Notice of Privacy Practices

IF YOU ARE A PATIENT OF MEDTRONIC PRODUCTS, THIS NOTICE DESCRIBES HOW YOUR PERSONAL AND HEALTH INFORMATION MAY BE USED AND DISCLOSED BY MEDTRONIC, AND YOUR RIGHTS TO ACCESS SUCH INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices ("Notice") applies to your Protected Health Information (PHI), as defined below, created or received by MiniMed Distribution Corp. (wholly-owned by Medtronic MiniMed, Inc), doing business as Medtronic Diabetes ("Medtronic"). This Notice explains how your PHI may be used and shared with others. It also explains your rights regarding your PHI.

Medtronic complies with U.S. laws regarding the protection and security of your PHI, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended, and the privacy/data protection laws of other countries when applicable. It is your responsibility to review this Notice closely (new patients will receive a hardcopy version of this Notice with their product shipment), and acknowledge and agree to its provisions. Please note Medtronic will notify you in accordance with HIPAA standards and requirements, in breach or unauthorized disclosure of your PHI.


> TOP

 

How Medtronic May Use and Disclose Your Protected Health Information

Protected Health Information

"Protected health information (PHI)" is defined under HIPAA and consists of personal and health information that can be used to identify you including information about your physical or mental health or condition, health care services/products that you received, other medical records information, and/or your coverage or payment for health care. We are committed to safeguarding all PHI collected about you, while Medtronic provides medical devices and supplies, relevant services, education and/or training. Examples of PHI can include:

  • Information about your diagnosis/disease (e.g., type 1 or type 2 diabetes));
  • Information about your health condition (e.g., your blood glucose levels);
  • Information about health care products or services provided to you (e.g., insulin pumps, continuous glucose monitoring products or training on the use of Medtronic products);
  • Geographic information (e.g., your home or work address);
  • Demographic information (e.g., your name, date of birth, gender or age);
  • Unique numbers that may identify you (e.g., your medical record number, phone number(s), driver's license or state certificate number, etc.); or
  • Other types of information that may identify you and reveal information about your health.

> TOP

 

Treatment, Payment, or Health Care Operations.

We may use and disclose your Protected Health Information (PHI) to other parties for purposes of providing you with treatment (i.e., furnishing health care products, therapies, or services), collecting or facilitating payment for such treatment, and/or to run our normal healthcare operations. These exceptions under HIPAA for using/disclosing data to third parties are explained in more detail as follows:

Treatment. Medtronic may share PHI with third parties for all treatment related purposes. Examples include faxing or securely emailing documents with your physicians, nurses, and other clinicians, or other health care providers involved in your care, such as communications about product orders, healthcare services, appointments, office visits, diagnostic tests, or therapy updates.

Payment. Medtronic may share PHI when and as a part of submitting health insurance claims, facilitating payments and reimbursement, collecting amounts due or outstanding balances, etc. These communications and sharing of information will typically be with insurance companies and government programs (Medicare and/or Medicaid).

Health Care Operations. Medtronic may utilize (and share with third parties when appropriate or necessary) your PHI for normal health care operations, such as conducting quality or compliance audits, quality assurance measures, analyzing cost effectiveness of products and services, analyzing clinical and therapeutic benefits and outcomes, and improving our services and medical devices. In addition to Medtronic utilizing your PHI for internal purposes related to the above, Medtronic may use PHI for new product and/or service development, data analytics, and research & development (in these cases, Medtronic will never share your identifiable PHI with any third party without your express consent).

> TOP

 

Friends and Family Involved in Your Care; Emergencies.

We will only disclose PHI to those taking care of you, helping to pay your medical bills, or family members or friends if these people need to know this information to help you, and then only to the extent permitted by law. If you need emergency treatment and we are unable to obtain your consent, we may share your PHI with a family member, relative, or close personal friend who is involved in your care, or making payment for that care. We may also notify, or assist others in notifying, a family member, friend, or another person responsible for your care about your location, general condition, or if necessary, about your death. In some cases, we may need to share your PHI with a disaster relief organization that will help us notify these persons.

> TOP

 

To Business Associates.

Some services are provided by Medtronic through contracts with other companies, such as billing companies, information system vendors, other health care companies, product trainers, or financial/legal firms. In these cases, we will enter into appropriate contracts with these companies (called “Business Associates”) to ensure your PHI is protected. When necessary, we may disclose your PHI to our Business Associates so that they can perform the job we have contracted with them to do; these Business Associates may not use your PHI for any other reason. Under their contracts with Medtronic Business Associates must safeguard your PHI and cannot re-disclose the PHI unless specifically permitted by law.

> TOP

 

To Government Agencies or Officials.

We may disclose your PHI to authorized government health officials (or a foreign government agency collaborating with such officials) to carry out public health activities (for example, we may disclose your PHI to government officials who are responsible for controlling disease, injury, or disability). We may also release your PHI to government agencies (for example, the federal Food and Drug Administration (FDA) or the federal Department Department authorized to conduct audits, investigations, and inspections of our facilities or privacy practices. These government agencies can monitor the operation of the health care system, or compliance with government regulatory programs or civil rights laws.

