Privacy
Policy

Privacy
Policy

Last Modification: Feb 28-2024 

 

Your privacy is essential to us. Our Privacy Statement applies to all our interactions with you, your use of our websites, products, or services, and how we use and disclose that information. INTEGRA IT is committed to protecting your privacy and guaranteeing your trust by complying with current regulations for using personal data. 

Please read this Privacy Statement carefully to understand how we use your information.

 

INTEGRA IT is committed to the protection of personal data. We are committed to protecting personal information and take all appropriate measures, within the best practices, to ensure that we will use said information by the will and the needs of the holders; we will give the correct treatment of any personal data of the holders and suppliers registered in the database, whose owner is a natural and legal person; through the application of strict control and security standards in its service, maintaining safe practices in all processes to minimize the risk of being used by individuals or organizations that want to commit illegal acts.

This privacy policy describes how we collect, use, disclose, and process personal information in connection with our websites, mobile applications, and other services and explains the rights and choices available to individuals concerning their information. For convenience, our websites and mobile applications are collectively called the “Sites” and, together with our other services, collectively called the “Services.” This Privacy Policy governs any of the Services on which the Privacy Policy is posted.

 

DEFINITIONS

  • Personal Data: Personal data is all those that identify or allow the identification of a person and that can be used to prepare their profile (ideological, racial, sexual, economic, or of any other nature).
  • Data Processing: Any operation or set of processes carried out on personal data or settings of personal data, whether by automated procedures or not, such as collection, registration, organization, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, diffusion or any other form of authorization of access, comparison or interconnection, limitation, deletion or destruction.
  • Data Storage: The conservation or custody of data in a registry or data bank.
  • Data Modification: Any change in the data’s content stored in records or databases.
  • Limitation of Treatment: The marking of the personal data kept to limit its treatment in the future.

 

  • Data Controller: The natural or legal person, public authority, service, or other body that, alone or jointly with others, determines the purposes and means of processing. If the law of the Union or the member states determines the purposes and means of the treatment, the controller or the specific criteria for his appointment may be established by the Union’s or member states’ law.
  • Data Owner: Natural person to whom the data refers.
  • Processor: The natural or legal person, public authority, service, or other body that processes personal data on behalf of the controller
  • Recipient: The natural or legal person, public authority, service, or other body to which personal data is communicated, whether or not it is a third party.
  • Third-party: Natural or legal person, public authority, service, or body other than the interested party, the data controller, the data processor, and the persons authorized to process personal data under the direct authority of the data controller or processor.
  • Consent of the Interested Party: Any manifestation of free, specific, informed, and unequivocal will by which the interested party accepts, either through a declaration or an explicit affirmative action, the processing of personal data that concerns him.
  • Personal Data Security Breach: Any security breach that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized communication or access to such data.
  • Personal Data: Any numerical, alphabetical, graphic, photographic, acoustic, or other information susceptible to collection, registration, treatment, or transmission concerning an identified or identifiable natural person.
  • Data Accessible to the Public: All data that can be found is available to the general public. Any legal norm does not limit their access and knowledge. 
  • Biometric Data: Personal data obtained from a specific technical treatment related to the physical, physiological, or behavioral characteristics of a natural person that allow or confirm the unique identification of the said person, such as facial images or dactyloscopy data.
  • Health Related Data: Personal data relating to a natural person’s physical or mental health, including the provision of health care services, which reveal information about their state of health.
  • Sensitive Data: These are personal data that refer to the physical or moral characteristics of people or facts or circumstances of their private life or intimacy, such as personal habits, racial origin, ideologies, and political opinions, beliefs, or convictions. religions, physical or mental states of health, and sexual life.
  • Data Transfer: The transport of data between computer systems by any means of transmission and the transport of data carriers by mail or any other conventional means.
  • Elimination or Cancellation of Data: It is the destruction of data stored in records or data banks, whatever the procedure used for it.
  • Transmission of Documents: Any transfer, communication, shipment, delivery, or disclosure of the information contained therein.
  • Identifiable Person: Any person whose identity can be determined, directly or indirectly, through any information referring to their physical, physiological, psychological, economic, cultural, or social identity. A natural person shall not be considered identifiable if such identification requires disproportionate timeframes or activities.

MANAGEMENT COMMITMENT

Integra IT management is committed to and takes responsibility for implementing appropriate technical and organizational safeguards to protect confidential information, including PII. Integra IT is also committed to demonstrating that any processing of personal data complies with all applicable regulations. The implemented measures will be reviewed and updated as necessary. Management supports and commits to compliance with applicable PII protection regulations and contractual obligations agreed between Integra IT and third parties, clearly assigning responsibilities. Policies and procedures are developed and maintained to consider applicable PII protection regulations.

DATA PROCESSING INFORMATION

 

INTEGRA IT develops and sells, nationally and internationally, computer systems and software; it provides professional and consulting services in developing and implementing information systems, software maintenance, outsourcing specialized resources, and operational processes to its clients.

IDENTIFICATION OF THE RESPONSIBLE FOR DATA PROCESSING

 

COLOMBIA

Company Name: INTEGRA IT SAS
Nit: 900311906-7
Address: Cra. 23 # 124 – 87 Tower 1 Office 602 – Bogotá DC – CO
Email: [email protected]
Telephones: +57 (1) 8050057

PANAMA

Company Name: INTEGRA IT, SA

RUC 2550007-1-826248 DV 23

Address: City of Knowledge – Calle Jacinto Palacios – Building 230 Floor 3.

Email: [email protected]
Telephone: +57 (1) 8050057

USA

Company Name: INTEGRA IT SOLUTIONS LLC

Address: 9241 NW 14TH CT, Plantation, Fl 33322, United States

EIN: 61-2006578

Email: [email protected]

 

COMPLIANCE WITH PRIVACY LAWS

Panama: Integra IT complies with those defined in Law 81 on the Protection of Personal Data, which establishes principles, rights, obligations, and procedures to regulate the protection of personal data in Panama.

Colombia: INTEGRA IT SAS complies with Law 1581 of 2012, which applies to personal data registered in any database and subject to treatment by entities of a public or private nature, according to the defined standards.

INTEGRA IT adopted the definition that the right of habeas data is the power that the owner of the personal data has to demand from the data administrators the access, inclusion, exclusion, correction, addition, updating, and certification of the data; understanding this as an autonomous right that differentiates it from other guarantees that is closely related to rights such as the right to privacy and information.

  • The owner of the information shall be understood as the natural or legal person to whom the data refers.
  • The source of information will be the person, entity, or organization that knows the personal data of the owner of the information.
  • When referring to the data controller, it shall be understood, by the Habeas Data Law, that the natural or legal person, public or private, that by itself or in association with others performs the processing of personal data on behalf of the data controller. 
  • In turn, the person in charge will be that natural or legal person, public or private, who decides on the database and the treatment of the data by himself or in association with others.

 

Integra IT may collect personal data only voluntarily and will store it in a way that allows the owner’s right of access to be exercised when requested. INTEGRA IT will destroy any data that is no longer necessary or relevant to the purposes for which it was collected or when the owner of the information requests its destruction at any time. Following current legislation, INTEGRA IT will use the data collected to respond to your requests, improve our level of service and the content of our website; provide you with helpful information, news, and product updates; inform you about new products and services, obtain your opinion about our products and services. If the purpose of the data collection were other than those stated here, the data entry would be expressly notified when it is required. For the convenience of our visitors, the INTEGRA IT website may have links to other third-party websites. Still, this privacy policy will not apply to said sites, so you should consult the others’ respective privacy policies. 

Although INTEGRA IT cannot offer guarantees against any loss, improper use, or modification of personal data, it does make every effort to avoid such effects, adopting the technical and legal measures necessary to guarantee the security and confidentiality of personal data. , to prevent its adulteration, loss, consultation, or unauthorized treatment, and eventually allow the detection of deviations, intentional or not, of information, regardless of how it is intended to affect security. INTEGRA IT will not communicate personal data to any third party unless the owner has given his express consent to the person in charge or person in charge of the treatment, or it is a communication permitted per local legislation.

It will be understood that the consent delivered separately will prevail over this privacy policy as long as it follows current legislation. Finally, in its capacity as Registered Responsible in Personal Databases, INTEGRA IT informs that all its workers and collaborators have a Confidentiality Agreement with the company, in which they are obliged to protect the data or information to which they have access to the occasion of the execution of a labor contract or provision of professional services.

United States: INTEGRA IT SAS complies with the General Data Protection Regulation (GDPR) that was promulgated in April 2016 and entered into force on May 25, 2018; for this reason, we guarantee data holders the right to request deletion or correction of your data, complying with all types of requests.

Mexico: INTEGRA IT SAS complies with the Federal Law on Protection of Personal Data Held by Individuals or the Data Protection Law, which regulates private sector companies’ processing of personal data. With its application, we prevent the data from being misused, guarantee that the rights of the data owners are respected, and ensure a reasonable expectation of privacy.

As a company, we take into account the guides and documents issued by the National Institute of Transparency, Access to Information, and Protection of Personal Data (“INAI”).

Dominican Republic: INTEGRA IT SAS complies with Law No. 172-13, whose purpose is to protect personal data stored in files or other technical means of data processing intended to provide public or private reports.

Chile: Integra IT complies with Law 19628 of August 1999 on the Protection of Private Life; in this way, we understand that the treatment of personal data is subject to the provisions of this law. We comply with the law to ensure that we can process personal data by this law and for the purposes permitted by the legal system. We always respect the whole exercise of the fundamental rights of the data owners and the powers that this law recognizes.

SCOPE OF INFORMATION

Our intention with the data protection information is to present the owners with the online data protection guidelines and inform them about the possibilities available to the owner to collect information about each one on our website.

