PSG complies with the privacy provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal law designed to ensure the privacy of personal and health information. In addition to all federal laws, PSG also complies with all state laws and regulations.
All PSG employees, contractors, and applicable third-party associates are required to read, understand, and abide by this policy.
PSG has implemented a security policy that further ensures that our clients’ information and data is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect for business purposes.
Method of Data Collection
PSG collects data from clients, pharmacies, hospitals and various other sources mainly through secure file transfer protocol (“SFTP”), but PSG also is provided information via encrypted, password protected CDs, encrypted USB drives and/or encrypted files via email.
Types of Protected Information
The types of information protected by this policy are: confidential information (CI), such as individually identifiable health information and protected health information (“PHI”), financial information, non-public personal information, and all data exchanged during the course of business to complete the tasks associated with an agreement, consultation, audit, or project.
Additional data and information may include company/client contact names, addresses, email addresses, demographic data, etc. This information may be stored in internal systems, such as sales management applications. These systems permit PSG employees to access and process such data solely for the purposes of customer fulfillment, business administration, business reporting, statistical analysis and marketing of PSG products and services.
Incident Management and Reporting
Employees, contractors, and applicable third-party associates are required to report any suspected breach or policy violation immediately, without unreasonable delay and in no case later than five (5) business days, to their immediate manager. The manager will evaluate the suspected breach or violation and, if validated, will report it to the Chief Financial Officer of PSG. If the breach or violation is validated, the affected client(s) will be notified within a reasonable amount of time. In addition, the notification will include a description of any investigatory steps taken, list of individuals impacted by the incident, the type of information involved in the incident, the date of the potential incident, and the date of discovery.
All incidents, breaches, or violations should be confidentially and immediately reported to:
Pharmaceutical Strategies Group, LLC
2901 North Dallas Parkway, Suite 420
Plano, TX 75093
Attention: Drue Pounds, CCO
Confidentiality and Non-Disclosure Agreements
PSG executes Confidentiality and/or Nondisclosure Agreement with employees, third parties, contracted individuals, and/or contracted organizations performing services that involve the use or disclosure of CI.
Return/Destruction of Information Procedure
When the arrangement between a client and PSG ends, PSG will return or destroy all client/client member and proprietary information received during the course of the working relationship/project.
In most cases, PSG will not retain any copies of the information, unless otherwise noted or agreed.
If the return or destruction of this information is not feasible, PSG will continue to extend the protections of the BAA and/or NDA and limit further use of such information to those purposes that make the return or destruction of such information infeasible.