> TOP

 

Product Monitoring, Repair and Recall.

We may disclose your PHI to the U.S. Food and Drug Administration (FDA) to: (1) collect, report or track adverse events, product defects or problems; (2) repair, replace, or recall defective or dangerous products; or (3) monitor the performance of a product after it has been approved for use by the general public.

> TOP

 

As Required By Law; Lawsuits and Other Proceedings.

We may disclose your PHI if required to do so by federal, state, or local law, or if ordered by a court or by another properly authorized body, such as in response to a subpoena, discovery request, or other legal request made by someone involved in the dispute. We may disclose PHI in the context of civil litigation where you have put your PHI at issue in the litigation.

We may release PHI about you to authorized federal officials for intelligence, counter-intelligence, and other national security activities only as required by law. We may disclose PHI about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations only as required by law.

> TOP

 

Law Enforcement.

We may disclose your PHI to law enforcement officials to: comply with court orders, subpoenas, or warrants. In addition, we are required to report certain types of wounds, such as gunshot wounds and some burns. In most cases, reports will include only the fact of injury, and any additional disclosures would require your consent or a court order.

We may also release PHI to law enforcement that is not a part of the health record (non-medical information) for the following reasons: 1) to assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person; 2) if you have been the victim of a crime and we determine that (i) we have been unable to obtain your consent because of an emergency or your incapacity, (ii) law enforcement officials need your PHI immediately to carry out their law enforcement duties, and (iii) in our professional judgment disclosure to these officials is in your best interests; 3) if we suspect that your or someone else’s death resulted from criminal conduct; 4) about criminal conduct at our facility; and 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

> TOP

 

To Avert a Serious Threat to Health or Safety.

We may use or disclose your PHI when necessary to prevent a serious threat to your health or safety, or to the health or safety of another person or to the public. In such cases, we will only disclose your PHI to someone able to help prevent the threat, including the target of the threat.

> TOP

 

Military and Veterans.

If you are in the Armed Forces, we may disclose PHI to appropriate military command authorities if required to do so by law, or when we have your written consent. We may also release PHI about foreign military personnel to the appropriate foreign military authority as required by law or with your written consent.

> TOP

 

Inmates and Correctional Institutions.

If you are an inmate or you are detained by a law enforcement officer, we will disclose your PHI to prison or law enforcement officials only as permitted by law.

> TOP

 

Workers' Compensation.

We may disclose your PHI as authorized by and to the extent necessary to comply with laws relating to workers' compensation or similar programs that provide benefits for work-related injuries or illness.

> TOP

 

Coroners, Medical Examiners, and Funeral Directors.

We will disclose your protected health information to a coroner or medical examiner in the case of certain types of death, and we must disclose health records upon the request of the coroner or medical examiner (e.g., to determine the cause of death or for identification purposes) We may also release the fact of death and certain demographic information about you to funeral directors as necessary to carry out their duties.

> TOP

 

Research.

In most cases, we will ask for your written authorization before using or disclosing your PHI with others to conduct research. However, under some cases, we may use and disclose your PHI without prior authorization when the research has been approved by an Institutional Review Board or Privacy Board. Under no circumstances, however, would we allow researchers to use your name or identity publicly. We may also use or disclose PHI for research purposes if we remove all identifying information (e.g., your name, telephone number, Social Security number, medical record number and account number). Also, in some cases, researchers may be permitted to use PHI in a limited way to determine whether the study or the potential participants are appropriate. Finally, if there is a death, we may share the deceased’s PHI with people who are conducting research using the PHI of deceased persons.

> TOP

 

Victims of Abuse, Neglect, or Domestic Violence.

We may release your PHI to a public health authority that is authorized to receive reports of abuse or neglect of a child or vulnerable adult, or in the case of domestic violence. We will make an attempt to obtain your permission before releasing this information, but in some cases we may be required or authorized to act without your permission.

> TOP

 

Education and Information.

We may use your PHI to inform you about new, updated, or alternative products and therapies, conducting relevant or necessary training on new or existing products, providing educational or self-help programs, or invitations to special programs, events, or offers on existing products.

> TOP

 

Written Authorization.

Except as described in this Notice, we will obtain your written authorization or consent before using your PHI or disclosing it to persons or organizations outside of Medtronic. Also, we will obtain an authorization for any communications with you for marketing purposes, or any disclosures that constitute a sale of PHI. You may revoke any written authorization you have provided to us in writing, at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons covered by your written authorization, except to the extent that we have made any use(s) or disclosure(s) of your PHI in reliance on an existing authorization. We are unable to take back any disclosures we have already made with your permission, and we are required to retain our records of the care that we have provided to you. To revoke an authorization, please send your request in writing with a copy of the authorization being revoked (or, if not available, a detailed description of the authorization including the date) to our Privacy Official at the address below.