GUIDELINES FOR THE PROCESSING OF PERSONAL DATA

 

  1. The processing of personal data is only carried out when the law of each country or other legal provisions authorize it and the owner expressly consents to it.
  2. The processing of personal data and information must always be done respecting the principles of quality, legality, loyalty, security, and purpose.
  3. The owner of the data must be duly informed regarding the purpose of storing their data and, if applicable, its possible communication to the public. This authorization must be in writing.
  4. The authorization can be revoked without retroactive effect, which must be done in writing.
  5. Data processing at INTEGRA IT SAS will be limited to personal data that are pertinent and adequate for the purpose for which they are collected or required by the constitution and the law, which will be disclosed to the owner thereof.
  6. INTEGRA IT SAS is committed to providing the correct use and treatment of the personal data of its owners, whether or not they are sensitive, avoiding unauthorized access to third parties that allow knowing, violating, modifying, disclosing, and destroying the information for which INTEGRA IT SAS has information security policies that include mandatory control measures.
  7. In all cases, the information must be accurate, up-to-date, and truthfully reflect the actual situation of the data owner.
  8. Personal data must be deleted or canceled when its storage lacks legal grounds or expires or the owner requires it. This must be done free of charge for the data owner.
  9. If the personal data is in a database to which our clients have access, the owner may request information from any of them.
  10. Personal data must be modified when erroneous, inaccurate, misleading, or incomplete.
  11. All INTEGRA IT collaborators who have access to personal data are obliged to keep confidentiality, an obligation that does not cease at the end of the employment contract and that is found within the contracting agreements.
  12. INTEGRA IT SAS will ensure respect for and compliance with the fundamental rights of children and adolescents, guaranteeing the unique requirements for processing their personal and sensitive data.
  13. In the case where the immediate client provides the owner’s data, the latter will be “The Data Controller,” and INTEGRA IT SAS will be “The Data Manager”; accordingly, INTEGRA IT SAS will respond to the indications of the Responsible for Data Processing on the data of the Holder.
  14. At INTEGRA IT SAS, sensitive data is only processed when:
    a) The owner has given his explicit authorization to said treatment, except in cases where the granting of expressed permission is not required by law.
  1. b) The treatment is necessary to safeguard the vital interest of the owner and he is physically or legally incapacitated; in these events, the legal representatives must grant their authorization.
    c) The treatment is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association, or any other non-profit organization whose purpose is political, philosophical, religious, or trade union, provided that it refers exclusively to its members or to persons who maintain regular contact because of its purpose; In these events, the data may not be provided to third parties without the authorization of the owner.
  1. When Integra IT is responsible for the records or databases where personal data is stored after its collection, it must take care of them with due diligence, taking responsibility for the damages.
  2. INTEGRA IT has no control or ownership of customer data. Any questions regarding customer data should be directed to the customer you work for or who collected your information using an INTEGRA IT platform or application.

Chile:

When the data owner requests information, modification, cancellation, or blocking of personal data from INTEGRA IT, his request must be answered within two business days. INTEGRA IT understands and knows that all data related to medical prescriptions, analysis, clinical laboratory tests, and health-related services are reserved. Its content will only be disclosed with the owner’s express written consent.

 

DATA COLLECTION AND USE

The types of information we collect about holders are the information provided by each, such as their contact details, as well as the information that our Sites collect automatically, such as their IP address and the data collected by our use of cookies.

We always use personal data for specific and explicit purposes authorized by the owner at the time of collection.  

 

PURPOSES OF INFORMATION PROCESSING:

At INTEGRA IT, information about the holders is processed to provide our services, to comply with the law and prevent fraud, and for other reasons with the consent of each owner.

We may also anonymize data, which means data, to conduct analytics to learn how to provide our Sites and Services better.

Integra IT will identify and document the purposes of processing the PII. This allows people to make informed decisions and manage their privacy interests. The purpose of the processing is described in the public privacy notices and related privacy procedures. Integra IT will restrict the processing of PII to only what is compatible with the identified purposes. Integra IT monitors changes to the processing and will consult with the DPO or legal counsel to ensure that any new processing remains consistent with the original purpose. Suppose information previously collected will be used for purposes not previously identified in the privacy notice. In that case, Integra IT will document the new definition, notify the individual, and obtain explicit or implicit consent before such further use or purpose. Integra IT monitors changes in the processing of PII and will implement mechanisms to ensure that any changes are made per the defined requirements.

Integra IT will attach purpose-containing data tags to PII items for defined processing purposes whenever possible. Integra IT will ensure that contracts in place to process PII address its role in assisting its customers concerning their processing obligations, considering the nature of the processing and the information available to Integra IT. Integra IT only processes PII on behalf of a client for the purposes expressed in instructions documented by the client.

AUTHORITY TO PROCESS PERSONALLY IDENTIFIABLE INFORMATION: PROCESSING AUTHORITY

Integra IT may process sensitive information, including PII, as part of its operations throughout the information lifecycle. Processing includes, but is not limited to, the creation, collection, use, processing, storage, maintenance, dissemination, disclosure, receipt, transmission, and deletion of information. Processing also includes recording, generation, transformation, and analysis techniques such as data mining.

Integra IT will comply with applicable laws establishing its authority or limitations on processing certain types of PII and will develop related processing requirements following contractual obligations. Integra IT will consult with the DPO and other legal advisors regarding the authority to process information in multiple jurisdictions. Integra IT will abide by its processing-related privacy policies and procedures that consider all laws, contracts, and other privacy-related requirements.

Integra IT will determine and document the authority that allows Integra IT to process PII and will restrict the processing of unauthorized PII. Privacy risks may still be present even if the processing is carried out on a legal basis. Privacy risk assessments will be conducted to identify any associated privacy risks, and solutions to manage those risks will be determined. Whenever possible, Integra IT will attach data tags containing authorized processing to items of PII.

Integra IT will train employees on the authorized processing of sensitive information, including PII, and will monitor and audit the use of this information.

RIGHTS OF PERSONAL DATA HOLDERS

At INTEGRA IT, we respect the legal rights associated with the processing of personal data:

Access:

The owner can obtain the personal data that we have stored and know the origin and purpose of their collection.

Integra IT allows individuals to determine if you maintain PII about them, and, upon request, the individual can obtain access to their PII. Integra IT will verify and authenticate the identity of persons requesting access to your PII before they are given access to the information.

Integra IT will provide PII to the individual in an understandable form, within a reasonable time frame, and at a reasonable cost.

Integra IT may deny an individual’s access to your PII or deny a request to change your PII based on regulatory requirements. Integra IT will promptly inform the individual of the denial and the reason for the rejection unless regulations prohibit it.

Right of access

An individual has the right to agree to inspect and obtain a copy of their PHI in a designated record set, as long as the PHI is maintained in the defined record set, except for the following:

  • psychotherapy notes
  • Information collected with reasonable anticipation or for use in a civil, criminal, or administrative action or proceeding
  • PHI that is maintained by a covered entity organization that is:
    • Subject to the Clinical Laboratory Improvements Amendments of 1988, 42 United States Code (USC) Section 263a, to the extent provision of individual access is prohibited by law
    • Exempt from the Clinical Laboratory Improvement Amendments of 1988, following 42 Code of Federal Regulations (CFR) Section 493.3(a)(2)

Integra IT may deny access to a person without providing an opportunity for review in the following circumstances:

  • PHI is exempt from the right of access outlined in the exceptions above.
  • Integra IT, as a correctional institution or covered health care provider acting at the direction of the penitentiary institution, may deny (in whole or in part) an inmate’s request for a copy of PHI if obtaining such a copy would endanger health, the safety, security, custody, or rehabilitation of the individual or other inmates or the safety of any officer, employee, or another person at the correctional institution or who is responsible for the inmate’s transportation.
  • An individual’s access to PHI created or obtained by a covered healthcare provider during research that includes treatment may be temporarily suspended. In contrast, the study is ongoing, provided the individual has agreed to the denial of access by giving their consent. Consent to participate in the research and the covered health care provider has informed the individual that the right of admission will be reinstated upon completion of the study.
  • An individual’s access to PHI contained in records subject to the PRIVACY Act, 5 USC Section 552a, may be denied if the denial of access under PRIVACY would meet the requirements of this law.
  • An individual’s access may be denied if the PHI was obtained from someone other than a health care provider under a promise of confidentiality, and the requested access is reasonably likely to reveal the source of the information.

Denial of access

As a covered entity, Integra IT may deny access to an individual, provided that the individual is entitled to have such denials reviewed in the following circumstances:

  • A licensed healthcare professional has exercised professional judgment and determined that the requested access is reasonably likely to endanger the individual’s or another person’s life or physical safety.
  • The PHI refers to another person (unless that person is a health care provider). A licensed healthcare professional has exercised professional judgment and determined that the requested access is reasonably likely to cause substantial harm to that other person.
  • The person’s representative makes the access request. A licensed healthcare professional has exercised professional judgment and determined that providing access to such a personal representative is reasonably likely to cause substantial harm to the person or another person.

Suppose access is denied for a permitted reason. In that case, the individual has the right to have the denial reviewed by a licensed healthcare professional designated by Integra IT to act as a review officer who was not involved in the original refusal decision. Integra IT will provide or deny access under the reviewing official’s determination.

Access requests

As a covered entity, Integra IT will allow an individual to request access to inspect or obtain a copy of your PHI that is maintained in a designated record set. Integra IT may require individuals to make access requests in writing, provided that Integra IT informs individuals of such a requirement. Integra IT will act on a request for access no later than thirty (30) days after receiving the request as follows:

  • If Integra IT agrees to the request, in whole or in part, it will inform the individual of the acceptance of the request and provide the requested access as appropriate.
  • If Integra IT denies the request, in whole or in part, it will provide the individual with a written denial, as appropriate.

