top of page

Privacy Policy

DATA SECURITY and PRIVACY POLICY

  1. STATEMENT OF POLICY

 

This policy applies to all hardcopy/electronic transactions administered by the Colorado Gynecologic Cancer Alliance (CGCA) during the course of business activities. The types of transactions and applications apply to our individual donors, participants, volunteers, clients, funding recipients and other supporters.

​

Data security is of ultimate priority at CGCA. The personal data of our constituents is closely guarded and limited to only employees and non-employees (I.E. independent contractors, interns) use in order to provide services. Should a data breach occur, CGCA has a plan to handle that situation as referenced in Section V.  

​

Personal privacy is important to CGCA, and maintaining the trust and confidence of all people working in any capacity with CGCA is a priority. We respect everyone’s right to keep his or her personal information confidential and the desire to avoid unwanted solicitations. 

​

CGCA, although not a health care provider and therefore not an entity covered under HIPAA, does provide financial assistance, insurance and financial advocacy through Carol's Wish and professional counseling to women in treatment for gynecologic cancer.  The application for CGCA.Cares assistance as well as Carol's Wish advocacy services does ask for some specific personal and medical information that is considered protected information. Carol’s Wish does have all participants sign a release of information form that allows CGCA to work with the Doctor’s office and get information about the patient’s diagnosis and insurance. CGCA only uses this information in the provision of services delivered to the survivor. Nicki’s Circle participants also have a personal information sheet they are asked to complete. CGCA will not sell or make available any protected health information from within any CGCA process. CGCA's organizational database is HIPAA compliant. 

​

  1. TYPES OF INFORMATION COLLECTED

CGCA collects certain personal information– but only when that information is provided or obtained with authorization. This information is used to process requests and applications.

Examples of sources from which we collect information include:

  • interviews and phone calls with individuals or with other people who are authorized for CGCA to interact with letters or emails      

  • event registration forms

  • Cares financial assistance applications

  • Carol’s Wish applications

  • Nicki’s Circle Participant Personal Information Sheet

  • Connections Intake Form

 

The types of personal information collected may include any or all of the following:

  • Contact information including; name address, email, phone number

  • If in treatment, or a survivor, a diagnosis, disease staging, potentially chemotherapy prescribed and doctor’s name or any other medical information.

 

III.     WHERE INFORMATION IS KEPT

 

No personal information of our constituents is stored on company computers in the CGCA office. No shortcuts or links to cloud storage locations of client information will be allowed on CGCA computers.

 

Long term storage of personal information utilizes a cloud storage database that is provided to CGCA via a maintained paid account.

 

IV.       THE WAY WE USE INFORMATION

 

We do not share this information with outside parties. We do not keep credit/debit card information.

 

Confidentiality regarding personal information is strictly kept, however, there are exceptions to the general rule of legal confidentiality.  These exceptions are listed in the Colorado statutes (Section 12-43-218, C.R.S.).  An exception to confidentiality includes any situation involving imminent harm to self or others.  It should be noted that legal confidentiality does not apply in criminal or delinquency proceedings. 

 

We use non-identifying and aggregate information to better design our reports, brochures, registration forms, applications and websites      and to share with advertisers and sponsors. For example, we may tell an advertiser the number of individuals that participated in an event, but we would not disclose anything that could be used to identify those individuals.

 

Nicki’s Circle participants may volunteer to share their personal information, as requested on the Nicki’s Circle Participant Information Sheet, to be included on the group roster. The group roster is a hardcopy distributed to all women in the group at each session. The purpose of the information distribution is to encourage contact and support among group membership.

Participants may opt to share only a portion of their personal information, at their discretion.

 

Alternatively, any participant may elect to be removed from this roster at any time and for any reason.

 

 

V.        CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION

 

 We restrict access to nonpublic personal information about constituents of CGCA to employees and non-employees (I.E. independent contractors, interns) of our organization who must use that information to provide services to you. Their right to further disclose and use the information is limited by the policies of CGCA, applicable law and nondisclosure agreements where appropriate. We also maintain physical, electronic, and procedural safeguards in compliance with applicable laws and regulations to guard your personal information. All cloud database storage is accessible only by use of CGCA email address and password through a Google account. No email addresses or passwords are shared or redundant. Google accounts require regular password changes every ninety days.

 

When an employee, or non-employee (I.E. independent contractor, intern), leaves their assignment with CGCA, the Executive Director will change their password to their Google account and maintain that account for sixty days. After sixty days, the account is closed.

 

VI.       CGCA DATA BREACH PLAN

 

CGCA recognizes Colorado’s Data Breach law, which is codified at C.R.S. § 6-1-716. As a Colorado nonprofit organization that owns computerized data, which includes personal information about Colorado residents, CGCA is obligated to develop this plan to act in response to any data breach.

 

The personal information CGCA may hold includes the Colorado resident’s first name or initial and last name along with any one or more of the following information points:

 

  • Home Address, Email Address(es)

  • Telephone Number (Landline and/or Mobile)

  • Driver’s License Number

 

A data breach is any unauthorized acquisition of unencrypted computerized data, through either electronic hacking or physical theft of computer equipment containing the data that compromises the security, confidentiality, or integrity of personal information of a Colorado resident maintained by CGCA. CGCA’s data breach plan will include the following steps:

 

  1. Perform an internal investigation to determine the magnitude and severity of the breach.

  2. Develop a list of who was impacted and will need to be notified.

  3. Decide on type of notification; written notice, telephonic or electronic.

  4. Decide on when to notify while realizing time is critical.

  5. Build into the notification helpful steps for the individuals to follow that would guide

them in protecting their identity. This would include instructions on placing a fraud alert on the three major credit bureaus.

  1. Develop and execute mitigation plans as necessary in accordance with state laws and this policy.

 

VII.      HOW TO CONTACT US

CGCA Mailing Address:
Colorado Gynecologic Cancer Alliance
8801 E. Hampden Avenue, #104
Denver, CO 80231

Phone: 303.506.7014
Email: Contact@gyncancercolorado.org   

Web address: www.gyncancercolorado.org

bottom of page