Terms & Conditions

1. Changes and Updates. These Terms of Use may change from time to time and changes will be posted here so that you will always be aware of our Terms of Use. By using the MHDC website or doing any of the activities described above after changes have been made to these Terms of Use, you agree to accept these changes.
2. User’s Responsibilities and Obligations. You agree that you have the legal right and ability to agree to these Terms of Use and that you will use the MHDC website in a manner consistent with these Terms of Use.
3. Unauthorized Use/Misuse. Unauthorized entry (commonly referred to as hacking) into any portion of the MHDC website, or misuse (for fraudulent, malicious and/or deceptive purposes) may constitute crimes or torts under state or federal law. Any such violations will be pursued and prosecuted to the fullest extent permitted by law.

Disclaimer & Limitation of Liability
MHDC supplies all information posted on this website. While we try to maintain only current and accurate information, we disclaim any implied warranty or representation about its accuracy or completeness, or appropriateness for a particular purpose. Information on this website may be updated at any time and without notice.  As the recipient of this information, you assume full responsibility for using the information on this website, and you understand and agree that MHDC is neither responsible nor liable for any claim, loss, or damage resulting from its use. Any information and resources on this website are made available to you solely for informational purposes and are not intended to be specific to your situation. It does not constitute direct advice and is not intended to be a substitute for professional services. When you access the MHDC website, conduct any transaction, use any functionality or tool, or access information on or through our websites, you are agreeing to accept the legal disclaimers and adhere to our privacy and security policies set forth on our website. In no event shall MHDC be liable for any direct, indirect, special, punitive, incidental, exemplary, or consequential damages, or any damages whatsoever resulting from any loss of use, loss of profits, litigation, or any other pecuniary loss, whether based on breach of contract, tort (including negligence), product liability, or otherwise, arising out of or in any way connected with this website or the provision of or failure to make available any such products, goods, or services, even if advised of the possibility of such damages.

Privacy Policy

Last Updated: April 2026

At the Massachusetts Health Data Consortium (“MHDC,” “we,” “our,” and “us”), the protection of the information we collect about you is important to us. This privacy policy (“Privacy Policy”) applies to any websites (including https://www.mahealthdata.org/, our “Website”) and any related products and services, including any associated interactive features, widgets, plug-ins, applications, content, platforms, downloads and other services we may offer to you that posts a link to this Privacy Policy (collectively, the “Services”), regardless of how you access or use them, whether via personal computer, browser, laptop, tablet, mobile phone or other device (each a “Device”). To the extent that we provide you with notice through our Services of different or additional privacy policies or practices (e.g., at the point of collection), those additional privacy policies shall govern such data collection and use.

By using or accessing our Services or by submitting information to MHDC, you consent to the terms of this Privacy Policy.

In addition to reading this Privacy Policy, please review our Terms of Use, which governs your use of our Services. If you do not agree to our Terms of Use and the collection, use and sharing of your information as detailed in this Privacy Policy, please do not access or otherwise use our Services or any information or content accessible on our Services.

We reserve the right to change this Privacy Policy at any time, and we will post a notice or inform you of any such ‎changes on our Website. Your use of our Services following the posting of an updated Privacy Policy constitutes your acceptance of such updated Privacy Policy. We reserve the right to apply the amended terms to the information that we have already collected, subject to any legal constraints. We will not, however, use your previously collected Personal Information in a manner materially different than represented at the time of collection. To the extent any provision of this Privacy Policy is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

Please note that this Privacy Policy applies only to our information-gathering, use, and ‎dissemination practices in connection with our Services. This Privacy Policy does not apply to ‎any of our information practices conducted separately by MHDC outside of our Services.‎

1. Information Collection.

We collect information from you in several ways, including when you choose to share information with us by entering it through our Services, such as through our web platforms and by using automated processes. We also collect information about your transactions with us, such as any information you submit to us through our Services.

(a) Information You Provide.

We may ask you and you may choose to provide certain “Personal Information” to us, which is information that identifies you personally, such as your first and last name, e-mail address, employer, and other information that you provide in order to access our Services. This information you submit may also include posts, comments, photos, messages, feedback, and other content you generate when you interact with our Services. We may collect this information in a variety of places, including submission forms, through our Services in its various forms including any applications, and through our platform.

(b) Information About Third Parties.

By submitting Personal Information about any third-party, you represent and warrant to MHDC that you have the consent of the third-party or other valid legal right to do so, and that the information you submit is factually accurate.

(c) Automated Information Collection.