If Integra IT is unable to take necessary action within the required applicable period, Integra IT will extend the time for such activities by no more than thirty (30) days, provided that:

  • Within the applicable time limit, Integra IT provides the person with a written statement of the reasons for the delay and the date by which Integra IT will complete its action on the request.
  • Integra IT will make only one such extension of time for action on an access request.

As a covered entity, Integra IT provides an individual with access, in whole or in part, to PHI subject to the following requirements:

  • Integra IT must provide the access requested by individuals, including inspecting or obtaining a copy, or both, of PHI about them in designated record sets. If the same PHI subject to an access request is maintained in more than one designated record set or at more than one location, Integra IT needs to produce the PHI only once in response to an access request.
  • Integra IT must provide the individual with access to the PHI in the form and format requested by the individual if it can be readily produced in such form and format or, if not, in a legible hard copy or other form and format agreed upon by Integra IT and the individual.
  • If the PHI that is the subject of an access request is maintained electronically in one or more designated record sets and if the individual requests an electronic copy of that information, Integra IT must provide the individual with access to the PHI in electronic form and format requested by the individual if it is readily producible in such form and format; or, if not, in a readable electronic form and format as agreed upon by Integra IT and the individual.
  • Integra IT may provide the individual with a summary of the PHI requested in place of giving access to the PHI or may provide an explanation of the PHI to which access has been provided if:
    • The individual agrees in advance to such summary or explanation.
    • The individual agrees in advance to the fees imposed, if any, by Integra IT for such summary or explanation.
  • Integra IT must provide the access requested by the individual promptly, including arranging a convenient time and place for the individual to inspect or obtain a copy of the PHI or to mail the copy of the PHI to the person’s request. Integra IT may discuss the scope, format, and other aspects of the access request with the individual as necessary to facilitate the timely provision of access.
  • If an individual’s access request directs Integra IT to transmit the copy of the PHI directly to another person designated by the individual, Integra IT must provide the copy to the individual’s designee. The individual’s request must be in writing, signed by the individual, and identify the designee and where to send the copy of the PHI.

If the individual requests a copy of the PHI or agrees to a summary or explanation of such information, Integra IT may impose a reasonable, cost-based fee, provided that the fee includes only the cost of

  • Labor for the copy of the PHI requested by the individual, whether in paper or electronic format.
  • Supplies to create the paper copy or electronic media if the person requests that the electronic copy be provided on portable media.
  • Postage is when the person has requested that the copy, summary, or explanation be mailed.
  • Preparation of an explanation or summary of the PHI, if accepted by the individual as necessary.

As a covered entity, if Integra IT denies access, in whole or in part, to PHI, Integra IT will comply with the following requirements:

  • Make other information accessible. Integra IT must, to the extent possible, give the individual access to any other PHI requested after excluding the PHI for which Integra IT has reason to deny access.
  • Integra IT must provide a timely written denial to the person accordingly. The refusal must be in plain language and contain:
    • The basis of denial.
    • If applicable, a statement of the individual’s review rights, including a description of how the individual may exercise those review rights.
    • A description of how someone can complain to Integra IT under the complaint procedures or the Secretary of the Department of Health and Human Services (HHS). The description must include the name, title, and telephone number of the contact person or office designated to receive complaints.
  • If Integra IT does not maintain the PHI that is the subject of the individual’s access request, and Integra IT knows where the requested information is held, Integra IT must inform the individual where to direct their access request.
  • If the individual has requested a review of a denial, Integra IT must designate a licensed healthcare professional who was not directly involved in the denial to review the decision to deny access. Integra IT must immediately forward a request for review to such designated review officer. The designated reviewing officer shall determine, within a reasonable time, whether or not to deny the requested access based on the rules. Integra IT must promptly notify the individual of the designated review official’s determination and take other steps as required by this section to carry out the designated review official’s determination.

As a covered entity, Integra IT will document and retain the following for six (6) years from the date of its creation or the date it was last in effect, whichever is later:

  • The designated sets of records that are subject to human access.
  • The titles of the persons or offices in charge of receiving and processing access requests from individuals.

Right of Rectification

The owner may request the correction of their data if it needs to be corrected, is irrelevant, inaccurate, false, or incomplete. 

Right of Opposition

The holder can revoke the consent.

INTEGRA IT customers are the controllers of the data when it is processed on the INTEGRA IT platform, applications, and related services. For example, suppose someone participates in a clinical trial or is an investigator who logs into our applications. In that case, the data controller and the participant’s healthcare provider sponsor this trial.

 

VALID AUTHORIZATIONS

Specific requirements must be met for authorization to be considered valid. A valid authorization may contain elements or information in addition to the required elements, provided that such additional elements or information are not inconsistent with the required elements.

An authorization is not valid if the document presented has any of the following effects:

  • The expiration date has passed, or Integra IT knows that the expiration event has occurred
  • The authorization has not been completed in its entirety concerning any element, if applicable
  • Integra IT knows that the approval has been revoked
  • The authorization violates any applicable requirement; either
  • Integra IT knows that any material information in the approval is false

An authorization for the use or disclosure of PHI may not be combined with any other document to create a composite approval except as follows:

  • An authorization for using or disclosing PHI for a research study may be combined with any other type of written permission for the same or another research study. This exception includes combining an authorization for the use or disclosure of PHI for a research study with another approval for the same study, with permission to create or maintain a research database or repository or with consent to participate in the research. Where the covered entity, such as a health care provider, conditions the provision of research-related treatment on the provision of one of the authorizations, any composite authorization created must differentiate between the conditional and non-conditional components and allow the individual to participate. to the research activities described in the unconditional consent.

AUTHORIZATION ELEMENTS

HIPAA authorizations will be written in plain language. A valid HIPAA authorization must contain at least the following elements:

  • A description of the information to be used or disclosed that identifies the information in a specific and meaningful way.
  • The name or other specific identification of the person(s) or class of persons authorized to make the requested use or disclosure.
  • The name or other specific identification of the person(s) or class of persons to whom Integra IT may make the requested use or disclosure.
  • A description of each purpose of the requested use or disclosure. The statement “at the request of the individual” is a sufficient description of the purpose when an individual initiates the authorization and does not provide, or chooses not to provide, a statement of purpose;
  • An expiration date or expiration event related to the individual or the purpose of the use or disclosure. The statement “end of research study,” “none,” or similar language is sufficient if the authorization is for the use or disclosure of PHI for research, including creating and maintaining a research database or research repository and
  • Individual’s signature and date. If a personal representative of the person signs the authorization, a description of that representative’s authority to act on the person’s behalf must also be provided.

In addition to the core elements above, the authorization must contain adequate statements to make the individual aware of all of the following:

  • The individual’s right to revoke an authorization in writing, and either:
    • The exceptions to the right of revocation and a description of how the individual can revoke the authorization; either
    • To the extent this information is included in the required notice, it will reference Integra IT’s notice.
  • The ability or inability to condition treatment, payment, enrollment, or eligibility for benefits on the authorization by stating:
    • Integra IT may not prepare the treatment, payment, affiliation, or eligibility to the benefits to the individual signing the authorization when the prohibition of conditioning authorizations applies; either
    • The consequences for the individual of a refusal to sign the authorization when integrating IT may condition treatment, enrollment in the health plan or eligibility for benefits on the failure to obtain said authorization.
  • The possibility that information disclosed under the authorization is subject to redisclosure by the recipient and is no longer protected.

If Integra IT seeks authorization from an individual for the use or disclosure of PHI, Integra IT will provide the individual with a copy of the signed authorization.

REVOCATION OF AUTHORIZATION

An individual may revoke an authorization at any time provided it is in writing and except to the extent that Integra IT has taken action reliant on the prior authorization or if the authorization was obtained as a condition of obtaining insurance coverage.

SYSTEM OF RECORDS NOTICE (SORN):

For systems that process information that will be kept in a PRIVACY record system. Integra IT will do the following:

  • Draft system of record notices (SORNs) following Office of Management and Budget (OMB) guidance and submit new and significantly modified SORNs to OMB-appropriate congressional committees for early review.
  • Publish SORN in the Federal Register; and
  • You will keep SORNs accurate, up-to-date, and within the scope following policy.

Integra IT will annually review all routine uses published in the SORN to ensure continued accuracy and that routine uses are compatible with the purpose for which the information was collected.

Integra IT will review all PRIVACY exemptions annually claimed for the system of records to ensure that they remain appropriate and necessary under the law, have been disclosed as regulations, and are accurately described in the SORN.

If applicable, Integra IT:

  • It will publish SORN in the Federal Register, subject to any oversight process required for systems containing PII.
  • It will keep the SORN updated.
  • Include the PRIVACY Statement on forms that collect PII or on separate forms retained by individuals to provide additional formal notice to the individuals from whom the information is collected and
  • Will publish SORN on Integra IT’s public website.

AMENDMENTS

As a covered entity, an individual has the right to have Integra IT amend PHI or a record about the individual in a designated record set for as long as the PHI is maintained in the designated record set.

Integra IT may deny a person’s change request for the following reasons:

  • Integra it did not create the PHI you requested to be amended unless the individual provides a reasonable basis to believe that the author of the PHI is no longer available to act on the amendment request.
  • The requested PHI to be amended is not part of the designated record set.
  • By law, PHI is not available for inspection.
  • PHI is already accurate and complete.

As a covered entity, Integra IT will allow an individual to request an amendment to their PHI in the designated record set. Integra IT will require the person to make the change request in writing and provide a reason to support the request, provided the person has been informed of this requirement in advance.

Integra IT will act on an individual’s change request no later than sixty (60) days after receiving such request as follows:

  • Integra IT will take the necessary steps if it grants the requested modification, in whole or in part.
  • If Integra IT denies the requested amendment, in whole or in part, Integra IT will provide the individual with a written denial.

