Verisys Connect Login
Talk to an Expert

Verisys Consumer Privacy Policy

Click to download the Verisys Consumer Privacy Policy

Verisys Consumer Privacy Policy

©Verisys Corporation

POLICY: Verisys provides background screening, credential verification services, and data
products to support customer’s hiring and credentialing processes. Verisys offers the following
services through our sites (collectively, “Services”):

  • Healthcare provider data and directory management
  • Pre- and post-hire screening
  • Sanction screening and monitoring
  • Real-time eligibility screening
  •  Database solutions

This Privacy Policy provides customers and consumers with a comprehensive understanding of Verisys online and offline information practices. It also serves as a guide for consumers to understand their rights regarding their personal information, including the necessary information for them to exercise those rights. This policy governs access to and use of all current and any future Verisys websites and the services offered on those websites.

 

Access to Verisys data products and databases is limited and available to only the following:

  • Entities with a permissible purpose to receive it, as defined in the Fair Credit Reporting Act (FCRA);
  • Companies who resell Verisys data as permitted under law and
  • Companies who process data on Verisys behalf.

This policy applies to data that Verisys controls. All data that is shared with Verisys under its role as a service provider is governed by customer agreements. Verisys customers act as the data controllers in this situation. Consumers must contact the data controller to exercise their privacy rights concerning data that Verisys processes in its role as service providers.

INFORMATION VERISYS COLLECTS:

Verisys collects the following types of personal information: 

Categories of Information

Description

 

Personal Identifying Information

Any item that can be used alone or in conjunction with other information to identify consumer: 

●       Name

●       Personal Address (including address geolocation)

●       Telephone number

●       Social Security Number

●       Date of Birth

Characteristics of Protected Classifications

This includes any items that may identify consumer’s membership in a protected class such as:

●       Sex/gender

●       Marital status

●       Disability (mental and physical disabilities as related to capacity to perform work related tasks)

●       Age (over 40)

User Identification

This includes information that is necessary to log into and manage consumer’s account(s), such as:

●       Username

●       Unique identification number

●       User email address

 

Device Identifiers

This includes unique identifiers for the browser, app, or device consumers use to access Verisys services. For example:

●       Device type or name

●       Verisys identifier for advertisers (IDFA)

●       Google Advertising ID (GAID)

●       International Mobile Equipment Identity (IMEI)

●       Media Access Control (MAC) address

●       Secure ID

●       Internet Protocol Address (IP address)

 

Internet or Website Activity

This may include:

●       Technical information, such as response time for web pages, download errors

●       Date and time when consumer used the service

●       Location information, such as consumer’s IP address

●       Statistics regarding how pages are loaded or viewed

●       Usage and browsing information collected through Cookies

Audio Information

●     Customer service call recordings. 

 

 

 

 

 

 

 

 

Provider Data

Professional information of healthcare providers; for example, physicians, physician assistants, nurse practitioners, etc.

This may include:

●       Licenses

●       Registrations

●       Education

●       Specialty

●       Certifications

●       Practice locations

●       Professional financial information,

●       Tax identifiers

●       Any other information that may be obtained from credentialing applications

Verisys does not target children and does not collect personal information of children under the age of 16.

Verisys does not collect or process Personal Health Information (PHI), as defined by the Health Insurance Portability and Accountability Act, in the normal course of business. Any PHI received by Verisys is inadvertent and will be promptly returned to the source and/or securely removed from all systems.

SOURCES OF INFORMATION:

Verisys may receive personal data about consumers directly from the consumer, from publicly available information, or from Verisys partners and customers.

  • Consumers: Verisys may collect personal information directly from consumers. For example, personal information may be collected from system users and visitors to Verisys public websites.
  • Verisys Customers: To properly provide contracted services, customers may provide personal information to Verisys for background screening or credentialing services or may collect data from consumers on behalf of Verisys customers. This data may only be used in accordance with the agreements between Verisys and their customers.
  • Publicly available information: Verisys may obtain personal information from publicly available records, such as data published by professional licensing boards or regulatory bodies. Verisys handles all publicly available information in compliance with relevant statutes and terms of service.
  • Identity Verification Record Provider: Verisys obtains personal information from identity verification service providers. These vendors furnish records that enable Verisys to verify consumers’ identities. The utilization of these records is regulated by vendor agreements and in compliance with all relevant laws.

