Privacy


Introduction

Protecting the privacy of our customers and their employees is important to Vertical Technologies, LLC, ("Vertical"). This privacy policy outlines our general policy regarding data security and privacy, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This privacy policy applies to all personally identifiable information received by Vertical whether in electronic, paper or verbal form.


Definitions

Availability: Data or information is accessible and usable upon demand by an authorized person. Confidentiality: Data or information is not made available or disclosed to unauthorized persons or processes. Integrity: Data or information has not been altered or destroyed in an unauthorized manner. "Personally Identifiable Information", "Personal Information", or "PII" means any data element that: (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual whether through the information or the collection of the information and other, publicly available, information on the individual.

Principles

Notice

Vertical shall inform a customer or employee of the purpose for which it collects and uses the PII. Vertical does not disclose that information to third parties except to the extent such information has been deidentified and is used for research. Vertical shall provide the individual with the choice and means for limiting the use and disclosure of their PII.

Choice

Vertical will offer customers or employees the opportunity to choose (opt out) whether their PII is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.

Data Security

Vertical has established a comprehensive data security and privacy program to protect PHI/PII from loss, misuse and unauthorized access, disclosure, alteration and destruction. This program includes appropriate administrative, physical, and technical safeguards to secure PII received, prevent misuse, and mitigate any potential harm to individuals in the event of a breach.

Data Integrity

Vertical shall only process PII in a way that is compatible with and relevant for the purpose for which it was collected and authorized by the individual. To the extent necessary for those purposes, Vertical shall take reasonable steps to ensure that PII is accurate, complete, current and reliable for its intended use.

Access to PII

In the event Vertical is storing PII of an individual, Vertical shall allow individual access to their PII and allow the individual to correct, amend, or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.

Enforcement

Vertical uses a self-assessment approach to assure compliance with this privacy policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Regulations. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of Personally Identifiable Information in accordance with the Regulations.

Product Security

Our products support patient privacy and provider security through the following product features:

SSL Encryption
System-User Identifiers
Multiple User Access Levels
Data Access Tracking/Alerts
Secure Data Storage Compliant with ISO 27001

As part of our commitment to product security and customer service, Vertical supplies our customers with information to help assess and address the vulnerabilities and risks associated with products that maintain or transmit ePHI.

Amendments

This privacy policy may be amended from time to time consistent with the requirements of the HIPAA regulations. We will post any revised policy on this website: http://verticaltech.io/privacy.

A. The Information Security Policy applies to all users of Vertical information including: employees, consultants, contractors, and outside affiliates. Failure to comply with Information Security Policies and Standards may result in disciplinary action up to and including dismissal in accordance with applicable Vertical procedures, or, in the case of outside affiliates, termination of the affiliation. Further, penalties associated with state and federal laws may apply.

B. Possible disciplinary/corrective action may be instituted for, but is not limited to, the following:

  • Unauthorized disclosure of PHI or Confidential Information as specified in Confidentiality Statement.
  • Unauthorized disclosure of a sign-on code (user id) or password.
  • Attempting to obtain a sign-on code or password that belongs to another person.
  • Using or attempting to use another person's sign-on code or password.
  • Unauthorized use of an authorized password to invade patient privacy by examining records or information for which there has been no request for review.
  • The intentional unauthorized destruction of Vertical information.
  • Attempting to get access to sign-on codes for purposes other than official business, including completing fraudulent documentation to gain access.

Contact Information

Questions, comments or complaints regarding the Vertical Privacy and Security Policy or data collection and processing practices can be mailed or emailed to:

Vertical Technology Solutions, LLC
Attn: Security and Privacy Officer
PO Box 837
Aledo, TX 76008
USA
Effective Date: July 29, 2019