Orthofix Safe Harbor Privacy Policy Orthofix (hereinafter "Orthofix" or "the Company") is strongly committed to safeguarding the privacy of our employees, and all those customers, clinical trial participants, consumers, business partners and others who entrust us with their personal information. We use and disclose personal information in accordance with the promises we make and the laws of the countries in which we do business.
In this regard, Orthofix has certified to the Safe Harbor Agreeme nt between the United States and the European Union, with respect to personal data processed as part of our clinical research and other business activities. Accordingly, Orthofix adheres to the Safe Harbor privacy principles and frequently as ked questions, as agreed to by the U.S. Department of Commerce and the European Commission ("Safe Harbor Principles").
This Orthofix Safe Harbor Privacy Policy ("Policy") sets forth the privacy principles that Orthofix follows with respect to personal information transferred on its behalf from the European Union (EU) to the United States.
"Personal information" means any information or set of information that identifies or is used by or on behalf of the Company to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information.
"Agent" means a third party that processes personal data solely on behalf of and under the instructions Orthofix.
The following privacy principles apply to the transfer, collection, use or disclosure of personal information from the EU by Orthofix.
Orthofix informs individuals in the EU about the purposes for which it collects and uses their personal information, how to contact Orthofix, the types of non-agent third parties with which Orthofix shares their personal information, and the choice and means Orthofix offers for limiting the use and disclo sure of their personal information. Where Orthofix collects personal information directly from individuals in the EU, it informs them about the types of personal information collected, the purposes for which it collects and uses the personal inform ation, and the types of non-agent third parties to which the Company discloses or may disclose that information, and the choices and means, if any, the Company offers individuals for limiting the use and disclosure of their personal information. Notice will be provided in a clear and conspicuous language when individuals are first asked to provide personal information, or as soon as practicable thereafter, and in any event before the Company uses or discloses the information for a purpose other than that for which it was originally collected.
Orthofix will offer an individual the opportunity to choose (opt out) whether personal data are (a) to be disclosed to a non-agent third party or (b) used for a purpose other than that for which the information were originally collected or subsequently authorized by the individual. There are certain limitations on the right to opt-out, such as those that apply in the clinical research situation. In these situations, Orthofix can continue to rely upon personal information already provided by clinical research participants who choose to discontinue participation in a clinical trial, to the extent needed to protect the integrity of the study, but cannot collect any additional personal information about that individual once the written request to withdraw participation is received. For sensitive personal information, Orthofix will give individuals the opportunity to affirmatively and explicitly (opt in) consent to the disclosure of the information to a non-agent third party or the use of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual.
Orthofix will only transfer personal data to an agent where the agent has provided assurances that the agent provides at least the same level of privacy protection as is required by these privacy principles. Where Orthofix has knowledge that an agent to whom it has provided personal information is processing that information in a manner contrary to this Policy or the Safe Harbor requirements, Orthofix will take reasonable steps to prevent or stop the processing.
Orthofix will only transfer personal data to a non-agent third party where consistent with the notice provided to the individuals who are the subject of the data and any consent that those individuals have given.
Orthofix will take reasonable precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Orthofix will only use and share personal data about individuals in a way that is consistent with the purposes for which the data were collected or subsequently authorized by those individuals. To the extent necessary for those purposes, Orthofix will take reasonable steps to ensure that the data is reliable for intended use, accurate, complete, and current.
Subject to limitations set for in the US Department of Commerce's Safe Harbor website, Orthofix will provide individuals with reasonable access to personal information about them and they may request the correction or amendment of personal data that they demonstrate to be incorrect or incomplete.
Orthofix has established internal mechanisms to verify its ongoing adherence to this Policy. Orthofix also encourages individuals covered by this Policy to raise any concerns about our processing of their personal information by contacting Orthofix' Privacy Office at the address below. Orthofix will seek to resolve any concerns. Orthofix has also agreed to participate in the dispute resolution program provided by the European Data Protection Authorities.
Adherence by Orthofix to the Safe Harbor Principles may be limited to the extent required to meet a legal, governmental, national security or public interest obligation.
Questions or comments regarding this Policy should be submitted to the following person by mail as follows:
Orthofix International NV
3451 Plano Parkway
Lewisville, TX 75056
This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Principles. A notice will be posted on the Company's web page for sixty (60) days whenever this Safe Harbor Privacy Policy is changed in a material way.
June 18, 2014
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Orthofix Inc. ("Orthofix") is required by law to maintain the privacy of your protected health information, to provide you with a notice of our legal duties and privacy practices with respect to protected health information, and to notify you if there is a breach of your unsecured protected health information. This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to your protected health information. "Protected health information" is information about you, including basic demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.
Orthofix is required to follow the terms of this Notice of Privacy Practices. We will not use or disclose your protected health information without your written permission, except as described in this Notice. We reserve the right to change our practices and this Notice and to make the new Notice effective for all protected health information we maintain. Upon your request, we will provide you with a revised Notice.
The following categories describe different ways that we use and disclose your protected health information (PHI).
Treatment: Orthofix may use your health information to provide and coordinate the treatment, products and services you receive. For example, information obtained by an Orthofix representative will be recorded in your record and used to determine suitability for the product, fitting and to provide instruction regarding appropriate use of the product.
Payment: Orthofix may use and disclose your health information to others for purposes of receiving payment for treatment and services that you receive. For example, we will submit a claim to you or your health plan/insurer that includes information that identifies you, as well as your diagnosis, and product supplied.
Health Care Operations: Orthofix may use information in your health record for operational purposes. For example, we may use your information to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the products and services we provide.
To Communicate with Individuals Involved in Your Care Or Payment for Your Care: Orthofix may disclose to a family member, other relative, close personal friend or any other person you identify, PHI directly relevant to that person's involvement in your care or payment related to your care.
U.S. Food and Drug Administration (FDA): As required by federal law, Orthofix may disclose PHI to the FDA to report adverse events regarding our devices, device defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Worker's Compensation: We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker's compensation or other similar programs established by law.
Public Health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Law Enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a valid subpoena or court order.
As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Judicial and Administrative Proceedings: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by us or the requesting party, to tell you about the request or to obtain an order protecting the information requested.
Research: We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Coroners, Medical Examiners, and Funeral Directors: We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Organ or Tissue Procurement Organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of other individuals.
To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans: If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities and Protective Services: We may release PHI about you to authorized federal officials for intelligence, counterintelligence, for protection of the President and other national security activities authorized by law.
Victims of Abuse or Neglect: We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
Orthofix will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). Specifically, the following uses and disclosures will be made only with your authorization: (i) most uses and disclosures of PHI for marketing purposes including subsidized treatment communications; and (ii) disclosures that constitute a sale of PHI. You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
You have the following rights with respect to your protected health information:
If you have questions or would like additional information about Orthofix's privacy practices, you may contact the Privacy Officer at privacy@orthofix.com or 800-535-4492. If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the United States Secretary of Health and Human Services. There will be no retaliation for filing a complaint.
Effective Date: This Notice is effective as of April 14, 2003.