Privacy Policy

Updated:Jun 21,2011

Collection, Use and Security of Personal Information

The American Heart Association values and respects an individual's right to keep certain Personal Information private.  Likewise, the AHA values the need to collect and use Personal Information which will enable the AHA to effectively deliver products and services leading to a reduction in disability and death from heart diseases and stroke.  This Privacy Policy applies to activities of the AHA and additionally to persons visiting AHA Web sites, signing up for AHA publications and mailings, or entering into transactions with the AHA, and covers the collection, use, storage and disclosure of information and data as described in this Privacy Policy. The Privacy Policy does not apply to information that the AHA collects on contractors, vendors or other entities with which the AHA does business, although the AHA will contractually require them to comply with relevant provisions of the Privacy Policy.

A.  AHA Collection of Personal Information

1.  The AHA will collect Personal Information on an individual only if the individual provides the information to the AHA.  The AHA also may collect information about a person who has been referred to the website to send them emails regarding AHA’s efforts or a person to whom the AHA has been asked to send emails regarding AHA’s programs or efforts.  If a person donates to the AHA, the AHA may collect sensitive Personal Information such as the donor’s credit card number, card type, expiration date and keep a record of the financial transaction.

The AHA may collect Demographic Information it obtains from individuals and third parties for fund raising purposes and to notify persons of AHA programs, events, educational opportunities and upcoming meetings.

The AHA may collect Aggregate and Transactional Information and add to its database every time a person visits an AHA Web Site. Also, the AHA collects Aggregate Information for research purposes.

2.  Types of information: "Personal Information" is "Demographic Information" and/or "Medical Information" which identifies a specific individual with a minimal degree of effort. Demographic Information includes name, address, city and other similar information. Medical Information includes diseases, treatments, lifestyle behaviors, family history, genotype, phenotype and other similar information. Transactional Information is data collected on an individual based on the individuals' interactions with the AHA, which may include sensitive information such as credit card information and Medical Information. Aggregate Information is information presented  in summary or statistical form which does not contain data that would permit the identification of a specific individual without extraordinary effort.

B.  AHA Use of Personal Information

1.  When an individual provides Personal Information to the AHA, the AHA may use the Personal Information for its programs, research and fund raising.

2.  The AHA uses Transactional Information for research purposes for the development or implementation of its programs, products and services.  The presumption is that, since Transactional Information is highly proprietary, it will not be disclosed to third parties.

3.  The AHA will disclose all information as required by law.

4.  The AHA will make every effort to discontinue the use of an individual's Personal Information as soon as practicable if requested by that individual.  The AHA may need to retain Information in its archives and records to comply with law, resolve disputes, analyze problems, assist with any investigations, enforce AHA’s User Agreement and other policies, and take other actions otherwise permitted or required by law.

C.  Specific Requirements

1.  Administrative

a.  The AHA will take reasonable and appropriate measures to keep Personal Information confidential and in a secure environment, including taking appropriate action in the event of unauthorized disclosure.

b.  Access to Personal Information will be restricted to only those personnel with a legitimate business purpose.

c.  The AHA owns all Personal Information provided to it by individuals and collected in accordance with this Policy.  When an individual provides Medical Information to the AHA, the AHA will ensure that the individual acknowledges their assignment of the right to use the data to the AHA.

2.  Scientific Research

Any research funded by the AHA that involves human subjects (e.g., information collected on individuals) must be endorsed by the sponsoring institution's committee on clinical investigation or other appropriate body, and conform ethically to the guidelines prescribed by the National Institutes of Health, which includes obtaining informed consent from each individual.

3.Third Party Disclosure

Permission is required before the AHA discloses Personal Information to a third party.  No permission is necessary for Aggregate Information, since Aggregate Information does not identify a specific individual.

a.  For disclosure of Demographic Information (e.g., rentals or exchanges of donor lists), the AHA as a minimum will use the "Opt Out" approach.  An "opt-out" is obtained when the AHA through some correspondence gives an individual the opportunity to decline or "opt-out" of disclosures to third parties.  If the individual does not opt out, permission is deemed granted.  Depending upon the nature of an activity or project, a higher standard than "opt-out" may be used, such as "opt-in" whereby an individual must affirmatively give consent before information is disclosed.

b.  For research awardees, permission is deemed granted upon submission of an application for a grant to the AHA.  Therefore, the AHA may disclose Personal Information, including funding and project summary information, on research program awardees to third parties.

c.  For disclosure of Medical Information, Informed Consent is required before the AHA discloses Medical Information to a third party.  Informed Consent occurs when an individual has sufficient facts about the disclosure, comprehends those facts, and voluntarily consents to the disclosure.  Where a third party such as the employer or healthcare provider of an individual requires the individual to participate in an AHA program which collects Medical Information, the AHA will require the employer or healthcare provider to procure Informed Consent before the AHA will  release Medical Information to that employer or healthcare provider.

d.  From time to time, there is a benefit in allowing a third party to use collected Personal Information on individuals.   However, unless an individual gives permission, the AHA will not disclose Personal Information collected by the AHA to any third party. The AHA sometimes engages third parties to provide certain operational services to the AHA or on its behalf.   The AHA may disclose Personal  Information to those third parties on a “need to know” basis under a written contract.

e.  The AHA uses and allows third parties to use Aggregate Information for research purposes for the development or implementation of its programs, products and services.


Information Security

The American Heart Association takes the security of your personal, financial and medical information that you provide to us very seriously and we take reasonable measures to safeguard your information consistent with our Privacy Policy.  We comply with the Payment Card Industry Data Security Standards ("PCI DSS") for financial transactions, and other laws and regulations applicable to the information we collect from you.

Our network is composed of access controlled measures, security monitoring tools, vulnerability management program, SSL encryption, scheduled network scans, and internal and external penetration tests.  When it is necessary for our service providers to have access to your information, we expect the same level of data security, integrity and confidentiality standards as the AHA itself provides. Additionally, we conduct security awareness training for our staff and volunteers.

While the AHA uses its best efforts to maintain this level of security across all of our systems we cannot guarantee or warrant that our systems or our service providers are not vulnerable to viruses, hacking or other security threats. 

Use of Cookies

A cookie is a small text file stored on a user’s computer by a web browser.  Cookies are used by web sites to authenticate users, to store user site preferences, to capture the contents of a shopping cart, for tracking a user’s session, and/or for storing other essential textual information.

The American Heart Association uses Cookies to enhance the user experience while visiting our web site.  Cookies are used for authentication primarily.  We do not store any personal information about a user in our cookies.  We do track your interests on the site so that we can provide you with additional content that might be of importance to you.  Most Web browsers accept cookies and you can use the “help” menu on your browser to assist you in preventing, accepting, or receiving notice of new cookies. However, please be aware that if you block cookies, Web site functionality may be lost.

We also use Google Analytics for tracking and reporting web site activity.  Google Analytics uses cookies to define a user’s session.  Aggregate information is collected so that we can report on how many visitors are coming to our sites and what content is visited the most.  We use this information so that we know how relevant the content is that we are providing.  Providing you with fresh and engaging content is important to us as we know it is important to you.