Effective: 1 November 2016
MDDX recognizes the critical value and importance of privacy in digitally stored personal data. Part of the service we provide to our clients can put us in possession of your personal data. All data placed in our custody is subject to rigid and continuous protection. Beyond our own strict handling, storage, and transmission procedures, we also comply with the U.S. – E.U. Privacy Shield Principles.
INFORMATION WE CONTROL
MDDX does not directly collect any data or information. The data in our custody has been previously collected by medical providers with the direct consent of the individuals. Further that data has been or will be de-identified while in the custody of MDDX. All personally identifying data we receive is promptly de-identified for further protection and securely stored in encrypted environments.
HOW WE USE THIS INFORMATION
We do not use any personal data. Our software is designed to specifically search for and de-identify all personally identifying information and remove if from your record. We do not share or disclose any personally identifying information.
MDDX’s business model is predicated on the security of digitally stored data and the complete de-identification of any personal information. This is of the utmost importance, and we work to maintain your trust. Our technological and organizational measures are designed to meet or exceed industry standards and protect the security and integrity of the information in our custody.
Despite our pointed efforts to safeguard personal information from loss, theft, alteration, or other types of misuse, we cannot guarantee that such a loss will never occur. There always exists risk that a third party hacker without authorization could unlawfully breach our systems, we have prepared for this potential and designed breach and recovery systems accordingly. Any breach to the security of our systems will be immediately reported to the organization who provided the data as well as any individual whose information was identifiable.
There is always a risk that a third party, without our authorization, might unlawfully access our systems or otherwise access personal information.
NOTICE TO INDIVIDUALS
- MDDX does not disclose personal information to third parties.
- MDDX does not store personal data and therefore is unable to provide individual access.
- Similarly, as MDDX does not use or disclose personal information there is no procedure for an individual to limit or restrict use or disclosure. If however, you believe that your personal data is being used or disclosed by us please contact our Privacy Officer and we will investigate.
- MDDX is subject to the investigatory and enforcement powers of the Federal Trade Commission.
- Under certain conditions you may invoke binding arbitration.
- Although MDDX does not store personal information we will comply with any lawful requests by public authorities, including to meet national security.
- MDDX is fully responsible for any onward transfer to third parties of personal information should it occur.
We have voluntarily self-certified our compliance with the U.S. – E.U. Privacy Shield Principles because we strongly support personal privacy. If you suspect that your personal information has been breached through our systems or have any questions regarding our privacy or other data protection policies you make contact us directly at:
Attention Privacy Officer
580 California St
San Francisco, CA 94104
or email our Privacy Officer
In the event of a breach of your personal data you may also directly contact the listed third party dispute resolution service at no cost to you: