Patient Privacy

In the course of caring for patients, Medtronic may receive personal medical information from consumers, patients, healthcare professionals, employees and others.  Privacy laws, as well as ethical obligation, require us to protect this information.

The expectations for protection of personal data are always evolving.  Medtronic continually updates its privacy efforts to manage how we gather, use and disclose personally identifiable information.  While our techniques may change the goal is always the same: to preserve the confidentiality of personal information and prevent it from inappropriate use or disclosure.

Information delivery and management is becoming integral to medical device technology.  Medtronic is moving forward to make this part of our core business strategy.  In 2010, we hired a full time Global Privacy Officer, who will be responsible for coordinating information management and protection strategies across businesses and across geographies. 

In addition, each of our business units continues to evolve its approach to privacy protection.  For example, our Cardiac Rhythm Disease Management (CRDM) business operates Carelink® and other systems that help physicians transmit and receive patient data to better manage care.  CRDM implemented a Patient Data Management Process to guide how we protect the confidentiality of patient health information.   CRDM has its own privacy officer to oversee use of patient data, develop ongoing guidance on data protection laws, policies and procedures, and to provide education, training and awareness across CRDM regarding data protection.  He in turn is supported by a Privacy Incident Response Team that is prepared to respond to potential security and privacy incidents.     

With regard to information security, Medtronic has created a Global Technology Council (GTC) to ensure that state-of-the-art technologies and controls are in place to protect the security and privacy of information.  The Company has issued a Global Information Protection Policy establishing Company-wide requirements and responsibilities for all employees to protect information security and privacy, including the use of controls such as passwords, access controls, encryption and incident management.  To improve awareness and understanding of the importance of these issues, Medtronic has communicated its Global Electronic Resource Use Policy across the Company, in multiple languages, describing appropriate and acceptable use of systems, networks, devices and information.