Compliance & Privacy Policy

The type and amount of personal data you may process depends on the reason you’re processing it (legal reason used) and what you want to do with it.  The BlueCloud Network respects several key rules, including but not limited to EU General Data Protection Regulation (GDPR):

The BlueCloud Network Compliance

The BlueCloud Network respects the privacy of its members and is in compliance with all aspects of the GDPR.  The BlueCloud Network only stores personal information in limited data sets, and the type and amount of personal data you may process depends on the reasons you are requesting to process the data and the end result you desire.  Any personal data stored on the BlueCloud Network is processed lawfully, fairly and in a transparent manner.

The BlueCloud Network has proactively put in place the appropriate technical and organizational safeguards to ensure the security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate state-of-the-art technology.

Purpose Limitation

The BlueCloud Network does not process personal data, and only stores personal data for specified, explicit and legitimate purposes. The BlueCloud Network does not use personal data for purposes that are not compatible with the original purpose for which data is stored. Members own their personal data and have the power to use the BlueCloud Network tools to allow private and shareable access to third parties who must indicate the purpose of when, where, how and what is the ultimate purpose of sharing their own personal data.

Data Minimization

The BlueCloud Network keeps no more than the minimum amount of personal data for specific processing and that personal data is restricted to what is adequate, relevant and limited to what is necessary.


The personal data of a BlueCloud Network member is controlled by the member, who is responsible for ensuring their own personal data is accurate and up-to-date, having regard to the purposes for which it is processed.  The BlueCloud Network also provides its members with the proper networking tools to help the members correct personal data and keep it up to date.

Storage Limitation

Any personal data held by the BlueCloud Network will be purged or kept in a form which permits identification of personal data subjects for no longer than necessary for the purposes for which it was collected.

Removal of Data

The BlueCloud Network has processes in place to allow the removal of personal data from the BlueCloud Network subject to limitations that may be imposed by regulatory agencies and regulators, who may require personal data to be stored for the specific purpose as related to human subject protection, such as in the case of documenting competencies by a healthcare professional when becoming involved in a clinical trial or healthcare payer purposes when the authorized comptroller has received initial consent to maintain such personal data for a specific purpose.

Breach of Personal Data

In the unlikely event member’s personal data is stolen or illegally accessed, the BlueCloud Network will notify the necessary authority within 72 hours (unless unlikely to result in risk to data subjects) and will communicate the personal data breach to the affected data subjects without undue delay.

Consent to Process Personal Data

The BlueCloud Network does not directly process personal data; it merely provides a place to store personal data and the provides individuals and organizations the right to use BlueCloud Networking tools for business, compliance and human subject protection purposes.  The BlueCloud Network feels it is in the best interest of the parties to follow the guidelines of the GDPR, and in order to provide the highest level of protection to its Members, requires the freely given, specific, informed and unambiguous consent to process personal data.

HealthCarePoint follows an array of compliance guidelines including the document 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records “Draft Guidance For Industry” prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office Counsel and the Office of Regulatory Affairs.  We also follow the EU-US Privacy Shield Program Update.


Privacy Shield Compliance

BlueCloud by HealthCarePoint complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  BlueCloud by HealthCarePoint has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, BlueCloud by HealthCarePoint commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact BlueCloud by HealthCarePoint at:

BlueCloud by HealthCarePoint has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.  You may also refer to Privacy Policy FAQs for additional information.

 BlueCloud is required to abide by the following:

  • To the investigatory and enforcement powers of the Federal Trade Commission (FTC).
  • Under certain conditions, individuals may invoke binding arbitration.
  • Disclose personal information in response to lawful requests by public. authorities, including to meet national security or law enforcement requirements.
  • For liability in cases of onward transfers to third parties.

Opt-Out / Choice

We will provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized.  To request to limit the use and disclosure of your personal information, please submit a written request to:


SUMMARY: A secure, reliable environment that maintains hosting, physical security, logical security via vXCHNG -SSAE-16-SOCI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes is used when creating new software and technology improvements. Whenever required, each separate HealthCarePoint’s networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require such virtual and on-site proof of vendor audits. HealthCarePoint’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. HealthCarePoint’s Primary Engines and Networking Systems are not created using open-source technologies.