Purpose and Scope
Business Associates are persons or entities that have access to Personal Information as a result of providing service to or for TANDEM.
Confidentiality only becomes an issue once the person's Personal Information has been received by another entity. Confidentiality is a means of protecting that information, usually by safeguarding it from unauthorized disclosure.
The release, transfer, provision of, access to, or divulging in any other manner of information outside of the entity holding the information.
Health Insurance Portability and Accountability Act of 1996 ("HIPAA") is a comprehensive legislation that ensures access to health coverage for those who change jobs or are temporarily out of work and establishes regulations for the use and disclosure of PHI and national standards for electronic health care transactions.
PHI and PII.
Protected Health Information: any information about you created or received by a physician or other health care provider which identifies you in any way and which relates to your health or payment for your care.
Personally-Identifiable Information: refers to information that can be used to uniquely identify, contact, or locate an individual.
Privacy refers to the right of an individual to control his or her personal information and to keep it from being divulged or used by others against his or her wishes.
Includes using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within our organization or among our affiliates within the United States or internationally.
Applies to the spectrum of physical, technical, and administrative safeguards put in place to protect the integrity, availability, and confidentiality of information and the systems in which it is stored. Detail security information is found in the TANDEM Diabetes Care Security Policy.
Provide medical products and provide support for the products, provide and improve our Site, services, features and content and enable users to enjoy and easily navigate the Site and use our products and services.
Notice of Privacy Practices
Why We Collect User Information
Our goal is to provide you with personalized service to better address your needs. We are therefore continually looking for ways to improve our services and product offerings. In general, in addition to the information we need to obtain to process your order, we may want to collect information to better help support communications with individuals who have purchased our product, to understand our marketing and promotional efforts, to analyze user behavior, or any other communication efforts. By gathering information about user interests and preferences, we can devise correspondence, products and services that might specifically interest you.
What Type of Personally-Identifiable Information do we collect?
We may request information from you in a variety of ways and from different areas. When you request for information, communicate to our support team, we need to acquire your contact information, such as email address, phone numbers and physical address.
All requests for Personal Information will be limited to the minimum amount of information needed to accomplish the purpose of the request for performing the Services. Occasionally, we may invite you to complete optional surveys. The data gathered from these surveys will be used to improve and enhance our products and service offerings. We may also use your contact data from these surveys to send information about new TANDEM products and services, or promotional materials from our related partners.
We will never disclose your Personal Information to a third party outside TANDEM, unless it is necessary to provide it for administration of health benefits as it relates to the purchase of TANDEM manufactured or distributed products. This includes contracted distributors of TANDEM manufactured products.
What Type of Non-Personally-Identifiable Information do we collect?
We may request certain non-personally-identifiable information from you. Non-personally-identifiable information is information that does not identify you personally. For example, our Web site may automatically recognize your domain name, IP address, browser version, operation system, and which pages you have visited on our website.
We may use the non-personally-identifiable information that we collect from you to improve our service to you and enhance our Web Site. We may also use the non-personally-identifiable information that we collect for other business purposes.
We may combine your Personal Information with non-personally-identifiable information and aggregate it with information collected from other users to attempt to provide you with a better experience, to improve the quality and value of the Service and to analyze and understand how our Site and Service are used. We may also use the combined information without aggregating it to serve you specifically, for instance to deliver a product to you according to your preferences or restrictions.
When you visit the Site, whether as a subscriber or a non-registered user just browsing, our servers automatically record information that your browser sends whenever you visit a website ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, information you search for on our Site, access times and dates, and other statistics. We use this information to monitor and analyze use of the Site and the Service and for the Site's technical administration, to increase our Site's functionality and user-friendliness, and to better tailor it to our visitors' needs. We also use this information to verify that visitors to the Site meet the criteria required to process their requests. We do not treat Log Data as Personal Information or use it in association with other Personal Information, though we may aggregate, analyze and evaluate such information for the same purposes as stated above regarding other non-personally-identifiable information.
When and With Whom Do We Share This Information?
