General
Advarra is committed to protecting the privacy and security of its clients, partners, and associates and therefore operates under a set of strict privacy principles.
ADVARRA adheres to the U.S. HIPAA Standards, complies with the EU-U.S. Privacy Shield Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. ADVARRA has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Notice
No personally identifiable information that is collected or transferred from individuals in the EU and/or Switzerland is used by ADVARRA for any purpose. However, ADVARRA does hold and process private personal data on behalf of its healthcare clients. ADVARRA’s clients in the U.S., EU and/or Switzerland collect this data. Data is the property of the subscriber (ADVARRA’s customer) and is hosted on a third-party website. Since ADVARRA does not own the patient data, ADVARRA cannot legally disclose it to anyone other than the subscriber (ADVARRA’s customer). ADVARRA collects and uses Human Resource data from its employees in the EU and/or Switzerland to pay and give benefits to its employees.
Advarra is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Advarra may be required to disclose personal information in response to lawful respects by public authorities, including to meet national security or law enforcement requirements. Advarra may be liable in cases of onward transfers to third parties. Under certain conditions, it is possible for individuals to invoke binding arbitration.
As a manufacturer of clinical and management information systems, ADVARRA assists its clients worldwide in the implementation and support of ADVARRA solutions in their healthcare institution(s). Since ADVARRA provides implementation and support for different healthcare institutions, ADVARRA may receive, hold, and process personal data from clients within the EU and/or Switzerland, including patient data provided by clients for the purpose of troubleshooting specific computer system hardware and software problems and issues in accordance with business and/or service agreements. In addition, ADVARRA also provides managed services such as remote hosting, remote system monitoring, disaster recovery, data warehousing and application management services, in which it may act as the custodian patient health information for certain clients. With these offerings, ADVARRA not only has access to provider-based personal health information, but also performs many of a provider’s custodial duties as well.
Choice
ADVARRA will not offer individuals whose data is collected by ADVARRA’s clients the opportunity to choose (through an ‘opt out’ choice) since ADVARRA is not responsible for collecting the personal data. It is ADVARRA’s client that has the responsibility for the collected data and the choice and accuracy of that data. Should a client-individual desire to opt-out of the information system, they should contact the healthcare institution that collected the data for its policies and procedures for doing so.
ADVARRA will not offer its employees in the EU and/or Switzerland the opportunity to choose (through an ‘opt out’ choice) since ADVARRA needs the human resource data of our employees to provide company benefits. Should a ADVARRA employee-individual desire to opt-out of the information system, they should contact the ADVARRA Human Resources department that collected the data for its policies and procedures for doing so. ADVARRA will not share employee information with third parties for a purpose that is materially different from original purposes without the employees’ consent. If you wish to opt-out, please contact HR at: hr@advarra.com.
ADVARRA does not in itself collect sensitive personal data (that is personal data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual or other personal data.)
Onward Transfer
ADVARRA does not transfer its client’s personal data to third parties unless specified in a contract. ADVARRA does not transfer its employee’s personal human resources data to third parties unless to provide personal data for the purposes of payroll processing or benefit enrollment.
Data Security
ADVARRA does not transfer its client’s personal data to third parties unless specified in a contract. ADVARRA does not transfer its employee’s personal human resources data to third parties unless to provide personal data for the purposes of payroll processing or benefit enrollment. Such disclosures include but are not limited to (i) employee management and administration (including both during and after employment); (ii) employee verification; (iii) administering employee benefits; (iv) administering personal short or long-term compensation programs or benefits; (v) evaluating performances; (vii) processing health insurance claims; and (viii) payroll processors or support services. Any request to client’s data or ADVARRA personal employee information with non-Agents shall only occur if authorized by the individual in writing, subject to other legal and regulatory requirements.
ADVARRA takes all reasonable measures to protect personal data from loss, misuse, unauthorized access, disclosure, alteration and/or destruction. ADVARRA accordingly has put in place appropriate physical, electronic, and managerial security measures to safeguard and secure any personal data under ADVARRA’s control from loss, misuse, unauthorized access or disclosure, alteration or destruction. However, ADVARRA cannot guarantee the security of personal data on or transmitted via the Internet.
Data Integrity
ADVARRA will only process personal data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, ADVARRA will take reasonable steps to ensure that personal data is accurate, complete, current, and reliable for its intended use.
Enforcement and Dispute Resolution
ADVARRA uses a self-assessment approach to assure compliance with these privacy guidelines and periodically verifies that these privacy guidelines are accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the most current Privacy Shield principles. The Federal Trade Commission has jurisdiction over ADVARRA compliance with Privacy Shield.
ADVARRA encourages interested persons to raise any concerns using the contact information provided below and it will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of personal data in accordance with the Privacy Shield principles.
If a complaint or dispute cannot be resolved through our internal process, ADVARRA agrees to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) to resolve disputes pursuant to the Privacy Shield Privacy Principles, as well as to cooperate and comply with the Federal Data Protection and Information Commissioner of Switzerland. The EU DPAs’ panel may be contacted at ec-dppanel-secr@ec.europa.eu and the EU DPAs may be contacted directly via the information provided at: http://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm. The contact information for the Swiss FDPIC can be found at: http://www.edoeb.admin.ch/kontakt/index.html?lang=en .Under certain conditions, the interested person can invoke binding arbitration to resolve a complaint or dispute.
Contact Information
Questions, comments or complaints regarding these privacy guidelines or data collection and processing practices please contact us by one of the following methods:
You can send e-mail to: corporatecompliance@advarra.com
You can send mail to the following postal address:
Advarra Headquarters
6100 Merriweather Dr., Suite 600
Columbia, MD 21044
You can call the following telephone number: 410.884.2900
Amendments
These privacy guidelines may be amended from time to time consistent with the requirements of the Privacy Shield. We will post any revised policy on this website.
Effective Date:
June 2020