BDM Healthware Privacy Policy

BDM Healthware Inc. (“BDM,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit our website, https://www.bdmhealthware.com/ (the “Website”), and in connection with the web-based healthcare technology solutions and services we provide to our customers (“Services”).

As an international organization, BDM Healthware is committed to protecting your privacy in accordance with a wide array of data protection laws in the jurisdictions where we operate. Our practices are designed to comply with major privacy and health information legislation, including but not limited to:

• Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial health information laws like Saskatchewan’s Health Information Protection Act (HIPA).
• The United States’ Health Insurance Portability and Accountability Act (HIPAA).
• The Bahamas’ Data Protection Act.

1. What Information We Collect and Why

We collect information in a few different ways, depending on how you interact with us.

a) Information You Provide to Us When you fill out a contact form, request a demo, or otherwise send us an inquiry through our Website, we collect the personal information you provide, such as your name, email address, phone number, and the content of your message. We use this information solely to respond to your inquiries and communicate with you.

b) Information We Process Through Our Services When our web-based applications are used by healthcare institutions (our “Customers”), we process Protected Health Information (PHI) and Personally Identifiable Information (PII) on their behalf. In this context:

• Our Customers are the Data Owners: The hospital or healthcare institution owns all data collected and generated within our applications.
• BDM Acts as a Service Provider: We process information about patients and authorized application users (e.g., healthcare professionals) according to our contractual agreements with our Customers.
• Secondary Use is Prohibited: BDM Healthware will not create, export, store, or distribute information obtained from patient data for any secondary use, including anonymized data or statistical analyses.

3. How We Share and Disclose Information

We do not sell or rent your personal information. We may share information under the following limited circumstances:

• With Service Providers: We may engage third-party companies (e.g., for web hosting) who are contractually obligated to protect your information.
• As Directed by our Customers: When processing PHI, we share it only as necessary to provide our Services and with appropriate safeguards in place, such as Business Associate Agreements (BAAs).
• For Legal Reasons: We may disclose information if required by law or in response to a valid legal process.

4. Data Security and Retention

We implement security measures appropriate to the sensitivity of the information we handle. Our security practices differ between our public Website and our healthcare Services.

a) On Our Website We are committed to ensuring the information you submit on our Website is secure.

• Encryption in Transit: Our Website uses secure transport protocols (HTTPS) to encrypt information you submit through contact forms.
• Access Control: Access to the information you provide is restricted to authorized personnel who require it to respond to your inquiries.
• Retention: We retain personal information from Website inquiries only as long as necessary to manage your request or as required by law.

b) In Our Healthcare Applications (Our Services) Our Services are designed with robust safeguards to protect sensitive Protected Health Information (PHI) and Personally Identifiable Information (PII). Our security framework is based on principles from our comprehensive internal security program and includes:

• Encryption: Security for our applications is a shared responsibility.
  • For Services hosted by BDM, we enforce encryption for data both at rest and in transit.
  • For Services hosted by our Customers on their own infrastructure, we provide the capability for encryption. The implementation and management of these security controls are the responsibility of the Customer.
• Access Control: Access to data within our applications is strictly managed based on the principle of least privilege and role-based access control (RBAC), ensuring users are granted only the minimum access necessary for their job duties.
• Data Retention and Disposal: Data is retained and securely disposed of according to our contractual agreements with our Customers and their specific data retention policies.

5. Your Privacy Rights

You have rights regarding your personal information. These may include the right to access a copy of your data, correct inaccuracies, or request its deletion, subject to legal limitations.

• For Website Information: To exercise your rights regarding information you have provided to us through the Website, please contact our Privacy Officer.
• For Health Information in our Services: If you are a patient and want to exercise your rights regarding your health information processed in our applications, you must contact your healthcare institution directly. As the Data Owner, they are responsible for managing these requests. We will assist them as required by our contractual and legal obligations.

6. Cookies, Analytics, and Tracking Technologies

We use cookies differently on our Website than we do in our web-based healthcare applications.

a) Our Website (https://www.bdmhealthware.com) uses Google Analytics to automatically collect data to help us understand how our site is used and to improve your experience. This includes online identifiers and information about your device, browser, and how you interact with our pages. You can opt out of this data collection using the Google Analytics Opt-out Browser Add-on.

b) In Our Healthcare Applications (Our Services) we use cookies that are essential for the application to function securely and correctly. These are known as “session” or “strictly necessary” cookies. They are used to maintain your login session, ensure secure access to information, and manage application state. We do not use any analytics or tracking cookies within our healthcare applications.

7. Links and Third-Party Content

Our Website may include embedded content or links to other sites. We are not responsible for the privacy practices of these third-party sites.

8. Children’s Privacy

Our Website is not intended for use by anyone under the age of 13. We do not knowingly collect personally identifiable information from children on our Website.  Our Healthcare Applications support healthcare institutions with patients of all ages. 

9. Changes to this Privacy Policy

We may update this policy from time to time. We will post the new policy on this page and update the “Last Updated” date.

10.0 Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact our Privacy Officer. You can report any privacy and security concerns to the BDM Help Desk.