TEM SYSTEMS INC PRIVACY & SECURITY POLICY
I. NOTICE OF PRIVACY PRACTICES
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please Review it Carefully.
We Have a Legal Duty to Protect Health Information About You
We are required by law to protect the privacy of health information about you and that can be identified with you, which we call “protected health information,” or “PHI” for short. We must give you notice of our legal duties and privacy practices concerning PHI:
- We must protect PHI that we have created or received about your past, present, or future health condition.
- We must notify you about how we protect PHI about you.
- We must explain how, when and why we use and/or disclose PHI about you.
- We may only use and/or disclose PHI as we have described in this notice.
What Information Do We Collect From You?
Protected Health Information (PHI) and Personally Identifiable Information (PII)
We do not collect protected health information (PHI) unless a Covered Entity gives us authorization as part of our services. Tem Systems may collect protected health information (PHI) during the service, repair or troubleshooting of our ROTEM® systems.
You may also be asked to provide personally identifiable information if you participate in any surveys, contests, or sweepstakes sponsored by Tem Systems, or if you post or access any content on message boards, chat rooms, blogs, or other interactive features that we may maintain at www.rotem-usa.com.
All PHI and PII information is protected by security practices.
Non-Personally Identifiable Information
In addition, Tem Systems may use third-party software to analyze the web pages within our website that your computer visits. This information, called “clickstream data,” is associated with your computer’s IP address and includes other information such as the type of browser you use to access the Internet, the referring URL, the data and time of your visit, and the pages you viewed on our website. We collect clickstream data to analyze which portions of our website draw the most traffic so we can improve website performance.
Clickstream data may be shared with third-parties, such as marketing experts. However, we do not provide these third parties with your protected health information or your personal identifiable information; though, we may share demographic or aggregate information.
We May Use and Disclose PHI About You Without Your Authorization in the Following Circumstances
The data we collect will only be used for the purpose of meeting our obligations as a Business Associate to covered entities, supplying you with requested products or services, for purposes for which you have given your consent or where otherwise required by law.
- We may collect PHI for our maintenance, service and legal obligations to the extent such use of PHI is permitted or required by a Business Associate Agreement and not prohibited by law.
- We may use or disclose PHI on behalf of, or to provide services to, Covered Entities such as Hospitals, for purposes of fulfilling our service obligations to these Covered Entities, if such use or disclosure of PHI is permitted or required by a Business Associate Agreement and would not violate the HIPAA Privacy Rule.
- In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the Business Associate Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.
- We may also use PHI to report violations of law to appropriate federal and state authorities.
- We may use or disclose PHI when required by the Secretary of the Department of Health and Human Services under Subpart C of Part 160 to investigate or determine compliance with the HIPAA rule.
- We may use or disclose PHI upon your request for an electronic copy of protected health information.
Any Other Use or Disclosure of PHI About You Requires Your Written Authorization
Under any circumstances other than those listed above, we will ask for your electronic or written authorization before we use or disclose PHI about you. If you sign an electronic or written authorization allowing us to disclose PHI about you in a specific situation, you can later cancel your authorization in writing by sending an e-mail to firstname.lastname@example.org. If you cancel your authorization in writing, we will not disclose PHI about you after we receive your cancellation, except for disclosures which were being processed before we received your cancellation.
We May Use and Disclose PII About You Without Your Authorization in the Following Circumstances
- We may use your personally identifiable information (PII) for other purposes, including, but not limited to, website administration and troubleshooting.
- Third-party service providers who provide technical support for these may access personally identifiable information for these purposes.
What Are Your Rights With Respect To The Information We Collect About You?
- You can choose not to submit personally identifiable information to us, but if you do not submit personally identifiable information, you may not be able to access the products and services we offer. If you do not wish to receive communications from Tem Systems about products, services, or features that may be of interest, you can unsubscribe to any e-mail that we may send to you. We will include an opt-out link or reply address in each e-mail that we send. After unsubscribing, you will be removed from our database. Please allow up to 10 business days to process your request. After unsubscribing, you may still receive messages about the status of your account, order or request, to resolve technical issues, or to confirm a new subscription.
- If you wish to make changes to any personally identifiable information you have provided to us, or if you have any questions about what we do with your personally identifiable information, please contact us by sending an e-mail to email@example.com.
