TEM SYSTEMS INC PRIVACY & SECURITY POLICY

TEM SYSTEMS, INC. (“Tem Systems”) is committed to protecting the privacy of information that can identify you and health information about you that can be identified with you.  This Privacy Policy applies to protected health information (PHI) and personally identifiable information (PII) that is collected on our https://www.rotem-usa.com/ website and our ROTEM® hemostasis analyzer systems.

I. NOTICE OF PRIVACY PRACTICES

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please Review it Carefully.

We Have a Legal Duty to Protect Health Information About You

We are required by law to protect the privacy of health information about you and that can be identified with you, which we call “protected health information,” or “PHI” for short. We must give you notice of our legal duties and privacy practices concerning PHI:

  • We must protect PHI that we have created or received about your past, present, or future health condition.
  • We must notify you about how we protect PHI about you.
  • We must explain how, when and why we use and/or disclose PHI about you.
  • We may only use and/or disclose PHI as we have described in this notice.

What Information Do We Collect From You?

Protected Health Information (PHI) and Personally Identifiable Information (PII)

We do not collect protected health information (PHI)  unless a Covered Entity gives us authorization as part of our services. Tem Systems may collect protected health information (PHI) during the service, repair or troubleshooting of our ROTEM® systems.

You may also be asked to provide personally identifiable information if you participate in any surveys, contests, or sweepstakes sponsored by Tem Systems, or if you post or access any content on message boards, chat rooms, blogs, or other interactive features that we may maintain at www.rotem-usa.com.

All PHI and PII information is protected by security practices.

Non-Personally Identifiable Information

Tem Systems collects non-personally identifiable information automatically through the use of electronic tools such as “cookies” and “click-stream data” that are deployed on www.rotem-usa.com.  Cookies are small text files that are stored in the visitor’s local browser cache. Cookies make possible recognizing the visitor’s browser in order to optimize the website and simplify its use. Data collected via cookies will not be used to determine the personal identity of the website visitor.  Most browsers are set up to accept these cookies automatically.   You may choose not to provide such information by adjusting your Internet browser security settings to refuse cookies.  Refusing cookies, however, may limit your ability to access certain pages available on www.rotem-usa.com and may prevent you from enjoying the features enabled by cookies.

In addition, Tem Systems may use third-party software to analyze the web pages within our website that your computer visits.  This information, called “clickstream data,” is associated with your computer’s IP address and includes other information such as the type of browser you use to access the Internet, the referring URL, the data and time of your visit, and the pages you viewed on our website.  We collect clickstream data to analyze which portions of our website draw the most traffic so we can improve website performance.

Clickstream data may be shared with third-parties, such as marketing experts. However, we do not provide these third parties with your protected health information or your personal identifiable information; though, we may share demographic or aggregate information.

Although Tem Systems does not generally use IP addresses as a means to identify specific users, Tem Systems may use IP addresses to help identify you when we feel it is necessary to enforce compliance with www.rotem-usa.com website terms and/or this Privacy Policy, or to protect its services, website, systems, information, employees, business partners, providers, users, customers or others.

We May Use and Disclose PHI About You Without Your Authorization in the Following Circumstances

The data we collect will only be used for the purpose of meeting our obligations as a Business Associate to covered entities, supplying you with requested products or services, for purposes for which you have given your consent or where otherwise required by law.

  • We may collect PHI for our maintenance, service and legal obligations to the extent such use of PHI is permitted or required by a Business Associate Agreement and not prohibited by law.
  • We may use or disclose PHI on behalf of, or to provide services to, Covered Entities such as Hospitals, for purposes of fulfilling our service obligations to these Covered Entities, if such use or disclosure of PHI is permitted or required by a Business Associate Agreement and would not violate the HIPAA Privacy Rule.
  • In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the Business Associate Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.
  • We may also use PHI to report violations of law to appropriate federal and state authorities.
  • We may use or disclose PHI when required by the Secretary of the Department of Health and Human Services under Subpart C of Part 160 to investigate or determine compliance with the HIPAA rule.
  • We may use or disclose PHI upon your request for an electronic copy of protected health information.

Any Other Use or Disclosure of PHI About You Requires Your Written Authorization

Under any circumstances other than those listed above, we will ask for your electronic or written authorization before we use or disclose PHI about you. If you sign an electronic or written authorization allowing us to disclose PHI about you in a specific situation, you can later cancel your authorization in writing by sending an e-mail to privacy@roteminc.com. If you cancel your authorization in writing, we will not disclose PHI about you after we receive your cancellation, except for disclosures which were being processed before we received your cancellation.

