PatientCare Privacy Policy

Boston Scientific Cardiac Diagnostics (f/k/a Preventice) (“BSC CDx”) mission is to be the premier, innovative digital health company, raise the quality and effectiveness of care, and improve the management of patients burdened by cardiac-related issues and other chronic diseases. As part of this mission, BSC CDx designed and implemented the PatientCare Application (“PatientCare”). PatientCare allows Health Care Professionals to receive, interpret and manage in near real-time patient cardiac data from BSC CDx diagnostic studies. 

This Privacy Policy (“Policy”) sets forth the BSC CDx privacy practices regarding the collection and use of personal information or personal data (collectively, "personal information") relating to PatientCare, directed to individuals in the United States. Please note this Policy is not addressed to patients. Unless otherwise specified, the personal information discussed herein is the personal information of you, the user of PatientCare. This Policy also describes how you can exercise rights related your information, as applicable. When we refer to BSC CDx, we mean Boston Scientific Cardiac Diagnostic Technologies, Inc. (f/k/a Preventice Technologies, Inc.), a wholly owned subsidiary of Boston Scientific Corporation. 

It is the policy of BSC CDx to comply with all applicable laws governing the processing of personal information, including those associated with the safeguarding of sensitive or protected health information. Implementation of this policy is subject to specific US federal and state laws. Furthermore, BSC CDx abides by the Generally Accepted Privacy Principles (GAPP) such as:

• Management

BSC CDx has a program designed to protect personal information in its possession or control. This is done through a variety of privacy and security policies, processes and procedures. This program is overseen by BSC CDx’s HIPAA Privacy Officer and Boston Scientific Corporation’s Global Privacy Office.

• ·Notice

BSC CDx, through this policy, provides notice about its privacy practices relating to personal information obtained through PatientCare. This policy may change from time to time. If BSC CDx makes a material change to this policy, it will highlight such changes and provide you notice through PatientCare when you log in. Your continued use of PatientCare after revision to this policy means you accept those changes, so please check the policy periodically for updates.

• Choice and consent
  

Providing consent is optional and you can withdraw it at any time, except to the extent that BSC CDx has relied upon it. If you do not agree to the collection and use of your personal information as outlined in this Privacy Policy, please notify the Boston Scientific Global Privacy team via the contact information below. 

• Collection and Use

BSC CDx details further below the data collected and usage.

• Children Under the Legal Age Under Applicable Law
  

PatientCare is not intended for use by children under legal age, and we do not knowingly collect personal information from children under legal age. If your child has submitted personal information and you would like to request that such information be deleted from our records, you may do so by contacting us via the contact options below. 

BSC CDx details further below the following principles:

• Retention and disposal
• Security for privacy
• Quality

BSC CDx may collect and process personal information about you, including your:

• First and last name
• Gender
• Email address
• Telephone number
• Address
• Registration ID or NPI number
• Institution/Practice information you are associated with in PatientCare
• IP address
• Username, password, and other account registration information
• PatientCare Role(s), Assigned Licenses, and other account information
• Geolocation information
• Device/Browser Information
• PatientCare usage, logs, performance data and statistics

BSC CDx may also collect and process personal information, including patient protected health information, provided to us via the BSC CDx website , Patient Care and remote monitoring system, related to enrolled patients, including:

• The patient’s first, middle, last name, and suffix
• The patient’s date of birth
• The patient’s primary and additional telephone numbers
• The patient’s primary and additional email addresses
• The patient’s primary and additional addresses
• The patient’s Registration ID or MRN
• Dates related to the patient’s monitoring service, events and notifications
• The patient’s diagnosis/reason for monitoring
• Additional relevant medical history for the patient
• The patient’s ECG data, reported symptoms and analysis
• The model and serial numbers from the remote monitor

BSC CDx processes such personal information for the following purposes:

• To enable application setup
• To provide you with services and notifications through PatientCare, including technical support
• To improve PatientCare content and functionality
• To ensure privacy, security and quality
• To establish, exercise or defend legal claims
• To comply with applicable laws and regulations

BSC CDx shall manage this information in accordance with applicable personal information protection laws in your country of residence, including among others the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA).