- You have the right at any time to withdraw your consent to the use of your personally identifiable information in the future. You may withdraw your consent by sending your request by e-mail to firstname.lastname@example.org
- You have the right to request that we restrict the use and disclosure of PHI about you. We are not required to agree to your requested restrictions. However, even if we agree to your request, in certain situations your restrictions may not be followed. These situations include emergency treatment, disclosures to the Secretary of the Department of Health and Human Services, and uses and disclosures described in “What Do We Do with Information We Collect from You” section of this Notice. You may request a restriction by sending an e-mail to email@example.com.
- If you ask us in writing, you have the right to receive a written list of certain of our disclosures of PHI about you. You may ask for disclosures made up to six (6) years before your request (not including disclosures made prior to April 14, 2003). We are required to provide a listing of all disclosures except the following:
- For your treatment
- For billing and collection of payment for your treatment
- For health care operations
- Made to or requested by you, or that you authorized
- Occurring as a byproduct of permitted uses and disclosures
- Made to individuals involved in your care, for directory or notification purposes, or for other purposes described in “What Do We Do with Information We Collect from You” section above
- Allowed by law when the use and/or disclosure relates to certain specialized government functions or relates to correctional institutions and in other law enforcement custodial situations, and
- As part of a limited set of information which does not contain certain information which would identify you
The list will include the date of the disclosure, the name (and address, if available) of the person or organization receiving the information, a brief description of the information disclosed, and the purpose of the disclosure. If, under permitted circumstances, PHI about you has been disclosed for certain types of research projects, the list may include different types of information.
If you request a list of disclosures more than once in 12 months, we can charge you a reasonable fee. You may request a listing of disclosures by sending an e-mail to firstname.lastname@example.org.
- You have the right to request a paper copy of this Notice at any time by sending an e-mail to email@example.com. We will provide a copy of this Notice no later than the date you first receive service from us (except for emergency services, and then we will provide the Notice to you as soon as possible).
II. THIRD PARTY LINKS
We may offer links to sites that are not operated by Tem Systems. The security and privacy policies of third-party websites apply to your activity on those sites. Users of third-party websites often share information with the general public, user community, and/or the third-party operating the website. You should review the privacy policies of all websites before using them and ensure that you understand how your information may be used. We are not responsible for the policies and practices of other companies, and any information you submit to those companies is subject to their privacy policies.
III. SECURITY POLICY
Tem Systems has adopted the following Security Policy to ensure safeguard of any Protected Health Information [PHI] and Personally Identifiable Information [PII].
It is the policy of Tem Systems that information, as defined hereinafter, in all its forms–written, spoken, recorded electronically or printed–will be protected from accidental or intentional unauthorized modification, destruction or disclosure throughout its life cycle. This protection includes an appropriate level of security over the equipment and software used to process, store, and transmit that information where possible.
Additional policies, standards and procedures are developed detailing the implementation of this policy and set of standards, and addressing any additional information systems functionality. All policies must be consistent with this policy. All systems implemented after the effective date of this policy are expected to comply with the provisions of this policy where possible.
All policies and procedures must be documented and made available to individuals responsible for their implementation and compliance. All activities identified by the policies and procedures must also be documented. All the documentation, which may be in electronic form, must be retained for at least 6 (six) years after initial creation, or, pertaining to policies and procedures, after changes are made. All documentation must be periodically reviewed for appropriateness and currency, a period of time to be determined by the Information Security Officer (ISO) and each department Head within Tem Systems.
All policies must be consistent with this policy. All systems implemented after the effective date of these policies are expected to comply with the provisions of this policy where possible. Existing systems are expected to be brought into compliance where possible and as soon as practical.
V. GOVERNING LAW
VII. SPECIAL NOTIFICATION FOR CALIFORNIA RESIDENTS
If you reside in California, you may request information about our disclosures of your protected health information or personally identifiable information to third parties for their direct marketing purposes. Such requests must be submitted to us by e-mail at firstname.lastname@example.org.
Within thirty days of receiving such a request, we will provide a list of the categories of protected health information or personally identifiable information disclosed to third parties during the immediately preceding calendar year, along with the names and addresses of these third parties. This request may be made no more than once per calendar year. We reserve the right not to respond to requests submitted other than as specified in the above paragraph.
VIII. YOU MAY FILE A COMPLAINT ABOUT OUR PRIVACY PRACTICES
If you think we have violated your privacy rights, or you want to complain to us about our privacy practices, you can contact us at email@example.com.
You may also send a written complaint to the United States Secretary of the Department of Health and Human Services.
If you file a complaint, we will not take any action against you or change our treatment of you in any way.
IX. EFFECTIVE DATE
Copyright © 2015, Tem Systems Inc.