The manner in which we conduct business and or interact with you as a patient or how we handle your PHI and PII is referenced in our Patient Bill of Rights (ADMF-000012). It is available for your review by contacting our customer support at (877)801-6901 or firstname.lastname@example.org
Access to Personal Information
We will grant access to Personal Information to each business associate or contractor based on the assigned job responsibilities. The access privileges will not exceed those necessary to accomplish the assigned job responsibilities.
TANDEM will provide access to Personal Information to the individual who is the subject of such information when the individual requests access within the timeframes required by the HIPAA Privacy Rules. If TANDEM does not physically possess the Personal Information but knows where it is located, it will inform the person requesting access to their Personal Information of the location of their Personal Information.
From time to time, we may share aggregated statistics of user behavior (e.g., customers, traffic patterns, etc.) with our partners. This information is collected through surveys, transactions, and promotions. The information will be aggregated to a level where no personally-identifiable information will be used. The aggregate statistics will NOT contain any Personal Information.
TANDEM does not sell, lease, share, rent, or barter personally identifiable information (names, addresses, phone numbers, etc.) to any companies or persons outside TANDEM, except as expressly set forth herein. We will disclose Personal Information to government officials and law enforcement agencies when it is required by law (e.g., in compliance with a subpoena or court order) or if we believe in good faith that such action is appropriate and necessary to protect and defend the rights of TANDEM, or to protect the safety of TANDEM users and the general public. Because of the uncertain regulatory environment associated with privacy issues, we may also be forced to disclose Personal Information and other information to the government.
In the event of a corporate change in control resulting from, for example, a sale to, or merger with, another entity, or in the event of a sale of assets or bankruptcy, TANDEM reserves the right to transfer your Personal Information to the new party in control or the part acquiring assets.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, web analytics and improvement of the Site's features) or to assist us in analyzing how our Site and Service are used. These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Cross-Border Data Transfers
Information that you provide to Tandem or information that another provides to Tandem on your behalf, including personally identifiable information, may be stored and processed in any country Tandem has operations or in which we engage service providers and by providing this information or authorizing others to provide this information to Tandem, you consent to the transfer of this information to countries outside of your country of residence.
Use And Disclosure of PHI
As a health care provider, TANDEM will use and disclose your PHI. TANDEM protects the privacy of this information, and it is also protected from disclosure by state and federal law. In certain specific circumstances, pursuant to this Notice, patient authorization or applicable laws and regulations, PHI can be used by TANDEM or disclosed to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category.
Uses and Disclosures for Treatment, Payment and Health Care Operations.
TANDEM may use or disclose your PHI for the purposes of treatment, payment and health care operations, described in more detail below, without obtaining written authorization from you
TANDEM may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities of another health care provider. Information obtained by TANDEM will be used to dispense diabetes items, services and supplies to you. We will document in your record information related to the items dispensed to you and services provided to you.
TANDEM may use and disclose PHI in order to bill and collect payment for the health care services provided to you. For example, TANDEM may contact your insurer to determine whether it will pay for your diabetes care or to determine the amount of your copayment. We will bill your health plan for diabetes items and services supplied to you, and we may bill you as well. The information on the bill may include information that identifies you, as well as items and services you are receiving.
For Health Care Operations.
TANDEM may use and disclose PHI as part of its operations, including for quality assessment and improvement, such as evaluating the treatment and services you receive and the performance of our staff in caring for you, provider training, compliance and risk management activities, planning and development, and management and administration. TANDEM may disclose PHI to attorneys, consultants, accountants, and others to help make sure TANDEM is complying with all applicable laws, and to help TANDEM continue to provide health care to its patients at a high level of quality.
Other Uses and Disclosures For Which Authorization is Not Required.
In addition to using or disclosing PHI for treatment, payment and health care operations, TANDEM may use and disclose PHI without your written authorization under the following circumstances:
As Required by Law and Law Enforcement.