If Integra IT is unable to act on the change request within the required time, Integra IT will extend the time for such action by no more than thirty (30) days provided that:

  • Within the sixty (60) days allowed, Integra IT provides the individual with a written statement of the reasons for the delay and the date by which Integra IT will complete its actions on the request and
  • Integra IT will make only one such extension of time to take action on an amendment request.

If Integra IT accepts the amendment request, in whole or in part, Integra IT:

  • Make the amendment. Integra IT will make the appropriate amendment to the PHI or record that is the subject of the amended request, at a minimum, by identifying the records in the designated record set affected by the amendment and attaching or providing a link to the amendment’s location.
  • Inform the individual. Integra IT will inform the person promptly that the amendment is accepted and obtain the identification and agreement of the person for Integra IT to notify the relevant persons with whom the amendment should be shared.
  • Inform others. Integra IT will make reasonable efforts to inform and provide the modification within a good time to:
    • Persons identified by the individual who has received PHI about the individual and who needs the amendment and
    • Individuals, including business associates, known to Integra IT to have PHI that is the subject of the amendment and may have relied or could foreseeably rely on such information to the detriment of the individual.

If Integra IT denies the change request, in whole or in part, Integra IT will comply with the following:

  • Integra IT must provide the individual with a timely written denial. The refusal must use plain language and contain:
    • The basis of denial.
    • The individual’s right to submit a written statement disagreeing with the denial and how the individual may submit such a statement.
    • A statement that, if the individual does not file a statement of disagreement, the individual may request that Integra IT provide the individual’s request for amendment and the denial of any future disclosure of PHI subject to the amendment.
    • A description of how the person can complain to Integra IT in accordance with the organization’s complaint procedures or to the Secretary of HHS. The description must include the contact person or designated office’s name or title and telephone number.
  • Integra IT must allow the individual to submit a written statement disagreeing with the denial of all or part of a request for amendment and the basis for such disagreement. Integra IT may limit the length of a statement of disagreement.
  • Integra IT can prepare a written rebuttal to the individual’s statement of disagreement. Whenever such a rebuttal is prepared, Integra IT must provide a copy to the person who submitted the statement of disagreement.
  • Integra IT must, as applicable, identify the record or PHI in the designated record set subject to the disputed amendment and attach or otherwise link the individual’s request for amendment, Integra IT’s denial of the request, the individual’s statement of disagreement, if any, and Integra IT’s rebuttal, if any, to the designated record set; and
  • Future disclosures are as follows:
    • If the individual has submitted a statement of disagreement, Integra IT must include the attached material or, at its option, an accurate summary of such information with any subsequent disclosure of PHI to which the disagreement relates.
    • If the individual has not submitted a written statement of disagreement, Integra IT must include the individual’s request for amendment and denial or an accurate summary of such information, with any subsequent disclosure of PHI only if the individual has requested such action accordingly.
    • When a subsequent disclosure is made using a standard transaction that does not allow additional material to be included, Integra IT may separately transmit the required material, as applicable, to the recipient of the standard transaction.

If another organization informs Integra IT of a change to an individual’s PHI, Íntegra IT will change the PHI in the designated record set.

DOCUMENTATION

As a covered entity, Integra IT documents and retains any signed authorization for six (6) years from the date it was created or the date it was last in effect, whichever is later. It will document the titles of the persons or offices in charge of receiving and processing the modification requests of individuals.

PLATFORM, APPLICATIONS, AND CLIENT DATA

As part of the INTEGRA IT platform, applications, and related services, our client’s employees and authorized holders may enter information from or about their authorized holders, employees, and clinical trial subjects (collectively, “Customer Data”), on our servers.

 

This privacy policy does not apply to customer data, and we are not responsible for our customers’ handling of customer data. Our customers have policies for collecting, using, and disclosing personal information. Our use of customer data is subject to the written service agreement between INTEGRA IT and the customer, which does not imply the sale of your data.

INTEGRA IT’s responsibility is to keep customer data safe and secure under that agreement.

INFORMATION COLLECTED BY INTEGRA IT

Integra IT limits the collection of PII to what is necessary to fulfill Integra IT’s objectives. Integra’s IT management reviews PII collection methods before implementation to confirm that PII is collected fairly, without intimidation or deception, and following all applicable legal regulations.

Integra IT informs individuals if Integra IT develops or acquires additional information about them for Integra IT’s use.

WE COLLECT PERSONAL INFORMATION IN THE FOLLOWING WAYS:

Information provided by the owner

Personal Information that may be provided through the Services includes:

  • information, such as first name, last name, postal address, email address, phone number, job title, and employer name.
  • Profile information includes username and password, industry, interests, and preferences.
  • Feedback and correspondence include information a data subject provides as survey responses when participating in market research activities, reporting a problem with the Sites, receiving customer support, or communicating with INTEGRA IT.
  • Transaction information includes details about any purchases you make through the Sites, event registrations you make through the Sites, and billing details.
  • Usage Information, such as how you use the Sites and interact with us.
  • Marketing information includes preferences for receiving marketing communications and details about how you engage with them.
  • We may combine other publicly available information, such as information related to your organization, with personal information you provide through our Sites or Services.

 

Information is collected automatically.

We may collect an IP address from visitors to our Sites. We use IP addresses to help diagnose problems with our server(s), to administer the Sites, and to monitor activities and interactions with our Sites.

We may also automatically record information about cardholders and their computer or mobile device when they access our Sites. For example, we may record the name and version of the operating system of the owner’s computer or mobile device, the manufacturer and model, the type of browser, the language of the browser, the screen resolution, the website you visited before browsing our Sites, the pages you viewed, the time you spent on a page, access times, and information about your use of and actions on our Sites. We collect this information about you using cookies.

 

USE AND DISCLOSURE OF OWNERS’ PERSONAL INFORMATION

Integra IT uses PII only as authorized and only to the minimum necessary level required by Integra IT to meet service-level obligations, contractual obligations, or regulatory requirements.

Integra IT will not use or disclose PHI without valid authorization. When Integra IT obtains or receives valid authorization for its use or disclosure of PHI, the use or disclosure is consistent with such authorization.

We use this information to provide our services.




If the owner has an INTEGRA IT account or uses our Sites, we use your personal information to:

 

  • Operate, maintain, administer, and improve the Sites;
  • Manage and communicate with the owner regarding the INTEGRA IT account, including by sending service announcements, technical notices, updates, security alerts, and administrative and support messages;
  • Process and manage registrations made through the Sites, including to track and manage training or events for which registrants register and attend.
  • Better understand the needs and interests of the owners and personalize their experience with the Sites.
  • Provide support and maintenance for the Sites and our Services.
  • Respond to service-related requests, questions, and comments.



SHARING INFORMATION WITH THE CONSENT OF THE HOLDER

We may use or share personal information with your consent, for example, when you consent to us posting your testimonials or endorsements on our Sites, when you direct us to take a specific action concerning your personal information, or if you opt-out. receive marketing communications.

 

MARKETING

Integra IT will obtain authorization for any use or disclosure of PHI for marketing, except if the communications are as follows:

  • A face-to-face communication made by Integra IT to an individual, either
  • Integra it provided a promotional gift of nominal value.

If the commercialization implies financial remuneration to Integra IT by a third party, the authorization must indicate that it is such remuneration.

USE OF HOLDER INFORMATION TO CREATE ANONYMOUS DATA FOR ANALYSIS

We may create anonymous data from the personal information we collect from data subjects. We anonymize personal information by excluding information that makes the data identify someone personally. We use this anonymous data for lawful business purposes, such as to improve our Sites and Services.

 

Data for research

As a covered entity, Integra IT may use or disclose a limited data set only for research, public health, or healthcare operations purposes. Integra IT may use PHI to create a qualifying limited data set or disclose PHI only to a business associate, whether Integra IT uses the limited data set.

Integra IT may use or disclose PHI for research, regardless of the source of research funding, as long as

  • Board Approval of an Authorization Waiver: Integra IT obtains documentation that a modification or waiver, in whole or in part, of the individual authorization required for the use or disclosure of PHI has been approved by:
  • An institutional review board (IRB) established following 7 CFR lc.107, 10 CFR 745.107, 14 CFR 1230.107, 15 CFR 27.107, 16 CFR 1028.107, 21 CFR 56.107, 22 CFR 225.107, 24 CFR 60.104, 28 CFR 60.107 219.107, 34 CFR 97.107, 38 CFR 16.107, 40 CFR 26.107, 45 CFR 46.107, 45 CFR 690.107, or 49 CFR 11.107.
  • A privacy dashboard that:
    • has members with diverse backgrounds and the appropriate professional competence necessary to review the effect of the research protocol on the individual’s privacy rights and related interests.
    • Includes at least one member who is not affiliated with Integra IT, who is not affiliated with any entity conducting or sponsoring the research, and who is not related to any person who is affiliated with any such entity.
    • You do not have any members participating in a review of any project in which the member has a conflict of interest.
  • Pre-Investigation Reviews: Integra IT obtains from the Investigator representations that:
    • The use or disclosure is sought solely to review the PHI as necessary to prepare a research protocol or for similar research preparation purposes.
    • The investigator will not delete any PHI from Integra IT in the course of the review, and
    • The PHI whose use or access is requested is necessary for the research and
  • Investigation of Information on the Deceased: Integra IT obtains from the investigator:
    • Representation that the use or disclosure sought is solely for research of the PHI of the descendants.
    • Documentation, at the request of Integra IT, of the death of said persons and
    • Representation that the PHI for which the use or disclosure is requested is necessary for the research.

