隐私政策

The 美国心脏协会 believes that data it collects from its programs, products and services is an essential resource to furthering our mission of building healthier lives free from cardiovascular disease and stroke. Beca使用 of the potential of this significant resource to deepen our understanding of the risks, 这些疾病的后果和未来的治疗方法, AHA seeks to obtain data in a manner that allows the AHA to 使用 the data it collects in the most ways beneficial to the advancement of its mission and the benefit of the public. 同时, AHA respects the rights of individuals to understand and direct how their private information can be 使用.

为了实现这些目标, all programs and activities of the 美国心脏协会 that collect personally identifiable information (PII), 以及其他至少和个人身份信息一样敏感的信息, shall be designed and conducted to ensure that such PII is collected, 存储, 使用, 披露, and destroyed: (a) in full compliance with any applicable privacy laws and regulations; (b) only within the permissions granted, where permission is required; (c) with commercially reasonable security protection based on the type of information; and (d) consistent with the AHA’s mission to build healthier lives free from heart disease and stroke and commitment to respecting individuals’ desire to protect their privacy. All staff and 志愿者 designing and conducting programs that collect, 商店, 使用, 披露, or destroy PII must do so in accordance with this 隐私政策, 以下隐私标准, 和适用的AHA隐私 & 安全程序.

隐私标准

All programs and activities of the 美国心脏协会 that collect personally identifiable information, 或者任何至少和个人身份信息一样敏感的信息, shall be designed and conducted using current industry standard practices intended to ensure that such PII is collected, 存储, 使用, 披露, and destroyed in accordance with the 隐私政策 and these 隐私标准. Prior to any collection or 使用 of PII by or for any AHA program or activity, the business unit responsible for the program or activity shall develop and document specific Privacy & 安全程序 in the required format to ensure compliance with the 隐私政策 and these Standards. 隐私 & 安全程序, in addition to other requirements, shall outline:

  • 美国心脏协会计划或活动如何收集个人信息;
  • 所收集的个人资料类别;
  • 从哪里收集;
  • 如何使用和共享;
  • 如何控制AHA人员对PII的访问;
  • 如何保持个人资料的准确、完整和安全;
  • how long the PII will be kept and how it will be destroyed; and
  • 个人如何获得, 确认, 正确的, or request permanent deletion--to the extent deletion is required by law--of any PII under AHA control.

隐私 & 安全程序 for each program or activity must be approved by Business Technology, Legal and the appropriate chief executive for that business unit before collection or 使用 of PII begins, whether or not the PII is collected electronically or in hard copy form.

标准1-遵守法律 & 问责制:

The AHA will comply with all applicable privacy and security laws and regulations.  AHA将要求其供应商, 志愿者, 并要求员工遵守适用的法律法规, 美国心脏协会隐私政策, 这些AHA隐私标准和任何适用的隐私 & 安全程序.

标准2 -透明度:

The AHA will make the 隐私政策 and 隐私标准 readily available to individuals providing their own PII to AHA and will post a statement summarizing its 隐私政策 and 隐私标准 on its website.  征求个人同意时, 无论是在线还是离线, AHA将描述要收集的信息, 美国心脏协会向他们请求了什么许可, and how that individual may opt out of the collection of such PII or withdraw consent later.  When consent is requested from an individual to collect or 使用 PII, the AHA will document the consent in a way that is reasonable under the circumstances.

标准3 -披露的限制:

Beca使用 AHA values and respects an individual’s desire to keep certain personal information private, AHA不会向第三方披露PII, 除了:1)法律规定的同意, only for purposes included within the consent of the individual providing his or her PII; 2) purposes that are consistent with or are necessary to carry out the original express purpose for which the consent was granted and related to AHA’s overall mission; or 3) as otherwise authorized by law. 当需要个人同意时, such individual consent shall be obtained at or before the time the information is collected, or before the time the information is 使用 in a way not covered by an individual’s prior consent.

标准4 -安全措施:

The AHA will 使用 reasonable and appropriate security measures to protect PII against unauthorized access, 使用, 修改或披露, and shall ensure that all PII for which it has responsibility is maintained in a secure environment at least at the levels required by any applicable law.  The AHA will 使用 applicable reasonable industry standards when destroying PII to protect against unauthorized disclosure.