Data Privacy and Security Rationale Statement
Last updated September 9, 2022
MedPro Systems LLC (“MedPro”) assists our pharmaceutical, medical device and other Life Sciences industry customers in achieving regulatory compliance by providing high quality healthcare practitioner (“HCP”) and healthcare organization (“HCO”) data.
Interactions between the Life Sciences industry, HCPs, and HCOs are highly regulated at the federal, state, and local levels. MedPro obtains, updates, and verifies HCP and HCO data to provide our customers with the information necessary to meet their regulatory obligations and commercial goals.
Examples of Regulatory Uses of HCP and HCO Data*:
- Prescription Drug Marketing Act of 1987 (“PDMA”) – HCP Verification
- Aggregate Spend – HCP/HCO Identification; Federal, State, and Local Transparency Reporting
- False Claims Act Prevention – HCP Specialty Verification
- Stark Law – HCP/HCO Identification and Aggregation of Nonmonetary Compensation
- OIG Corporate Integrity Agreement Obligations – HCP/HCO Verification
- Drug Quality and Security Act (“DQSA”) – HCP/HCO Verification
- Florida HCCE License Validation – HCP/HCO Verification
- Ohio TDDD License Validation – HCP/HCO Verification
- Pharmaceutical and Medical Device Product Distribution – HCP/HCO Verification
*This list is meant to be illustrative of regulatory data usages, but not exhaustive
MedPro ordinarily operates as a data broker, data processor and/or service provider, managing publicly available and/or customer-provided information with no direct relationship with the individuals whose personal data it processes. MedPro does not market directly to HCPs or HCOs.
MedPro obtains HCP and HCO data directly from federal and state government agencies and other sources of publicly available information. MedPro also acquires data from various third parties, including other regulatory entities, quasi-governmental agencies, payers, professional associations, and the HCOs with which HCPs are affiliated. In these instances, MedPro has no direct contact with the individuals whose information is being collected; such data is controlled and managed by the entities from which MedPro acquires the information.
MedPro’s customers also provide their own data (“Customer Data”) to MedPro for the purposes of data verification, aggregation, and enrichment. MedPro will not disclose or reference any Customer Data except as provided in the applicable MedPro Order Form, Services Agreement, Statement of Work, or other customer agreement, (collectively, “Customer Agreement”) for a business purpose under the California Consumer Privacy Act (“CCPA”), or as may be required by law or otherwise on an aggregated/anonymized basis. MedPro accesses Customer Data for the purposes of providing our services, preventing or addressing service or technical problems, at a customer’s request in connection with customer support matters, or as may be required by law and otherwise in accordance with the Customer Agreement. Under MedPro’s current agreements, any Customer Data (including any personal information) belongs to MedPro’s customers.
In the aforementioned situations, MedPro has no direct relationship with the individuals whose personal data it obtains and processes. As such, individuals who would like information about the collection, sale, or disclosure of their personal data or to have updates made or information removed from their personal data should first contact that controlling entity directly. MedPro abides by the contractual requirements and restrictions regarding access, disclosure, deletion. If the controlling entity requests MedPro’s assistance in the providing disclosure information or updating or removing personal data, MedPro will respond to such requests in a timely manner. In the limited instances where MedPro collects personal information directly from individuals, it will provide notice to those individuals at or before the time of collection and will respond to individual requests as required by law.
MedPro is committed to honoring and protecting the privacy and security of your data. MedPro institutes reasonable and appropriate technical, administrative and physical safeguards designed to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction. MedPro’s employees are trained in the importance of data privacy, security, and accuracy and have a responsibility to you, MedPro, and MedPro’s customers. As such, MedPro believes in transparency when it comes to information privacy and security processes and protocols.
California Consumer Privacy Act (CCPA)
MedPro is a registered Data Broker, as that term is defined in California Civil Code § 1798.99.80, with the California Attorney General. If you wish to exercise your rights under the CCPA, please contact MedPro by calling (833)-633-4866 or sending an email to CCPA@MedProSystems.com and provide the following information:
- Subject line: CCPA Request
- Describe which CCPA right(s) you are exercising
- Your full name and any previous names by which you were known
- Your full address and any previous addresses
- Your telephone number where you can be reached to communicate with you regarding your CCPA request (if you prefer to communicate by phone)
- Your email address where you can be reached to communicate with you regarding your CCPA request (if you prefer to communicate by email)
- Proof of identity to verify your request
- If desired or required, an authorized agent to make a request on your behalf subject to proof of identity and authorization
When MedPro receives a verified request for a consumer to opt-out, know, or have personal information deleted, MedPro shall inform the consumer of its determination within 45 days of receiving a verifiable consumer request from the consumer. In the event of a complicated request, MedPro may extend the period of time by an additional 45 days when reasonably necessary and provide the consumer with notice of the extension within the first 45-day period.
You may only make a verifiable consumer request for access or data portability twice within a twelve-month period. MedPro will not charge a fee to process or respond to your verifiable consumer request unless MedPro reasonably determines it is excessive, repetitive, or manifestly unfounded. As such, if MedPro determine that the request warrants a fee, MedPro will tell you why it made that decision and provide you with a cost estimate before completing your request.
If MedPro chooses not to process your request, it shall explain the reasons for its decisions and any rights the consumer may have to appeal the decision to MedPro as is statutorily required.
MedPro may not be able to comply with your request if it is unable to confirm your identity or to connect the information you submit in connection with your request with personal information in MedPro’s possession. The CCPA does not apply to certain information, including publicly available information. MedPro may maintain your personal information outside of the MedPro database if you request to be deleted in order to respect your rights.
The CCPA regulates the online collection of personal information from children under the age of 16. MedPro’s services are not directed to or used by children, and MedPro does not knowingly collect personal information from children under the age of 16.