For use or disclosure to be permitted based on documentation approving a modification or waiver, the documentation must include all of the following:

  • Action Identification and Date: A statement identifying the IRB or privacy board and the date the alteration or waiver of authorization was approved.
  • Waiver Criteria – A statement that the IRB or privacy board has determined that the alteration or waiver, in whole or in part, of the authorization meets the following criteria:
    • The use or disclosure of PHI does not pose more than minimal risk to the privacy of individuals, based at least on the presence of the following elements:
      • An adequate plan to protect identifiers from improper use and disclosure.
      • An adequate plan to destroy the identifiers as soon as possible is consistent with the research’s conduct unless there is a health or research justification for retaining the identifiers or such retention is required by law.
      • Adequate written assurances that the PHI will not be used or disclosed to any other person or entity, except as required by law, for authorized supervision of the research study or for other research for which this subpart would permit the use or disclosure of the PHI.
    • The investigation could only be carried out in practice with the waiver or alteration.
    • The research could only be carried out in practice with access to and use of the PHI.
  • Necessary PHI – A brief description of the PHI that the IRB or the privacy board has determined essential to use or disclose.
  • Review and Approval Procedures – A statement that the alteration or waiver of authorization has been reviewed and approved under routine or expedited review procedures, as follows:
  • An IRB must follow the Common Rule requirements, including the regular review procedures related to 7 CFR 1c.108(b), 10 CFR 745.108(b), 14 CFR 1230.108(b), 15 CFR 27.108(b), 16 CFR 1028.108(b), 21 CFR 56.108(b), 22 CFR 225.108(b), 24 CFR 60.108(b), 28 CFR 46.108(b), 32 CFR 219.108(b), 34 CFR 97.108(b), 38 CFR 16.108(b), 40 CFR 26.108(b), 45 CFR 46.108(b), 45 CFR 690.108(b), or 49 CFR 11.108(b)) or expedited review procedures (7 CFR 1c.110, 10 CFR 745.110 , 14 CFR 1230.110, 15 CFR 27.110, 16 CFR 1028.110, 21 CFR 56.110, 22 CFR 225.110, 24 CFR 60.110, 28 CFR 46.110, 32 CFR 219.110, 34 CFR 97.110, 1 31 CFR 31.110 26.110, 45 CFR 46.110, 45 CFR 690, or 49 CFR 11.110.
  • A privacy board must review proposed research at meetings convened and attended by most of the members, including at least one member who meets the criteria set forth above. The alteration or waiver of authorization must be approved by a majority of the privacy board members present at the meeting unless the privacy board elects to use an expedited review procedure as described below.
  • A privacy board may use an expedited review procedure if the investigation poses no more than minimal risk to the privacy of the individuals who are the subject of the PHI for which use or disclosure is sought. If the privacy board elects to use an expedited review procedure, the review and approval of the amendment or waiver of authorization may be conducted by the privacy board chair or by one or more privacy board members designated by the President.
  • Signature Required: Documentation of the alteration or waiver of authorization must be signed by the president or another member, designated by the IRB or the privacy board president, as appropriate.

RETENTION

Integra IT will retain PII only for the time required or by its retention schedule, as required by regulatory or contractual obligations.

SAFEGUARDS

Integra IT will define and approve where sensitive information, including PII, will be stored. Sensitive information will be kept to a minimum for business or legal purposes. According to the data retention schedule, it will be retained only for as long as necessary. Integra IT will implement technical measures to protect the confidentiality and integrity of sensitive information, including PII, at rest or stored in approved locations. This confidential information will become unusable, unreadable, or indecipherable in any electronic form that is stored by using any of these techniques:

  • Enforce mandatory full disk encryption on laptops or other mobile devices where supported
    • If disk encryption is used, logical access is managed regardless of operating system (OS) and decryption keys will not be tied to user accounts.
  • Virtual disk encryption
  • Encryption of disk volumes: either
  • Encryption of specific files or folders

Integra IT will use robust encryption technology, such as one-way hashing, truncation, or other strong cryptography with key management. Approved encryption algorithms include those that comply with the FIPS 140-2 standard, such as Advanced Encryption Standard (AES) using a minimum key length of 128 bits or Triple DES (Triple DES) data encryption algorithm. Integra IT will document the reasons and CISO approval for cases where encryption is not reasonable or appropriate.

FRAUD PREVENTION AND SECURITY

We use personal information as necessary or appropriate to

  1. Enforce the terms and conditions that govern our Services.
  2. Protect our rights, privacy, security, or property, and/or those of the owners or others.
  3. Protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity.

 

SPECIFIC CATEGORIES OF PERSONAL INFORMATION (PII) (LIMITATIONS AND RESTRICTIONS ON USE/DISCLOSURE ):

Specific categories of PII may have special conditions or protections that Integra IT may be required to comply with by law. Requirements may also arise due to a privacy risk assessment in which Integra IT determined that a particular category of sensitive information has a high privacy risk. Integra IT may need to consult with the DPO or legal counsel regarding necessary protections. Integra IT will apply special conditions for specific categories of PII as required by law.

Integra IT will create and publish guidelines for using and disclosing confidential information and PII. Integra IT will only use or disclose personal information and PII as authorized in its privacy notice or by law. e, Integra IT will evaluate the use and disclosure for any new instances of use and disclosure to ensure whether it is authorized or requires new consent (or updated notice).

Integra IT will provide access to and restrict disclosure of confidential information and PII to only those necessary to perform its functions (i.e., the minimum required and need-to-know principles will apply).

Integra IT will only use or disclose sensitive information and PII for which consent has been given. Integra IT will only use sensitive information and PII if it is compatible with the original purpose for which it was collected.

For new uses of PII, Integra IT will formally assess to ensure that Integra IT has the authority to use the PII.

When a system processes social security numbers, Integra IT:

  • Eliminate the unnecessary collection, maintenance, and use of social security numbers and explore alternatives to their use as a personal identifier.
  • Not deny any person any right, benefit, or privilege provided by law because of such person’s refusal to disclose their social security number; and
  • Inform anyone who is asked to disclose your social security number, whether such disclosure is required or voluntary, what legal or other authority is requesting such number, and what uses will be made of it.

Integra IT will prohibit the processing of information that describes how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by law or by the individual or unless it is relevant and within the scope of a law enforcement activity. authorized law.

Integra IT will not use or disclose PHI except as permitted or according to a valid authorization as a covered entity or business associate.

As a covered entity, Integra IT must disclose PHI to an individual upon request or when required by the Secretary of HHS to investigate or determine compliance with Integra IT.

As a business associate, Integra IT will use or disclose PHI only as permitted or required by its business associate agreement, other agreement, or as otherwise required by law. Integra IT will not use or disclose PHI in a manner that violates HIPAA requirements if done by the covered entity, except for applicable purposes if such use or disclosure is permitted by contract or other agreement. As a business associate, Integra IT must disclose PHI when required by the Secretary of HHS to investigate or determine compliance of Integra IT or to a covered entity, person, or designee as necessary to perform a covered entity’s obligations concerning a person. request for an electronic copy of PHI.

COMPLIANCE AND APPLICATION OF LAWS; PROTECTION AND SECURITY

Required by law

Integra IT may use or disclose PHI to the extent such use or disclosure is required by law, and the use or disclosure complies with and is limited to the applicable requirements of such law. Integra IT must comply with the use or disclosure requirements required by law.

INTEGRA IT may disclose information about Subjects to government law enforcement officials or private parties as required by law and disclose and use such information as we deem necessary or appropriate to:

  1. Comply with applicable laws, legal requests, and processes, such as responding to subpoenas or requests from government authorities.
  2. Enforce the terms and conditions that govern our Services.
  3. Protect our rights, privacy, security, property, and the owners or others.
  4. Protect, investigate, and deter fraudulent, harmful, unauthorized, unethical, or illegal activity.

Protection of the holders’ data INTEGRA IT uses various administrative security measures, both internal and technical, to protect personal information. Integra IT establishes rules of internal control procedures that have to do specifically with handling personal data. These include control measures for the protection of private information collected online.

INTEGRA IT employees are trained to understand and comply with these control measures. On the other hand, our employees are aware of our data protection guidelines and standards. Although we are committed to the protection of the personal information of the holders, they must also take necessary preventive measures for the safety of their personal information during the use of the solutions. In addition, INTEGRA IT employs its best efforts, considering the vulnerability of computer systems and the constant technological advances.

Protection of data of minors or of persons who have delegated authority on their behalf

The online data protection of minors is critical. INTEGRA IT does not deliberately collect or request information about minors without the explicit consent of their parents or guardians.

As a covered entity, Integra IT treats a personal representative as an individual to grant individual rights.

If, under applicable law, a person has the authority to act on behalf of a person who is an adult or an emancipated minor to make decisions related to the person’s health care, Integra IT will treat such person as a personal representative concerning PHI relevant to such personal representation.

If, under applicable law, a parent, guardian, or other person acting in loco parentis (i.e., instead of a parent) has the authority to act on behalf of an unemancipated minor to make care decisions about minor’s health care, Integra IT will treat such person as a personal representative, concerning PHI relevant to such personal representation. However, such person may not be a personal representative of an unemancipated minor, and the minor has the authority to act as an individual for PHI related to a health care service if:

  • The minor consents to such health care service; no further consent is required by law for such health care service (regardless of whether consent has also been obtained from another person), and the minor has not requested that such person be treated as a personal representative.
  • The minor may lawfully obtain such health care service without the consent of a parent, guardian, or other person acting in loco parentis. The minor, a court, or other person authorized by law consents to such health care service.
  • A parent, guardian, or other person acting in the parent’s stead agrees to a confidentiality agreement between a covered health care provider and the minor concerning such health care service.

