Privacy Policy

Med Communications, Inc Safe Harbor Privacy Policy

Med Communications, Inc. (MC) is a contract medical information call center that works with the pharmaceutical and biotechnology industries. The call center at MC is staffed by administrative staff and drug information pharmacists and nurses. MC functions as a seamless extension of our contracted client companies. This Privacy Policy sets forth the privacy principles MC follows with respect to transfers of personal information from the European Economic Area to the United States.

MC is in compliance with the United States Health Insurance Portability and Accountability Act of 1996 (HIPAA). MC complies with the U.S.-EU Safe Harbor Framework and the U.S.- Swiss Safe Harbor Framework, including Safe Harbor Privacy Principles, developed by the U.S. Department of Commerce and the European Commission and the Federal Data Protection and Information Commissioner of Switzerland. To learn more about the Safe Harbor program, and to view MC’s certification, please visit http://www.export.gov/safeharbor/.

MC respects individual privacy and values the confidence of our contract clients, employees, business partners and others. MC is committed to protecting any personally identifiable information that is collected, transmitted or stored. MC strives at all times to maintain the highest business ethical standards and to comply with the applicable state, federal and international requirements for the protection of personally identifiable information.

 

DEFINITIONS

For the purposes of this Policy, the following definitions shall apply:

“Agent” means any third party that collects or uses personal information under the instructions of, and solely for, MC or to which MC discloses personal information for use on MC’s behalf.

“Customers or Clients” means any individual or company who is currently in contract or in the process of contract with MC in regard to using MC products or services.

“Data Subject” is the person whose personal information is collected, held or processed.

“EEA” is the European Economic Area

“EU” is the European Union

“MC” is Med Communications, Inc.

“Personal Information” is any information or set of information that identifies or can reasonably be used to identify an individual. Personal Information does not include aggregate information that is not individually identifiable. Personal Information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public Personal Information.

 

“Processing” includes obtaining, recording or holding information or data or carrying out any operation, manual or automatic, or set of operations on the information or data.

“Privacy” is the state or condition of limited access to an individual and/or to information about that individual.

“Sensitive Personal Information” is a subset of Personal Information which may include information pertaining to an individual’s specific medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information pertaining to the sex life of the individual.

“Service” may include, but is not limited to, Medical Information, Adverse Event and Product Complaint call center services or other services provided to our Customer.

 

SCOPE AND LIMITATIONS

Scope

This Safe Harbor Privacy Policy applies to all personal information received by MC in the United States from the EEA and from Switzerland, in any format, including electronic, hard copy or verbal.

Limitations

Adherence by MC to these privacy principles may be limited to the extent necessary to meet MC regulatory, legal, governmental or national security obligations.

 

PERSONAL INFORMATION COLLECTED BY MC

MC is committed to protecting an individual’s privacy and the Personal Information that MC receives by ensuring that it is managed appropriately. Personal Information collected by MC is divided in two areas:

Personal Information collected on behalf of a contracted client:

MC received Personal Information on behalf of its contracted clients who engage MC (either directly or through a third party) to receive, store and/or process such Personal Information. This information is collected when the administrative staff and/or pharmacists or nurses of MC respond to inquiries from data subjects (via phone or electronically) that may be related to Medical Information (MI), Adverse Event (AE) or Product Complaint (PC).

Personal Information collected for business development

MC may also collect Personal Information related to its business partners, employment and personal management.

 

PRIVACY PRINCIPLES

MC complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  MC has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement.

 

Notice

 

For Personal Information collected on behalf of contracted clients:

Any Personal Information collected by MC on behalf of contracted clients is the property of that contracted client. The contracted client will be responsible for ensuring that the data subjects are notified about the identity of the data controller or its representatives, the purposes for which it is collecting, processing or maintaining the data, and any further information that may be required by the circumstances under which the data is collected.

Where agreed between MC and the contracted client, MC will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject whom such Personal Information relates.

For Personal Information collected for business development

When MC collects Personal Information related to its business partners, employees and visitors directly from individuals in EU, EEA and/or Switzerland, it will inform them about the type of Personal Information collected, the purposes for which it collects and uses the Personal Information, the types of non-agent third parties to which MC discloses or may disclose that information and the choices and means, if any, MC offers individuals for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to MC, or as soon as practical thereafter, and in any event before MC uses or discloses the information for a purpose other than that for which it was originally collected.

