CliniCall RN Logo Call 855-288-6039

CliniCallRN

CliniCallRN™ (a dba of Clinical Trial Media, Inc.) Global Privacy and Privacy Shield Policy

 

Policy Introduction

Effective Date:  04/18/2017

CliniCallRN™ Global Privacy Policy and Privacy Shield Policy

This Privacy Policy describes how CliniCallRN™ (a dba of Clinical Trial Media, Inc.) collects, uses and protects personal confidential information, such as your name, email address, mailing address, telephone numbers and health and medication information ("Personal Information"). It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

The Federal Trade Commission has jurisdiction over our compliance regarding privacy.  If you do not agree to the terms of this Privacy Policy, please do not access or use CliniCallRN™.

You may opt-out of having your information used by CliniCallRN™, its research sponsors and others. See Section 12 below.

(A) Table of Contents

1. Overview
2. The Privacy Policy
3. Definitions
4. Privacy Operations
5. Uses and Disclosures
6. Transmission and Handling of Personal Information
7. Protection and Security of PIHI
8. HIPAA, DHHS and Covered Entities
9. Log Files, Cookies and External Links
10. United States – European Union Privacy Shield and Swiss Privacy Shield
11. Privacy Complaints by European Union and Swiss Citizens
12. Authorization/Opt-out
13. Privacy Policy Changes
14. Data Retention

 

1. Overview

1.1. This Privacy Policy is intended to ensure that your Personal Information, including Personally Identifiable Health Information (as defined in Section 3 below), obtained by CliniCallRN™ in the performance of subject recruiting and retention call center and related services, is maintained and transmitted with appropriate measures to protect your privacy.

1.2. CliniCallRN™ does not collect Personal Information, including Personally Identifiable Health Information, other than information that you supply to CliniCallRN™ on a voluntary basis. CliniCallRN™ does not use Personal Information, including PIHI, except in a manner consistent with this Privacy Policy.

2. The Privacy Policy

2.1. This Privacy Policy:

2.1.1 establishes safeguards to protect the privacy of Personal Information; and

2.1.2 sets rules for the use and release of Personal Information and records.

2.2. For prospective, current or former research subjects, this Privacy Policy:

2.2.1 restricts the use and disclosure of your Personal Information to particular situations, except as specifically authorized by the research subject;

2.2.2 limits the use and disclosure of your Personal Information to the minimum reasonably necessary to conduct the research for which the information is collected, except as otherwise specifically authorized by the research subject; and

2.2.3 provides for information of how your Personal Information will be disclosed.

2.3. For prospective, current or former research subjects, this Privacy Policy:

2.3.1 provides for appropriate administrative, technical, and physical safeguards to protect the privacy of Personal Information collected by CliniCallRN™, including under CliniCallRN™’s Security Policy;

2.3.2 authorizes our Acting Privacy Officer to receive and document complaints and develop appropriate sanctions for failure to comply with this policy;

2.3.3 requires adequate and timely training of appropriate members of CliniCallRN™’s Workforce on its policies and procedures for dealing with Personal Information collected by CliniCallRN™; and

2.3.4 prohibits action to intimidate, threaten, coerce, discriminate against, or retaliate against any individual for exercising the rights under this policy.

3. Definitions

3.1. In this Privacy Policy, the following definitions apply:

3.1.1 Covered Entity. An institution, organization or other entity that is subject to the rules of the Health Insurance Portability and Accountability Act of 1996. Covered entities include: (1) a health plan, (2) a health care clearinghouse and (3) a health care provider who transmits any personally identifiable health information in electronic form in connection with a transaction covered by the Act.

3.1.2 De-Identified Information. Health information that does not identify an individual. Health information can be rendered de-identified either by removal of 18 specific kinds of information, about the individual and the individual's relatives, employers, or household members. De-identified information is not subject to CliniCallRN™'s privacy requirements.

3.1.3 Global Operations Leader and Acting Privacy Officer. The senior CliniCallRN™ official with authority and responsibility for call center operations and activities including the implementation and enforcement of CliniCallRN™'s privacy policies and procedures.

