Date: January 2018
2. Scope and Application
This policy has been developed to govern the collection, use, and disclosure of personal information in a manner that will facilitate MphRx business operations and service delivery while protecting the rights and privacy of users. MphRx is committed to protecting Personal Information subject to HIPAA (HIPAA stands for Health Insurance Portability and Accountability Act which assures your medical information remains private) and extending privacy protection practices to its handling of personal information where that information may not be subject to privacy laws or regulations. MphRx maintains a comprehensive set of privacy and data protection policies that are subordinate and complementary to HIPAA. The subordinate policies, define privacy roles, responsibilities, accountabilities and requirements relevant to a given context (e.g. for the management of PHI and for PI) and may apply not only to MphRx but also to parties such as health information custodians and third party service providers.
4. Your Provision of Personal Information is Voluntary
Disclosure of any patient’s PI/PHI is completely voluntary. Except as stated in this Policy, MphRx does not sell, transfer or disclose PI/PHI to third parties unless MphRx has express consent.
5. Some Non-Personal Information Is Collected Automatically
6. Intention of Responsible Stewardship of Information
- Proactively protect privacy and PI/PHI and foster a culture of privacy and data protection.
- Protect PI/PHI in accordance with the company, state and federal privacy requirements.
- Proactively embed privacy protections into the design and operation of its solutions, services, systems, and processes. Privacy protections shall seek to prevent privacy invasive events from occurring and shall safeguard PI/PHI throughout its lifecycle.
- MphRx personnel all play a role in protecting privacy and PI/PHI and maintaining data integrity while working under the leadership of the Chief Technology Officer.
- Employ a risk-based approach to protecting privacy. Risk management practices provide the opportunity to establish the optimum level of oversight, control, and discipline to enable MphRx to manage risk in changing environments and help provide the proper level of assessment so that business objectives and strategies, including privacy protection, are being met.
- Continuously improve MphRx privacy and data protection policies and seek opportunities to do so by learning from its stakeholders’ experience and results, and by encouraging feedback and suggestions, particularly from personnel.
Office of the Chief Technology Officer
23 Andrews Lane Princeton,
When we receive formal written complaints at this address, it is MphRx’s policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between MphRx and an individual or entity.