We retain your information while your account is active or as needed to provide you with services and notifications through PatientCare. After such time, we may continue to retain and use your information as necessary to comply with our legal, regulatory and ethical obligations, resolve disputes, exercise our rights, conduct internal research, maintain records, and enforce and comply with our agreements.

You may request immediate erasure of your data within PatientCare by submitting a data erasure request to BSC CDx as outlined below. Please note that should you request erasure of your data while you are still actively using PatientCare, then the erasure of your data will immediately terminate your PatientCare user account(s).

Personal information that comprises part of the BSC CDx Designated Record Set under HIPAA is retained in accordance with applicable laws, regulations and company policies. Additional information regarding BSC CDx HIPAA privacy practices is available at: HIPAA PRIVACY PRACTICES - Boston Scientific Cardiac Diagnostic Services, LLC .

Employees of Boston Scientific Corporation and its subsidiaries and affiliated entities in existence from time to time, including BSC CDx and its wholly affiliated entities that are authorized shall have access to your personal information in order to provide diagnostic monitoring services for enrolled patients and operate and support PatientCare and related systems. BSC CDx may also disclose personal information to third parties as needed to manage, provide or improve the services, consistent with this Policy, or as required by law. In most cases, the information we send to third parties does not involve the use of personal information. When it does, these third parties are required to handle personal information in a confidential manner and to maintain adequate security to protect the information from loss, misuse, unauthorized access or disclosure, alteration, and destruction. 

BSC CDx deploys administrative, physical, and technical safeguards designed to reasonably and appropriately protect the confidentiality, integrity, and availability of the personal information that it creates, receives, maintains, or transmits. For example, BSC CDx limits access to this information to authorized employees and contractors who need to know that information in order to operate, develop or improve our application. Please be aware that although BSC CDx endeavors to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.

The safety and security of your information also depends on you. You are responsible for the security enabled on your device in order to keep PatientCare data confidential. BSC CDx asks you to implement a locking mechanism on your device and not share your password with anyone.

BSC CDx maintains accurate, complete, and relevant personal information for the purposes of providing remote monitoring services. BSC CDx relies on data integrity tools and processes along with timely and accurate updates from healthcare providers to ensure data quality.

BSC CDx monitors compliance with its privacy policies and procedures and has procedures to address privacy related complaints and disputes. 

Depending on where you are located or where you reside, you may have the following rights with respect to your personal information, subject to applicable exceptions:

• Right to Access. You may be entitled to request that we disclose to you the specific pieces of your personal information that we have collected about you in a portable and, to the extent technically feasible, readily usable format.
• Right to Know. You may have the right to confirm that we have collected personal information about you and know what personal information we have collected about you, including, as applicable, the categories of personal information we have collected, the sources from which we collected that personal information, the business or commercial purposes for which we collected that personal information.
• Right to Deletion. You may be entitled to request that we delete the personal information that we have collected from you. We will use commercially reasonable efforts to honor your request, in compliance with applicable laws. Please note, however, that we may need or be required to keep such information, such as for our legitimate business purposes or to comply with applicable law. 
• Right to Limit the Processing of Sensitive Personal Information. You may be entitled to restrict the processing of your sensitive personal information in certain circumstances.
• Right to Correct. You may request that we correct personal information that we hold about you. 
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment if you exercise the rights conferred to you by applicable privacy law. 

If you have questions related to the personal information that Boston Scientific collects, or you want to exercise or ask about specific rights related to such information under applicable laws and regulations, please contact GlobalPrivacy@bsci.com. For individuals from California, please see: https://www.bostonscientific.com/en-US/privacy-policy/ccpa.html. For other individuals from the United States, please see https://www.bostonscientific.com/en-US/privacy-policy.html. For individuals in the European Economic Area (EEA), United Kingdom and Switzerland, please see: https://www.cdx.bostonscientific.com/us/en/eea-privacy-notice.html

BSC CDx is a wholly owned subsidiary of Boston Scientific Corporation. Please direct privacy-related questions, issues, comments, or complaints to one of the following: 

Email: globalprivacy@bsci.com

Postal Mail:

Boston Scientific Corporation
Attn: Global Privacy Office/Legal
300 Boston Scientific Way
Marlborough, MA 01752 (USA)