This notice describes how personally identifiable information about you (the data subject) may be collected, used, and disclosed, and how you can get access to this information. Please review it carefully.

Introduction

Advance Medical, Inc. collects personal, medical data about and from individuals (data subjects) who have provided fully informed consent. Collected personal data is never shared for any purpose other than as defined in this notice and strictly for the purpose of rendering an expert second medical opinion for the benefit of the person identified by the data collected. Such data is permanently de-identified when the data subject is no longer eligible for the expert second medical opinion report and service which is the sole product of Advance Medical, Inc.

Scope

Advance Medical, Inc. operates globally and is committed to full compliance with all laws and regulations of any jurisdiction within which it operates. This particularly applies to all privacy laws and regulations.

Global policy, fundamental principles

Advance Medical, Inc.’s Privacy Policy complies with the general provisions and basic principles of the Madrid Resolution. (See: International Conference of Data Protection and Privacy Commissioners, Madrid, 5th November 2009)

  • Personal data must be processed lawfully and fairly
  • Limit private data usage to legitimate fulfilment of a specific purpose as defined by informed consent of the data subject.(Person the data is about)
  • Limit processing and storage to minimum necessary
  • Accurate and sufficient to consented purpose
  • Open, transparent privacy policies
  • Accountability for compliant privacy measures
  • Legitimacy: informed consent, adherence to law, easy path to withdraw consent.
  • Definition and protection of sensitive data
  • Third party privacy controls
  • International transfers must adhere to Madrid Resolution principles.
  • Data Subject’s rights to concise, timely, comprehensive information regarding data about them and related processing and usage.
  • Data subject’s right to rectification of data: incomplete, inaccurate, unnecessary or excessive.
  • Data subject’s right to object –subject to law and necessary processing.
  • Must implement procedures to support data subject’s exercise of their rights.
  • Security Measures: Technical and procedural support for integrity, confidentiality and availability must be provided.
  • Maintain the confidentiality even after relationship to data subject has terminated.
  • Proactive measures: prevention, detection, organization, privacy/security officer, training, independent audits, privacy impact assessments, and policies and procedures.

International data transfers

Advance Medical, Inc. is committed to full compliance with the regulations of the exporting jurisdiction (county the data subject is a citizen of), the importing jurisdiction (where the processing, retention and disclosures take place) and applicable global agreements between such governmental jurisdictions. Advance Medical, Inc.’s operations in each importing jurisdiction have implemented appropriate measures in order to comply with exporting jurisdiction privacy regulations and laws.

General Definitions

Binding Corporate Rules ("BCRs") are European Union (EU) defined templates for binding (enforceable) corporate policies that define how PHI/PII are to be handled.

Data Privacy Authorities (DPA) are the designated governmental agency in each EU country designated to deal with privacy issues.

Standard Contractual Clauses ("SCCs") are contract clauses between parties exporting and importing PHI/PII.

The term “data subject” and the term “you” mean the person identified by the data.

Advance Medical, Inc.’s contracts between exporting and importing entities implement SCCs wherever appropriate and feasible.

Advance Medical, Inc.’s corporate privacy policies while in compliance with privacy policy recommendation of the EU have not been reviewed by the relative Data Privacy Authorities. (DPA).

Advance Medical’s Obligations

  • Maintain the privacy of data subject’s personal data
  • Provide data subject with a notice as to our legal duties and privacy practices with respect to information we collect and maintain about the data subject
  • Abide by the terms of this notice
  • Notify data subject if we are unable to agree to a requested restriction
  • Accommodate reasonable requests data subject may have to communicate health information by alternative means or at alternative locations, or to correct data subject’s information

Advance Medical’s Obligations

  • Personally Identifiable Information (PII) is information or data that directly identifies an individual or that when used in combination with information available publicly or to Advance Medical, Inc., may provide a high probability of identifying an individual.
  • Protected Healthcare Information (PHI) is PII that in addition contains health data about the individual identified by the data.
  • Data is constrained to be relevant and reliable for the purpose it was collected. Integrity and security controls are in place and monitored to maintain the accuracy of the data.