TANDEM may use or disclose PHI when required to do so by applicable law. TANDEM also may disclose PHI when ordered to do so in a judicial or administrative proceeding, to identify or locate a suspect, fugitive, material witness, or missing person, when dealing with gunshot and other wounds, about criminal conduct, to report a crime, the location of the crime or victims, or the identity, description, or location of a person who committed a crime, or for other law enforcement purposes.
For Public Health Activities and Public Health Risks.
TANDEM may disclose PHI to government officials in charge of collecting information about births and deaths, preventing and controlling disease, reports of child abuse or neglect and of other victims of abuse, neglect, or domestic violence, reactions to medications or product defects or problems, or to notify a person who may have been exposed to a communicable disease or may be at risk of contracting or spreading a disease or condition.
For Health Oversight Activities.
TANDEM may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other proceedings, actions or activities necessary for monitoring the health care system, government programs, and compliance with civil rights laws.
Coroners, Medical Examiners, and Funeral Directors.
TANDEM may disclose PHI to coroners, medical examiners, and funeral directors for the purpose of identifying a decedent, determining a cause of death, or otherwise as necessary to enable these parties to carry out their duties consistent with applicable law.
Organ, Eye, and Tissue Donation.
TANDEM may release PHI to organ procurement organizations to facilitate organ, eye, and tissue donation and transplantation.
Under certain circumstances, TANDEM may use and disclose PHI for medical research purposes.
To Avoid a Serious Threat to Health or Safety.
TANDEM may use and disclose PHI, to law enforcement personnel or other appropriate persons, to prevent or lessen a serious threat to the health or safety of a person or the public.
Specialized Government Functions.
TANDEM may use and disclose PHI of military personnel and veterans under certain circumstances. TANDEM may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities, and for the provision of protective services to the President or other authorized persons or foreign heads of state or to conduct special investigations.
TANDEM may disclose PHI to comply with workers' compensation or other similar laws. These programs provide benefits for work-related injuries or illnesses.
Prescription Refill/Appointment Reminders; Health-related Benefits and Services; Marketing.
TANDEM may use and disclose your PHI to contact you and remind you of a prescription refill, or to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs. TANDEM may use and disclose your PHI to encourage you to purchase or use a product or service through a face-to-face communication or by giving you a promotional gift of nominal value.
Disclosures to You or for HIPAA Compliance Investigations.
TANDEM may disclose your PHI to you or to your personal representative, and is required to do so in certain circumstances described below in connection with your rights of access to your PHI and to an accounting of certain disclosures of your PHI. TANDEM must disclose your PHI to the Secretary of the United States Department of Health and Human Services (the "Secretary") when requested by the Secretary in order to investigate TANDEM's compliance with privacy regulations issued under HIPAA.
Uses and Disclosures To Which You Have an Opportunity to Object.
You will have the opportunity to object to these categories of uses and disclosures of PHI that TANDEM may make:
Disclosures to Individuals Involved in Your Health Care or Payment for Your Health Care.
Unless you object, TANDEM may disclose your PHI to a family member, other relative, friend, or other person you identify as involved in your health care or payment for your health care.
Other Uses and Disclosures of PHI For Which Authorization is Required.
Other types of uses and disclosures of your PHI not described above will be made only with your written authorization, which with some limitations you have the right to revoke in writing.
Uses and Disclosures Subject to State and Other Laws.
In addition to the federal privacy regulations that require this notice (called the "HIPAA" regulations), there are state and other federal health information privacy laws. These laws on occasion may require your specific written permission prior to disclosures of certain particularly sensitive information (such as mental health, drug/alcohol abuse, or HIV/AIDS information) in circumstances that the HIPAA regulations would permit disclosure without your permission. TANDEM is required to comply not only with the HIPAA regulations but also with any other applicable laws that impose more strict nondisclosure requirements.
