Privacy

Privacy and Data Protection Policy

Purpose

MedNetworx, LLC and its affiliated entities (collectively referred to as “MedNetworx”) respect your right to privacy. This policy outlines how we protect Personal Data (as defined herein) when it is provided to, or accessible by, MedNetworx, its employees, contractors or agents. MedNetworx collects Personal Data from its employees and from people that it may potentially employ, and at times, it may collect Personal Data from customers, contractors and others with whom MedNetworx does business. Personal Data is only collected, used and disclosed by MedNetworx in accordance with this Privacy and Data Protection Policy.

All MedNetworx employees and contractors acting on behalf of MedNetworx, wherever located in the world, engaged in operations, activities and functions which collect, retain, use, receive or distribute Personal Data, must adhere to this Policy. Personal Data may not be added to a MedNetworx Database unless it is collected and processed in accordance with this Policy.

This Policy is designed to enable MedNetworx to collect valuable personal Data in compliance with MedNetworx’s legal obligations and to protect MedNetworx from incurring significant legal liability. The policies and practices described in this document are mandatory and will be enforced worldwide.

Personal Data that is collected through MedNetworx’s websites is governed by MedNetworx’s Online Privacy Statement, which is located at http://www.mednetworx.com.

MedNetworx’s liability for failure to observe this Policy could include:

  1. Confiscation of MedNetworx’s servers;
  2. Destruction of existing databases;
  3. Prohibition from collection of Personal Data;
  4. Significant monetary fines;
  5. Penal sanctions, including imprisonment of MedNetworx Personnel;
  6. Private lawsuits brought by individuals;
  7. Negative publicity detrimental to MedNetworx’s reputation and brand.

Failure to observe this Policy may, therefore, subject an employee to significant monetary fines, penal actions, private lawsuits as well as disciplinary action up to, and including, termination of employment. Contractors and others who do business with MedNetworx and who fail to observe this Policy may be subject to many of the same risks as well as having their contract with MedNetworx terminated.

2.0 Scope

MedNetworx’s Privacy and Data Protection Policy covers these areas:

  1. Definitions
  2. Notice, Collection and Disclosure
  3. Choice/Consent
  4. Use of Personal Data
  5. Data Security
  6. Data Access
  7. Use Of Website Tracking Technologies
  8. Sale of Personal Data
  9. Children and Privacy Compliance
  10. Spam and Email Marketing
  11. Data Retention and Cleaning
  12. Complaints / Dispute Resolution

3.0 Definitions

The following terms used in this Policy have the definitions set forth below:

  • Database

Database means any system (whether electronic or manual) that allows you to collect, record, organize, access, modify and/or retrieve data and includes exploitable formats such as paper files concerning employees or potential employees. It also includes Microsoft® Excel® spreadsheets, email group listings or data contained in personal digital assistants, laptops, servers, smart phones and other devices that can record Personal Data.

  • Data Subject

A Data Subject means any Person about whom Personal Data is collected or retained.

  • Database Owner

Database Owner is the person responsible for managing and administering a Database.

  • Individually Identifiable Health Information

Individually identifiable health information is information, including demographic data collected from an individual. and: (1) is created or received by a health care provider, health plan, employer or health care clearing house; (2) relates to the past, present, or future physical or mental health or condition of an individual; (3) relates to the provision of health care to an individual; and (4) relates to the past, present or future payment for the provision of health care to an individual; and (ii) that identifies the individual; or (ii) with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

  • Joint Marketing

An agreement or contractual arrangement between MedNetworx and a Person to jointly market our respective products and services to customers and potential customers.

  • Opt-In or Explicit Consent

Opt-In is one of two methods used to obtain consent from a Data Subject to collect, use and share or process Personal Data. To obtain a valid Opt-In, the Data Subject must give his or her affirmative consent; for example, by checking the “Yes” button on the data collection form. The consent is only valid to the extent and for the purpose given at the time. If subsequently a different use of the Personal Data is intended, then it is necessary to obtain a new consent. Further, Opt-In consent must be specific as to the proposed form of communication from MedNetworx, for example, direct mail and telephone.