 

HOW VERISYS USES PERSONAL INFORMATION:

Verisys may use or disclose personal information as follows:

  • By delivery of services its customers have requested;
  • By operation of its website;
  • By responding to consumer’s questions and requests;
  • By enabling Verisys suppliers and service providers to carry out certain functions on Verisys behalf, including contracted and technical services;
  • By ensuring the security of its business and prevent or detect fraud or abuses of Verisys sites;
  • By developing and improving its products and services;
  • By complying with applicable law, specifically in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Additionally, Verisys may use or disclose sensitive personal information as follows:

  • By delivery of the services its customers have requested in accordance with all applicable contracts and agreements;
  • By responding to consumer’s questions and requests;
  • By enabling its suppliers and service providers to carry out certain functions on Verisys behalf, including contracted and technical services;
  • By ensuring the security of its business and prevent or detect fraud or abuses of Verisys sites;
  • By complying with applicable law, specifically in response to a request from a court or regulatory body, where such request is made in accordance with the law.

Sensitive personal information, such as a consumer’s social security number or ethnicity, is never sold to Verisys customers or third parties.

Automated Processing Activities:

Verisys processing activities may include automated processing activities, such as automated professional license verifications or sanctions screening. Customers may limit automated processing activities as long as such limitation does not interfere with Verisys business operations and ability to provide the contracted services.

Verisys recognizes that its processing activities can have a significant impact on a consumer’s employment opportunity. Verisys has taken steps to ensure that these processing activities do not unfairly discriminate against any individual. All verifications with the potential to adversely impact consumers are reviewed by staff prior to reporting to Verisys customers.

Processing by Third-Party:

Verisys may use third-party service providers for data processing unless such processing is prohibited by the customer.

Disclosure of Information:

Verisys has a strict policy on the confidentiality of personal information and will not disclose any data without prior permission from Verisys customers or consumers. In the event that Verisys receives a court order or warrant, Verisys will disclose information as required by law enforcement. However, any disclosure will be limited solely to the information specified in the order or warrant.

Limitations:

Personal information provided to Verisys by its customers is processed per the agreements between Verisys and its customers. This personal information is not:

  • Sold to any other third parties;
  • Retained, used, or disclosed for any purpose other than those specified in the Agreement, except as permitted by U.S. Privacy Laws;
  • Retained, used, or disclosed for any commercial purpose other than the business purposes specified in the Agreement (s), including the servicing of a different business;
  • Retained, used, or disclosed outside the direct business relationship between Verisys and that customer (for example, Verisys will not combine or update that Personal Data with data received from another source);
  • Combined with other data received from third parties except as directed by Verisys customers.

SALE OR SHARING OF CONSUMER’S PERSONAL INFORMATION:

Verisys may sell the following categories of information to Verisys customers for credentialing and employment screening purposes

  • Professional and Employment-Related Information or Provider Data
  • Education Records

These activities are regulated by the Fair Credit Reporting Act.

All categories of personal data Verisys collects, including sensitive personal information, may be shared with service providers acting on Verisys behalf to provide contracted services to Verisys customers. Service providers are restricted from using any personal information for any other purpose. 

Sensitive personal information is never sold.

PROTECTION OF PERSONAL INFORMATION:

Verisys believes that privacy relies on effective data security. Verisys uses administrative, technical, and physical safeguards to protect personal data, considering the nature of the personal data and the processing, and the threats posed. Verisys is constantly working to improve on these safeguards to help keep data secure.

COOKIES AND OTHER TECHNOLOGIES:

Verisys websites, online services, applications, and advertisements may use “cookies” and other technologies such as tokens. These technologies help to better understand user behavior, improve security and fraud prevention, tell us which parts of Verisys websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches.

Verisys typically considers data collected through cookies and similar technologies as non-personal data as it cannot identify a specific user. However, when accessing Verisys services that necessitate a login, necessary cookies may gather user-specific information such as username and device IDs to ensure proper system functionality.

