EU GDPR Compliance Declaration
The General Data Protection Regulation (GDPR) defines the policies, procedures, and processes that are required for companies that store, process, or handle EU personal data.
ResolutionMD’s commitment is to protect the personal data of its employees, customers, vendors, and customer patients, and to preserve the confidentiality, integrity, and availability of that information. As a GDPR data controller and data processor, ResolutionMD outlines their policies and procedures in the ResolutionMD Privacy and Security Policy Manual.
Our comprehensive GDPR program addresses key areas such as:
- Principles of data protection, including processing that is lawful, fair, transparent, specified, explicit, legitimate, limited, and kept up to date, with retention limitations, appropriate data security, and organizational accountability.
- Rights of data subjects, including transparency, access, rectification, erasure, etc, as well as responding to these requests.
- Transfers to third countries with appropriate safeguards
- Data protection by design and by default, including pseudonymisation, access restrictions, etc.
- Security of information, with appropriate technical and organizational measures
- Breach notification management and procedure
Based upon the assessment completed by the audit committee, as per the GDPR Documentation Traceability Matrix, there is reasonable assurance that ResolutionMD has designed and implemented a privacy and security program that complies with GDPR regulation.
US HIPAA Compliance Declaration
The Health Insurance Portability and Accountability Act (HIPAA), as well as the related Health Information Technology for Economic and Clinical Health (HITECH) Act, defines the policies, procedures, and processes that are required for companies that store, process, or handle electronic protected health information (PHI).
ResolutionMD’s commitment is to protect the health data of patients and to preserve the confidentiality, integrity, and availability of information. As a HIPAA business associate, ResolutionMD outlines their policies and procedures in the ResolutionMD Privacy and Security Policy Manual.
Our comprehensive HIPAA program addresses key areas such as:
- Administrative safeguards, including risk management, defined policies and procedures, access management, training, security incident management, business continuity plan, auditing, and agreements.
- Physical safeguards, including facility access controls, workstation, and media controls.
- Technical safeguards, including access controls, integrity mechanisms, and transmission security.
- Security organizational and documentation requirements.
- Privacy policies and procedures, training, mitigation, documentation.
- Breach notification management and procedures
Based upon the assessment completed by the audit committee, as per the HIPAA Documentation Traceability Matrix, there is reasonable assurance that ResolutionMD has designed and implemented a privacy and security program that complies with HIPAA and HITECH acts.