  • Online Privacy Statement

The Online Privacy Statement refers to the Online Privacy Statement posted on MedNetworx’s websites.

  • Opt-Out or Implicit Consent

Opt-Out is the other method used to obtain consent from a Data Subject to collect, use and share or process Personal Data. It is called “Opt-Out” because the Data Subject’s consent is implied unless the Data Subject does something affirmative to remove the consent, for example, by unchecking the “Yes” box on a data collection form.Opt-Out is generally legally permissible in the United States; however, certain types of sensitive Personal Data may require Opt-In before it can be collected and/or processed.

Where Opt-Out is allowed in accordance with this Policy, Opt-Out is only valid to the extent and for the purpose the Data Subject has been informed at the time, and if subsequently a different purpose is intended, then it is necessary to go back and inform the Data Subject providing a renewed opportunity to Opt-Out.

  • Permitted Use

Permitted Use is an authorized use of Personal Data. Some of the ways we are permitted to use Personal Data include, but are not limited to:

  • Provide the ability to contact the Data Subject;
  • Compliance with human resource requirements;
  • Compliance with government regulations;
  • Provide payroll and human resources functions, including employee benefits programs;
  • To support recruitment inquiries;
  • To facilitate the job search process and to help us find the Data Subject a suitable job match;
  • To meet contractual obligations;
  • To gauge the number of users and usage of our Web sites;
  • To store data about the Data Subject’s preferences;
  • Recognize when the Data Subject returns to our Web sites;
  • To provide the Data Subject with data on goods and services requested or which may interest the Data Subject, where the Data Subject has consented to be contacted for such purposes;
  • Marketing, advertising and promotions, notification of events, surveys, workshops and training sessions run by MedNetworx; and
  • To notify the Data Subject about changes to our services;
  • To provide Data and services through MedNetworx’s call centers or
  • Where the disclosure of Personal Data is required by law or regulation.

Personal Data about a Data Subject may be included in the following:

  • MedNetworx interview notes for employment interviews;
  • Data obtained through reference and background checks;
  • Data necessary to provide payroll services, including banking details, tax deductions and PTO allowances;
  • Data about employees and their beneficiaries, as required, to enroll in any benefits packages;
  • Reference letters;
  • Data about customers and their addresses, contact data or educational requirements; and
  • Access to the personal health records of our customers’ patients.

In order to provide services to MedNetworx customers, we may collect Personal Data, including Individually Identifiable Health Information from our customers about their patients. MedNetworx may collect this data solely for the purposes of managing the work MedNetworx is contracted to manage for our customers and for no other reason. MedNetworx will abide by any contractual obligations contained in any customer agreement related to the collection of Individually Identifiable Health Information MedNetworx receives from the customer about the customer’s patients.

Except for individuals who have made their Personal Data public (e.g., individuals whose data is part of government or public records) or who have made their data publicly available (e.g., individuals who consent to have their data posted on a Website), MedNetworx notifies all identified Data Subjects about the purposes for which Personal Data is collected and used. In appropriate situations, however, Personal Data may be “anonymized” so that the identity of individual Data Subjects cannot be known. In these cases, MedNetworx will not notify the Data Subjects regarding the purpose for which Personal Data is collected and used by MedNetworx.

  • Person

Not only individuals, but also any group, unincorporated association, limited or general partnership, corporation, or any other business entity.

  • Personal Data

Personal Data means any data relating to a Data Subject or an identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his/her physical, physiological, mental, economic, cultural or social identity. Personal Data includes an individual’s email address, name, work or home telephone number, home postal or other physical address, birth date, gender, title, occupation, personal interests, or other data that enables identification of a person or individual. What constitutes Personal Data varies by region and country. In the European Union, for example, an individual’s IP address is considered Personal Data.

  • Protected Health Information

Individually Identifiable Health Information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.

  • Sensitive Data

Sensitive Data is Personal Data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or an individual’s health or sex life. Sensitive Data may also include financial data, credit card data and other forms of personal data that requires special protection, such as Social Security numbers, health and medical data.