> TOP

 

How You Can Access And Control Your Protected Health Information:

Inspect and Copy Records.

You may request a copy of your PHI for inspection, which includes your medical and billing records. Under certain other circumstances, we may deny your request for a copy of your PHI. If we deny any part of your request, we will provide a written explanation of the reasons, but provide complete access to the remaining parts.

To obtain a copy of your PHI, please complete and submit our Request for Access to Protected Health Information form to the Patient Services Department. For a copy of this form, please call us toll-free at (800) 646-4633. We may charge a reasonable fee for the costs of copying, mailing, or other supplies we use to fulfill your request, to the extent permitted by state and federal law.

Because we maintain your PHI electronically as part of a designated record set, you have the right to receive a copy of your PHI in electronic form upon your request (e.g., requesting the copy to be sent in an e-mail communication). You may also direct us to transmit your PHI (whether in hard copy or electronic form) directly to an entity or person clearly and specifically designated by you in writing.

> TOP

 

Amend Records.

If you believe that your PHI is incorrect or incomplete, you may ask us to amend the PHI, for as long as we retain your information. To request an amendment, please submit a written request to our Privacy Official at the address below. Your request must include your reason for the request. We may deny your request for an amendment if the request is unreasonable or restricts/burdens Medtronic from serving you as a patient. In addition, we may deny your request if you ask us to amend information that: 1) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; 2) is not part of the medical information we maintain; 3) is not part of the information you would be permitted to inspect and copy; or 4) creates an inaccuracy or incompleteness.

> TOP

 

Accounting of Disclosures.

You may request an "accounting of disclosures", i.e., how we have shared your PHI with other persons or organizations within the past six (6) years. This accounting, however, will not include disclosures that were made directly to you; pursuant to your authorization; in accordance with other permissible purposes (e.g., treatment, payment, or health care operations); disclosures for national security or intelligence purposes; disclosures to correctional institutions or law enforcement with custody of you; disclosures that took place before April 14, 2003; or certain other disclosures. To request an accounting, please write to our Privacy Official at the address below, including the specific time period for the disclosures. The accounting period may not go back further than six years from the date of this request. You may receive one free accounting in any 12-month period. We will charge you for additional requests based on the reasonable costs involved in providing this to you.

> TOP

 

Right to Request Restrictions.

You may request a restriction or limitation on the PHI we use or disclose about you. If you directly pay for a product or service in full (without obtaining insurance coverage), then you may request that we not disclose any information pertaining to such purchase to your health plan for purposes of payment or health care operations. We must agree to this restriction when the information pertains solely to the product or service for which you have paid in full; we may not agree to this request, however, when the law requires us to submit a claim to a health plan and prohibits us from accepting payment from you.

We are not required to agree to any other requests. If we do agree to any other requests, we will comply with such request unless the information is needed to provide you with emergency treatment or in similar circumstances.

To request such a restriction, please write to our Privacy Official at the address below and tell us: 1) what information you would like to limit; 2) whether you would like to limit our use, disclosure, or both; and 3) to whom you want the limits to apply.

> TOP

 

Confidential Communications.

You may request that we contact or send PHI to you in a certain way or at a certain location, such as only at work or home, or only by mail. To request a confidential communication, please write to our Privacy Official at the address below and state how or where you wish to be contacted. We will not ask you the reason for your request, and we will accommodate all reasonable requests.

> TOP

 

Right to a Paper Copy of this Notice.

You have the right to receive a paper copy of this Notice of Privacy Practices, and may ask us for a copy of this Notice any time. This Notice of Privacy Practices is also available on our website at www.medtronicdiabetes.com.

> TOP

 

How to File a Complaint.

If you believe your PHI has not been safeguarded, protected, or handled as required by law or pursuant to the terms of this Notice of Privacy Practices, you may file a complaint with Medtronic by submitting your complaint in writing to our Privacy Official. Medtronic will not retaliate or take action against you for filing any such complaint. If you wish, you may also file a complaint or seek resolution with the Secretary of Health and Human Services (200 Independence Avenue, S.W. Washington, D.C. 20201; (202) 619-0257; www.hhs.gov/ocr/office/index.html).

> TOP

 

How to contact the Privacy Official for Medtronic Diabetes.*

If you have any questions, comments, or complaints, you may contact the Privacy Official in the Legal Department by contacting at (800) 646-4633, or in writing at the following address:

Medtronic MiniMed, Inc.

18000 Devonshire Street

Northridge, CA 91325-1219

ATTN: Privacy Official, Legal Department

> TOP

 

Changes to This Notice.

The effective date of this Notice is April 14, 2003, and it has been updated on September 6, 2016. We reserve the right to change this Notice of Privacy Practices, and to make the revised or changed Notice effective for PHI we already have about you, as well as any PHI we receive in the future. If the terms of this Notice are changed, we will provide you with a revised Notice only upon request, and we will post the revised Notice on our website.