Medtronic CardioSight™ Service: Data Use Policy

Medtronic.com | Physician Information | Cardiology/Electrophysiology

CardioSight^™ Service

Indications, Contraindications, Warnings, Precautions and Adverse Events

CRDM Data Warehousing and Analytics Services Patient Data Use Policy for the United States

Executive Summary:
CRDM DWAS1 data use policies, practices, and procedures for data received through the Medtronic CareLink® Network will be compliant with all applicable Medtronic policies and legal/regulatory requirements.

Data Regarding Patients:
Medtronic’s use of Protected Health Information (PHI)2 transmitted through the CareLink Network is governed by HIPAA, applicable state laws and the terms of the Business Associate Agreement (BAA) between Medtronic and each CareLink account. Medtronic will use PHI as allowed under these applicable laws and agreements. Medtronic will not use PHI for marketing purposes.

Medtronic’s use of a Limited Data Set (LDS)2 will also be consistent with applicable laws and agreements. Medtronic will not use a LDS for marketing purposes.

In accordance with applicable law and agreements, Medtronic may also create a de-identified data (DID)2 set. As allowed by law, DID may be used for various internal and external purposes and may be shared with external organizations. However, it will not be used to re-identify patients for patient-specific marketing purposes.

Data Regarding Health Care Professionals and CareLink Accounts:
Medtronic may use information that identifies health care professionals and CareLink accounts for the operational purposes of managing, monitoring, and/or improving the operation and utilization of the CareLink Network and to meet any legal obligation Medtronic may have. Medtronic will use reasonable safeguards to not otherwise use data that identifies specific accounts by name unless so requested by or allowed by the account.

As allowed by law, Medtronic may use aggregated or de-identified health care professional or health care facility information for various internal and external purposes.

Data Access and Control Procedures:
Access to PHI will be overseen in accordance with Medtronic policies with processes that meet the requirements of any applicable law or agreement.

Data will be secured using industry-standard physical and procedural security safeguards to prevent loss or unauthorized access of the data.

Any known security breaches will be reported to the affected account as required by applicable law or agreement.

1 Data Warehousing and Analytics Services

2 As defined by Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) established to implement the requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Additional Information

To learn more about CardioSight Service, please contact your Medtronic sales representative or call 1-800-929-4043.