How data is used

  • Advance Medical, Inc. uses and discloses PHI in creating a medical case history, identifying physician consultants, and producing the Expert Medical Opinion Report (the “Report”) as the primary component of our Expert Medical Opinion Service (the Service).
  • Advance Medical, Inc. does not share PHI for any purpose not both defined in this notice and required for the production of the Service and Report.
  • Examples of Disclosures for Treatment, Payment and Health Operations (TPO).Advance Medical may collect protected health information (PHI) for use in our Expert Medical Opinion Service (the “Service”). The information will be used and disclosed in creating a medical case and history, identifying physician consultants, and producing the Expert Medical Opinion Report (the “Report”). Advance Medical may disclose your health information to case managers, clinical committee members, administrators who will use the information to process your case and other individuals who are involved in providing the Service or generating your Report. In some cases your information may be sent to an outside consulting physician or other consulting medical professionals. For example, a case manager may share your information with a medical director in order to identify an appropriate consulting physician for your case. The case manager may share the information with the consulting physician. We will ask these consultants to sign agreements requiring them to preserve the confidentiality of this information.
  • Other Uses of Data: Advance Medical also may use your health information to review or evaluate the performance of our systems in providing the Service to you and to improve the quality or timeliness of our services. Advance Medical also may create de-identified information based upon information you have provided to us. De-identified information is information that does not include your name, address, birth date, or other information that could be used to identify you. This de-identified information could be used for quality improvement, research and other purposes. For example, Advance Medical could use this de-identified information to demonstrate the reliability of our information management systems or to generate medical research information. We would not identify you by name or other personally identifying data in any resulting reports or other information. Advance Medical may disclose information in order to contact you during the course of providing services to you as either part of the ongoing process or as part of an effort to follow-up with you after using the Service or if there is an opportunity to inform you about additional services of interest. We may contact you through the mail, over e-mail or through the phone.
  • Online Activity Tracking and Advertising: We collect information about your activity on Our Site through using technologies such as cookies, and server log files.
  • We do not use third-party cookies or non-Advance Medical web beacons i.e. Web based data collection by other than Advance Medical. I.E. we do not use advertising or tracking links. We use this automatically generated information to provide you with an optimal website experience. This includes measuring the effectiveness of our web pages and your interactions with them in order make using our pages as easy for you as possible.
  • Our site and related applications will generate log files tracking who has had access to your PHI and or PII.
  • Other Disclosures Mandated by Law: Advance Medical may be called upon to disclose PHI by a duly empowered branch of Government in any country in which our patients are a citizen. The following is a list of U.S.A. government agencies that may require Advance Medical to disclose protected heath information without your authorization.
  • Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
  • Workers compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
  • Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
  • Correctional institution: Should you be an inmate of a correctional institution, we may disclose to the institution or agents thereof health information necessary for your health and the health and safety of other individuals.
  • Law enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena.
  • Federal oversight agency: Federal law makes provisions for your health information to be released to an appropriate health oversight agency, public health authority or attorney, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers, or the public.
  • Victims of abuse: To protect victims of neglect or domestic violence
  • Judicial and administrative processes: For judicial proceedings after proper legal process.
  • Other uses or disclosures about your medical information may require your written authorization. You may revoke that authorization at any time but that revocation will not affect any use or disclosure made prior to revocation. Advance Medical may disclose information to you, to your representative or to another individual designated by you.

Data Retention

  • Advance Medical, Inc. retains PHI as long as it is required for the purpose of providing the “Expert Medical Opinion Service” (Service) to the individual identified by the PHI.
  • When the identified individual is no longer eligible for the Service, through specific request by the individual or other event that removes the individual from eligibility then the PHI is permanently de-identified in accordance with the U.S. Department of Health and Human Services (DHHS) specifications. Any and all codes, links, or other data that could be used to relate the de-identified data to the identity of the individual are permanently destroyed.
  • Such permanently de-identified data is no longer PHI and is retained by Advance Medical, Inc. indefinitely. Note that it is not possible to identify you from this de-identified data.