Consistent with the Safe Harbor Principles, MC may not be in a position to furnish notice in certain limited situations. Specifically, notice is not required where the processing of EU Personal Information is necessary to respond to a government inquiry; is required by applicable laws, court orders or government regulations; or is necessary to protect MC’s interests and providing notice would interfere with those interests.

 

CHOICE

For Personal Information collected on behalf of contracted clients

The contracted client will be responsible for offering the data subjects the opportunity to choose the option (opt-in/opt-out) for use and disclosure of Personal Information. Where agreed between MC and the contracted client, MC will use and disclose such information in accordance with the notices provided by the contracted client and the choices made by the data subject to whom such Personal Information relates.

For Personal Information collected for business development

MC will offer individuals the opportunity to choose (opt-in/opt-out) whether their Personal Information is (1) to be disclosed to a non-agent third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, MC will give individuals the opportunity to affirmatively or explicitly (opt-out) consent to the disclosure of the information to a non-agent third party  or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

 

ONWARD TRANSFERS

For Personal Information collected on behalf of contracted clients

MC does not sell, distribute or transfer Personal Information to non-agent third parties. Personal Information collected on behalf of the contracted client is only provided to that contracted client and/or to a third party as defined in contracted client statement of work.

Where MC relies on a third party, it will only transfer Personal Information to its Agent, such as a call center service provider, vendor or other third party acting as a processor of Personal Information for MC when such Agent has provided assurances that it provides at least the same level of protection as is required by this Privacy Policy.

 

For Personal Information collected for business development

Prior to disclosing Personal Information to a third party, MC shall notify the individual of such disclosure and allow the individual the choice (opt-out) of such disclosure. MC shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles and agree in writing to provide an adequate level of privacy protection.

 

SECURITY

MC will take reasonable precautions to protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration, or destruction. MC has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the Information from loss, misuse and unauthorized access or disclosure, alteration or destruction. MC cannot guarantee the security of Information on or transmitted via the Internet.

 

DATA INTEGRITY

For Personal Information collected on behalf of contracted clients

 

MC is dependent upon the data subject to provide accurate, reliable, complete and current Personal Information. Once the Personal Information is received, it will then be forwarded to the relevant contracted client, and until subsequently reviewed, edited (as necessary), and approved by the relevant contracted client (which approval occurs outside of MC), integrity of Personal Information cannot be accepted.

 

For Personal Information collected for business development

MC shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual.  MC takes reasonable steps to ensure that Personal Information received is reliable for its intended use, accurate, complete and current.

 

ACCESS

For Personal Information collected on behalf of contracted clients

Unless otherwise agreed with the contracted client, all requests by data subjects for access to their Personal Information should be directed to the relevant contracted client who typically manages and owns the permanent copies of such Personal Information. If approved by the contracted client, MC will process the request.

 

For Personal Information collected for business development

MC shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in question or where the rights of the persons other than the individual would be violated.

 

ENFORCEMENT

MC has established internal mechanisms to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Safe Harbor Principles. Any MC employee that is determined to be in violation of this policy will be subject to disciplinary action up to and including termination of employment. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints or disputes regarding the use and disclosure of Personal Information in accordance with the Safe Harbor Principles.

 

If a complaint or dispute cannot be resolved through our internal process, we agree to abide by the dispute resolution procedures established by the EU Date Protection Authorities, as well as to cooperate and comply with the Federal Data Protection and Information Commissioner of Switzerland.

 

HOW TO CONTACT US

Please contact us with any questions concerning this Privacy Policy at:

Med Communications, Inc

20 S. Dudley Street, Suite 700

Memphis, Tennessee, 38103

Phone: 901-578-3200

 

AMENDMENTS

MC’s Privacy Policy is not a contract, and it does not create any legal rights or obligations. MC reserves the right to modify or amend this policy statement at any time and in a manner consistent with the requirements of the U.S.-EU Safe Harbor Framework and U.S. – Swiss Safe Harbor Framework. This updated policy will be posted on http://www.medcomminc.com/. We recommend that the policy is reviewed periodically.

 

EFFECTIVE DATE

This Privacy Policy is effective as of October 1st, 2015.