We May Use and Disclose PII About You Without Your Authorization in the Following Circumstances

  • We may use your personally identifiable information (PII) for other purposes, including, but not limited to, website administration and troubleshooting.
  • Third-party service providers who provide technical support for these may access personally identifiable information for these purposes.
  • Tem Systems may also share personally identifiable information under the following circumstances: (1) when we believe in good faith that the law requires it (and/or if compelled to do so by law enforcement or government agencies, or by other legal action); (2) when we deem it necessary or appropriate to provide such information to law enforcement authorities; (3) in connection with payments you may owe to us; (4) in the course of a sale to or merger with another business; (5) in the event of a bankruptcy, in which case the information about the website’s subscribers would be among the assets shared with or transferred to another business; and when we believe in good faith that it is necessary to enforce compliance with the www.rotem-usa.com website Terms of Use or ROTEM® Terms and Conditions, our Service Disclaimer, this Privacy Policy, or to otherwise protect our services, website, systems, information, employees, business partners, providers, users, customers or others.

What Are Your Rights With Respect To The Information We Collect About You?

  • You can choose not to submit your protected health information. However, if you obtain ROTEM® services through a Covered Entity, you must review and follow the Covered Entity’s Privacy Policy. Tem Systems signs and abides by the Associates Agreements we have with Covered Entities where our Rotem system is used.
  • You can choose not to submit personally identifiable information to us, but if you do not submit personally identifiable information, you may not be able to access the products and services we offer. If you do not wish to receive communications from Tem Systems about products, services, or features that may be of interest, you can unsubscribe to any e-mail that we may send to you. We will include an opt-out link or reply address in each e-mail that we send. After unsubscribing, you will be removed from our database. Please allow up to 10 business days to process your request. After unsubscribing, you may still receive messages about the status of your account, order or request, to resolve technical issues, or to confirm a new subscription.
    1. If you wish to make changes to any personally identifiable information you have provided to us, or if you have any questions about what we do with your personally identifiable information, please contact us by sending an e-mail to privacy@roteminc.com.
  • You have the right at any time to withdraw your consent to the use of your personally identifiable information in the future. You may withdraw your consent by sending your request by e-mail to privacy@roteminc.com
  • You have the right to request that we restrict the use and disclosure of PHI about you. We are not required to agree to your requested restrictions. However, even if we agree to your request, in certain situations your restrictions may not be followed. These situations include emergency treatment, disclosures to the Secretary of the Department of Health and Human Services, and uses and disclosures described in “What Do We Do with Information We Collect from You” section of this Notice. You may request a restriction by sending an e-mail to privacy@roteminc.com.
  • You have the right to request to see and receive a copy of PHI contained in clinical, billing and other records used to make decisions about you. Your request must be in writing. However, if you obtain ROTEM® services through a Covered Entity, you must review and follow the Covered Entity’s Privacy Policy. Tem Systems signs and abides by the Associates Agreements we have with Covered Entities where our Rotem system is used. We may charge you related fees for processing your request. Instead of providing you with a full copy of the PHI, we may give you a summary or explanation of the PHI about you, if you agree in advance to the form and cost of the summary or explanation. There are certain situations in which we are not required to comply with your request. Under these circumstances, we will respond to you in writing, stating why we will not grant your request and describing any rights you may have to request a review of our denial. You may request to see and receive a copy of PHI by sending an e-mail to privacy@roteminc.com.
  • You have the right to request that we make amendments to clinical, billing and other records used to make decisions about you. However, if you obtain ROTEM®services through a Covered Entity, you must review and follow the Covered Entity’s Privacy Policy. Tem Systems signs and abides by the Associates Agreements we have with Covered Entities where our ROTEM®system is used. Your request must be in writing and must explain your reason(s) for the amendment. We may deny your request if: 1) the information was not created by us; 2) the information is not part of the records used to make decisions about you; 3) we believe the information is correct and complete; or 4) you would not have the right to see and copy the record as described in paragraph 4 above. We will tell you in writing the reasons for the denial and describe your rights to give us a written statement disagreeing with the denial. If we accept your request to amend the information, we will make reasonable efforts to inform others of the amendment, including persons you name who have received PHI about you and who need the amendment. You may request an amendment of PHI about you by sending an e-mail to privacy@roteminc.com
  • If you ask us in writing, you have the right to receive a written list of certain of our disclosures of PHI about you. You may ask for disclosures made up to six (6) years before your request (not including disclosures made prior to April 14, 2003). We are required to provide a listing of all disclosures except the following:
    • For your treatment
    • For billing and collection of payment for your treatment
    • For health care operations
    • Made to or requested by you, or that you authorized
    • Occurring as a byproduct of permitted uses and disclosures
    • Made to individuals involved in your care, for directory or notification purposes, or for other purposes described in “What Do We Do with Information We Collect from You” section above
    • Allowed by law when the use and/or disclosure relates to certain specialized government functions or relates to correctional institutions and in other law enforcement custodial situations, and
    • As part of a limited set of information which does not contain certain information which would identify you

    The list will include the date of the disclosure, the name (and address, if available) of the person or organization receiving the information, a brief description of the information disclosed, and the purpose of the disclosure.  If, under permitted circumstances, PHI about you has been disclosed for certain types of research projects, the list may include different types of information.