Notice

  • We will make our privacy commitments easy to find and easy to read.
  • Each individual about whom Advance Medical, Inc. collects PHI or PII (the data) is ensured to be aware of what data we are collecting, the usage and purpose of the data collected, the individual’s ability to control that usage, and the retention period of that collected data.
  • We will listen to your feedback and answer your questions about our Privacy Policy, commitments, and practices.
  • We reserve the right to change our practices and to make the new provisions effective for all PHI and PII we maintain. We will not use or disclose your health information without your authorization, except as described in this notice. If you have a question or would like a copy of this notice or would like additional information, you may contact us. If you believe your privacy rights have been violated, you may file a complaint with Advance Medical, with the U.S.A Secretary of Health and Human Services (HHS), or the U.S.A. Federal Trade Commission (FTC). There will be no retaliation for filing a complaint.

Choice

  • We do not share the data about you outside Advance Medical, Inc. except as explicitly defined in this “Privacy Notice. Individuals have the option to opt out of the collection and forward transfer of the data to third parties, however this may preclude Advance Medical, Inc. from rendering its services.
  • Renowned expert medical doctors are provided medical data necessary to render an expert medical opinion. They are covered by HIPAA regulations, under contract to Advance Medical (to protect privacy of patients) and in almost all cases the medical history they are provided by Advance Medical has been de-identified.

Your Health Information Rights

  • Request a restriction on certain uses and disclosures of your information.
  • Obtain a paper copy of this privacy notice (information practices) upon request.
  • You have the right to inspect, copy, and amend completed medical records maintained by Advance Medical. (a fee may be applied).
  • Obtain an accounting of disclosures of your health information.
  • Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
  • You have the right to request to receive confidential communications about your health information, such as having information sent to a particular address or in a particular way. In your request specify how you would like us to communicate with you.
  • We may charge you a processing fee for these requests. In some cases we may not honor your requests, such as if disclosing records will cause you harm or if they are part of legal proceedings or if they are part of ongoing legal research.
  • You must include all of the specific information that you want changed, amended, or restricted and the person or categories of persons who should or should not have access to the information. We have the right to deny your requests or ask for additional information.
  • In the event that we deny your request you will be notified of any denial within 60 days and be given additional options or information.
  • We are only obligated to share disclosure accounting for the preceding six years. This accounting will not include disclosures made in the course of providing the Service or generating the Report, as described in this notice.
  • You have the right to make complaints about any possible violation of your Privacy Rights to Advance Medical. Advance Medical will not penalize you for making a complaint.
  • To inspect, modify or restrict your medical records please make a signed and dated written request to:

Privacy Officer
c/o Advance Medical
100 Lowder Brook Drive, Suite 2000
Westwood, MA 02090

Onward Transfer

  • We do not share PII or PHI with any third parties other than as required by the service and report production and documented in this notice. We insist that the vendors, including expert medical doctors under contract to Advance Medical, Inc., that we retain to provide support services to Advance Medical, Inc., adhere to our Privacy Policy and Principles as well as all globally applicable data privacy laws.

Security Enforcement

  • We safeguard the data with tested and certified technical and manual security controls. We educate our employees and service providers on our Privacy Policy and Principles- as well as their roles and responsibilities in complying with them; and we enforce remedial penalties for non-compliance.

Global Compliance

  • We are committed to comply with the applicable data privacy laws in all regions where we conduct business.

Access

  • We strive to keep your Personal Information accurate and current; and we update or disclose it to you whenever you request us to do so. We post our Privacy Policy and Principles on our Web sites and we notify you about any significant amendments thereto. Individuals are able to access information held about them, and correct or delete it if it is inaccurate.
  • Access to Advance Medical sites are access controlled and restricted to registered adult patients, parents or guardians of minor patients, and our own staff of physicians, case managers and medical experts. Advance Medical has implemented manual and technical, physical and electronic security controls to best ensure that our systems and data are secure. These controls are continuously monitored and upgraded as required by changing business processes, new threats and as better security controls become available.

Payment Data

  • Advance Medical does not use PII or PHI for payments.

Privacy Officer
c/o Advance Medical
100 Lowder Brook Drive, Suite 1400
Westwood, MA 02090
617-987-0018
privacyofficer@advance-medical.com