  • Spam

Spam is unsolicited commercial emails sent to a Person. For a message not to be considered spam, the Person has to give his/her prior consent to the receipt of the message or the message must be a Transactional Communication (as defined herein).

  • Transactional Communications

Transactional Communications are an exception to the Opt-Out requirement. Under this exception, Transactional Communications are commercial communications that are not promotional in nature and are intended to:

  • Facilitate, complete or confirm a commercial transaction that the Person has previously agreed to enter into;
  • Provide warranty data, product recall data, or safety or security data with respect to a product or service purchased by the Person;
  • Provide the Person notification of a change in the terms or features; or
  • Deliver goods or services, including product updates or upgrades, that the Person is entitled to receive under the terms of a transaction that the Person has previously agreed to enter into with MedNetworx

A Person’s decision to Opt-Out of receiving promotional emails does not prevent MedNetworx from sending Transactional Communications to the Person when necessary in connection with the existing business relationship.

  • Use

The collection, storage, processing, or transfer of Personal Data.

4.0 Collection, Notice and Disclosure

  • 4.1 Collection of Personal Data and Notice
    • 4.1.1

      Other than Personal Data that is a public record or which has been voluntarily made publicly available by an individual, or which is acquired from third parties pursuant to Section 12 of this Policy, no Personal Data may be collected from the Data Subject without the Data Subject’s knowledge and consent, given in accordance with this Policy. This will generally be by Opt-Out, except where Opt-In is required under this Policy or by local law.

    • 4.1.2

      Personal Data, once collected, may only be used for the purpose(s) disclosed to the Data Subject at the time of collection or as otherwise set forth in this Policy.

    • 4.1.3

      When requesting Personal Data (online or offline), fields that are required to be completed by the Data Subject must be identified as such. For example, if the Data Subject is required to submit his/her name and email address in order to participate, but is also asked for his/her physical address, employer and title, the “name” and “email address” fields should be identified as required/mandatory fields and the consequences of failure to completed these fields should be indicated. This may be done by using an asterisk or other symbol to indicate the mandatory fields.

    • 4.1.4

      Only where the Personal Data is necessary to achieve the stated purpose should the data fields be mandatory.

  • 4.2

    Collection of Sensitive Data

    Unless permitted or required by local law, or unless specifically consented to or required by contract with our customers, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning sex life may not be collected from anyone, including but not limited to employees, prospective employees, customers, online visitors, business partners and other third parties,

  • 4.3

    Nothing in this Policy shall prohibit MedNetworx from processing Protected Health Information related to our customers’ patients. The processing of Protected Health Information and electronic PHI is governed by MedNetworx’s HIPAA Compliance Policy.

5.0 Choice/Consent

  • 5.1

    No Personal Data may be collected or used for purposes other than the purpose for which the Data Subject supplied the Personal Data, unless the Data Subject has consented to such collection and/or use.

  • 5.2

    Where required by local law, Data Subjects must be given the option to “Opt-In” to use their Personal Data for purposes other than the purpose for which the Personal Data was supplied. This includes all methods of collection, whether on line, business replay or other mail back cards, or otherwise.

  • 5.3

    Where required by local law, a Data Subject must be given the opportunity to Opt-Out from allowing MedNetworx to disclose Personal Data to a third party and the choice of whether or not to allow MedNetworx to use the Personal Data for purposes incompatible with the purpose for which it was originally collected or authorized. MedNetworx reserves the right to require sufficient data to confirm the identity of the individual requesting Opt-Out.

  • 5.4

    Where required by local law, a Subject must be given the opportunity to withdraw his / her consent at any time. This right cannot be conditioned or restricted.

6.0 Use of Personal Data

  • 6.1

    Personal Data may not be used, collected, retained, or distributed except in accordance with a Permitted Use.

  • 6.2

    Personal Data must be processed fairly and lawfully.

  • 6.3

    Personal Data must be collected for a specified, explicit and legitimate purpose and not further processed in a way incompatible with that purpose.

  • 6.4

    Personal Data must be accurate and, where necessary, kept up-to-date. Every reasonable step must be taken to ensure that data which is inaccurate or incomplete, having regard to the purposes for which it was collected and for which it is further processed, are erased or rectified.