Integra IT may disclose or provide access to the PHI of an unemancipated minor to a parent, guardian, or other person acting in loco parentis if permitted or required by an applicable provision of state law, applicable case law, or other law. If prohibited by a relevant provision of state law, applicable case law, or other law, Integra IT will not disclose or provide appropriate access to PHI about an unemancipated minor to a parent, guardian, or other person acting as parent .

When the parent, guardian, or other person acting in loco parentis is not the personal representative, and when there is no applicable access provision under state law, applicable case law, or other law, Integra IT may provide or deny access to a parent, guardian, or other person acting in loco parentis, if such action is consistent with state law or other applicable law, provided that such decision was made by a licensed health care professional in the exercise of professional judgment.

If, under applicable law, an executor, administrator, or other person has the authority to act on behalf of a deceased person or the person’s estate, Integra IT will treat such person as a personal representative concerning PHI relevant to such person. personal representation.

Notwithstanding any state law or any requirement to the contrary, Integra IT will choose not to treat a person as a personal representative of a person if:

  • Integra IT has a reasonable belief that:
    • The individual has been or may be subjected to domestic violence, abuse or neglect by such person.
    • Treating that person as a personal representative could endanger the person.
  • Integra IT, in the exercise of its professional judgment, decides that it is not in the individual’s best interests to treat the person as their personal representative.

 

ACCESS, UPDATE, CORRECT OR DELETE INFORMATION OF HOLDERS

All INTEGRA IT account holders can review, update, correct or delete the personal information in their registration profile by logging into their account. INTEGRA IT account holders can also contact us at [email protected] .

 

Individual requests

Integra IT will post a process governing requests by individuals to access their records maintained by Integra IT.

Integra IT will allow individuals to exercise their access rights and correct inaccurate information as appropriate. Integra IT will implement a process for individuals to request access and provide proof of identity. Integra IT will also implement a method to provide communications to an individual about their personal information similar to how the original data was collected from an individual (for example, via regular mail or email):

  • Within a reasonable time as prescribed by the relevant regulations
  • At a reasonable and allowable cost, if applicable
  • Appropriately
  • in an understandable way

Integra IT will respond to access requests as provided by law or as stated in its privacy notice. Whenever possible, responses will be provided as requested by the individual. Integra IT will ensure that the access rights of a person can be exercised, except when:

  • The expense or burden to Integra IT is unreasonable or disproportionate to the privacy risks;
  • Sensitive information or PII cannot be disclosed due to legal or security restrictions; either
  • The access request would violate other people’s privacy.

Integra IT will restrict access to confidential information and PII to only those to whom the information relates or an authorized person. Integra IT authenticates the identity of a requester in accordance with regulatory requirements. When authentication is required, Integra IT will determine the appropriate form of authentication unless regulatory requirements require it. Integra IT will request only the minimum information necessary to verify identities. Identification and authentication information will be protected and retained only for as long as needed.

Integra IT will ensure that all requested information can be provided but will consider protecting other people’s rights, freedoms, and privacy before providing anyone with your confidential information or PII. Integra IT will provide personal details and PII to an authorized person in a secure manner.

Integra IT will develop and implement a process related to notifying individuals of the status of their requests and any required processing (e.g., by mail, by email), along with identifying the dates the request was made and an expectation of when the request can be made. compliment. Integra IT may require additional time to retrieve information from the files but will communicate this delay to the requester if necessary.

Integra IT may deny an access request based on regulatory requirements. However, Integra IT will provide the individual with the rationale behind the denial along with the process for contesting the denial promptly.

If Integra IT is acting as a processor for another controller, Integra IT supports the controller’s obligation concerning the rights to access, correct, and delete an individual’s confidential information or PII in accordance with regulatory or contractual requirements.

Testimonials

If an owner has given us consent to post a testimonial on our Sites but would like to update or remove it, they can contact [email protected]

 

Choose not to share personal information

When we are required by law to collect personal information, or when we need personal information to provide our Services, but the data subject does not provide this information when requested (or later requests its deletion), we may not be able to provide the Services to you and the owner must close his account. We tell cardholders what information they must provide to receive the Services.

 

Verification requirements

As a covered entity, Integra IT will take the following steps before any permitted disclosure:

  • Except concerning disclosures that require an opportunity to object verify the identity of a person requesting the PHI and such person’s authority to access the PHI if Integra IT does not know the identity or such authority of such person.
  • Obtain any documentation, statement, or representation (oral or written) from the person requesting the PHI when such documentation, statement, or representation is a condition of disclosure.

If disclosure is conditioned on particular documentation, statements, or representations by the person requesting the PHI, Integra IT may rely on documentation, statements, or representations that, prima facie, meet the applicable requirements if such reliance is reasonable under the circumstances.

One or more written statements may satisfy the documentation required for exemption approval, provided each is appropriately dated and signed accordingly.

Integra IT may rely on any of the following to verify identity when the disclosure of PHI is to a public official or to a person acting on the public official’s behalf if such reliance is reasonable under the circumstances:

  • If applying in person, present of agency identification badge, other official credentials, or other proof of government status
  • If the request is in writing, the request is on the appropriate government letterhead
  • If the disclosure is to a person acting on behalf of a public official, a written statement on appropriate government letterhead that the person is acting under government authority or other agency evidence or documentation (for example, a contract of services, a memorandum of understanding, a purchase order) that establishes that the person is acting on behalf of the public official.

Integra IT may rely on any of the following to verify authority when the disclosure of PHI is to a public official or to a person acting on the public official’s behalf if such reliance is reasonable under any of the following circumstances:

  • A written statement from the legal authority under which the information is requested or, if a written statement is impracticable, an oral statement from such legal authority
  • A request is presumed to be made under legal process, warrant, subpoena, order, or other legal process issued by a grand jury or judicial or administrative tribunal to constitute legal authority.

The verification requirements above are met if Integra IT relies on the exercise of professional judgment in making a use or disclosure that requires an opportunity to object or is acting in good faith in disclosing to avert a serious threat to health or safety. security.

DIVULGATION

Integra IT will disclose PII to third parties only for the purposes for which it was collected or created and only when the individual’s explicit or implied consent has been obtained unless otherwise explicitly required by law or regulation.

Integra IT will track and record authorized and reported unauthorized disclosures.

CONSENT

Individuals participate in decision-making about processing through their consent. From an organizational perspective, the risks of PII processing are transferred to individuals by providing consent to process their information. Consent may also be required by law. Integra IT will consider reasonable expectations to accept and understand the privacy risks of an individual’s authorization when selecting consent to process information. Integra IT will consider all controls to effectively mitigate privacy risks and will also consider any demographic or contextual factors that influence individuals’ understanding or behavior concerning Processing.

Integra IT informs individuals about their choices regarding the collection, use, and disclosure of their PII. Integra IT requires explicit or implicit consent to collect, use, and disclose PII or provide and obtain permission from an individual (or authorized representative) when the processing introduces a new use or disclosure as required by law.

Integra IT will obtain and document the implicit or explicit consent of individuals at or before the moment the PII is collected or soon after. As required by law, Integra IT will obtain consent before emailing, faxing, communicating, or otherwise disclosing PII to third parties. The individual will confirm and implement their preferences expressed in their consent. Integra IT will provide a way for a person to modify their consent and act on this modification or stop the processing on time. Integra IT obtains consent before PII is transferred to or from an individual’s computer or other similar device.

Integra IT will comply with the legal requirements regarding consent and obtain informed and transparent consent. Integra IT will use alternative solutions to obtain authorization before processing if normal means of consent are unavailable. Integra IT will maintain consent records.

Integra IT will confirm the identity of an individual or authorized representative who consents to the processing. Information related to identity verification will be kept to the minimum necessary and will be retained only for as long as necessary. Identity verification information will be securely deleted when it is no longer needed. Integra IT will identify the potential privacy risks associated with authorization.

Integra IT will consider the appropriate mechanisms to obtain consent, such as the type of consent (for example, opt-in or opt-out), how to authenticate or identify individuals, and how to obtain consent electronically. Integra IT will consider usability factors to help people understand the risks related to consent, including plain language and avoiding technical jargon.

Integra IT will implement tools or mechanisms for individuals to consent to process their PII before its collection, facilitating informed decision-making by individuals. Integra IT will provide mechanisms to allow individuals to tailor processing permissions for selected items of PII. Integra IT will present consent mechanisms to individuals at the time of processing. Integra IT will implement a mechanism for individuals to revoke consent to the processing.

Integra IT will provide an individual with the opportunity to exercise their choice rights before the processing of their confidential information, including PII. A person may withdraw their consent by giving reasonable notice to Integra IT as the law requires. Integra IT may provide an individual with reasonable grounds to allow them to exercise their rights to object to processing. Integra IT may refuse to comply with a request in accordance with the law. Still, Integra IT will provide the person with detailed reasons for denying the legitimacy of the objection.

Integra IT may allow an individual to object to specific aspects of the Processing rather than the whole of the Processing. Integra IT will acknowledge an individual’s objection within the legal time frame or as specified in this Integra IT Policy.

Integra IT will not condition the services on an individual refusing to provide their confidential information, including PII, that is not relevant to the services being offered.

Integra IT will confirm the identity of an individual or authorized representative who files an objection. Information related to identity verification will be kept to the minimum necessary and will be retained only for as long as necessary. Identity verification information will be securely deleted when it is no longer needed.

Integra IT will inform other necessary entities of any objections filed and will require these entities to comply with applicable valid objections.

Integra IT will not use PII processed under a contract for marketing or advertising purposes without prior consent obtained from the relevant person. Integra IT cannot make the provision of consent a condition of receiving services.

Consent Specifications

Integra IT will obtain the individual’s consent to use or disclose PHI to carry out treatment, payment, or healthcare operations as a covered entity. Consent will not be effective in permitting the use or disclosure of PHI when authorization is required or when another condition must be met for such use or disclosure to be permissible.

