Skip to main content

Privacy Compliance

Patient Prism helps you comply with privacy regulations worldwide.

Patient Prism has always prioritized the privacy of your personal information. As your service provider, we maintain your personal information with the strictest confidentiality. Your personal information is never sold or inappropriately disclosed.

As your service provider, we maintain your personal information with the strictest confidentiality. Your personal information is never sold or inappropriately disclosed.

Patient Prism has invested in compliance programs to ensure that we comply with privacy regulations across the world. These include:

  • US HIPAA
  • US 42 CFR Part 2 (Confidentiality of
  • Substance Use Disorder Records)
  • State Privacy Laws including California
  • and others
  • Canada PIPEDA
  • UK GDPR
  • EU/EEA GDPR
  • Australian Privacy Act

Of these regulations, arguably the General Data Protection Regulation (GDPR) in Europe has set a worldwide benchmark for data privacy and protection. Our program is built using this most stringent set of principles.

The privacy of you and your patients is our priority

Patient Prism has implemented these principles for its operations worldwide:

Access & Accuracy

Where reasonable and where required by law, you and/or your patients may request access to data that we collect. When we process data regarding your patients on your behalf, upon request we will pass these requests to you promptly so that you can provide them access to their requested personal data. While we focus on accuracy of data in our system, if any data is not accurate, we will promptly correct it.

Documented Data Processing

Whenever appropriate, Privacy Impact Risk Assessments are performed on our data processing activities. All processing activities are documented per regulations.

Accountability

Patient Prism has strong internal controls to ensure ongoing compliance with privacy regulations. Our Data Protection Offers oversees compliance, conducts internal training, and performs regular audits, and responds to Data Protection Authorities.

Third-Party Management

Any Patient Prism vendors must meet our strict privacy and data security standards. Our vendor quality process is used prior to any new vendor contract, and vendors are reviewed on an ongoing basis to ensure their ongoing compliance with our standards.

Transparency & Notice

Patient Prism provides a comprehensive Notice regarding how personal data is handled, the rights of consumers regarding their information, and recourse mechanisms for any disputes.

Privacy by Design

Patient Prism’s business model and all systems are built with privacy in mind. Privacy and data protection are addressed at every stage of the design and technology implementation process.

Record Retention Policies

Data is kept only as long as it is needed, and securely erased at the end of its life.

Choice & Consent

Prior to collecting personal data on your behalf, we advise you of appropriate notifications to ensure proper consent.

Data Minimization & Access Control

Only necessary data is collected, and access to that data is strictly limited based on the need to know.

Cross-Border Transfers

Strict attention is paid to any cross-border transfers. Lawful mechanisms are used, including the EU-US Data Privacy Framework, with the UK Extension.

Implementing our Global Privacy Program

At Patient Prism, accountability for our global privacy program begins with our CEO, Amol Nirgudkar.

To implement this program worldwide, an entire team has been assembled. The company has appointed a Data Protection Officer (DPO) to lead the internal process.

This DPO also acts in the capacity of the US HIPAA Privacy and Security Officer. The DPO coordinates with the Chief Technical Officer (CTO) who implements most of the computer security controls.

Outside advisors are also utilized. The company retains consultants who specialize in global privacy and security, legal counsel with a focus on global privacy, and representation of privacy specialists in both the UK and Germany.

This multi-disciplinary, multi-national team in turn coordinates as necessary with data protection authorities across the globe.

Finally, all employees at Patient Prism receive ongoing training in data privacy so that they know their role in ensuring the privacy of your personal information.

Patient Prism's Privacy Policies Apply to Operations Worldwide

Global

Protecting your data according to our Global Privacy Policies

Data

Processing personal data in compliance with Client contracts

Protection

Our policies protect data collected for our purposes and information that we process on behalf of our clients