    If you request a list of disclosures more than once in 12 months, we can charge you a reasonable fee.  You may request a listing of disclosures by sending an e-mail to privacy@roteminc.com.

  • You have the right to request a paper copy of this Notice at any time by sending an e-mail to privacy@roteminc.com. We will provide a copy of this Notice no later than the date you first receive service from us (except for emergency services, and then we will provide the Notice to you as soon as possible).

II. THIRD PARTY LINKS

We may offer links to sites that are not operated by Tem Systems. The security and privacy policies of third-party websites apply to your activity on those sites. Users of third-party websites often share information with the general public, user community, and/or the third-party operating the website. You should review the privacy policies of all websites before using them and ensure that you understand how your information may be used. We are not responsible for the policies and practices of other companies, and any information you submit to those companies is subject to their privacy policies.

III. SECURITY POLICY

Tem Systems has adopted the following Security Policy to ensure safeguard of any Protected Health Information [PHI] and Personally Identifiable Information [PII].

It is the policy of Tem Systems that information, as defined hereinafter, in all its forms–written, spoken, recorded electronically or printed–will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle.  This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information where possible.

Additional policies, standards and procedures are developed detailing the implementation of this policy and set of standards, and addressing any additional information systems functionality. All policies must be consistent with this policy.   All systems implemented after the effective date of this policy are expected to comply with the provisions of this policy where possible.

All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance.  All activities identified by the policies and procedures must also be documented.  All the documentation, which may be in electronic form, must be retained for at least 6 (six) years after initial creation, or, pertaining to policies and procedures, after changes are made.  All documentation must be periodically reviewed for appropriateness and currency, a period of time to be determined by the Information Security Officer (ISO) and each department Head within Tem Systems.

All policies must be consistent with this policy. All systems implemented after the effective date of these policies are expected to comply with the provisions of this policy where possible. Existing systems are expected to be brought into compliance where possible and as soon as practical.

IV. CHANGES TO PRIVACY POLICY

Tem Systems reserves the right to change this Privacy Policy at any time.  Please check this page periodically for changes.  We will post a notice on this website if and when this policy changes to alert visitors that a new policy is in place.  If we materially change the way we use or disclose protected health information or personally identifiable information we have previously collected from you, we will notify you and give you the opportunity to opt-out of such new uses or disclosures.

V. GOVERNING LAW

This policy and the use of this website are governed by North Carolina law.  Any claim related to the website or this policy shall be brought in a federal or state court in North Carolina within one year after the claim arises.  You agree that no such claim may be brought as a class action.  Users of the website described in this Privacy Policy consent to the jurisdiction and venue of such court as the most convenient and appropriate for the resolution of disputes concerning this policy.  Tem Systems is controlled, operated, and administered within the United States and Germany.  If you are located within the United States, please note that the information you provide to us may be transferred to Germany. If you are located outside the United States, please note that the information you provide to us may be transferred to the United States.  You hereby consent to this transfer.

VI. CHILDREN

Tem Systems does not knowingly collect or solicit protected health information or personally identifiable information from or about children under 13, except as permitted by federal law.  If we discover that we have received any protected health information or personally identifiable information from a child under 13 in violation of this Privacy Policy, we will delete such information from our servers and records immediately.  If you believe Tem Systems has any information from or pertaining to anyone under 13, please contact us at privacy@roteminc.com.

VII. SPECIAL NOTIFICATION FOR CALIFORNIA RESIDENTS

If you reside in California, you may request information about our disclosures of your protected health information or personally identifiable information to third parties for their direct marketing purposes.  Such requests must be submitted to us by e-mail at privacy@roteminc.com.

Within thirty days of receiving such a request, we will provide a list of the categories of protected health information or personally identifiable information disclosed to third parties during the immediately preceding calendar year, along with the names and addresses of these third parties.  This request may be made no more than once per calendar year.  We reserve the right not to respond to requests submitted other than as specified in the above paragraph.

VIII. YOU MAY FILE A COMPLAINT ABOUT OUR PRIVACY PRACTICES

If you think we have violated your privacy rights, or you want to complain to us about our privacy practices, you can contact us at privacy@roteminc.com.

You may also send a written complaint to the United States Secretary of the Department of Health and Human Services.

If you file a complaint, we will not take any action against you or change our treatment of you in any way.

IX. EFFECTIVE DATE

This Privacy Policy is effective as of May 30, 2015.

Copyright © 2015, Tem Systems Inc.