  • 6.5

    Personal Data must be kept in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the data was collected or for which it is further processed.

7.0 Data Security

  • 7.1

    Security and privacy are closely related. Without appropriate security, the confidentiality and integrity of Personal Data collected may be compromised. MedNetworx will strive to provide security that is proportional to the sensitivity of the Personal Data being protected. The following technical, administrative and organizational measures must be implemented and observed to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

    • 7.1.1

      MedNetworx shall appoint a privacy official responsible for developing and implementing its privacy policies and procedures. The privacy official shall also be the contact person responsible for receiving complaints and providing individuals with information on MedNetworx’s privacy practices.

    • 7.1.2

      Within the first 90 days of employment, and annually thereafter, all workforce members shall receive training on the privacy policies and procedures of MedNetworx and the state and federal law regarding protected health information as it relates to the business of MedNetworx and the scope of employee’s employment.

    • 7.1.3

      All Personal Data must be kept secure with restricted access and protected by appropriate administrative, physical and technical safeguards as required by state and federal law.

    • 7.1.4

      Access to Personal Data must be restricted via use of secure passwords and limited to those with a legitimate business purpose related to a Permitted Use.

    • 7.1.5

      Databases must identify the Permitted Uses of the Personal Data.

    • 7.1.6

      MedNetworx may not always be able to control how Personal Data will be handled by a third party. Where required by local law, however, prior to the disclosure of Personal Data to a third party, MedNetworx will obtain a written agreement from the third party obligating the third party to provide the same level of administrative, physical and technical safeguards to protect Personal Data as used by MedNetworx. Where required by local law, this agreement must restrict the third party’s use of the Personal Data only for the purposes for which it was obtained. Additionally, when required by local law, MedNetworx must be given the contractual right to periodically audit third-party vendors’ use, processing, storage, and destruction of Personal Data.

    • 7.1.7

      As part of the overall effort to adequately protect Personal Data, when appropriate or required by local law, third parties must be contractually obligated to notify MedNetworx within a reasonable period of time from an actual or reasonably suspected privacy or security breach, including the unauthorized access, use, modification or transfer of Personal Data. When appropriate, third parties must also be contractually obligated to cooperate with MedNetworx in the event of an actual or reasonably suspected privacy or security breach precautions to physically secure Personal Data. MedNetworx has established physical and environmental controls for each particular facility that employees should be aware of and follow, including, but not limited to:

      • Restricted access to areas of offices and buildings containing Personal Data;
      • Keyed areas within MedNetworx’s offices;
      • Terminated employee procedures;
      • Visitor ID procedures; and
      • Secure shred bins and proper disposal of Personal Data.
    • 7.1.8

      Physical access to the MedNetworx offices (including the offices located at 12700 Park Central Drive, Suite 1050, Dallas, Texas; 7777 Forest Lane, Suite C-575, Dallas, Texas; Lithia Springs Data Center (375 Riverside Parkway Lithia Springs, GA 30122) and the Allen Data Center (900 Guardian Way, Allen, Texas) is continuously documented. Access reports are generated monthly.

8.0 Data Access

Personal Data must be available to Data Subjects for their review and update by one of the following methods. Please note that the Direct Method, described below, is the preferred method.

  • 8.1

    Indirect: Indirect methods include an email alias to which Data Subjects can submit requests to update their Personal Data or their preferences or a phone number that the Data Subject can call.

    Example: The following language, appearing on a web page, is an example of an indirect method of access: “If you have submitted Personal Data to MedNetworx via our website and would now like to have that data updated, please send an email to privacy@mednetworx.com.”

  • 8.2

    Direct: Direct methods include password-protected access to Databases for online updating by Data Subjects of their Personal Data.

