In furtherance of this privacy commitment, M*Modal has certified to the U.S.-EU Safe Harbor Agreement regarding Personal Data collected in the European Economic Area (EEA) (which includes the twenty-seven member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) to the United States. M*Modal complies with the U.S. – E.U. Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal data from the European Union member countries. M*Modal has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view M*Modal’s certification, please visit http://www.export.gov/safeharbor/.
“Agent” means any third party that collects or uses personal data under the instructions of, and solely for, M*Modal or to which M*Modal discloses personal data for use on M*Modal’s behalf.
“M*Modal” means M*Modal, its predecessors, successors, subsidiaries, divisions, groups and other affiliates in the United States.
“Personal Data” means any information that identifies or describes an identified or identifiable living natural person. “Personal Data” may include, for example, name, signature, employee identification number, social security number, telephone number, insurance policy number, job title, financial information, account numbers, or any other information that is capable of being associated with a particular identifiable individual. Personal Data does not include aggregate data that is not individually identifiable.
“Sensitive Personal Health Data” is a subset of Personal Data, and includes information pertaining to an individual’s racial or ethnic origin, political or religious beliefs or information related to an individual’s health or sex life.
Choice: In the event that Personal Data are to be used for a new purpose incompatible with the purposes for which the data were originally collected by M*Modal customers or subsequently authorized or transferred to the control of a third party that is not acting as an Agent of M*Modal, M*Modal’s customers will be given notice of such use so that such customers can provide notice to data subjects and, where feasible and appropriate, an opportunity to decline to have their data so used or transferred. Sensitive Personal Health Data will not be used by M*Modal for a new purpose or transferred to the control of a third party not acting as an Agent of M*Modal, unless such new use or transfer is (1) in the vital interests of the data subject or another person; (2) necessary for the establishment of M*Modal’s legal claims or defenses or to comply with the law, such as to comply with a subpoena; (3) required to provide medical care or diagnosis; (4) necessary to carry out M*Modal’s obligations in the field of employment law; (5) related to data that are manifestly made public by the data subject; or (6) in the event M*Modal sells or buys assets in the course of its business and it is necessary to transfer such data to: (i) a parent or subsidiary; (ii) an acquirer of assets; or (iii) a successor by merger.
Opt-Out: We provide you the opportunity to “opt-out” of having your Personal Data used for certain purposes, when we ask for this information. For example, if you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at email@example.com.
Security: M*Modal takes reasonable and appropriate precautions to protect Personal Data in its possession and control from loss, misuse, alteration, destruction, or unauthorized access or disclosure. The Internet is, however, inherently insecure and even the best precautions and systems cannot guarantee the security of data. When you enter Personal Data, we encrypt the transmission of that Personal Data using secure socket layer technology (SSL).
Access: Although M*Modal receives, handles and in some cases, stores Personal Data, M*Modal’s customers are typically the custodians of the permanent copies of such Personal Data and the permanent official copies of dictation audio are managed by M*Modal’s customers. In the case of health records, all requests by data subjects for access to such records should be directed to the relevant M*Modal customer to ensure that the data subject receives access to his or her official, final health record. In the event that the relevant M*Modal customer does not respond to your request in a reasonably adequate or timely manner, please contact us at firstname.lastname@example.org and we will escalate your request with such M*Modal customer. In such cases, we will respond to your request within 30 days.
Data Retention: M*Modal will retain Personal Data for as long as necessary to deliver services to the relevant M*Modal customer, in addition to retaining and using Personal Data as is necessary to comply with M*Modal’s legal obligations, to resolve customer disputes, and to enforce M*Modal’s agreements with its customers.
Customer Testimonials: We post customer testimonials, comments and reviews on our website which may contain personal information. We obtain the customer’s consent via email to post such customer’s name along with the testimonial, prior to posting the testimonial. If you wish to update or delete your testimonial, you can contact us at email@example.com.
Data Integrity: M*Modal’s customers are responsible for ensuring that any Personal Data collected are accurate, complete, current and reliable for the intended use. Draft medical reports generated by M*Modal for its customers may not be considered reliable, accurate, or complete until subsequently reviewed, edited (as necessary), and approved by a healthcare provider, which approval process occurs outside the M*Modal system.
Dispute Resolution: M*Modal is committed to resolving any disputes that may arise by internal investigation and resolution of the issue. Should M*Modal’s efforts to resolve an issue be unsuccessful, M*Modal will facilitate the resolution of such disputes including through the submission of disputes to an independent third party. M*Modal also participates in the EU Safe Harbor Privacy Framework as set forth by the United States Department of Commerce. As part of our participation in safe harbor, M*Modal has agreed to the TRUSTe Dispute Resolution Requirements for disputes relating to our compliance with the Safe Harbor Privacy Framework. If you have complaints regarding our compliance with the Safe Harbor Privacy Framework you should first contact us at firstname.lastname@example.org or at M*Modal’s headquarters at 5000 Meridian Boulevard, Suite 200, Franklin, Tennessee 37067. If contacting us does not resolve your complaint, you may raise your complaint by contacting TRUSTe here or by fax at 415-520-3420, or mail at Watchdog Complaints, TRUSTe, 835 Market Street Suite 800, San Francisco, CA 94103. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: M*Modal, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaints shared with M*Modal. For information about TRUSTe or the operation of TRUSTe’s dispute resolution process, please visit TRUSTe or request this information from TRUSTe at any of the addresses listed above. The TRUSTe dispute resolution process will be conducted in English. For human resources data we have agreed to cooperate with Data Protection Authorities in the EEA.
Any questions, comments or complaints about the data practices (including without limitation compliance with data privacy principles of notice, choice, onward transfer, access, security, data integrity, or enforcement) of an M*Modal customer for whom M*Modal processes data should be addressed to that customer.
Compliance with HIPAA
M*Modal provides technical controls and safeguards that support its customers’ compliance policies and procedures. Although compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) is the responsibility of every healthcare organization, M*Modal is dedicated to ensuring that its products and services make it easier for them to reach that goal.
M*Modal has also established a corporate Department of Information Security and HIPAA Compliance led by a corporate director to facilitate and manage the information security needs of its customers. The director’s role includes these responsibilities:
- Implement corporate privacy and security policies, and ensure effective corporate-wide privacy and security awareness.
- Validate that current operational and technical business practices ensure the privacy and security of protected health information.
- Develop, implement and monitor a privacy and security awareness, education and training program, as well as a compliance program.
- Assist our customers in the ongoing process of negotiating and finalizing the required Business Associate agreements.
M*Modal’s guiding principle is to make every reasonable effort to be knowledgeable and responsive regarding any changes in the Final Privacy Rule and Security Rule, and to act as a compliant Business Associate.
Limitation on Scope of Principles
Adherence by M*Modal to these privacy principles may be limited to the extent necessary to meet M*Modal’s regulatory, legal, governmental, or national security obligations.
How to Contact Us
5000 Meridian Boulevard
Franklin, TN 37067
Changes to this Privacy Statement
If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Web site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Last Updated: January 15, 2013