TANDEM is required by law to maintain the privacy of your PHI, to provide individuals with notice of its legal duties and privacy practices with respect to PHI, and to abide by the terms described in this Notice. You have the following rights regarding your PHI:
You may request that TANDEM restrict the use and disclosure of your PHI. Except as noted below, TANDEM is not required to agree to any restrictions you request, but if TANDEM does so it will be bound by the agreed restriction except in emergency situations. TANDEM is required to agree to a requested restriction for disclosures to a health plan for payment or health care operations purposes relating solely to an item or service that you have paid for out-of-pocket in full.
You have the right to request that communications of PHI to you from TANDEM be made by particular means or at particular locations. For instance, you might request that communications be made at your work address, or by e-mail rather than regular mail. Your requests must be made in writing and sent to email@example.com.
Generally, you have the right to inspect and copy your PHI that TANDEM maintains, provided that you make your request in writing to firstname.lastname@example.org. TANDEM will inform you of the extent to which your request has or has not been granted. In some cases, TANDEM may provide you a summary of the PHI you request if you agree in advance to such a summary and any associated fees. If you request copies of your PHI or agree to a summary of your PHI, TANDEM may impose a reasonable fee to cover copying, postage, and related costs. If TANDEM denies access to your PHI, it will explain the basis for denial and your opportunity to have your request and the denial reviewed by a licensed health care professional (who was not involved in the initial denial decision) designated as a reviewing official.
If you believe that your PHI maintained by TANDEM contains an error or needs to be updated, you have the right to request that TANDEM correct or supplement your PHI. Your request must be made in writing to email@example.com, and it must explain your amendment request to your PHI. TANDEM generally can deny your request if your request relates to PHI: (i) not created by TANDEM; (ii) that is not part of the records TANDEM maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, TANDEM will provide you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that any future disclosures of the relevant PHI be made with a copy of your request and TANDEM's denial attached; and (iii) complain about the denial.
You have the right to request and receive a list of certain disclosures of your PHI TANDEM has made at any time during the six (6) years preceding your request. The list will not include disclosures for which you have provided a written authorization, and does not include certain uses and disclosures to which this Notice already applies, such as those: (i) for treatment, payment, and health care operations; (ii) made to you; (iii) for TANDEM's patient directory or to persons involved in your health care; (iv) for national security or intelligence purposes; or (v) to correctional institutions or law enforcement officials. You should submit any such request to firstname.lastname@example.org and TANDEM will respond to your request.
TANDEM does not purposely collect Personal Information (such as a child's name or e-mail address) from children under the age of 13 without the permission from the child's parent or guardian. If we learn that we have Personal Information from a child under the age of 13 without permission from the child's parent or guardian, we will delete that information.
Choice to Opt-Out
If at any time, you wish to stop receiving e-mail or postal mail from us regarding products or services, please you are able to opt-out by utilizing the unsubscribe link from the email or contact email@example.com.
Retention of Records
TANDEM will retain, secure, and maintain all records identified within the HIPAA Privacy Rule for at least 6 years using procedures that allow for access when necessary within a reasonable amount of time as determined by the Company. We will extend the records retention time requirement as necessary to comply with other government regulations, laws or requirements made by the TANDEM professional liability carrier.
Our web site has stringent security measures in place to protect the loss, misuse, and alteration of information under our control. We use secure technology, privacy protection controls, and restrictions on employee access in order to safeguard your information. Please note, while we will continually make every effort to implement safeguards to protect your Personal Information, the very nature of the Internet makes it impossible to give a 100% guarantee on the security of transmitted data. TANDEM makes no warranties or representations as to the security and confidentiality of any data you transmit. Any data you transmit to TANDEM is at your own risk. For instance, any information that you transmit over the internet including via email may be unsecured and unencrypted before it reaches our servers, and you understand that third parties may be able to obtain and use the information.
TANDEM Diabetes Care will apply disciplinary sanctions for any personnel members who violate these policies, or any procedures implemented to support these policies. Sanctions include disciplinary actions up to and possibly including termination of employment and possible criminal prosecution.
Changes to Privacy Practices?
You have a right to possess a copy of this Privacy Notice.
© 2013 TANDEM Diabetes Care, Inc. All rights reserved.