Privacy Statement - V1.02 last reviewed March 8, 2024

Smile CDR, dba Smile Digital Health, recognizes the need for clients to understand its compliance with applicable United States and international privacy and security laws and regulations, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the protection of Protected Health Information (PHI) and the modifications to HIPAA under the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). Smile Digital Health will only fulfill the role of a business agent. This Privacy Statement describes Smile Digital Health’s commitment to privacy and security.

 

Product Development

Smile Digital Health provides FHIR® -based data repository software, services and solutions to healthcare organizations around the world. Their complete clinical data repository enables clients to better manage their data and is built around the HL7® FHIR standard used for storing health records in a cloud-based infrastructure. Smile Digital Health maintains a robust privacy and security program that is compliant with applicable laws and regulations including the HIPAA Privacy and Security Standards, regarding how patient PHI can be transmitted, maintained, handled, and shared.

 

Product Service and Support

Smile Digital Health offers application training and technical support to its clients and may encounter confidential information including PHI when troubleshooting and handling product issues. The extent of the access to PHI is limited to a minimum necessary to accomplish its intended purpose. This safeguard is supported by operational controls and procedures.

Digital Health Services and Value-Added Solutions

Smile Digital Health also provides Digital Health Services and other value-added solutions involving the handling of customer data for population health, benchmarking, data analytics, decision support, and related consulting, which may include PHI, limited data sets, or de-identified data. The extent of any Digital Health Services involve hosting of customer data, which is done using highly-secured cloud computing environments provided by trusted, certified cloud service providers, and in compliance with all applicable laws and regulations, including HIPAA and HITECH.

 

Commitment to Privacy and Security

Smile Digital Health is committed to privacy and security and maintains policies and procedures for compliance with applicable laws and regulations that are relevant to the service it provides. Smile Digital Health also maintains a comprehensive privacy and security program that includes administrative, physical, and technical safeguards that are reasonable and appropriate to protect the confidentiality, integrity, and availability of electronic PHI that may be received, maintained, stored, or transmitted by Smile Digital Health on behalf of its clients. Such obligations are also imposed upon all subcontractors that may handle PHI on behalf of Smile Digital Health, in compliance with HIPAA and HITECH and other applicable laws. In the unlikely event of a privacy breach, Smile Digital Health maintains procedures to promptly notify clients, in order to meet legal and regulatory reporting requirements and to efficiently resolve the issue.

Only those Smile Digital Health staff who have service or support responsibilities will have access to confidential data to perform their job, which may include PHI. Such access is controlled and monitored. Smile Digital Health will not use or disclose any PHI, except for the purposes of performing job functions and is obligated to comply with all applicable laws, regulations, contractual obligations, and corporate policies. Any PHI that may be received by Smile Digital Health is kept secure to maintain its confidentiality, integrity, and availability and is securely destroyed or returned once the use or disclosure is no longer necessary or permitted. Smile Digital Health maintains policies and procedures to protect and safeguard PHI, including minimum necessary use and disclosure, and sanctions for those who should violate these policies. Smile Digital Health’s staff receives training which emphasizes that all client data is confidential and must be protected at all times.


Additional Information

Smile Digital Health maintains certification under the Health Information trust Alliance (HITRUST) and the International Standards Organization (ISO) 27001 privacy and security standards. Smile Digital Health’s HITRUST and ISO 27001 compliance certificates are also available upon request, as well as a list of the controls and objectives upon which the HITRUST and ISO certifications are based.

Additional Information regarding the privacy and security of hosting data will be made available to customers from the applicable cloud service provider(s) relevant to particular offerings. For more information related to this Privacy Statement or Smile Digital Health’s approach to data privacy, please email us at privacy@smiledigitalhealth.com or send us a letter to 622 College Street Suite 401, Toronto, ON M6G 1B4.