  • 8.3

    Data Subjects may make a written request for access to their Personal Data that MedNetworx holds for them in order to review its accuracy and completeness. The Data Subject has the right to have their Personal Data corrected, amended, or deleted as appropriate where it is inaccurate. MedNetworx reserves the right to redact protected data in order to give the Data Subject access to their Personal Data. All access requests are subject to the relevant access and exceptions set forth in this Policy. Access may be denied or limited in the following circumstances:

    • If the Data Subject does not supply sufficient Data to allow MedNetworx to confirm the identity of the individual making the request;
    • When the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the situation in question;
    • Where the legitimate rights of persons other than the Data Subject would be violated;
    • When providing access would interfere with execution, or enforcement of the law or private cause of action;
    • When references to other Personal Data cannot be redacted;
    • When a legal or other professional privilege or obligation would be breached;
    • When the confidentiality of future or ongoing negotiations will be breached;
    • When employee security investigations or proceedings would be prejudiced;
    • When the confidentiality that may be necessary for limited periods in connection with employee succession planning and corporate reorganization would be prejudiced; and
    • When the confidentiality that may be necessary in connection with monitoring, inspection, or regulatory functions connected with financial management would be prejudiced.

    Before denying a subject access to his/her/their data, You should check with the Mednetworx official responsible for legal compliance to review and approve a decision to deny on a case by case basis. You should check with individual departments, such as, for example, Human Resources, to determine if there is additional documentation that must be completed prior to releasing such Personal Data or providing the Data Subject with access.

9.0 Use of Website Tracking Technologies

  • 9.1

    When utilizing cookies or other tracking tools on MedNetworx’s websites, MedNetworx personnel must ensure users are given clear and precise data of all instances (1) that cookies or other tracking tools are used to collect Personal Data; (2) in what instances cookies or other tracking tools will be used to collect Personal Data; (3) what data will be stored in a cookie or other tracking tools, and, if applicable, (4) that cookies or other tracking tools are placed on MedNetworx’s web sites by third parties; and (5) a disclosure of any transfer of data collected by a MedNetworx cookie or other tracking tools to third parties, including contractors and vendors.

  • 9.2

    Any collection of Personal Data by third party cookies or other tracking tools and any transfer to third parties of data collected by MedNetworx’s cookies and other tracking tools for purposes unrelated to the reason for which the Personal Data was initially collected, require that Data Subjects Opt-In to such transfers.

  • 9.3

    The use of cookies to collect Personal Data must always be optional to an online visitor to MedNetworx’s websites. Visitors must be able to enter and use MedNetworx’s websites with his/her browser set to refuse cookies. Those who refuse cookies, however, may not be able to take full advantage of MedNetworx’s websites and, if this is the case, visitors should be made aware of the fact.

  • 9.4

    Best practice is to disclose all uses of tracking technology, whether cookies, other tracking tools, etc., up front and explain to users how they may disable cookies / other tracking tools via their browser.

  • 9.5

    Users should be directed to MedNetworx’s Online Privacy Statement https://www.mednetworx.com/privacy or to the wording similar to the following on websites where cookies and/or other tracking tools are used to collect Personal Data:

    “A cookie is a small data file that certain websites write to your hard drive when you visit them. A cookie file can contain data such as a user ID that the site uses to track the pages you have visited.

    “A web bug is a graphic on a web page or email that gathers data about the computers that view the web page or email. A web bug can collect your IP address and the time you viewed the website or email.

    “Neither of these devices can read data from your hard disk or read cookie files created by other sites other than as described above. Some parts of MedNetworx’s websites use cookies and other tracking tools to track user traffic patterns on MedNetworx’s site. MedNetworx does this in order to determine the usefulness of our website data to our users and to see how effective our navigational structure is in helping users reach that data.

    “If you prefer not to receive cookies or other tracking tools while browsing our website, you can set your browser to warn you before accepting cookies or other tracking tools and refuse them when your browser alerts you to their presence. You can also refuse all cookies and other tracking tools by turning them off in your browser, although you may not be able to take full advantage of MedNetworx’s websites if you do so. You do not need to have cookies turned on to use/navigate through many parts of our website, except access to certain of MedNetworx’s web pages require a login and password.

