EMSI Privacy Notice
In selecting EMSI as a vendor, its clients express confidence in the reputation EMSI has built as the national leader in medical information services including in-home biospecimen collection and phlebotomy, patient monitoring, medical records retrieval and data abstraction, drug and breath alcohol testing, and health related tele-interviews. EMSI serves the world’s leading clinical research organizations, insurance carriers, pharmaceutical firms, airlines, rail systems and wellness companies. In appreciation of that commitment, and to demonstrate EMSI’s clients’ confidence is justified, EMSI has established the following privacy notice. EMSI understands the privacy of information entrusted to it by clients is vital, and EMSI is committed to protecting that privacy.
EMSI maintains security policies and practices in its facilities and systems to protect appropriate information from unauthorized access and inappropriate disclosure, alteration or destruction. A written Security Program has been developed, documented and implemented that includes administrative, technical and physical safeguards. Security may include, but is not limited to, encryption, physical access security and other appropriate technologies and processes. EMSI continually reviews and enhances security systems and processes as necessary. Personnel who fail to hold in confidence private information are subject to disciplinary processes. Personnel are required to execute an acknowledgement of their receipt and understanding of EMSI’s policies and procedures containing confidentiality obligations, to which they are subject.
EMSI does not sell private information. EMSI does not compile or distribute mailing lists or consumer marketing data from information received from clients. EMSI does not modify or correct information obtained from other persons or organizations, since such information is not prepared by EMSI.
Information We May Collect
Generally, EMSI is authorized by its clients to act as their representatives in obtaining information about individuals that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). Except for IP addresses for customers visiting certain EMSI websites, EMSI only obtains personal information when authorized by the individual who is the subject of the personal information (which authorization may be obtained from the individual by EMSI’s clients). The following categories of personal information are the types of personal information EMSI may have collected within the last twelve (12) months:
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, Social Security number, driver’s license number, passport number, or other similar identifiers.|
|Personal information||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number and coverage, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information, family history, lifestyle characteristics, general reputation, habits, use of drugs or alcohol, driving record, death records, civil and criminal court records, participation in hazardous hobbies or activities, tax records. Some personal information included in this category may overlap with other categories|
|Protected classification characteristics||Age, race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, familial health information.|
|Commercial information||Records of personal property, credit information|
|Biometric information||Physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, or other physical patterns, and sleep, health, or exercise data.|
|Geolocation data||Physical location|
|Professional or employment-related information||Current or past job history|
|Inferences drawn from other personal information.||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.|
“Personal information” does not include:
- Publicly available information from government records.
- De-identified or aggregated consumer information.
excluded from certain regulatory requirements, such as:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
The personal information listed above may come from the following categories of sources:
- Directly from our clients or their agents. For example, from documents that our clients provide to us related to the services for which they engage us.
- Indirectly from our clients or their agents. For example, information collected from our clients’ service providers in the course of EMSI providing services.
- Directly from you, for example, through information you provide when our clients or their agents engage our services.
- Directly and indirectly from our customer website portal application and customer web application programming interface (or web API). For example, from submissions through our website portal or website usage details collected automatically.
- From third-parties that interact with us in connection with the services we perform. For example, government or state agencies, medical facilities, independent consumer reporting agencies that collect information fairly and lawfully.
Use of Personal Information
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To fulfill or meet the reason for which the information is provided. For example, if you provide us with personal information in order for us to perform the services our customer hired us to carry out.
- To carry out our obligations and enforce our rights arising from any contracts entered into between EMSI and its clients.
- Internally to improve our services.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- As described to you when collecting your personal information.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
In the preceding twelve (12) months, we may have disclosed the following categories of personal information for a business purpose:
- Personal information
- Protected classification characteristics
- Commercial information
- Internet and other similar network activity
- Geolocation data
- Professional or employment-related information
- Inferences drawn from other personal information
We may disclose your personal information for a business purpose to the following categories of third parties:
- The customers we service
- Our affiliates
- Service providers
- Third parties to whom you or your agents authorize us to disclose your personal information in connection with products or services we provide to you
EMSI does not sell personal information, and in the preceding twelve (12) months we have not sold any personal information.