3.1.4 Institutional Review Board (IRB). A committee established to review and approve research and related material, including study questionnaires, involving human subjects in accordance with FDA (21 CFR Part 56) and DHHS (45 CFR Part 46) Human Subject Protection regulations.

3.1.5 Minimum Necessary Standard. Reasonable efforts to use, disclose, or request the least amount of information needed for the intended purpose.

3.1.6 Personally Identifiable Health Information. Any information, including demographic information collected from an individual, that:

3.1.6.1. relates to (a) the past, present, or future physical or mental health or condition of an individual; (b) the provision of health care to an individual; or (c) the past, present or future payment for the provision of health care to the individual; and

3.1.6.2. identifies the individual or there is a reasonable basis to believe it can be used to identify the individual.

3.1.6.3. Personally Identifiable Health Information does not include education records, or medical records covered by the Family Educational Rights and Privacy Act or employment records held by CliniCallRN™ in its role as an employer.

3.1.7 Prospective Research Subject. Prospective Research Subjects are individuals who:

3.1.7.1. called CliniCallRN™’s call center or otherwise contacted CliniCallRN™ to inquire about a specific clinical research study, or

3.1.7.2. were contacted by CliniCallRN™ on behalf of a clinical research site, organization or sponsor to inform them of upcoming research studies.

Contact by or to CliniCallRN™ includes contact by or to affiliated or third party websites, mobile phone applications, social networking sites, and the like.

3.1.8 Re-Identification. Use of a code or other means designed to enable coded or otherwise de-identified information to be rendered identifiable. Personally Identifiable Health Information that is re-identified is subject to CliniCallRN™'s privacy requirements.

3.1.9 Use. The sharing, employment, application, utilization, examination, or analysis of Personally Identifiable Health Information within the entity holding the information.

3.1.10 Workforce. Means employees, independent contractors, interns, trainees, and other persons whose conduct, in the performance of work for CliniCallRN™, is subject to CliniCallRN™’s privacy policy, whether or not they are paid by that entity.

4. Privacy Operations

4.1. Scope and Application: This Privacy Policy applies to all members of CliniCallRN™'s Workforce engaged in subject recruiting and retention call center activities for human subject research.

4.2. Institutional Review Board: CliniCallRN™ shall use the appropriate IRBs for approval of study questionnaires and other material as needed. The specific IRB used may depend on the clinical research sites involved. In many cases, CliniCallRN™ is not directly responsible for obtaining IRB approval for a specific study questionnaire.

4.3. Training and Education: CliniCallRN™ shall ensure the training of all members of its Workforce engaged in subject recruiting and retention for clinical research on its policies and procedures for dealing with Personal Information.

5. Uses and Disclosures

5.1. Minimum Necessary Information: We will share your personal information with third parties only in the ways that are described in this privacy policy.  We do not sell your personal information to third parties. Use and disclosures of Personally Identifiable Health Information are limited to the Minimum Necessary Information needed to accomplish the intended purpose of the subject recruiting and pre-screening effort for a clinical research project. This includes using study questionnaires that ask only health and medical related questions that are directly associated with the inclusion/exclusion criteria as specified in the IRB approved protocol. Personally Identifiable Health Information may not be used or disclosed to the research site for research purposes unless oral or other authorization has been obtained from the Prospective Research Subject.

5.2. Business Associate: Although CliniCallRN™ is not a Covered Entity, Personally Identifiable Health Information may be obtained from Covered Entities for subject recruiting, retention and other purposes. In these situations, research subject authorizations must satisfy the requirements of the Covered Entities and conform to the HIPAA privacy regulations.

