Compliance

The type and amount of personal data you may process depends on the reason you’re processing it (legal reason used) and what you want to do with it. The BlueCloud Network respects several key rules, including but not limited to EU General Data Protection Regulation (GDPR):

The BlueCloud Network Compliance

The BlueCloud Network respects the privacy of its members and is in compliance with all aspects of the GDPR.  The BlueCloud Network only stores personal information in limited data sets, and the type and amount of personal data you may process depends on the reasons you are requesting to process the data and the end result you desire.  Any personal data stored on the BlueCloud Network is processed lawfully, fairly and in a transparent manner.

The BlueCloud Network has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate state-of-the-art technology.

Purpose Limitation

The BlueCloud Network does not process personal data, and only stores personal data for specified, explicit and legitimate purposes. The BlueCloud Network does not use personal data for purposes that are not compatible with the original purpose for which data is stored. Members own their personal data and have the power to use the BlueCloud Network tools to allow private and shareable access to third parties who must indicate the purpose of when, where, how and what is the ultimate purpose of sharing their own personal data.

Data Minimization

The BlueCloud Network keeps no more than the minimum amount of personal data for specific processing and that personal data is restricted to what is adequate, relevant and limited to what is necessary.

Accuracy

The personal data of a BlueCloud Network member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date, having regard to the purposes for which it is processed.  The BlueCloud Network also provides its members with the proper networking tools to help the members correct personal data and keep it up to date.

Storage Limitation

Any personal data held by the BlueCloud Network will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.

Removal of Data

The BlueCloud Network has processes in place to allow the removal of personal data from the BlueCould Network subject to limitations that may be imposed by regulatory agencies and regulators, who may require personal data to be stored for the specific purpose as related to human subject protection, such as in the case of documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.

Breach of Personal Data

In the unlikely event member’s personal data is stolen or illegally accessed, the BlueCloud Network will notify the necessary authority within 72 hours (unless unlikely to result in risk to data subjects) and will communicate the personal data breach to the affected data subjects without undue delay.

Consent to Process Personal Data

The BlueCloud Network does not directly process personal data; it merely provides a place to store personal data and the provides individuals and organizations the right to use BlueCloud Networking tools for business, compliance and human subject protection purposes.  The BlueCloud Network feels it is in the best interest of the parties to follow the guidelines of the GDPR, and in order to provide the highest level of protection to its Members, requires the freely given, specific, informed and unambiguous consent to process personal data.

HealthCarePoint follows an array of compliance guidelines including the document 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records “Draft Guidance For Industry” prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office Counsel and the Office of Regulatory Affairs.

SUMMARY: A secure, reliable environment that maintains hosting, physical security, logical security via vXCHNG -SSAE-16-SOCI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes is used when creating new software and technology improvements. Whenever required, each separate HealthCarePoint’s networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require such virtual and on-site proof of vendor audits. HealthCarePoint’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. HealthCarePoint’s Primary Engines and Networking Systems are not created using open-source technologies.