Privacy Policy


MedTrak, Inc. (“MedTrak”) has written this privacy policy (“Policy”) to demonstrate its commitment to privacy and security. MedTrak reserves the right to amend the Policy at any time—these changes will apply to all old and new data collected by MedTrak but will never relax the privacy and security standards currently in place. Any changes to the Policy will be posted on www.caresense.com along with a notice of the policy changes.

MedTrak has implemented a number of procedures and safety measures to protect the privacy and security of personal information according to HIPAA regulations. All tools and services MedTrak provides to users, patients, and visitors are HIPAA compliant. This privacy policy will convey our information collecting, security, and distribution practices.

MedTrak has implemented a number of procedures and safety measures to protect the privacy and security of personal information according to HIPAA regulations. All tools and services MedTrak provides to users, patients, and visitors are HIPAA compliant. This privacy policy will convey our information collecting, security, and distribution practices. MedTrak complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. MedTrak has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.


The privacy policy is divided into four separate sections: User Privacy, Patient Privacy, Potential User and Visitor Privacy, and Additional Information. To view our policies, please refer to the appropriate section.

MedTrak is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

User Privacy

User Data and Information

MedTrak gathers information from users who sign-up for our services (“Service”) through contracts, discussions and the website. Users are required to provide contact information such as name, company name, address, phone number, and email address. This information is used to setup the Service and provide support. Except as required to perform the Service, no information will be disclosed to third parties.

MedTrak also collects and logs information (IP addresses, login attempts) concerning website usage. This information is used to monitor attempted security penetrations, detect technical problems, and review site usage patterns.

Information and data users collect using CareSense and store on MedTrak’s servers will not be reviewed, shared, or disseminated except as stated in the Business Associates Agreement and Software License Agreement or as required by law. Individual records in MedTrak’s databases may be accessed to provide the Service, resolve an issue, evaluate usage patterns, provide support services, or review contractual issues. Users are required to maintain the security of their User Name and password as outlined in MedTrak’s password policy.

MedTrak uses aggregated, de-identified information and data to create marketing statistics and average scores viewable by all users. Marketing statistics will be made available to third parties.

Discontinue Use Policy – Users

Users may request that MedTrak discontinues use of their contact information by contacting their MedTrak representative or by emailing info@caresense.com.


Patient Privacy

Notice

Personal information will only be collected by MedTrak after timely notice of the type of information to be collected, how information will be used, and how information may be shared is given to the patient. MedTrak also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

Choice

Use and disclosure of personal information will be fully described in the consent form given to the patient. If a patient would like to withdraw or refuse consent for a study, the patient should inform his/her doctor and MedTrak. A patient will always make the choice about the ways that personal information is used and disclosed.

Relevance

Only as much personal information that is needed to complete the study will be collected and used. Personal information will be used in a manner consistent with the consent provided by the patient. Only patient name, date of birth, and email address will be collected under Privacy Shield. Patient name and date of birth will be used to match patient records properly, and the email address will be used to collect information from the patient outside of the office.

Retention

Personal information will be stored only as long as is necessary for the purposes for which it was collected, or as permitted by law. Personal information will not be shared with third parties.

Accuracy

Appropriate steps will be taken to ensure all personal information stored by MedTrak is complete and accurate.

Access

MedTrak acknowledges that individuals have the right to access the personal information/data that we maintain about them. Patients will be provided access to their own personal information stored on MedTrak’s servers in order to correct any problems or delete it. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his query to info@caresense.com. If requested to remove data, we will respond within a reasonable timeframe.

Security

MedTrak provides high quality security controls and protocols to ensure that all information and data is protected against loss, misuse, alteration, or unintentional destruction. MedTrak employs Secure Sockets Layer (SSL) technology to protect information traveling to and from the website and a firewall to block unauthorized use of the web server and database. Information and data are protected by access controls, passwords, employee training regarding security issues, and storage of sensitive information in locked offices, encrypted files, or behind the firewall.

Transfer

MedTrak does not currently transfer personal information to third parties. If we ever were to engage in any onward transfers of your data with third parties, for a purpose other than which it was originally collected or subsequently authorized, we would provide you with an opt-out choice to limit the use and disclosure of your personal data.

In cases of onward transfer to third parties of data of EU individuals received pursuant to the EU-US Privacy Shield occur in the future, MedTrak is potentially liable.


Potential User and Visitor Privacy

Potential users may sign-up on www.caresense.com to be contacted by a MedTrak representative. They will submit contact information that will only be used to set-up an appointment or demonstration.

MedTrak logs visitor IP addresses and activity. This information is used to monitor attempted security penetrations, detect technical problems, and review site usage patterns.

Additional Information

In compliance with the EU-US Privacy Shield Principles, MedTrak commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact MedTrak at:

MedTrak, Inc.
Attn: Privacy Complaints
1100 East Hector Street, Ste. 457
Conshohocken, PA 19428
Phone: 484-532-7587
Email: info@caresense.com


MedTrak has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.


Version 1.2
Last Updated: September 1st, 2016