, security, property, and interests or rights of us or others;
- In order to investigate or respond to or resolve problems or inquiries or defend our interests.
- As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law.
Miscellaneous
California Privacy Rights. If you are a resident of the State of California, under the California Consumer Privacy Act of 2018 (CCPA), you have the following rights with respect to your information collected by companies conducting business in California:
- Right to Access Personal Information We Collect. You have the right to request a copy of Personal Information we collect about you, subject to certain restrictions.
- Right to Access Personal Information We Sell or Disclose to Third Parties. You have the right to request a copy of your Personal Information we sell or disclose to third parties, subject to certain restrictions.
- Right to Request Deletion of Personal Information We Collect. You have the right to request that we delete Personal Information we collect about you, subject to certain restrictions.
- Right to Be Free from Discrimination. You have the right to be free from discrimination for exercising your rights under the CCPA.
Personal Information We Collect About You. Under the CCPA, Personal Information refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household. Below is a list of categories of Personal Information we collect about you:
- Identity Information such as first name, last name, driver’s license or state identification, passport number, or similar identifier.
- Contact Information such as physical addresses, e-mail addresses, and phone numbers.
- Education and Employment Information such as schools and colleges/universities attended, degrees earned, certifications and licenses, and other professional-related data.
- Technical and Usage Information such as login data, Internet Protocol (IP) address, geolocation data, access dates and times, cookie data, browser activity, and other user interactions with our websites, applications, and platforms.
- Marketing Information such as your preferences in receiving marketing materials and communications from us. You can review NextRoll’s privacy notice at https://www.nextroll.com/privacy#service-13.
- Profile Information such as your usernames and passwords, feedback, and survey responses.
- Transaction Information such as details regarding products and services purchased from us.
- Financial Information such as payment details, either directly collected by us or indirectly collected through a third-party payment service provider.
- Medical Information not governed under the Health Information Portability and Accountability Act (HIPAA) or the Confidentiality of Medication Information Act Part 2.6.
We collect the above categories of Personal Information from the following categories of sources:
- Directly and indirectly from you in the course of providing products and services to you;
- Directly and indirectly from activity on our website and applications including, but not limited to, submissions through our website portals and website usage details; and
- Third-parties that interact with us in connection with the services we provide.
We also collect information that is not deemed Personal Information under the CCPA. This includes publicly available information, such as information lawfully made available from federal, state, or local government records. Protected or health information we collect that is governed by HIPAA or the Confidentiality of Medical Information Act is not subject to the CCPA.
Use of Personal Information. We may use or disclose Personal Information we collect for one or more of the following business purposes:
- To provide you with information, products, or services that you request from us;
- To provide you with e-mail alerts, event registrations, or other notices concerning our products or services, events, or news that may be of interest to you;
- To carry out and fulfill our obligations and enforce our rights arising from any contracts entered into between you (or an entity on your behalf) and us;
- For analysis and product development;
- To improve our website and present its contents to you; and
- To respond to law enforcement requests, court orders, governmental regulations, or as otherwise required under applicable law.
Personal Information We Share with Third Parties. We disclose your Personal Information to service providers and third parties to whom you or an entity on your behalf has authorized us to disclose your Personal Information in connection with products and services we provide to you. We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable law. Below is a list of categories of Personal Information we may share with third parties:
- Identity Information such as first name, last name, driver’s license or state identification, passport number, or similar identifier.
- Contact Information such as physical addresses, e-mail addresses, and phone numbers.
- Education and Employment Information such as schools and colleges/universities attended, degrees earned, certifications and licenses, and other professional-related data.
- Technical and Usage Information such as login data, Internet Protocol (IP) address, geolocation data, access dates and times, cookie data, browser activity, and other user interactions with our websites, applications, and platforms.
- Marketing Information such as your preferences in receiving marketing materials and communications from us.
- Profile Information such as your usernames and passwords, feedback, and survey responses.
- Transaction Information such as details regarding products and services purchased from us.
- Medical Information not governed under HIPAA or Confidentiality of Medical Information Act Part 2.6.
Personal Information We Sell to Third Parties. We have not sold your Personal Information to third parties in the preceding twelve (12) months. We do not sell or disclose deidentified Personal Information to third parties. All deidentified Personal Information is deidentified in accordance with 45 C.F.R. § 164.541(b)(2).
To exercise your rights listed above, please submit a request via one of the following:
- JIRA Service Desk at https://sdesk.drfirst.com/support
- Postal mail, at: DrFirst.com, Inc.
