AG Mednet is a software development / software services company (vendor) providing software-as-a-service to the life sciences industry. AG Mednet personnel are not directly involved in the execution of any clinical trial protocols and AG Mednet does not create or review clinical trial records. Patient identifying data is de-identified according to protocol requirements prior to entering the AG Mednet network. Patient identifying data is not stored on the AG Mednet network. It would be only under rare service and support circumstances that an AG Mednet employee would be exposed to patient data.
In the rare occasions when employees might be exposed to private patient data, AG Mednet is committed to protecting the privacy of individually identifiable health information. As a service provider of customers that are covered entities, AG Mednet complies with the administrative simplification section of HIPAA and the equivalent regulations in Europe and Asia. The privacy regulations applicable to AG Mednet include the Standards for the Privacy of Individually Identifiable Health Information (the “Privacy Standards”), the Security Standards for the Protection of Electronic Protected Health Information (the “Security Standards”) and the requirements for Breach Notification for Unsecured Protected Health Information (the “Breach Notification Requirements”). All of these regulations establish requirements with respect to the use and disclosure of Protected Health Information by AG Mednet. HIPAA and its equivalents in Europe and Asia are not the only laws governing AG Mednet with respect to patient privacy. AG Mednet’s policy is also to comply with state laws and other federal laws governing patient privacy, to the extent those laws are not preempted by other regulations and to the extent applicable to AG Mednet. AG Mednet trains all employees to the Privacy Standards, the Security Standards and the Breach Notification Requirements. All AG Mednet employees and contractors are expected to familiarize themselves with these policies and are furthermore required to sign a HIPAA Agreement upon hire at AG Mednet as well as an Access to Production acknowledgement and acceptance of responsibilities form for those individuals given access rights to the production servers.
It is understood that a violation of protected health information could be detrimental to AG Mednet, its personnel, patients and the Covered Entities with whom AG Mednet interacts. It would violate AG Mednet’s commitment to patient privacy. Failure to follow AG Mednet’s policies and procedures may lead to civil and criminal liability for AG Mednet employees and the end users of our products and services and may result in the termination of employment at AG Mednet. Employees are made aware of how imperative it is that all personnel comply with the Program, immediately report any potential violation of the program to Management, and assist AG Mednet personnel and authorized outside personnel in investigating any alleged violations.
We are also happy to sign any Business Associate Agreements (BAA) or other privacy related documentation if requested to do so.