DMW Direct is a professional services agency that provides Marketing, Advertising and Analytic services to clients and is committed to protecting the integrity, privacy and confidentiality of Protected Health Information (PHI), Personally Identifiable Information (PII) and other data entrusted to us. Our policies and procedures meet the physical and technical security measures required by applicable federal and state regulatory guidelines for the use, storage and transmission of data. DMW Direct has implemented compliant electronic and physical security measures and established stringent administrative security procedures to protect data from unauthorized access, improper use, alteration, and unlawful or accidental destruction. We adhere to all applicable laws, including the privacy and security regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 and the modifications of those by the HITECH Act of 2009.
Data Security & Privacy
Data security and privacy is vital to our clients. DMW Direct commits to making the confidentiality, integrity and availability of the data entrusted to us a top priority. To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, technical, administrative, electronic, and managerial procedures to safeguard and secure the information in our custody.
Limitation of Uses
DMW Direct may receive, utilize and disclose data submitted to us by clients only for the limited purposes set forth in its agreements with each client. DMW Direct has no other use or purpose for the data.
DMW Direct employs various processes to ensure that data remains as it was originally received from the client. However, for the purposes of creating USPS compliant mail files DMW Direct may perform address standardization and National Change of Address processing (NCOA) which may alter the mailing address of the record. No other alteration is performed and processed data is audited for accuracy.
DMW Direct does not grant patients direct access to their information. Should a patient have questions or need access, DMW Direct will work with clients to provide appropriate responses and access. To the extent DMW Direct receives a request from a patient, a patient’s legal representative, or other legal authority to access data in our possession, DMW Direct will immediately notify the client and work cooperatively to provide information in a legally appropriate manner.
Retention and Disposal
PHI submitted by clients to DMW Direct is neither a medical record nor a designated record set as defined by HIPAA, and therefore DMW Direct shall have no obligation to maintain the information as a medical record in accordance with state or federal laws. DMW Direct shall retain all PHI submitted by clients in accordance with the Business Associates Agreement and any other written client agreements. If there is a request to destroy data, it is done so in accordance with applicable industry standards to protect identifiable data from loss, theft, misuse or unauthorized access.
Data submission and revision obligations
DMW Direct relies solely on our clients to provide accurate and up-to-date data. Once received, we will safeguard and ensure that the integrity and security of the data is maintained in accordance with the policies summarized herein. Our clients control what information is provided to DMW Direct and should not submit information that is unnecessary or not applicable to the scope of work. DMW Direct reserves the right to refuse any data containing sensitive information that is not a necessary component of the scope of work.
In providing information to DMW Direct clients must (1) determine whether additional consent is required and (2) obtain that consent in accordance with the purposes for which the data is being utilized.
Clients are responsible for providing in writing to DMW Direct any request to remove PHI or PII from our possession as necessary to comply with patient requests or other applicable laws. DMW Direct will respond with diligence to any such request.
DMW Direct enters into data security agreements with clients as requested, including HIPAA/HITECH Act-compliant Business Associate Agreements with clients defined as Covered Entities. These agreements provide that we acknowledge our legal and contractual obligations and commitments to comply with applicable state and federal laws.
Third Party Vendors
DMW Direct utilizes the services of third party vendors with the consent of our clients. We allow such third parties access to data only when necessary to fulfill our contractual agreements with our clients. To that extent, DMW Direct enters into subcontractor Business Associate Agreements requiring the vendor to attest to its compliance with all Business Associate obligations imposed by state and federal law.
Personnel Training and Compliance Enforcement
DMW Direct staff are trained annually in all areas of data security and data privacy. Employees are trained to recognize security concerns and report those immediately to DMW Direct’s Privacy Compliance Officer. DMW Direct limits data access to only those employees who need access in order to perform their duties. Compliance is monitored and violations are dealt with appropriately.
Questions/Reporting of Concerns
Suspected security or privacy breaches are to be directed to your client services representative or to the Privacy Compliance Officer (contact information below).
Senior Director, Technology Operations and Compliance
701 Lee Road, Suite 103
Chesterbrook, PA 19087