The type and amount of personal data you may process depends on the reason you’re processing it (legal reason used) and what you want to do with it. The BlueCloud Network respects several key rules, including but not limited to EU General Data Protection Regulation (GDPR):
- The BlueCloud Network only collects and stores personal information in limited data sets, in a lawful and transparent manner, ensuring fairness towards the individuals and ensuring personal data with lawfulness, fairness and complete transparency.
- BlueCloud is not a Data Comptroller but instead, enables the processing of data to happen by the data owner. Data is normally owned by the individual who is then empowered to use their own BlueCloud Networking tools to allow private and shareable access to third parties who furthermore must indicate to the data owner the purpose of when, where, how and what is the ultimate purpose of sharing their own personal data. BlueCloud does not collect or store data simply for undefined purposes but for explicit purposes to the extent by which the data owner may find it suitable to allow the storage their data for their own approved personal and purposely use.
- The BlueCloud Network only maintains personal data that is necessary to fulfill a specific purpose (‘data minimization’).
- Even though the BlueCloud Network members are responsible for ensuring their own personal data is accurate and up-to-date, having regard to the purposes for which it’s processed, the BlueCloud Network proactively provides members with the proper tools and incentives to help our members correct if not accurate (‘accuracy’).
- The BlueCloud Network does not use personal data for any other purposes that are not compatible with the original purpose for which data must be maintained by the data owner.
- The BlueCloud Network ensures our members that personal data is stored for no longer than necessaryfor the purposes for which it was collected (‘storage limitation’).
- Even though the BlueCloud Network has processes in place to allow member to remove their personal data from the system, the data owner also understands the limitations of completely removing his/her personal data when the specific purpose for storing the data is required by regulatory agencies and regulators who may require data to be stored for the specific purpose as related to human subject protection, such in the case of documenting competencies by a healthcare professional when becoming involved in a clinical trial when the authorized comptroller has received initial consent to maintain such data for a specific purpose .
- Following regulatory guidance, the BlueCloud network has proactively put in place the appropriate technical and organizational safeguards to ensure the security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (‘integrity and confidentiality’).
HealthCarePoint follows an array of compliance guidelines including the document 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records “Draft Guidance For Industry” prepared under the aegis of the Office of Enforcement by the FDA Part 11 Compliance Committee. The committee is composed of representatives from each center within the Food and Drug Administration, the Office Counsel and the Office of Regulatory Affairs.
SUMMARY: A secure, reliable environment that maintains hosting, physical security, logical security via vXCHNG -SSAE-16-SOCI certified hosting facility. Renewable disaster recovery plans and redundant back up processes are in place. Additional redundant processes and infrastructures can be added on a case by case basis. Agile software methodology processes is used when creating new software and technology improvements. Whenever required, each separate HealthCarePoint’s networking vehicle can adapt independently to an array of electronic signature requirements as per a series of continuously virtually and locally audited and proprietary Standard Operating Procedures (SOPs). Using proper channels and proper procedures, SOPs can be demonstrated to VIP industry auditors which require such virtual and on-site proof of vendor audits. HealthCarePoint’s proprietary networking software is and will continue to be created in-house to minimize the risk of infiltration which is tested via third party tools and testing technologies. HealthCarePoint’s Primary Engines and Networking Systems are not created using open-source technologies.