10.0 Click-through Tracking

  • 10.1

    Where possible, MedNetworx will collect only non-Personal Data if click-through tracking is being used on a site

  • 10.2

    If Personal Data will be collected, click-through tracking or other forms of online tracking are not permitted unless:

    • 10.2.1

      MedNetworx provides Data Subjects with a meaningful disclosure about what tracking is being conducted, what data or Personal Data is being collected, how it is used and how a Person can Opt-Out;

    • 10.2.2

      MedNetworx provides Data Subjects with a clear and unambiguous method for opting-out; and

    • 10.2.3

      The data or Personal Data collected must be secure and kept for no longer than necessary for the stated purpose.

  • 10.3

    Before MedNetworx uses the data or Personal Data in a manner that is materially different from what was stated when the data was collected, where required by local law, it will obtain the affirmative express consent (Opt-In) from the Data Subject.

  • 10.4

    Sensitive Personal Data will not be collected for use in marketing.

11.0 Sale of Personal Data

  • 11.1

    It is against MedNetworx’s policy to sell or rent Personal Data that MedNetworx maintains about Data Subjects, including but not limited to its employees, prospective employees, customers, prospective customers, online visitors or business partners.

12.0 Agreements with Vendors of Personal Data

  • 12.1

    MedNetworx’s policy is to do business with companies that respect the privacy of Data Subjects. Where appropriate, vendors and business partners which handle or manage Personal Data for MedNetworx or host websites or applications for MedNetworx should have appropriate privacy and security controls at least as restrictive as those of MedNetworx. MedNetworx shall maintain a list of approved vendors and prior to the addition of a vendor to such list, MedNetworx shall conduct a review of such vendor’s privacy and security controls.

  • 12.2

    It is essential that vendors who are selling / passing on Personal Data have the right to do so for the purposes for which MedNetworx needs it. To ensure this, appropriate agreements must be signed. No list may be purchased or rented for use by MedNetworx unless the vendor represents and warrants that the Personal Data was collected in a manner that conforms to applicable law and which permits the use for which the Personal Data is procured.

  • 12.3

    Any MedNetworx personnel receiving Personal Data from a third party must maintain adequate records of lists rented / purchased so as to be able to identify the source of the Personal Data.

13.0 Children Under the Age of 18

  • 13.1

    Persons under the age of 18

    MedNetworx’s policy is not to knowingly collect Personal Data from individuals under the age of 18 without the consent of their parents. Any deviation from this Policy requires approval from MedNetworx management.

  • 13.2

    Persons younger than 13 years old

    MedNetworx’s policy is not to knowingly collect Personal Data from children under the age of 13 (Minor Children).

14.0 Spam and Email Marketing

  • 14.1

    Spam, generally speaking, is the unlawful practice of sending email to persons with whom one has had no prior business or personal relationship or sending email without a truthful reply path.

    Email marketing must adhere to the following:

    • All data regarding the point of origin, the transmission path, and the return path, must be truthful; i.e., the reply path of the email must return to MedNetworx when the recipient sends a “reply to” email.
    • No email may be sent to a recipient who has not consented to receive the email in accordance with this Policy, or who has not made their email address a public record or publicly available, or who has unsubscribed after initially Opting-in to receive emails from MedNetworx.
    • No email may be sent to an individual who has opted-out by placing his / her name on a do-not-contact list.
    • All email sent by MedNetworx as part of an email to a mailing list must contain instructions (in a type size at least as large as the text of the email) on how to unsubscribe to receiving future marketing email. Unsubscribe requests must be honored within ten (10) business days.
    • Email addresses cannot be entered into a Database unless the Data Subjects have Opted-In to receiving email from MedNetworx.
    • Emails should include the MedNetworx’s entity’s name, physical address, and either a toll-free number or an email address for use by individuals who wish to Opt-Out of receiving future emails.
  • 14.2

    14.2 MedNetworx will respect each Person’s right to Opt-Out from receiving commercial emails. While Opt-Out practices generally apply to all types of marketing communications, there are specific requirements focused on commercial emails (promotional emails).

  • 14.3

    Each Person must be given the opportunity to Opt-Out of receiving commercial emails or telephone communications, and in a simple way. All commercial emails must offer a Person an accurate return email address or another simple, Internet-based “one click/one screen” response mechanism for removal from a particular or all distribution lists.

