Categories
CH Versailles

Privacy notice – patients

This notice provides you with information on how your personal data is used for the Maela patient engagement and remote monitoring solution, offered by a company called Medtronic (hereafter, the “Services”). The Services are available to patients whose physicians are proposing the Services to. It is meant to help patients engage in their care and, when needed by their physician, share information about their health status with their physician for remote monitoring by the hospital care team.

Your healthcare provider is required to obtain your explicit consent to process your personal data (including health data) for the provision of the Services.

If you have any questions or concerns about this notice or the Services, please ask your physician for more information.

Description of the Services

The Services are designed to support patients through their care pathway. Through a protocol validated by your care team, the Services are adapted to your specific intervention and pathway, and allow you to share relevant information with your care team.

The Services consist of the following elements:

  • Patient registration: your healthcare provider will register you into the Maela solution, creating your account.
  • Remote tasks and information sharing: depending on the settings configured by your physician and depending also on your choice, you may access your account on the solution via the internet browser of your computer, or via a mobile application on your smartphone (Maela Patient application for iOS or Android only). Additionally or alternatively, on your smartphone, you may receive SMS with secure links. When clicking on such a link, a secure temporary form opens on your smartphone browser, which you can fill and submit. Instructions might be provided to you by the hospital care team through these forms. On the web or mobile app, you may also access educational content, tasks, reminders, instructions, messages and other functionalities that can help you engage in your care and help you communicate with your care team. The information that you share is stored in a cloud-based information system.
  • Hospital care team monitoring of your status: your Hospital care team will monitor the information that you provide via the Maela solution and contact you if necessary. Access will be possible only for authorised users who have a secure (password-protected) log-in.
  • Technical support: the Services include all the technical support necessary to enable the proper functioning of the Maela solution, and all the work required to enable the continuous improvement of the Maela solution, including but not limited to the review of your satisfaction with the programme, the analysis of your experience with the platform based on your de-identified data and the ensuing modification of the Maela solution.
  • [Add if relevant other services e.g. nurse support centre etc.]

Utilization of the Maela platform and Emergency Situations

The Services are intended to better support you through your care pathway. You should always contact your doctor in case of a medical emergency.

Your personal data

Personal data means all information relating to an identified or identifiable natural person, i.e. all information which can either directly or indirectly lead to knowing who you are. Your healthcare provider processes such personal data, including health data. Health data is classified as a ‘special category of personal data’ for which stricter rules apply.

By using the Services, the following categories of your Personal Data may be utilized:

  • Full name;
  • Hospital, Department name;
  • Your email and phone number;
  • Optional data (gender, date of birth, etc.) as determined by your physician;
  • List of devices (smartphone, computer) used to access the Services;
  • Medical data provided by you, or by your healthcare provider in accordance with your hospital’s digital care protocol (e.g. intervention type and underlying condition, postoperative symptom diary, etc.).

Use of the personal data

Your personal data are collected as part of the use of the Services for the following purposes:

  • To make personal data available to your healthcare provider and other persons authorized by the hospital through the Maela solution;
  • To enable the functioning of the Maela solution; this includes cookies if using the browser-based application;
  • To evaluate and improve functioning of the Services. For more details, please refer to the Technical support in the section on the Description of the Services;
  • To aggregate data to a level where you are no longer identifiable. This aggregated data may be used to improve the content of the solution, to create statistics, and obtain scientific analysis to identify health trends and patterns, through the general use of the Services;
  • For any other purposes required to comply with applicable laws, court orders or regulations.

The processing of your Personal Data can only be done based on your explicit consent and for the purposes as mentioned above.

In order to provide the Services, your healthcare provider directs third-party service providers, listed in the paragraph below, to access your personal data in order to carry out the Services. Such third-parties will not use your personal data other than for the stated purposes within this form and under the instructions of your healthcare provider. The following describes in detail the way such third-parties will access and manage your personal data to carry out the Services.

Medtronic and Maela, for the purposes of

  • Providing the Maela solution and technical support;
  • Helping with the resolution of problems or incidents;
  • Analysing the functioning and provisioning of the Maela solution and the provision of the Services in order to improve them;
  • Providing the Maela application development and maintenance, data hosting support and data hosting maintenance.

All third-party service providers are established within the European Economic Area (EEA) and provide an adequate level of protection of your Personal Data. No Personal Data is transferred outside the EEA. We ensure that all third-party service providers adhere to high privacy and security standards and requirements.

Data security

Your personal data will be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

The Maela solution utilizes encryption to secure your data when it is in transit and when stored at rest to prevent unauthorized access.

You remain responsible for securing the access to your phone.

Data transfer

Beyond the usage of the data by your hospital, for the provision of the Services, your personal data will remain in Switzerland or in the European Economic Area (EEA), which are by the European Commission as providing an adequate level of data protection. Additionally, such entities have committed to adhere to standard contractual model clauses offering sufficient safeguards on data protection for exchange of personal data within Medtronic entities as provided by the European Commission.

Retention of your data

We do not store personal data longer than is necessary for the purposes mentioned above, unless otherwise legally required. Your personal data is stored and maintained in two (2) places:

  • The Maela solution, for the purpose of delivering the Services and allowing the hospital to have access to a copy of the data for their archiving obligation and research purposes should you have consented to such purposes. Personal health data stored in the Maela solution will be maintained until the hospital no longer uses the Services. After that, your data will be deleted from the Maela solution. Please note your healthcare provider may download an export of your data, in alignment with the purposes listed in this privacy notice or other purposes you may have consented to separately.
  • The Maela analytics database: your de-identified personal data from the Services may be used in the Maela analytics database and retained on behalf of the hospital to provide it the possibility to analyse its care activity in relation to your care and progress stemming from activity involved via the Services. Medtronic cannot in any way (re-)identify you and shall use the de-identified Personal Data solely for the purposes set out in this notice.

Please note that your Personal Data, through the Services, is made available to your healthcare provider who may need to keep this data due to healthcare legal data retention requirements even after the service is stopped.

Cookie usage

A cookie is a numeric code that a website transfers to PC or mobile device for easier recordkeeping purposes. When a user connects for the first time to the Maela web application from a given browser on a given hardware device (or after the user password has expired, or after all cookies have been deleted by the user for that given browser in that given device or after the user deleted that cookie via the Maela menu “My verified devices”), the user goes through a two factor authentication process, where an SMS code is sent to the user’s phone via SMS. During that connection, a token is created and is stored for a month. That token can be deleted in the menu “My verified devices”. It can also be deleted from your browser tools directly along with all other cookies from your browsing history.

Your rights

You may be entitled to request to access, rectify, erase, and restrict your personal data, and/or obtain more information about the processing of your personal data and the applicable safeguards. You can contact your healthcare provider to withdraw your consent. You may also revoke your consent through the mobile application or the web application if you have been provided access to it by your physician. Please be aware that the withdrawal of your consent shall not affect the lawfulness of processing of your personal data based on the consent before your withdrawal. You have the right to lodge a complaint with the competent supervisory authority.

You can exercise your rights by sending a signed letter or an email to the hospital Data Privacy Officer at this address [insert address]. We will assist you in any privacy requests or concerns that you may have.

 

This is the privacy notice version 1.0, dated July the 27th, 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *