GDPR and HIPAA
GDPR
GDPR
When you use EXINI SaMDs to process patient information related to a patient who is a resident of the EU, you are responsible for ensuring that your organization complies with GDPR. In terms of GDPR you, as the user of EXINI SaMDs, are the data controller and EXINI, as the service provider, is the data processor. In advance of processing data with EXINI SaMDs, be sure that you have explicit consent from the patient whose data you are capturing. When data is sent to EXINI SaMDs, it is stored in a secure manner, and is encrypted in transit and at rest.
Our Commitment
EXINI (‘we’ or ‘us’ or ‘our’) are committed and dedicated to ensuring the security and protection of the personal information that we process, and to provide a robust, continuous and consistent approach to data protection. Our objectives for GDPR and HIPAA compliance include the development and implementation of data protection roles, policies, procedures, controls and measures to ensure continuous safeguarding of the personal information under our remit.
How we are implementing GDPR and HIPAA
Policies & Procedures – Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including HIPAA, are in place
Data Retention & Erasure – we have retention policies and are applying the privacy by design principle, meaning we store only data that is needed for the current task and only store it for as long as needed Data Breaches – as a medical device manufacturer we have breach procedures in place that ensure safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time
International Data Transfers & Third-Party Disclosures – when EXINI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure,
encrypt and maintain the integrity of the data
Processor Agreements – when we use a third-party to process personal information on your behalf, we have data processor agreements and/or business associate agreements in place.
Interested to learn more about our products, book a demo!
Our products
GDPR
When you use aPROMISE to process patient information related to a patient who is a resident of the EU, you are responsible for ensuring that your organization complies with GDPR. In terms of GDPR you, as the user of aPROMISE, are the data controller and EXINI, as the service provider, is the data processor. In advance of processing data with aPROMISE, be sure that you have explicit consent from the patient whose data you are capturing. When data is sent to aPROMISE, it is stored in a secure manner, and is encrypted in transit and at rest.
Our Commitment
EXINI (‘we’ or ‘us’ or ‘our’) are committed and dedicated to ensuring the security and protection of the personal information that we process, and to provide a robust, continuous and consistent approach to data protection. Our objectives for GDPR and HIPAA compliance include the development and implementation of data protection roles, policies, procedures, controls and measures to ensure continuous safeguarding of the personal information under our remit.
How we are implementing GDPR and HIPAA
Policies & Procedures – Data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including HIPAA, are in place
Data Retention & Erasure – we have retention policies and are applying the privacy by design principle, meaning we store only data that is needed for the current task and only store it for as long as needed Data Breaches – as a medical device manufacturer we have breach procedures in place that ensure safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time
International Data Transfers & Third-Party Disclosures – when EXINI stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure,
encrypt and maintain the integrity of the data
Processor Agreements – when we use a third-party to process personal information on your behalf, we have data processor agreements and/or business associate agreements in place.