If the individual is present or available before a permitted use or disclosure of PHI and can make health care decisions, Integra IT may use or disclose PHI if Integra IT:

  • Obtains the individual’s agreement
  • Gives the individual an opportunity to object to the disclosure, and the individual does not express an objection; either
  • You reasonably infer from the circumstances that, based on the exercise of professional judgment, the individual does not object to the disclosure.

If the individual is not present or the opportunity to agree or object to the use or disclosure cannot be provided due to the individual’s incapacity or emergency circumstance, Integra IT may, in the exercise of professional judgment, determine whether the disclosure is in the individual’s best interest and, if so, to disclose only PHI directly relevant to the individual’s involvement in the care or payment related to the individual’s health care or necessary for notification purposes.

Integra IT may use professional judgment and its experience with common practice to make reasonable inferences about the best interest of the individual in allowing a person to act on the individual’s behalf to pick up filled prescriptions, medical supplies, x-rays, or other similar forms of FI.

Medical Records

Integra IT declares that it complies with all the regulations corresponding to the handling of information under the use of its proprietary software. In all cases, the owner of the information and his right to access his information is respected. In the case of medical records or information related to this that is stored digitally by the use of any software developed by the company, Integra IT guarantees that it complies with all current regulations regarding the management of electronic or digital medical records for the country where the software is being developed. 

In all cases, Integra IT has a written agreement where the conditions for the handling of the information are regulated by the research centers, medical centers, or health establishments that are responsible for the storage of the medical records.

 

COOKIES AND SIMILAR TECHNOLOGIES

We may collect information using “cookies.” Cookies are small data files stored on the hard drive of a computer or mobile device by a website. We may use session cookies (which expire once you close your web browser) and persistent cookies (which remain on your computer or mobile device until you delete them) to provide a more personal and interactive experience on our Site.

We use two broad categories of cookies:

  1. First-party cookies are sent directly to the computer or mobile device and are used to recognize the computer or mobile device when you revisit our Site.
  2. Third-party cookies, served by service providers on our Site, may be used by service providers to recognize your computer or mobile device when you visit other websites.

Cookies we use

Our site uses the following types of cookies for the purposes set out below:

 

Essential cookies

These cookies are essential to providing the services available through our Site and enabling you to use some of its features. Requested services cannot be provided without these cookies, and we only use these cookies to provide those services. Our employees and contractors mainly use these.

Functionality cookies

These cookies allow our site to remember your choices when you use our site. These cookies provide you with a more personal experience and prevent you from having to re-select your preferences or re-enter information each time you visit our Site.

Analysis and performance cookies.

These cookies are used to collect information about traffic to our site and how the owners use our site. The information collected may include the number of visitors to our Site. These websites referred them to our Site, the pages they visited on our Site, the time of day and duration they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, gather broad demographic information, and monitor the activity level on our Site. We mainly use Google Analytics for this purpose. Google Analytics uses its cookies. It is only used to improve how our site works. You can find more information about Google Analytics cookies and how Google protects your data here.

Targeted and advertising cookies.

These cookies track browsing habits to allow us to display advertising on a third-party site that is likely to interest you. These cookies use information about browsing histories to group themselves with other owners with similar interests. Certain cookies that remember browsing habits and target advertising can be disabled. If you choose to delete targeted or advertising cookies, you will still see ads, but they may not be relevant to the owner.

 

Cookie deactivation

Cookies can generally be removed or rejected through your browser settings. To do this, you must follow the instructions provided by the browser (usually located within the “settings,” “help,” “tools” or “edit” function). Many browsers are set to accept cookies until the setting is changed.

 

If you do not accept our cookies, you may experience inconvenience using our Site. For example, we may not be able to recognize your computer or mobile device, and you may be required to log in each time a user visits our Site.

 

ON-SITE MONITORING

We may also use tracking tags (also known as web beacons) on our Site to track subscribers’ actions while on our Site. Unlike cookies, which a website stores on the hard drive of your computer or mobile device, tracking tags are embedded into web pages.

The tags compile statistics about the use of the Site so that we can manage our content more effectively. The information we collect using tracking tags is not linked to the personal data of our data subjects.

 

No tracking signals

Some Internet browsers may be configured to send “Do Not Track” signals to online services that a cardholder visits. We currently do not respond to do-not-track signals.

 

INTERNATIONAL TRANSFER

Integra IT, headquartered in the United States, Colombia, and Panama, has affiliates and service providers in other countries, and your personal information may be transferred to the United States or to locations outside of your state, province, country, or other governmental jurisdiction. We comply with the privacy laws of each country.

 

OTHER SITES AND SERVICES

The Sites may contain links to other websites and services. These links are not an endorsement, authorization, or representation that we are affiliated with that third party. We have no control over third-party websites or services and are not responsible for their actions. Other websites and services follow different rules regarding the use or disclosure of the personal information they receive. Owners must be aware of the privacy policies of the other websites you visit and the services you use.

 

CONTENT GENERATED BY THE HOLDER

We may make features available on our Sites or link to, allowing you to share information online (for example, on message boards, chat areas, file uploads, events, etc.). Owners should be aware that any time personal information is voluntarily disclosed online, that information becomes public and can be collected and used by others. We have no control over and assume no responsibility for using, storing, or disseminating such publicly disclosed personal information. The subject may receive unsolicited messages from other parties by posting personal information online in public forums.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. Please periodically review this page for the latest information on our privacy practices. If we make material changes to this Privacy Policy, you will be notified via the contact information you have provided to us or in another manner that is reasonably likely to contact you. This may include posting a specific advertisement on our Sites.

Any modifications to this Privacy Policy will become effective when we post the new terms and/or when the new changes are implemented on the Service (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites and Services following the posting of any modified Privacy Policy indicates your acceptance of the terms of the revised Privacy Policy.

 

HANDLING INQUIRIES, CLAIMS, REQUEST FOR RECTIFICATIONS, UPDATE AND SUSPENSION OF PERSONAL DATA

 

The Information Security Leader is responsible for carrying out the necessary actions for the Data Processing and exercising the rights of the owner will attend to and manage the requests through the email [email protected] or the line +57 (1) 8050057 Bogota.

 

INQUIRIES

The owners or their successors in title may consult the owner’s personal information that rests in any database of Integra IT, providing them with all the information contained in the individual record or that is linked to the identification of the owner. Queries will be made through the previously mentioned channels; to respond, Integra IT may carry out identity verification activities such as security questions and others that are considered necessary to protect the holders’ information. The query will be answered in a maximum of ten (10) business days from the date of receipt thereof. When it is not possible to respond to the query within said term, INTEGRA IT SAS will inform the interested party, stating the reasons for the delay and indicating the date on which the query will be addressed, which in no case may exceed five (5) business days. following the expiration of the first term.

CLAIMS

The owner or his successors in title who consider that the information contained in a database must be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties included in current laws, may file a claim with Integra  IT which will be processed under the following rules:

 

  • The claim will be formulated through a request addressed to INTEGRA IT SAS with the owner’s identification, the description of the facts that give rise to the claim, the address, and the accompanying documents you want to assert. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the failures.
  • After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
  • If the person receiving the claim cannot resolve it, they will transfer it to the appropriate person within a maximum term of two (2) business days and inform the interested party of the situation.
  • The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt; when it is impossible to address the claim within said term, INTEGRA IT SAS will inform the interested party of the reasons for the claim. delay and the date on which your claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

 

SUPPRESSION 

Integra it will capture PII deletion requests and information related to the requests will be identified and marked for destruction to meet Integra IT’s privacy-related objectives. Integra IT will notify such deleted information to third parties to whom the individual’s PII was previously provided in accordance with Integra IT’s privacy-related goals.

COMMUNICATION  

INTEGRA IT controls your information when it is processed in our Sites and Services context. You can contact our data protection officer by sending an email to [email protected]

If you have questions about the legal basis of how we process your personal information, please contact us at [email protected]



COMPLAINTS OF IRREGULARITIES

As a covered entity, Integra IT is not considered to have violated HIPAA requirements if a member of its workforce (or a business associate) discloses PHI, as long as:

  • The member of the workforce (or business associate) has a good faith belief that Integra IT has engaged in conduct that is unlawful or that violates professional or clinical standards or that the care, services, or conditions provided by Integra IT may endanger one or more patients, workers, or the public; and
  • The disclosure is for:
    • A health oversight agency or a public health authority authorized by law to investigate or monitor the relevant conduct or conditions of Integra IT or to an appropriate health care accreditation organization to report the allegation of non-compliance with the standards professionals or misconduct of Integra IT; either
    • An attorney retained by or on behalf of the Workforce Member (or Business Associate) to determine the Workforce Member’s (or Business Associate)’s legal options concerning the conduct described above.

Integra IT is not considered to have violated HIPAA requirements if a member of its workforce who is a victim of a criminal act discloses PHI to a law enforcement official, provided that:

  • The PHI disclosed is about the alleged perpetrator of the criminal act; and
  • The PHI disclosed is limited to the necessary information.

DISASTER RELIEF

Integra IT will use or disclose PHI to a public or private entity authorized by law or its statutes to assist in disaster relief efforts to coordinate with such entities on permitted uses or disclosures. The requirements apply to such uses and disclosures to the extent that Integra IT, in its professional judgment, determines that the requirements do not interfere with our ability to respond to emergencies.