Verisys does not utilize personal information collected through cookies for targeted marketing or profiling purposes.

LINKS TO OTHER WEBSITES:

Some Verisys sites and services may contain links to other sites. If you access other sites using the links provided, the operators of those sites may collect information from you which will be used by them, in accordance with their own privacy policies. Verisys is not responsible for the privacy practices of other sites. We encourage you to become familiar with the privacy policies of any other sites which you visit, including sites linked from the Verisys site.

CONSUMER RIGHTS:

Verisys respects a consumer’s ability to know what data Verisys holds and to access consumer’s data, as well as consumer’s right to request correction, transfer, restrict the processing of, and delete consumer’s personal data that Verisys controls. Verisys has provided these rights to Verisys global customer base and if consumers choose to exercise these privacy rights, consumers have the right not to be treated in a discriminatory way nor to receive a lesser degree of service from us.

Where Verisys acts as a service provider to one of Verisys customers and does not control the processing of consumer’s personal information, consumers must contact the data controller to exercise these rights. Please contact the Verisys privacy team for additional information about exercising consumer’s rights.

Under the Fair Credit Reporting Act, consumers have the right to request a copy of their consumer file and correct inaccurate or incomplete information. For more information regarding consumer’s rights under the FCRA, please visit the Summary of FCRA Rights.

To request a copy of a FCRA Consumer File: Consumers may submit a File Disclosure Request here.

To correct inaccurate or incomplete information: Consumers may File a Dispute here.

Consumers can unsubscribe from alerts, emails, or e-newsletters at unsubscribe@verisys.com.

For all other requests and questions regarding consumer’s personal information please contact the Verisys privacy team at myaccount@verisys.com.

 

Last Updated: 8/15 /2024

 

 

 

 

 

 

 

 

 

DEFINITIONS:

Consumer Report: (FCRA 15 U.S.C. §1681a) any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for—

(A) credit or insurance to be used primarily for personal, family, or household purposes;

(B) employment purposes; or

(C) any other purpose authorized under section 1681b of this title.

 

Non-Public Personal Information (NPPI): (GLBA 15 U.S.C §6809) means personally identifiable financial information—

(i)provided by a consumer to a financial institution;

(ii)resulting from any transaction with the consumer or any service performed for the consumer; or

(iii)otherwise obtained by the financial institution.

 

Personally Identifiable Information (PII) (2 C.F.R. §200.1) – means information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. Some information that is considered to be PII is available in public sources such as telephone books, public websites, and university listings. This type of information is considered to be Public PII and includes, for example, first and last name, address, work telephone number, email address, home telephone number, and general educational credentials. The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. Non-PII can become PII whenever additional information is made publicly available, in any medium and from any source, that, when combined with other available information, could be used to identify an individual.

Protected Health Information (PHI): (HIPAA 45 C.F.R. § 160.103) is broadly defined as individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, that is transmitted or maintained in any form or medium. This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, or health care clearinghouse. No PII/NPPI information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.

Protected Personally Identifiable Information (PPII): (2 C.F.R. §200.1) means an individual’s first name or first initial and last name in combination with any one or more of types of information, including, but not limited to, social security number, passport number, credit card numbers, clearances, bank numbers, biometrics, date and place of birth, mother’s maiden name, criminal, medical and financial records, educational transcripts. This does not include PII that is required by law to be disclosed. See also the definition of Personally Identifiable Information (PII) in this section.

 “Sensitive personal information” means: (1) Personal information that reveals:

(A) A consumer’s social security, driver’s license, state identification card, or passport number.

(B) A consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.

(C) A consumer’s precise geolocation.

(D) A consumer’s racial or ethnic origin, citizenship or immigration status, religious or philosophical beliefs, or union membership.

(E) The contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.

(F) A consumer’s genetic data.

(2) (A) The processing of biometric information for the purpose of uniquely identifying a consumer.

(B) Personal information collected and analyzed concerning a consumer’s health.

(C) Personal information collected and analyzed concerning a consumer’s sex life

(3) Sensitive personal information that is “publicly available” pursuant to paragraph (2) of subdivision (v) shall not be considered sensitive personal information or personal information