“BEAM” or “Service” is a service to securely exchange image and data between hospitals, clinics, providers and patients.
“BEAM Cloud” is a cloud-based service that allows BEAM Subscribers to exchange image and data with BEAM Cloud Users.
“BEAM Cloud User” is a patient, a patient representative, or a healthcare provider that is registered with us to use BEAM Cloud.
“BEAM Subscriber” is a subscriber to the BEAM service, typically hospitals and clinics and their users of BEAM.
“Data Processors” means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Data Processors to process your data more effectively.
“Exchanged Data” or “Exchange Data” means any information exchanged between BEAM Subscribers, including Personal Data and Health Information (which is a Special Category of Personal Data under the GDPR).
“Personal Data” means any information that identifies or can be used to identify you or another individual, directly or indirectly. Examples of Personal Data include, but are not limited to, first and last name, email address, phone number and occupation.
“Health Information” means any information that is part of a patient’s medical record and is a Special Category of Personal Data under the GDPR.
“Visitor” means any person who visits any of our Websites.
“you” and “your” means, depending on the context, either a Visitor, BEAM Subscriber or BEAM Cloud User.
“Website(s)” means any website(s) we own and operate.
Lawful Basis of Processing Personal Data
In order to process Personal Data of our BEAM Cloud Users and Subscribers we rely on the following lawful basis:
Personal Data Collection and Processing
We collect and process Personal Data applicable to the following:
Information We Collect Applicable to Visitors, BEAM Subscribers, and BEAM Cloud Users
Information We Collect Applicable to BEAM Subscriber’s Exchanged Data
When you use our Services to Exchange Data, we process the data that you approved to send and we log the exchange. We may use Personal Data logged during an exchange for customer support or Service maintenance purposes, such as providing you with support to troubleshoot technical issues with an exchange that either you are sending or receiving. If Personal Data is included, it may be logged during the exchange. For example, if you exchange medical imaging studies, a limited amount of demographic and data elements will be logged for evidence of the transfer. If you transmit a study to BEAM Cloud, the study is temporarily stored on our servers and deleted after 30 days and the BEAM Cloud account is deleted within 90 days of inactivity.
Use of Personal Data
We may use Visitors’ and BEAM Subscribers’ Personal Data including name, address, phone number, IP address, and email address for many reasons, including:
We may use Visitors’, BEAM Cloud Users’, BEAM Subscribers’, and BEAM Subscriber Exchanged Data’s Personal Data:
Data Protection Rights
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with the GDPR 2016. We may ask you to verify your identity to help us respond efficiently to your request.
You can exercise your rights by contacting us. See contact details below.
We may share your Personal Data with a potential buyer (and its agents and advisors) in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition.
We take appropriate and reasonable organizational, administrative, technical, and physical measures to safeguard your Personal Data from loss, misuse, unauthorized access, disclosure, alteration and destruction such as encrypting data at rest and in transit, security information training for all staff, as well as periodic security risk assessments, vulnerability testing, and penetration testing.
Our servers providing BEAM Services for our EEA customers are located in Ireland and we do not transfer Personal Data outside of those servers but they may be accessed by our employees and service partners located in the UK, Canada and the United States who are providing support services for our BEAM Subscribers and BEAM Cloud Users. Visitor Personal Data may be transferred to, stored, processed or accessed outside of Ireland from either Canada or the United States. While the data protection, privacy, and other laws of the United States might not be as comprehensive as those in your country, we take many steps to protect your privacy.
If you are in the EEA and have a concern about the way in which we have handled any privacy matter, please contact our EU Data Protection Representative by email: [email protected]. Alternatively, they can be reached by post: The DPO Centre Europe, Alexandra House, 3 Ballsbridge Park, Dublin, D04C 7H2; by phone: +353 1 631 9460; by website: www.dpocentre.com. You also have the right to lodge a complaint with your local data protection supervisory authority (list here: https://edpb.europa.eu/about-edpb/board/members_en).
To contact OneMedNet directly about other matters, please send us a message to [email protected]. You may also contact us by post or telephone at:
Attn: Privacy Officer/DPO
6385 Old Shady Oak Rd Suite 250
Eden Prairie, MN 55344
Tel +1 800-918-7189