Your privacy is important to us. This privacy statement explains what personal data is collected by MedModus BI Limited (MedModus), through our interactions with our customers and through our products, and how we use that data for the services provided via MedModus Portal.
This privacy policy relates to MedModus Portal. For the privacy policy governing MedModus public-facing website, please refer to www.medmodus.com/privacy.
MedModus collects data to operate effectively and provide you with the best experiences of our products. You provide some of this data directly or indirectly (via a representative from your organisation) for the creation of your MedModus account. You provide some of this data directly when using the Portal, such as when you create tasks, upload a file into the Portal, or contact us for support. We get some of it by recording how you interact with our products by, for example, using technologies like cookies on your device, and by tracking site usage and error reports from software running on our servers. For our rostering products, certain personal information will be provided by your hospital as part of Roster Management System set up.
MedModus uses the data we collect to operate our business and provide you with the products we offer, which includes using data to improve our products and personalise your experiences. We also may use the data to communicate with you, for example, informing you about your account, security updates and product information. However, we do not use what you say in email, chat, video calls or voice mail, or your documents, photos, or other personal files to target you with ads.
Whether you have an account with MedModus or not, your personal data might be included as part of the data model of a hospital you work for, if this hospital or its parent group is a MedModus customer using the Portal. The data may also be displayed in our rostering products. This is done with our customer's permission and is consistent with the use of such information for the management and improvement of hospital services. This data will only be accessible to users within your organisation (e.g. the hospital(s) you work for) or users responsible for management of these hospitals within the relevant government body (e.g. HSE in the Republic of Ireland; NHS in Great Britain; HSCNI in Northern Ireland).
To produce the data models used by the reports, dashboards, and applications within the Portal, MedModus receives patient data. MedModus' first preference is to receive data that is pseudo-anonymised and excludes personal identifiable information (PII) such as names, date of birth, addresses (besides top-level constituencies such as state/county, city/town), phone number, email addresses. If for any reason, we come across such data by accident (e.g. included accidentally in a data export) we ensure that: a) the data is immediately destroyed using cryptographic erasure techniques; and b) the client is informed about their data breach in writing and is requested to remove such information from subsequent data exports. While we do not need dates of birth for our data models, we do include the patient's age in years.
Certain customers will ask us to process PII on their behalf. This will be specified as part of the data sharing agreement with that customer and MedModus will implement more stringent controls. MedModus' ISO27001 Information Security Management System (ISMS) aims to ensure that this information is secure and used only by those who are authorised by the customer to use it.
We share your personal data with your or your organisation's consent or as necessary to complete any transaction or provide any product you have requested or authorised. We also share data with MedModus-controlled affiliates and subsidiaries; with vendors working on our behalf for the sole purpose of improving our products and services; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of MedModus.
You can view and edit your personal data online for the MedModus Portal. Accounts can be deleted upon request by contacting MedModus support. You can also make choices about MedModus' collection and use of your data. How you can access or control your personal data will depend on which products you use. You can always choose whether you wish to receive promotional emails, SMS messages, telephone calls and postal mail from MedModus. If the Portal user is also part of the medical staff (e.g. a consultant), their details might be included in the customer's data model or our rostering products. In this case a request for the deletion of a medical staff record must be completed by contacting MedModus support (see ‘Medical staff' below). Before removing data, we will liaise with our customers to confirm the request.
Our reports and data models for given customers are likely to include some personal identifiable information about their medical staff (e.g. clinician names). This is consistent with the source systems from which we derive this data. If required by law, MedModus can either a) remove names and other personal identifiable information by replacing these with an alternative alias; or b) remove the records in their entirety. If the medical staff user is a Portal user and they wish to have their account deleted, a request for the deletion of a Portal account must be completed by contacting MedModus support (see ‘Portal users' above) and we will liaise with our customers in relation to that request.
MedModus ISMS is designed, implemented, and maintained to securely handle personal identifiable information and quasi-identifiable information received in patient data. Any PII received will be under the direction of our customers and we will, when possible, remove such information from patient data when not needed. However, in some rare circumstances, with PII removed a patient might still be identifiable, such as in the case of extremely rare medical conditions. MedModus can remove a patient's data upon request and has a system in place to avoid such records surfacing in the future. However, it is the responsibility of the customer organisation to remove from all future data extracts for the Portal the records that have been requested to be removed; to ensure that such data is no longer received by MedModus.
MedModus uses cookies (small text files placed on your device) and similar technologies to provide our websites and online services and to help collect data. Cookies allow us, among other things, to store your preferences and settings; enable you to sign-in; combat fraud; and analyse how our websites and online services are performing.
We also use web beacons to help deliver cookies and gather usage and performance data. Our websites may include web beacons and cookies from third-party service providers.
You have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Your browser and other choices may impact your experiences with our products.
MedModus Portal and related products are intended for use by our customer organisations and are administered to you by MedModus and/or your organisation. Your use of MedModus Portal products may be subject to your organisation's policies, if any. If your organisation is administering your use of the Portal products, please direct your privacy enquiries to your administrator. When you use social features of such products, other users in your network may see some of your activity. To learn more about the social features and other functionality, please review documentation or help content specific to the feature. MedModus is not responsible for the privacy or security practices of our customers, which may differ from those set forth in this privacy statement.
If you use an email address provided by an organisation you are affiliated with, such as a hospital, to access MedModus Portal, the owner of the domain (e.g. your employer) associated with your email address may: (i) control and administer your MedModus Portal online services account and (ii) access and process your data, including the contents of your communications and files.
When you try to sign into your account to access the MedModus Portal, we create a record of that sign in attempt, whether the attempt was successful or not (e.g. incorrect password). We keep track of such information to prevent unauthorised access to our systems.
MedModus website: For the privacy policy governing MedModus public-facing website, please refer to www.medmodus.com/privacy.