Epocrates Privacy Policy

Privacy policy last updated August 23rd, 2018

At Epocrates, we are committed to respecting your privacy. This privacy policy describes how Epocrates, Inc. and its subsidiaries and affiliated companies, including athenahealth ("Epocrates," "we" or "our") may collect, use and disclose information about customers who use our websites, including epocrates.com , and our mobile applications displaying this policy ("Services"). This policy does not cover websites, applications or services displaying different privacy statements. For instance, some of the services implement the Google Maps web mapping service. Your use of Google Maps is subject to Google's privacy policy, located at http://www.google.com/intl/en/policies/privacy/ .

  1. What information does Epocrates collect?
  2. How does Epocrates use the information we collect?
  3. How does Epocrates protect your information?
  4. Will Epocrates share the information it collects with others?
  5. Your choices about the information we collect.
  6. How are "tracking technologies" used?
  7. California Privacy Rights Notice.
  8. Is this privacy statement subject to change?
  9. How to send us your feedback

1. What information does Epocrates collect?

Information you provide us.

  • When you create a new account in our mobile application, we ask for your name, email and occupation. If you are an MD or DO, we ask for your country of residence. If your country of residence is the United States, we ask for your zip code. We will then present you with a list of Health Care Providers (“HCPs”) with your same name/zip code combination and available National Provider Identification (“NPI”) numbers, based on data from the National Plan & Provider Enumeration System (“NPPES”) registry. You will be asked to select the correct NPI profile that represents you. Once you claim your profile, we will ask if you have a sub-specialty to designate in your account.
  • When you create a new account or update an existing account in Epocrates Online, we ask for your name, email, country of residence, work zip code, and occupation. You may also provide information related to the medical school you attended including the country, state, name, graduation year, former last name (as applicable) and date of birth. We may also ask you to provide other pieces of information, including, but not limited to, information related to your residency (including year(s) attended), information related to your practice, information related to your hospital affiliation and your billing address.
  • When you contact us for support or other reasons, you may also provide additional information that we collect, including, but not limited to: gender, office contact information, whether you are accepting new patients, insurance(s) accepted, languages spoken, Medical Examination (“ME”) number and NPI number.
  • When you make purchases through our Services, we ask you for your name, email address, billing address(es), telephone number, and credit card information.
  • We may ask you for other types of information like demographics information, for example, when you participate in a survey or product test or when you enter a contest or other promotional event.
  • We do not collect or process any sensitive data such as: race or ethnic origin; political opinions; religious or philosophical beliefs; genetic or biometric data; health or mortality; or sexual orientation in connection with this Website.

Information we may automatically collect.

When you visit our website epocrates.com or use our Services, some information is automatically collected. For example, when you visit or use our Services your computer's operating system, Internet Protocol (IP) address, access times, browser type and language, geo-location and the website you visited before our site are collected and logged automatically. We also collect information about your activity related to your use of the Services and your interaction with advertisements, content or sponsored or unsponsored messages that are surfaced through our Services. We may combine this automatically collected information with other information we collect about you. Your use of our Services or our website are treated as your consent to the automatic collection of the data described herein. We do this to improve services we offer you, to improve or validate our marketing or marketing of commercial third party campaigns, analytics, or site functionality.

Additionally, when you use our mobile applications, we may automatically collect data about your device such as your device ID, type of device you use, operating system version and information related to your use of the Services.

Information we receive from third parties.

We may also collect additional information about you from third parties to assist us in providing you with Services. For example, we may obtain commercially or publicly available information about you from third parties or purchase email lists from third-parties for advertising and marketing purposes. We may also receive information from third-parties who provide services to us through web-beacons and other technologies as otherwise discussed in this Privacy Policy.


