INFORMATION PRIVACY AND SECURITY POLICY
INTRODUCTION
Verilogue is an independent market research company that conducts research for healthcare companies. Verilogue adheres to the information privacy and security standards described in this Information Privacy and Security Policy (the “Policy”), which are based, in part, on the Council of American Survey Research Organizations (“CASRO”) Code of Standards and Ethics for Survey Research. CASRO was established with the goal of protecting the privacy of individuals who participate in research programs.
DEFINITIONS
“Identifiable Information” means information about a participant in one of Verilogue’s research programs, which information reveals the identity of the participant or reasonably could be used to identify the participant.
“Policy” means this Information Privacy and Security Policy.
VERILOGUE’S APPROACH TO RESEARCH
Verilogue’s research programs are conducted on a voluntary basis – Verilogue only works with individuals who volunteer to participate. Detailed written descriptions about the intent and purpose for each such program are provided to prospective participants before they decide to participate. The reports and other information Verilogue provides to its clients about the results of its research programs do not contain Identifiable Information.
Verilogue explains to all prospective participants in its research programs the voluntary nature of the program.
Verilogue provides a detailed description of the intent, purpose, and methodology involved in its research programs before any prospective participant enrolls in the program.
Verilogue identifies itself in all of its research program materials and in any telephone contacts with participants and prospective participants.
Verilogue answers questions from participants and prospective participants in a forthright and honest manner.
Verilogue respects the right of participants in its research programs to change their mind about participating in a research program at any time prior to the results of the research being provided to Verilogue.
Verilogue discloses to prospective participants in its research programs any intended use of electronic recording equipment in the research program.
CONFIDENTIALITY
Verilogue has implemented procedures to reasonably protect data security and the use and disclosure of Identifiable Information. Verilogue protects the identity of participants in its research programs; Verilogue does not disclose Identifiable Information, unless the participant has permitted such disclosure or it is allowed or required by law.
Verilogue has implemented a number of procedures aimed at protecting the privacy and security of Identifiable Information, which procedures are described below.
Verilogue uses and discloses Identifiable Information only as appropriate under and described in this Policy.
Verilogue stores or maintains Identifiable Information in its research programs in secure locations.
Verilogue limits access to Identifiable Information to workforce members and third parties that need to have such access in order to achieve the purposes of a given research program.
Verilogue’s workforce members use and disclose Identifiable Information only as described in this Policy or as permitted or required by law.
When Verilogue receives Identifiable Information from sources other than the participant, Verilogue enters into confidentiality agreements with the entity(ies) that provide such information to Verilogue. Those confidentiality agreements require protections at least as stringent as those described in this Policy.
Verilogue enters into confidentiality agreements with subcontractors and other third parties to which Verilogue provides Identifiable Information. Those confidentiality agreements require the third parties to implement protections for the privacy and security of such information at least as stringent as those described in this Policy.
Prior to providing research results to clients, Verilogue removes Identifiable Information.
At the conclusion of each research program, Verilogue uses reasonable efforts to destroy or de-identify (make anonymous) all Identifiable Information, unless the participant has agreed to be re-contacted about future research programs or Verilogue is otherwise required by contract or permitted or required by law to maintain such information.
Verilogue does not use invisible identifiers on mailings to prospective participants in its research programs.
Verilogue does not and would not knowingly use or disclose Identifiable Information in violation of any privacy or security law or agreement.
If Verilogue is called upon to use or disclose Identifiable Information in a legal proceeding, Verilogue will take reasonable steps in the context of that legal proceeding to inform the court or other decision-maker of the confidentiality of the information, and Verilogue will take reasonable steps to otherwise maintain the confidentiality of such information.
Verilogue uses reasonable and appropriate safeguards to protect the security of Identifiable Information, including specifically the confidentiality and integrity of such information.