9420 Key West Ave, Suite 230
Rockville, MD 20850
Attn: Legal Department – California Privacy Rights
All requests sent via postal mail must be labeled “California Privacy Rights” on the envelope or post card and clearly stated on the actual request. For all requests, please include your name, street address (if you would like a response via postal mail), city, state, and zip code. We will not accept requests via email, telephone or fax. We are not responsible for notices that are not labeled or sent properly, or do not have complete information. You may designate an individual to submit a request on your behalf. We will use the information you provide in your request to verify your identity and will respond to your request within forty-five (45) days, or within a timeframe otherwise required or permitted under the CCPA. You will not be required to pay a fee to access your Personal Information unless your request is unfounded, excessive, or repetitive.
How We Respond to Browser “Do Not Track” Signals. Some web browsers incorporate a “Do Not Track” feature that signals to websites that you visit that you do not want to have your online activity tracked. How browsers communicate the Do Not Track signal is not yet uniform. For this reason, the Services are not set up to interpret or respond to Do Not Track signals.
Children’s Online Privacy Protection Act (COPPA). Our Services are not directed to children under the age of 13. We do not knowingly collect Personal Information on our website directly from children and will destroy such information if we become aware that a child has disclosed such information to us without proper parental consent. It is DrFirst’s policy not to knowingly solicit or permit children under the age of 13 to provide their Personal Information for any purpose.
Acceptance of and Changes to Privacy Policy. By using www.drfirst.com or any other DrFirst website, you are accepting the practices described in this Privacy Policy. We reserve the right to periodically modify this Privacy Policy. Any modified privacy policy will be posted on this website and be marked with an effective date. Your continued use of our website after the effective date of any modification means you accept and agree to be bound by the Privacy Policy as modified. Any material changes will generally apply only to activities and information collected after modification. We encourage you to review this Privacy Policy whenever you return to the website to make sure you are aware of the latest Privacy Policy.
Third Party Websites. Our website may contain links to and from websites maintained by other companies or organizations (“Third Party Websites”). We are not responsible for the privacy practices or the content of third party websites. The information practices of third party websites are not covered by this Privacy Policy.
Note to Non-U.S. Visitors. This Privacy Policy is intended to meet the laws and regulations of the United States, which may not necessarily be consistent with the laws and regulations of your home country. Any information that you provide to www.drfirst.com will be treated in accordance with this Privacy Policy, the Terms of Use, and U.S. laws.
Questions or Concerns about our Privacy Policy.
Please direct any questions or concerns to:
Privacy Officer
9420 Key West Ave, Suite 230
Rockville, MD 20850
df_legal@drfirst.com
ONC Certification Disclosure
This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC–ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
Organization: DrFirst, Inc., 9420 Key West Avenue, Suite 230, Rockville, MD 20850, (301) 231-9510, https://drfirst.com
Product: Rcopia4
ONC-ACB Certification ID: 15.04.04.1375.Rcop.04.00.0.171277, Certification Date: 12/27/2017
Certification Criteria:
170.315 (a)(1): Computerized Provider Order Entry (CPOE) – Medications
170.315 (a)(4): Drug-Drug, Drug-Allergy Interaction Checks for CPOE
170.315 (b)(3): Electronic Prescribing
170.315(b)(10) – Electronic Health Information export
170.315 (d)(1): Authentication, Access Control, Authorization
170.315 (d)(2): Auditable Events and Tamper-Resistance
170.315 (d)(3): Audit Report(s)
170.315 (d)(4): Amendments
170.315 (d)(5): Automatic Access Time-out
170.315 (d)(6): Emergency Access
170.315 (d)(7): End-User Device Encryption
170.315 (d)(8): Integrity
170.315(d)(12): Encrypt authentication credentials
170.315(d)(13): Multi-factor authentication
170.315 (g)(2): Automated Measure Calculation
170.315 (g)(3): Safety-Enhanced Design
170.315 (g)(4): Quality Management System
170.315 (g)(5): Accessibility-Centered Design
Additional Costs: Certified product versions may require additional costs pursuant to an annual contract commitment including: Yearly License fees, one-time interface fee (PMS), a one-time demographic upload fee, a one-time EPCS IDP fee, and a yearly EPCS license fee.
Additional software relied upon for certification: FDB MedKnowledge, MedlinePlus, National Library of Medicine, Meinberg NTP, Surescripts
Revision Date: 6/11/2024