2. How does Epocrates use the information we collect?

We use information collected through our Services for purposes described in this policy or for those purposes disclosed to you in our Services. For example, we may use your information to:

  • Operate and improve our Services;
  • Share with clients about your use or interaction with the Services and/or promotional content contained within the Services;
  • Share with existing or prospective clients that you subscribe to our services;
  • Respond to your comments and questions and provide customer service;
  • Provide and deliver products and services you request;
  • Send you related information, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • Better understand you so that we may tailor messaging and services based on your interests, preferences, needs and specialties;");
  • Communicate with you via email, mobile alerts and other messaging outlets about commercial, non-commercial, sponsored and non sponsored information, FDA and product safety alerts, new drugs and pharmaceutical studies. By accepting the terms of this policy, you are opting in to receiving such communications from us;");
  • Send you information via email about products and services offered by us, our affiliates, and our partners. By accepting the terms of this policy, you are opting in to receive such emails from us. ");
  • Send you invitations, by email or other means, to participate in market research survey opportunities through the Epocrates Honors program. By accepting the terms of this policy, you are opting in to receive such invitations from us (if you do not wish to receive such invitations, you may choose to opt out by updating your profile. See "Your choices about the information we collect");
  • Link or combine your information with other information we collect through our Services, or receive from third parties; and


3. How does Epocrates protect your information?

We take appropriate measures to protect the information that we receive about you from unauthorized access, disclosure, alteration, or destruction. When we collect certain sensitive information (such as a credit card number or geolocation), we encrypt the transmission of that information using secure socket layer technology (SSL). No method of transmission over the Internet or electronic storage is 100% secure; as a result, we cannot guarantee absolute security. If you have any questions about security, you can contact us at support@epocrates.com .


4. Will Epocrates share the information it collects with others?

Epocrates may share aggregated information such as statistics about our customers, sales, product usage or traffic patterns, and related website or Services information.

When you use our mobile application, we may share your approximate geo-location data with a third-party service provider. If you do not wish to allow us to share your information in this manner please opt-out by editing the setting at the device level.

If you post a comment or message in our blog or other public forums, it will be shared publicly.

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name.

We will share your information with third parties only in the ways that are described in this privacy policy. We may share information as follows:

  • with your consent;
  • with our third party vendors, consultants, agents, and other service providers with whom we contract to help us provide or improve our Services. For example, we may work with companies to host and maintain our data, website or mobile application properties, analyze our data or provide marketing assistance;
  • to provide our commercial clients and prospective commercial clients, such as pharmaceutical companies and their advertising agencies, with your information for audience or user matching purposes;
  • to provide our commercial clients with your information when you engage with promotional content through our Services and information about the type of engagement (e.g., whether you viewed, interacted with or requested information about such promotional content);
  • to (i) comply with laws or to respond to lawful requests and legal process, (ii) to protect the rights and property of our agents, customers, and others including to enforce our agreements, policies and terms of use or (iii) in an emergency to protect the safety of Epocrates, its customers, or any person, and in certain situations, we may be required to disclose information in response to lawful requests by public authorities, including meeting national security or law enforcement requirements; and
  • in connection with or during negotiation of any merger, financing, acquisition or bankruptcy transaction or proceeding involving sale or transfer of all or a portion of our business or assets to another company.


5. Your choices about the information we Collect.

You may amend any inaccuracies or update your Epocrates profile, including your personal information and email preferences, at any time.

If you do not want Epocrates to use your information in the manner described herein, please do not submit any information to us. Upon request we will provide you with information about whether we hold any of your information. You have the option of correcting, updating, deleting and/or changing information by emailing support@epocrates.com  or by updating your profile. If you would like to update your password or change or update your credit card information, please email support@epocrates.com  for instructions on how to make such password or credit card changes or updates.

We will retain information we collect as long as your account is active or as needed to provide you services, subject to our ability to retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at support@epocrates.com.

You may opt out of any promotional emails at any time by following the unsubscribe instructions in the promotional emails you receive from us or by sending an email to support@epocrates.com 

You may opt out of the Epocrates Honors market research program at any time by following the unsubscribe instructions in the invitation emails you receive from us, by updating your profile as described below or by sending an email to support@epocrates.com.

You may opt-out of location-based services at any time by editing the setting at the device level. We may occasionally send you push notifications through our mobile applications to send you service related notices that may be of importance to you. You may at any time opt-out from receiving these types of communications by turning them off at the device level through your settings.