  • 14.4

    A one-click screen unsubscribe process is required for promotional emails. A compliant mechanism requires MedNetworx to allow a person to Opt-Out of promotional email by either clicking on a hyperlink, which deletes their address or goes to a web site where the person can enter their address for deletion. You can also create a “menu” of choices to allow a Person to Opt-Out of certain types of messages, as long as MedNetworx includes the general option to end any promotional messages from MedNetworx.

  • 14.5

    Regardless of the type of promotional communications (i.e., general email, promotional newsletter), a Person must always be given the right to be removed from all MedNetworx distribution lists for email and/or newsletters so as not to receive any promotional communications from MedNetworx. A Person’s decision to Opt-Out or receiving commercial email does not, however, prevent MedNetworx from sending an email confirmation of the Opt-Out or from sending Transactional Communications to the Person when necessary.

  • 14.6

    Do not create conditions for opting-out. Opt-Outs must be simple and not require anything from the individual beyond providing an email address. The Person cannot be required to pay a fee, provide data (other than his or her email address and Opt-Out preferences), or any other obligation as a condition for honoring his or her Opt-Out request. MedNetworx also may not require subscribers to use a password to access an Opt-Out page or click a confirmation link to process the request.

  • 14.7

    No future commercial electronic communication is permitted once the Opt-out option has been exercised, unless the Person gives express consent in the future. If the Person opts out of all email communications the Person’s contact data cannot be used for any promotional email purposes and must be so designated in all MedNetworx systems. Unless otherwise required by local or federal laws, that Person’s email address and Opt-Out status should only be kept on file to ensure no promotional communications are sent should that email address be rented/gathered from other sources. Similarly, if the Person opts-out of all outbound calls, the Person’s contact data cannot be used for any outbound calls and must be blocked or so designated in all MedNetworx systems. That Person’s telephone number and Opt-Out status must be kept on file for the sole purpose of ensuring that no outbound calls are made to that Person should his or her telephone number be rented/gathered from other sources.

  • 14.8

    Once an Opt-Out is received, it must be honored. MedNetworx has 10 days to remove Persons from receiving promotional emails once they have notified MedNetworx of their Opt-Out. MedNetworx cannot help another entity send commercial emails to that address, or have another entity send an email address on MedNetworx’s behalf to that address.

  • 14.9

    MedNetworx can send a one-time email confirming that a Person has opted-out of receiving electronic commercial communications.

15.0 Data Retention and Cleaning

  • 15.1

    MedNetworx will retain Personal Data as long as required by law, regulation or in accordance with its internal practices and procedures. A MedNetworx customer may also require that MedNetworx keep or destroy Personal Data in accordance with their data retention policy. Personal Data will be retained and disposed of in a secure manner.

  • 15.2

    Personal Data must be retained only for the amount of time necessary for the Permitted Uses and must be kept up-to-date. Inactive data should not be kept for longer than required by law or business necessity.

  • 15.3

    It is up to each Database Owner to regularly update Personal Data and Opt-In / Opt-Out preferences.

16.0 Complaints / Dispute Resolution

  • 16.1

    MedNetworx takes it obligations regarding privacy and data protection seriously. Issues raised by employees, prospective employees, customers, prospective customers, business partners and online visitors regarding MedNetworx’s online or offline use, collection and/or retention of Personal Data should be sent to privacy@mednetworx.com.

  • 16.2

    A Data Subject, including MedNetworx personnel, may report any suspected breach of this Privacy Policy or that an individual is not adhering to the provisions of this Policy. If you are an employee of MedNetworx, you may contact the Human Resources department or privacy@mednetworx.com.

  • 16.3

    Individuals who report violations of this Policy to MedNetworx’s senior management or who are involved in the investigation of violations of this Policy will not be subject to reprisal or retaliation. Retaliation is a very serious violation of this Policy and should be reported immediately to MedNetworx’s senior management.

Updates

Effective Date: July 28, 2011

Revised: May 16, 2023

Who We Are

MedNetworx enables your practice to thrive by providing up-to-date IT services tailored to your organization, no matter the size. Our company was founded by healthcare professionals who understand the clinical aspect of practice management and the technology to make your office run efficiently while maintaining compliance.