In addition to any information that you choose to submit to us via our Services, we and our third-party service providers may use a variety of technologies that automatically (or passively) store or collect certain information whenever you visit or interact with our Services (“Usage Information”). This Usage Information may be stored or accessed using a variety of technologies that may be downloaded to your Device whenever you visit or interact with our
Services. To the extent we associate Usage Information with your Personal Information we collect directly from you through our Services, we will treat it as Personal Information.

This Usage Information may include:

• your IP address, UDID or other unique identifier (“Device Identifier”). A Device Identifier is a number that is automatically assigned to your Device used to access our Services, and our computers identify your Device by its Device Identifier;
• your Internet Service Provider (ISP);
• your Device functionality (including browser, operating system, hardware, mobile network information);
• the URL that referred you to our Services;
• the areas within our Services that you visit and your activities there, including remembering you and your preferences;
• your Device location;
• your Device characteristics; and
• certain other descriptive data, including the time of day, among other information.

Tracking Technologies. We may use various methods and technologies to store or collect Usage Information (“Tracking Technologies”). Tracking Technologies may set, change, alter or modify settings or configurations on your Device. A few of the Tracking Technologies include, without limitation, the following (and subsequent technology and methods later developed):

• Cookies. A cookie is a data file placed on a Device when it is used to visit our Services. HTML5 cookies can be programmed through HTML5 local storage.
• Web Beacons. Small graphic images or other web programming code called web beacons (also known as “1×1 GIFs” or “clear GIFs”) may be included in the pages and messages of our Services. Web beacons may be invisible to you, but any electronic image or other web programming code inserted into a page or e-mail can act as a web beacon. Web beacons or similar technologies may be used for a number of purposes, including, without limitation, to count visitors to our Services, to monitor how users navigate our Services, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed.
• Embedded Scripts. An embedded script is programming code that is designed to collect information about your interactions with our Services, such as the links you click on. The code is temporarily downloaded onto your Device from our web server or a third-party service provider, is active only while you are connected to our Services and is deactivated or deleted thereafter.
• Browser Fingerprinting. Collection and analysis of information from your Device, such as, without limitation, your operating system, plug-ins, system fonts and other data, for purposes of identification.
• ETag, or Entity Tag. A feature of the cache in browsers. It is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of Device Identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, and/or HTML5 cookies.
• Recognition Technologies. Technologies, including application of statistical probability to data sets, which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices in the same user).
• Session Replay / Pixel Tracking. We do not utilize Tracking Technologies for purposes of session replay and pixel tracking.

Tracking Technologies Usage. We may use Tracking Technologies for a variety of purposes, including:

• Strictly Necessary. We may use cookies or other Tracking Technologies that we consider as strictly necessary to allow you to use and access our Services, including cookies required to prevent fraudulent activity and improve security.
• Performance‑Related. We may use cookies or other Tracking Technologies that are useful in order to assess the performance of our Services, including as part of our analytic practices or otherwise to improve the content, products or services offered through our Services.
• Functionality‑Related. We may use cookies or other Tracking Technologies that are required to offer you enhanced functionality when accessing our Services, including identifying you when you sign‑in to our Services or keeping track of our specified preferences, including in terms of the presentation of content on our Services.
• Targeting‑Related. We may use Tracking Technologies to deliver content relevant to your interests on our Services and third-party sites based on how you interact with our content. This may include using Tracking Technologies to understand the usefulness to you of the content that has been delivered to you.

2. Use of Collected Information.

We may use the information that we collect from you to carry out our contractual obligations as described in our agreement with you, authenticate you, and allow you access our Services. We may use your information to process your requests or further process the information you provide to us. We may anonymize or aggregate your information for analytics purposes and for other internal business purposes. We also use your information to provide our Services and to enable you to use certain features of our Services. For example, we use your information to provide and manage your user credentials to our information sharing platform, as part of our Services. We may also use the information that we collect to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us is among the assets transferred. We may also use the information that we collect to customize your experience on our Services, to better tailor our offerings, to improve our Services and the content provided on and through our Services, to provide support, to enforce the terms of our agreement with you or another user, to meet our legal obligations or to inform a legal proceeding.

We may also use the information we collect from you for additional purposes with your consent.

We also use your information for specific purposes that may be regulated by applicable law. You may have additional rights under applicable law, which permit you to modify how we process your information or limit our use of your information. Where required by law, we will seek your consent for these processing activities.