PUBLIC HEALTH ACTIVITIES

As a covered entity, Integra IT will use or disclose PHI for the public health activities and purposes described below:

  • A public health authority authorized by law to collect or receive such information to prevent or control disease, injury, or disability, including, but not limited to, notification of disease, injury, vital events (e.g., birth, death), and conducting public health surveillance, public health investigations, and public health interventions; or, under the direction of a public health authority, to an official of a foreign government agency acting in collaboration with a public health authority.
  • A public health authority or other appropriate government authority authorized by law to receive child abuse or neglect reports.
  • A person subject to the jurisdiction of the Food and Drug Administration (FDA) for an FDA-regulated product or activity for which that person is responsible for quality-related activities, safety, or efficacy of such FDA-regulated products. product or activity. Such purposes include:
    • To collect or report adverse events (or similar activities concerning food or dietary supplements), product defects or problems (including problems with product use or labeling), or biological product deviations.
    • To track FDA-regulated products
    • To enable product recalls, repairs, replacements, or retrospectives (including locating and notifying individuals who have received products that have been recalled, recalled, or subject to retrospection); either
    • To conduct post-market surveillance.
  • A person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition if the covered entity or public health authority is authorized by law to notify such person as appropriate necessary in carrying out a public act. health intervention or research
  • An employer, about an individual who is a member of the employer’s workforce, if:
    • Integra IT is a covered health care provider that provides health care to the individual at the request of the employer:
      • Conduct an assessment regarding medical surveillance of the workplace.
      • To assess whether the individual has a work-related illness or injury
    • The disclosed PHI consists of findings related to work-related illness, injury, or workplace-related medical surveillance.
  • The employer needs such findings to comply with its obligations under 29 CFR parts 1904 through 1928, 30 CFR parts 50 through 90, or under state law that has a similar purpose to record such illness or injury or to carry out medical surveillance responsibilities. in the workplace. ; and
  • The covered healthcare provider notifies the individual in writing that PHI related to workplace medical surveillance and work-related illnesses and injuries is released to the employer:
    • Giving a copy of the notice to the person at the time the medical care is provided; either
    • If the health care is provided at the employer’s place of business, by posting the notice in a prominent place at the place where the health care is provided;
  • A school, about a person who is a student or prospective student of the school, if:
    • The PHI that is disclosed is limited to proof of immunization.
    • The school is required by state or other law to have such proof of immunization before admitting the person and
    • Integra IT obtains and documents the agreement to the disclosure of:
      • A parent, guardian, or other person acting in place of the individual’s parents if the individual is an unemancipated minor, either
      • The natural person if he is of legal age or an emancipated minor.

HEALTH SURVEILLANCE ACTIVITIES

As a covered entity, Integra IT will disclose PHI to a health oversight agency for oversight activities authorized by law, including audits; civil, administrative, or criminal investigations; inspections; license or disciplinary actions; civil, administrative, or criminal proceedings or actions; or other activities necessary for the proper supervision of:

  • the health system
  • Government benefit programs for which health information is relevant to beneficiary eligibility
  • Entities subject to government regulatory programs for which health information is necessary to determine compliance with program standards; either
  • Entities subject to civil rights laws for which health information is necessary to determine compliance

For purposes of the permitted disclosures above, a health oversight activity does not include research or other activity in which the individual is the subject of the study or activity, and such research or other activity does not arise out of and is not directly related to:

  • The receipt of healthcare
  • Claim for health-related public benefits; either
  • Qualification or receipt of public benefits or services when a patient’s health is an integral part of the claim for public benefits or services

Notwithstanding the foregoing, if a health oversight activity or investigation is conducted in conjunction with a health oversight or investigation activity related to a claim for non-health-related public benefits, the joint investigation or activity is considered a joint investigation or activity. health supervision.

JUDICIAL AND ADMINISTRATIVE PROCEDURES

As a covered entity, Integra IT will disclose PHI in the course of any judicial or administrative proceeding:

  • In response to an order of a judicial or administrative court, provided that Integra IT discloses only PHI expressly authorized by such order, either
  • In response to a subpoena, discovery request, or other legal process that is not accompanied by an order of a judicial or administrative court, if:
    • Integra IT receives satisfactory assurances from the party seeking the information that the party has made reasonable efforts to ensure that the person who is the subject of the requested PHI has received notice of the request
    • Integra IT receives satisfactory assurances from the party seeking the information that such party has made reasonable efforts to obtain a qualifying order of protection that meets the requirements.

Integra IT will be deemed to have received satisfactory assurances from a party seeking PHI if Integra IT receives from such party a written statement and accompanying documentation that:

  • The party requesting such information has made a good faith attempt to provide written notice to the person or, if the person’s location is unknown, mail notice to the person’s last known address.
  • The notice included sufficient information about the dispute or proceeding in which the PHI is sought to allow the individual to file an objection with the judicial or administrative tribunal and
  • The time has elapsed for the individual to present objections before the judicial or administrative court and:
    • No objections were raised;
    • The court or administrative tribunal has resolved all objections filed by the individual, and the requested disclosures are consistent with such resolution.

Integra IT will be deemed to have received satisfactory assurances from a party seeking PHI if Integra IT receives from such party a written statement and accompanying documentation that:

  • The parties to the dispute giving rise to the information request have agreed to a qualified protection order and have filed it with the judicial or administrative court with jurisdiction over the dispute; either
  • The party seeking the PHI has applied for an eligible protective order from such court or administrative tribunal.

Concerning the requested PHI, a qualified protective order means an order of a judicial or administrative court or a stipulation of the parties to the litigation or administrative proceeding that:

  • prohibits the parties from using or disclosing the PHI for any purpose other than the litigation or proceeding for which the information is requested and
  • Requires the return to Integra IT or the destruction of the PHI (including all copies made) at the end of the litigation or proceeding.

Integra IT will disclose PHI in response to legal process without receiving satisfactory assurance if Integra IT makes reasonable efforts to give the individual sufficient notice to meet the requirements or to seek a qualified order of enough protection to meet the requirements.

The above provisions do not supersede other HIPAA provisions that permit or restrict the use or disclosure of PHI.

COMPLIANCE WITH THE LAW

As a covered entity, Integra IT will disclose PHI for law enforcement purposes to a law enforcement official if the following conditions are met:

  • As required by law, including laws that require reporting of certain types of wounds or other physical injuries, either
  • In accordance with and limited by the relevant requirements of:
    • A court order or court order, a subpoena, or a summons issued by a judicial officer
    • A grand jury; either
    • An administrative request, including an administrative summons or summons, an authorized investigative or civil complaint, or a similar process permitted by law, provided that:
      • The information sought is relevant and material to a legitimate law enforcement investigation.
      • The request is specific and limited in scope to the extent reasonably possible in light of the purpose for which the information is requested and
      • Anonymized information could not reasonably be used.

Except for disclosures required by law, Integra IT will disclose PHI in response to a law enforcement official’s request for such information to identify or locate a suspect, fugitive, material witness, or person who disappeared, provided that Integra IT can disclose only the following information:

  • Name and direction
  • Date and place of birth
  • Social Security number
  • ABO blood type and Rhesus (Rh) factor
  • Type of injury
  • Date and time of treatment
  • Date and time of death, if applicable; and
  • A description of distinguishing physical characteristics, including height, weight, gender, race, hair and eye color, presence or absence of facial hair (eg, beard, mustache), scars, and tattoos.

Except as permitted above, Integra IT will not disclose for identification or location purposes any PHI related to deoxyribonucleic acid (DNA) or DNA analysis, dental records or typing, samples or analysis of individual bodily fluids or tissues.

Except for disclosures required by law, Integra IT will disclose PHI in response to a law enforcement official’s request for such information about a person who is or is suspected of being a victim of a crime, except disclosures that are subject to these requirements, if:

  • The individual agrees to the disclosure; either
  • Integra IT cannot obtain the person’s agreement due to incapacity or other emergency circumstances, provided that:
    • The law enforcement official states that such information is necessary to determine whether a violation of the law has occurred by a person other than the victim and that such information is not intended to be used against the victim.
    • The law enforcement official represents that immediate law enforcement activity reliant on the disclosure would be materially and adversely affected by waiting until the person can agree to the disclosure and
    • Disclosure is in the best interest of the individual, as determined by Integra IT, in the exercise of professional judgment.

Integra IT will disclose to a law enforcement official PHI that Integra IT believes in good faith to be evidence of criminal conduct that occurred on Integra IT property.

As a covered health care provider providing emergency health care in response to a non-emergency medical emergency on the covered health care provider’s premises, Integra IT will disclose PHI to a law enforcement official if said Disclosure appears necessary to alert authorities to:

  • The commission and nature of a crime.
  • The location of said crime or of the victim(s) of said crime; and
  • The identity, description, and location of the perpetrator of said crime.

If Integra IT believes that the medical emergency described above is the result of abuse, neglect, or domestic violence by the person in need of emergency medical care, the above does not apply, and any disclosure to a law enforcement official for law enforcement purposes law is subject to the abuse section above.

AVOID SERIOUS THREATS

As a covered entity, Integra IT will use or disclose PHI in accordance with applicable law and standards of ethical conduct if Integra IT has a good faith belief that the use or disclosure:

  • It is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
  • It is for a person or persons reasonably capable of preventing or lessening the danger, including the target of the threat, either
  • Law enforcement authorities must identify or detain a person:
    • Due to a statement by a person admitting to involvement in a violent crime that Integra IT reasonably believes may have caused severe bodily harm to the victim, either
    • This results from all the circumstances in which the individual has escaped from a correctional institution or legal custody.

No use or disclosure under the foregoing will be made if the information described is known to Integra IT:

  • In the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure, counseling, or therapy, either
  • Through an individual’s request to initiate or be referred for treatment, counseling, or therapy.

A disclosure made under the foregoing shall contain only the disclosure described above and the PHI described above.

 

When Integra IT uses or discloses PHI in accordance with the foregoing, you are presumed to have acted in good faith concerning a described belief if the belief is based on Integra IT’s actual knowledge or a credible representation by a person with expertise apparent. or authority.