6. How are "tracking technologies" used in/on our Services?

Technologies such as cookies, beacons, tags, and scripts are used by Epocrates and our marketing partners, affiliates, or analytics or service providers. These technologies are used in analyzing trends, administering the site, tracking users’ movements on epocrates.com and to gather information about our user base as a whole. For example, we may receive reports based on the use of these technologies on an individual as well as aggregated basis. In doing so, we may collect personally identifiable and non-personally identifiable information (for example, domain type, browser type and version, service provider and IP address, referring/exit pages, operating system, date/time stamp, email address, and click-stream data). We may also compile statistics about how our visitors collectively interact with the Services. We may also supplement this information we collect with other publicly available or commercial sources to build out user profiles for improved targeting and to share with our advertisers for their services.

We may use both session and persistent cookies to help us provide you with a more personalized experience and improve our services. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our site, but your ability to use some features or areas of our site may be limited.

Cookies are bits of electronic information that a website may transfer to a visitor’s computer to identify specific information about that visitor’s use of that website. Session cookies or transient cookies are cookies that are stored in temporary memory and are not retained when the browser is closed. Session cookies do not collect information from your computer and typically will store information in the form of a session identification that does not personally identify you. Persistent cookies assign a unique identification to your computer and are typically stored on your computer’s hard drive and are used to help track clicks as you use or access the Services. Persistent cookies remain on your computer until affirmatively deleted by you.

We may also use cookies set by third-parties with whom we have entered into agreements which may enable us to obtain analytics information about the use of the Services. You can set your browser not to accept cookies or to notify you when you are sent a cookie, giving you the opportunity to decide whether or not to accept it. You may also use commonly available tools in your browser to remove cookies which may have been placed onto your computer.

We may also use web beacons or clear .gifs. Web beacons or clear .gifs, and similar technologies are pieces of code placed on a web page to collect data on the users of a specific web page.


Server Logs and Widgets:

We may use web server logs. A web server log is a record of activity created by a computer that delivers certain webpages to your browser. Certain activities that you perform utilizing the Services may record information in server logs. For example, the server log may record the search term(s) you use, or the link you clicked on to bring you to the Services. The server log may also record information about your browser, such as your IP address and the cookies set on your browser.

We may also use widgets. A widget is generally an application that can be embedded in a webpage, and which can provide real-time information to the webpage. Widgets are often provided by third-parties to enable collection of data about website usage.

We may use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This software may record information such as, but not limited to, how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from.

We or third parties with whom we may partner to provide certain features within our Services or to display advertising based upon your browsing activity use LSOs (Local Shared Objects), which are similar to cookies, to collect and store information. Various browsers may offer their own management tools for removing LSOs.

We may partner with a third party to either display advertising on our website and mobile applications or to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you targeted advertising based upon your browsing activities and interests.

Our Services do not respond to browser “Do Not Track” signals. By using or accessing the Services and/or by contacting us and/or by providing any of your information, you give us your consent to track your activities using the technologies described above, as well as similar technologies developed in the future, and that we may use such tracking technologies in the emails we send you.


7. California Privacy Rights Notice

California residents may request certain information regarding our disclosure (if any) of personal information to third parties for their direct marketing purposes, pursuant to California Civil Code Section 1798.83. To make such a request, please contact us as listed below, identify yourself as a California resident, and provide sufficient information so we can take appropriate action, such as your name, email address.


8. Is this privacy statement subject to change?

We may update this privacy policy to reflect changes to our information practices. If we make any material change in how we use your information we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice through our Services prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

9. How to send us your feedback

Our goal is to respect your privacy and we encourage user feedback to help us improve our privacy policies. If you have any questions or suggestions about this privacy statement, please contact us at: support@epocrates.com  Epocrates has also appointed a Data Protection Officer to address inquires as needed. The Data Protection Officer’s name and contact information are below.


Peter Acton, Data Protection Officer 
Epocrates, LLC
311 Arsenal Street
Watertown, MA 02472

You may use this contact to submit a request to review the information we have retained, how we have used it, and to whom we have disclosed it. Subject to certain exemptions required by law, and provided we can authenticate your identity, you will receive a response within thirty (30) days. You are entitled to challenge the accuracy and completeness of any information provided and to have it amended as appropriate.

Privacy policy last updated August 23rd, 2018