NIMBLE respects the privacy of our employees, our suppliers and our clients and ensures that the personal information collected remains secure and protected.
• Secure databases to store data
• Security applied to data transfers
• PHI (protected health information)
• Use of third-party maintained software/libraries
• Restricted access to code
• Apps and web portals with authentication functionality
As medical device manufacturer, patients come first. To protect the devices, products, and systems that connect patients to healthcare professionals and institutions, innovation in connectivity comes with an increased focus on cybersecurity as providing critical information sometimes occurs in real-time.
NIMBLE remains proactive, vigilant, and efficient in addressing potential cybersecurity risks. NIMBLE continuously improves its processes, measures, and systems implemented to safeguard information using technology to shield against cybercriminals:
• Firewall and antivirus software
• Password managers, best practices and multi-factor authentication
• Data backups and Update/Patch of devices, applications, and operating systems
• Employee Education and Training: adhering to cybersafe practices and reporting cybersecurity breaches phishing attacks and email spam, online scams and fraud, ransomware, and malware
INFORMATION THAT NIMBLE COLLECTS
NIMBLE does not automatically gather any personal information. This information is only obtained if you supply it voluntarily, as prompted by data-entry points on the app or website.
When you create an account with us, we ask that you provide personal information such as your email, typically for the purpose of contact. Any personal information provided is managed according to the Alberta Freedom of Information and Protection of Privacy Act. This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
If you agree to participate in a study with our product, we collect PHI as outlined in the signed Informed Consent. Depending on your level of interaction with the data collection device or the content of the study protocol, the amount of PHI will vary.
DISCLOSURE TO THIRD PARTIES
Your entered information may be shared with our partner companies in order to better service your use of our products. Any PHI will be de-identified prior to sharing. These companies will be verified to provide the same level of protection. We will never sell, rent or trade this information to third parties.
RIGHTS REGARDING YOUR INFORMATION
You have the following rights regarding the protected health information that we maintain about your customers:
Right to Inspect and Copy. You have the right to inspect and copy your information. This information tends to be PHI. To inspect and copy this information, you must submit your request in writing to the Privacy Officer. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request. Records of protected health information will not be maintained for longer than is necessary to provide the subscribed services.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to protected health information, you may request that the denial be reviewed. We will choose another licensed health care professional who was not directly involved in the denial to conduct the review. We will comply with the outcome of the review.
Right to Amend. If you feel that the information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment of the information about you in a designated record set for as long as the information is kept by us. To request an amendment, your request must be made in writing and submitted to the Privacy Officer. In addition, you must provide a reason that supports your request.
Right to Request Restrictions. You have the right to request a restriction or limitation on the information we use or disclose about you. To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply.
Right to Receive Notice of a Breach. We are required to notify you by first class mail or e-mail, of any breaches of the privacy of the protected health information as soon as possible, but no later than the time period prescribed by privacy regulations. The notice is required to include the following information:
• A brief description of the breach, including the date of the breach and the date of its discovery, if known;
• A description of the type of unsecured protected health information involved in the breach;
• A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches; and
• Contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information.
Right to Deletion. You have the right to request the withdrawal and deletion of your data. To request restrictions, you must make your request in writing to the Privacy Officer. If participating in a study and wishing to withdraw your study data, you must make this request to the Clinical Coordinator.
COMPAINTS AND CONTACT INFORMATION
If you have any questions about this Notice or wish to request further information, contact the Privacy Officer listed below.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Privacy Commissioner. To file a complaint with us, contact the Privacy Officer listed below. All complaints must be submitted in writing. You will not be retaliated against for filing a complaint.