5.3. Exceptions: Personally Identifiable Health Information may be disclosed where required by law or regulation. When requested by public authorities we may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. The following are examples of when such disclosure is permitted:

5.3.1. for public health activities as conducted or directed by a Public Health or other government authority including:

5.3.1.1. prevention or control of disease, injury or disability

5.3.1.2. reporting of disease, injury, birth, death, or other vital event

5.3.1.3. public health surveillance, investigations; or interventions

5.3.1.4. reporting of child abuse or neglect, other abuse or neglect, or domestic violence

5.3.2. to avert a serious threat to individual or public health or safety

5.3.3. to coroners and medical examiners or for cadaveric organ, eye, or tissue donation

5.3.4. for judicial and administrative proceedings in response to (i) an order of a court or administrative tribunal; or (ii) a civil or criminal subpoena, discovery request, other lawful process, such as grand jury investigations and subpoenas

5.3.5. for specialized government functions and workers' compensation

5.3.6. by workforce members who are whistleblowers or victims of a criminal act

5.3.6.1 when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request,

5.3.6.2 if CliniCallRN™ is involved in a merger, acquisition, or sale of all or a portion of its assets,  you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information, 

5.3.6.3 to any other third party with your prior consent to do so

6. Transmission and Handling of Personal Information

6.1. The collected data will be transferred to the indicated clinical research site only with the prospective research subject’s prior oral or other authorization. PIHI transferred to clinical research sites will be done so using secure and/or encrypted protocols including

6.1.1. secure Fax-to-secure fax machine

6.1.2. secure FTP

6.1.3. encrypted or password protected email

6.1.4. direct access through a secure, password protected portal

6.2. Information provided to other entities for operational tracking purposes will be De-Identified prior to transmission.

6.3. The collected data will be transferred into an archive at regular intervals. Data that is archived may be destroyed without notice at any time. CliniCallRN™ reserves the unlimited right to destroy collected data at any time and without prior notification.

6.4. Users who have voluntarily subscribed to receive more information about upcoming clinical trials will receive information if and when this material becomes available. You will not be contacted for any other purpose unless you explicitly request that we do so.

6.5. Please take into consideration that the World Wide Web is a publicly accessible system. Each time information is made available online this is done at your own risk. Your data might be lost or become accessible to unauthorized third parties.

6.6. CliniCallRN™ may communicate with you using text messages, email messages and other electronic means that may be unsecure, including in circumstances when your telephone, tablet, computer or other electronic device is accessible by others.

7. Protection and Security of PIHI

7.1. All PIHI data collected by CliniCallRN™ in connection with subject recruiting for a clinical research study is captured electronically and transmitted through a secure network connection to a secure database. CliniCallRN™’s data security policies are consistent with GCP and HIPAA standards. CliniCallRN™ maintains a separate Security Policy for Information Technology and physical security.

8. HIPAA, DHHS and Covered Entities

8.1. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and subsequent regulations published by the Department of Health and Human Services (DHHS) impose restrictions on other institutions (Covered Entities) which may be covered under the Act with respect to your relationships with CliniCallRN™. CliniCallRN™ may, in providing subject recruiting call center services for one of these institutions, be required to comply with certain aspects of HIPAA in the conduct of human subject research activities.

8.2. Although CliniCallRN™ is not a Covered Entity as defined in the HIPAA privacy regulations, our policies and procedures, which govern the privacy rights of its research participants included in this privacy policy, are compatible with those required by HIPAA for Covered Entities, and will become standard for research activities involving PIHI.

9. Log Files, Cookies and External Links

9.1. Log Files. CliniCallRN™ will record the following information from visitors to its site: browser type, IP address, domain name, access time, and operating system. This aggregate data helps CliniCallRN™ have a “macro-view” of the visitor traffic and understand what sections of the site the users visit most. CliniCallRN™ also uses this information to determine what kind of technology is available on the visitors' computers so it can better serve them by utilizing more advanced technologies (e.g., Macromedia Flash). None of this information is linked to any Personal Information.

9.2. Cookies. CliniCallRN™ uses cookies to record user-specific information on what pages users access or visit, record past activity and session management and personalization. CliniCallRN™’s use of cookies allows it to provide better service when visitors return to the CliniCallRN™ website.

9.3. External Links. This website may contain links to other websites. Please note that when you click on one of these links, you are then accessing the other website. We encourage you to read the privacy statements of these linked sites as their privacy policy may differ from ours.

