 |
|
MedTrak, Inc. (“MedTrak”) has written this privacy policy
(“Policy”) to demonstrate our commitment to privacy and security. We reserve
the right to change our Policy at any time—these changes will apply to all old and
new information and data collected by MedTrak. Any changes to the Policy will be posted on our website
(www.orthosight.com) along with a notice of the policy changes.
MedTrak has implemented a number of procedures and safety
measures to protect the privacy and security of personal information according
to HIPAA regulations. All tools and services MedTrak provides to users,
patients, and visitors are HIPAA compliant. This privacy policy will convey our information collecting, security,
and distribution practices.
The privacy policy is divided into five separate sections: User Privacy, Patient Privacy, Potential User
and Visitor Privacy, Security, and Additional Information. To view our policies, please refer to the
appropriate section.
User Privacy
User Data and Information
MedTrak gathers information from users who sign-up for our
services (“Service”) through contracts, discussions and the website. Users are required to provide contact
information such as name, company name, address, phone number, and email address. This information is used to setup the Service
and provide support. Except as required to perform the Service, no information
will be disclosed to third parties.
MedTrak also collects and logs information (IP addresses,
login attempts) concerning website usage. This information is used to monitor
attempted security penetrations, detect technical problems, and review site
usage patterns.
Information and data users collect using OrthoSight and
store on MedTrak’s servers will not be reviewed, shared, or disseminated except
as stated in the Business Associates Agreement and Software License Agreement
or as required by law. Individual records in MedTrak’s databases may be
accessed to provide the Service, resolve an issue, evaluate usage patterns,
provide support services, or review contractual issues. Users are required to
maintain the security of their User Name and password as outlined in MedTrak’s
password policy on the website.
MedTrak uses aggregated, de-identified information and data
to create marketing statistics and average scores viewable by all users.
Marketing statistics will be made available to third parties.
Discontinue Use Policy – Users
Users may request that MedTrak discontinues use of their
contact information by contacting their MedTrak representative or by emailing info@orthosight.com.
Modify or Update Information
Contact and billing information can be updated on the secure
home page under “Account Info”.Use of OrthoSight may be discontinued by contacting MedTrak.
Patient Privacy
Patient Data and Information
When OrthoSight is setup for a user, the method of patient
consent is established to make it convenient for the user. Patient information will be partially
de-identified by encrypting social security numbers. Only authorized personnel are then allowed to
view social security numbers.
Discontinue Use Policy – Patients
If a patient would like to withdraw or refuse consent for a
study, the patient should inform his/her doctor, who will be responsible for
informing MedTrak. All information that the patient submitted during the study will be marked appropraitely in the
database.
Accessing Submitted Information
If a patient would like to view the results of the information he/she submitted, the patient should inform his/her doctor.
The doctor can request that MedTrak generates a summary report to give to the patient.
Potential User and Visitor Privacy
Potential users may sign-up on www.orthosight.com to be
contacted by a MedTrak representative. They will submit contact information that will only be used to set-up an
appointment or demonstration.
MedTrak logs visitor IP addresses and activity. This
information is used to monitor attempted security penetrations, detect
technical problems, and review site usage patterns.
Security
MedTrak provides high quality security controls and
protocols to ensure that all information and data is protected against loss,
misuse, alteration, or unintentional destruction. MedTrak employs Secure
Sockets Layer (SSL) technology to protect information traveling to and from the
website and a firewall to block unauthorized use of the web server and database. Information and data are protected by access
controls, passwords, employee training regarding security issues, and storage
of sensitive information in locked offices, encrypted files, or behind the
firewall.
Additional Information
Questions, complaints, or comments regarding the privacy
practices of MedTrak should be directed to a MedTrak representative by emailing
info@orthosight.com or by calling 610-789-6644. Written complaints may be mailed to the following address:
MedTrak, Inc.
525 West Chester Pike
Suite 314
Havertown, PA
19083
Version 1.0
Last Updated: 10/13/2005
|
|
|
|
|
|
