DefinitionsAvailability: Data or information is accessible and usable upon demand by an authorized person. Confidentiality: Data or information is not made available or disclosed to unauthorized persons or processes. Integrity: Data or information has not been altered or destroyed in an unauthorized manner. "Personally Identifiable Information", "Personal Information", or "PII" means any data element that: (1) is recorded in any form; (2) is about, or pertains to a specific individual; and (3) can be linked to that individual whether through the information or the collection of the information and other, publicly available, information on the individual.
Vertical shall inform a customer or employee of the purpose for which it collects and uses the PII. Vertical does not disclose that information to third parties except to the extent such information has been deidentified and is used for research. Vertical shall provide the individual with the choice and means for limiting the use and disclosure of their PII.Choice
Vertical will offer customers or employees the opportunity to choose (opt out) whether their PII is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.Data Security
Vertical has established a comprehensive data security and privacy program to protect PHI/PII from loss, misuse and unauthorized access, disclosure, alteration and destruction. This program includes appropriate administrative, physical, and technical safeguards to secure PII received, prevent misuse, and mitigate any potential harm to individuals in the event of a breach.Data Integrity
Vertical shall only process PII in a way that is compatible with and relevant for the purpose for which it was collected and authorized by the individual. To the extent necessary for those purposes, Vertical shall take reasonable steps to ensure that PII is accurate, complete, current and reliable for its intended use.Access to PII
In the event Vertical is storing PII of an individual, Vertical shall allow individual access to their PII and allow the individual to correct, amend, or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated.Enforcement
Our products support patient privacy and provider security through the following product features:SSL Encryption System-User Identifiers Multiple User Access Levels Data Access Tracking/Alerts Secure Data Storage Compliant with ISO 27001
As part of our commitment to product security and customer service, Vertical supplies our customers with information to help assess and address the vulnerabilities and risks associated with products that maintain or transmit ePHI.
A. The Information Security Policy applies to all users of Vertical information including: employees, consultants, contractors, and outside affiliates. Failure to comply with Information Security Policies and Standards may result in disciplinary action up to and including dismissal in accordance with applicable Vertical procedures, or, in the case of outside affiliates, termination of the affiliation. Further, penalties associated with state and federal laws may apply.
B. Possible disciplinary/corrective action may be instituted for, but is not limited to, the following:
- Unauthorized disclosure of PHI or Confidential Information as specified in Confidentiality Statement.
- Unauthorized disclosure of a sign-on code (user id) or password.
- Attempting to obtain a sign-on code or password that belongs to another person.
- Using or attempting to use another person's sign-on code or password.
- Unauthorized use of an authorized password to invade patient privacy by examining records or information for which there has been no request for review.
- The intentional unauthorized destruction of Vertical information.
- Attempting to get access to sign-on codes for purposes other than official business, including completing fraudulent documentation to gain access.
Questions, comments or complaints regarding the Vertical Privacy and Security Policy or data collection and processing practices can be mailed or emailed to:
Vertical Technology Solutions, LLC Attn: Security and Privacy Officer PO Box 837 Aledo, TX 76008 USA Effective Date: July 29, 2019