PredictBGL eliminates concerns regarding the transfer of protected health information (PHI), as all data stored in and transferred through PredictBGL follows the “Safe Harbor” de-identification standard. More
In addition to HIPAA-compliant policies for data storage and handling, the following procedures are in place to ensure HIPAA compliance:
Client Data includes data stored by Clients in PredictBGL applications, information about a Client’s usage of the application, data instances in the CRM system that we have access to, or data that the Client has supplied to use for support or implementation. Here are the special considerations we take into account when managing Client Data:
All PredictBGL staff members are made aware of relevant external regulations as part of their induction process, and all staff who may come into contact with PHI are trained in our PHI handling processes.
PredictBGL anonymizes PHI upon receipt and destroys the original except in exceptional circumstances. Where anonymization is not possible (for example for technical reasons or where a product problem can only be recreated using PHI or if the Client specifies the data cannot be anonymized (e.g. if we are investigating a problem on a Client’s workstation), access to the data is restricted and the data is destroyed or returned to the Client as soon as it is no longer needed. Under no circumstances should identified data be added to the company dataset library.
PredictBGL expects professional integrity of our collaborators, Clients and partners providing PHI to us and will assume that they have obtained the data subject’s consent to use their data in this way.
Where a Business Associate agreement or similar contract relating to PHI is in place, PredictBGL staff members work under the terms of that agreement. Where no such agreement exists, the PredictBGL PHI handling policy and process are followed.
PredictBGL conducts periodic internal audits on compliance with this policy.
Last Modified: 4-Feb-2014