3. Information Sharing.

We may share the information that we collect from you, including Personal Information, with third parties for a variety of purposes. For example, we may share information with third party business partners and service providers who participate or assist us in our business operations. These partners may provide us with IT support, hosting, payment processing, identity verification, onboarding services, customer service, and related services.

We may also share information where required by law or to satisfy any applicable law, regulation, subpoena, government request, or other legal process. We may also share information with third parties, including law enforcement, to protect our Services, and to enforce the Agreement. We also reserve the right to share the information that we collect with our subsidiaries and affiliates for marketing and other business purposes and with any subsequent owner in the event of a merger, consolidation, sale of our assets, or other change in our business, including during the course of any due diligence process.

(a) Third-Party Organizations.

We may provide certain parts of our Services in association with third parties, such as subcontractors, affiliates or promotional partners. If you choose to use these areas of the Services, we may share your information with the identified third-party, and that third-party may also collect information from you, in addition to the information that we collect, as described above. You should review the privacy policies of those identified third parties to understand how they collect and use information.

(b) Links to Third-Party Websites.

Our Services may include links to third-party websites or other online services. We are not responsible for these other sites and services, and they may collect and use information about you. You should review the privacy policies for such third parties before using their sites or services to understand how they collect and use information.

(c) Third-Party Tracking and Do Not Track.

Third parties may use tracking technologies in connection with our Services, which may include the collection of information about your online activities over time and across third-party websites. This Privacy Policy does not apply to these third-party technologies because we may not control them and we are not responsible for them. Do Not Track is a technology that enables users to opt out of tracking by websites they do not visit. Currently, we do not monitor or take any action with respect to Do Not Track technology.

(d) Analytic Services and Targeted Ads.

We use third-party analytics services, like Google Analytics, to collect, monitor and analyze data we collect through our Services to better understand how our Services are used and to improve their functionality. These services may track details about your online activities over time and across different websites. These services may also allow us and others to provide you with targeted advertisements or other content that you may be interested in based on your online activities.

The Google Analytics service tracks and reports website traffic and provides us insight into behavior information relating to visitor age, gender and interests. Google Analytics Demographics and Interest Reporting give us insight into behavior to help us understand browsing behavior and give you a better experience when you visit our Website. You can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

These third-party services have their own privacy policies addressing how they use such information. We recommend you review their privacy policies. If you want to prevent your data from being used by Google Analytics, you may wish to take advantage of Google Analytics’ currently available opt-outs for the web.

If you would like to learn more about targeted ads that may be based on your online activities, and the choices that you may exercise for certain sites and advertisers, you may wish to visit the Network Advertising Initiative or the Digital Advertising Alliance.

4. Information Protection and Retention.

We use commercially reasonable and industry standard security technologies and safeguards to protect the information that we collect and use. We also expect our service providers to protect information in the same manner. However, no data transmission over the Internet, mobile networks, wireless transmission or electronic storage of information can be guaranteed 100% secure. Please note that we cannot guarantee the security of any information you transmit to us.

We store the Personal Information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws, or based upon other criteria, including, but not limited to, the sensitivity and volume of such data. Additionally, we retain all such Personal Information in accordance with legal requirements.

5. Users Outside of the United States.

If you are from a non-U.S. country, please be aware that the personal information you submit, including information provided through our Services, is being sent to a location in the United States. The data protection laws in the United States are likely different from those of the country in which you are located, and your personal information may be subject to access requests from governments, courts, or law enforcement in the United States according to laws of the United States. By providing such personal information through the Services, you are consenting to (and represent that you have authority to consent to), the transfer of such information to the United States for the uses and purposes described in this Privacy Policy. Without limiting the above, for the avoidance of doubt we do not have an establishment or target ‎people in the EEA or UK.

6. Social Security Protection Policy Statement‎

It is our policy to protect the confidentiality of Social Security numbers (SSNs) ‎from ‎misuse ‎and improper disclosure by maintaining and enforcing physical, ‎‎‎electronic, and procedural ‎‎safeguards. We prohibit unlawful disclosure of ‎SSNs, and limit access to SSNs to our ‎personnel ‎who need access to SSNs in ‎order to perform their job functions. We do not ‎disclose SSNs to ‎third parties ‎except where required or ‎‎permitted by law.‎

7. Children’s Privacy.

Our sites and applications are intended for general audiences, and we do not knowingly seek or collect personal information from children under the age of eighteen (18). In accordance with the Child Online Privacy Protection Act, in the event that we learn that we have collected personal information from a child under age eighteen (18) without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any personal information from or about a minor, please contact us at info@mahealthdata.org.

8. Contact Us.