Obtaining and Sharing Information
EMSI respects the privacy of individuals while obtaining information for legitimate businesses that can demonstrate an appropriate need for the information. EMSI obtains information ordered by its clients using sources identified by clients – either the subject individual or a reputable source. EMSI obtains and discloses such information pursuant to appropriate written authorizations to gather information for, and disclose it to, its clients for the purposes of their legitimate business purposes authorized by law. EMSI handles such information in accordance with its clients’ directions, the written authorizations where applicable, EMSI’s contracts with clients, and applicable law. EMSI does not share information it obtained for a client with its other clients, unless the subject’s authorization permits such. EMSI will not disclose any personal information to any third party, excepting our agents and contractors, for the limited purpose of providing services to us and who are obligated to keep the information confidential. EMSI may share personal information if we are legally required to do so, for example, in response to a subpoena, court order or other legal process. Personal information is only disclosed to third parties who have written agreements with EMSI to protect personal information in a manner consistent with the relevant aspects of EMSI’s Privacy Notice. You are not able to limit our ability to share your personal information with other companies for servicing and administration purposes.
Retention and Disposal
EMSI will retain information as necessary to fulfill the stated purposes or for a period specifically required by law, regulation or customer contract. Upon the end of the retention period, the information will be disposed of in a manner that prevents loss, theft, misuse, or unauthorized access.
EMSI does not use the information it obtains on behalf of its clients. Therefore, if a subject of information desires to opt out of having the information used for any purpose, the subject should address this option with EMSI’s client when the subject provides the authorization to release information to EMSI’s client. However, when EMSI makes a direct inquiry of the subject of the information, there is an opportunity presented for the subject to opt out of providing the information. In these instances, the subject need only decline to provide the requested material. In all other instances, EMSI only gathers and discloses the information pursuant to the subject’s written authorization obtained by EMSI’s clients or pursuant to the subject’s direct response to questions asked during an interview process. Should the data subject of the information decide to Opt Out after an authorization has been submitted, the data subject must contact the entity with which the subject has the direct relationship to discuss the consequences of refusing to allow collection of the requested information.
Access to Information
Because EMSI is a service provider to other businesses, if a data subject wishes to obtain copies of, requests to know, requests deletion or requests record of disclosure relative to the information obtained by EMSI, the subject should submit the request directly to the business on whose behalf EMSI processed the information. Should you need assistance with identifying the business, please click on the link below and complete the form or send a written request to:
Examination Management Services, Inc.
Attention: Compliance Department
3050 Regent Blvd., Suite 100
Irving, TX 75063
The written request needs to include appropriate identifying information so that we may verify the subject’s identity and should include a description of the request with sufficient detail that allows EMSI to properly understand, evaluate, and respond to it.
https://www.emsinet.com/contact/ or firstname.lastname@example.org
You may also reach EMSI Compliance by calling toll-free 800-530-0560, extension 4578.
In the case where EMSI conducted a Personal History Interview through the EMSI Inspection Division, the subject may request the information obtained by the EMSI Inspection Department at the address below, in accordance with the FCRA:
Examination Management Services, Inc.
Attention: Inspections Department
3050 Regent Blvd., Suite 200
Irving, TX 75063
The written request needs to include the following information:
- Full Name
- Date of Birth
- Last 4 digits of the Social Security Number
Where EMSI obtains information directly from the data subject, it is the responsibility of the data subject to provide accurate and complete information.
EMSI makes use of session cookies on websites it owns and operates directly. Websites that EMSI may operate indirectly through a third-party partner may use both session and persistent cookies. Cookies are small pieces of data that are stored by the user’s web browser on the user’s hard drive. Cookies are utilized by websites to enhance a user’s experience and remember information such as user name, language, viewing preferences, shortcut navigation and other user preferences. EMSI operated websites do not save user name, language, viewing preferences, shortcut navigation and other user preferences within a cookie. On some websites under EMSI’s indirect control, user’s browsing and/or viewing habits are also tracked and stored in a cookie, however, at no point in time will any user medical or health information be stored in cookie data.
Server and Application Logging
EMSI web servers automatically collect internet protocol (IP) addresses which are used solely for reporting demographic information, number of visits, and in communications troubleshooting. User ID’s are also recorded to comply with auditing requirements and assist in investigation of customer-initiated service requests. As EMSI upgrades, enhances, modifies or maintains its systems, services and procedures, modifications may be made to this Privacy Notice.
Notice to all Users
EMSI’s computer systems are restricted solely to users authorized by EMSI and may be monitored for administrative, technical and security reasons. All users expressly consent to such monitoring. Any use of the system must be in compliance with all EMSI policies and applicable laws. Unauthorized users or any unauthorized use will subject the user to criminal and civil penalties under applicable law.
Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will place such amended notice on our website homepage.
Please address questions regarding EMSI’s privacy notice to EMSI’s privacy officer at 1-800-530-0560 extension 4578.