10. United States – European Union Privacy Shield and Swiss Privacy Shield

10.1. CliniCallRN™ complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. CliniCallRN™ has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

11. Privacy Complaints by European Union and Swiss Citizens

11.1. Initial Complaints. In compliance with the US-EU and Swiss-US Privacy Shield Principles, CliniCallRN™ commits to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact CliniCallRN™ at:

Ken King

308 Harper Drive, Suite 105, Moorestown, NJ 08057

privacy@clinicallrn.com

516-366-5665

CliniCallRN™ has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

11.2 Limited conditions for the individual or entity to invoke last resort binding arbitration. Under Certain limited conditions, an individual may invoke last resort binding arbitration before a Privacy Shield Panel.

12. Authorizations/Opt-out

12.1. Permissions and authorizations are obtained orally or electronically from all prospective research subjects, where applicable, in three specific areas:

12.1.1. Once the prospective research subject has been provided basic information regarding the clinical research study, that subject’s permission and authorization is required to proceed with asking for health information.

12.1.2. Once the prospective research subject’s PIHI has been collected and where the subject has prequalified for a specific research study, the subject’s permission and authorization is required to transmit PIHI to the indicated clinical research site.

12.1.3. Under any situation where PIHI has been collected from a prospective research subject, the subject will be required to provide his or her permission and authorization (“opt-out”) to maintain PIHI for the purpose of contacting the subject about future studies. If no authorization is sought, or if authorization is not given when asked, all identifiers will be deleted (“De-Identified”) from the records within two business days.

12.2. A valid authorization must be presented in language which is easily understood and must fully inform the prospective research subject of the intended use and disclosure of the PIHI.

12.3 Access and Choice (update, correct, delete/deactivate)

We offer individuals to choose (opt-out) whether their personal information is (a) to be dis-closed to a third party or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals are provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice. For sensitive information (i.e. personal information specifying medical or health conditions, racial or ethnic origin; etc.), individuals are given affirmative or explicit (opt in) choice if the information is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt in choice.

EU and Swiss individuals have a right of access to information we hold about you.

If your personal information changes, or if you no longer desire our service, you may correct, update, amend, delete/remove, ask to have it removed from our site or deactivate it by making the change on our member information page or by emailing our Customer Support at privacy@clinicallrn.com or by contacting us by telephone or postal mail at the contact information listed below.  We will respond to your request to access within 30 days.

13. Privacy Policy Changes

CliniCallRN™ reserves the right, in its sole discretion, to change, add or remove portions of this privacy policy from time to time without any individual notice. CliniCallRN™ will place notice of any changes to this privacy policy on its home page or notify you by email prior to any material change taking effect.

Please check this page periodically for any changes. Your continued use of CliniCallRN™ following the posting of any changes to these terms shall mean that you have accepted those changes. If you have any questions or concerns, please email us at privacy@clinicallrn.com

Each use of CliniCallRN™ will be subject to the most current version of this privacy policy at the time of such use. The date of the current version is shown on the first page of this policy.

14.  Data Retention

We will retain your information for as long as your account is active or as needed to provide you services.  We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Clinical Trial Media, Inc. (dba CliniCallRN™)
500 North Broadway, Suite 102

Jericho, NY 11753
P: 516-350-8680

privacy@clinicallrn.com

Service Provider Collection/Use:

CliniCallRN™ collects information under the direction of its clients, and has no direct relationship with the individuals whose personal data it processes. 

Choice

We collect information for our clients, if you are a customer of one of our clients and would no longer like to be contacted by one of our clients that use our service, please contact the client that you interact with directly.

Service Provider, Sub Processors/Onward Transfer

CliniCallRN™ may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the provisions in this Policy regarding notice and choice and the service agreements with our clients.  CliniCallRN™ could incur liability by reason of the actions of third parties to whom we transfer personal information.

Access to Data Controlled by Our Clients

CliniCallRN™ has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the CliniCallRN™’s client (the data controller). If requested to remove data we will respond within 30 days.

Data Retention

CliniCallRN™ will retain personal data we process on behalf of our clients for as long as needed to provide services to our client. CliniCallRN™ will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.