Business Associate Privacy Notice

Definition

Personal information is information that is about or can be related to an identifiable individual.

Sensitive personal information  includes:

• Information on medical or health conditions

• Financial information

• Racial or ethnic origin

• Political opinions

• Religious or philosophical beliefs

• Trade union membership

• Sexual preferences

• Information related to offenses or criminal convictions

Purpose and Authority

  • ibml’s business associates should not need or use ibml’s or ibml’s customers’ protected information, however, some ibml business associates as they perform their jobs may inadvertently have access to the private and protected information of either ibml’s customers or ibml itself.
  • ibml may collect some business associate protected information as a part of the contracting process.

Sharing

  • Any personal or private information that ibml collects from business associates or that business associates might have access to will not be shared with the exception that ibml will comply with any legal request to share business associate protected information with law enforcement.
  • ibml will provide an "Accounting of Disclosures", unless prohibited by a legal restraint,  for any customer or business associate data that might have been shared.

Internal Use

  • ibml’s business associates should not need or use ibml’s or ibml’s customers’ protected information.
  • ibml may use some business associate protected information as a part of the contracting process.

Protection

Section 7.5 of ibml’s IT Security Policies and Standards describes the protection of customer protected information.

  • Protected information in hardcopy format is stored in locking storage cabinets with restricted, sign out access. Customers sending documents to ibml must fill out the ibml customer document classification form. For documents classified as “secure”, the form must include an accurate tally and description of the documents being sent, the expiration date for ibml’s authorization to possess the secure documents, and the desired procedures to follow at the end of the authorized period.
  • Protected information in electronic format is stored in secure data stores on ibml servers, or on encrypted volumes on removable media with restricted access.

Access

As all business associate or customer personal information that ibml receives or has access to is a copy of existing information that is maintained by the business associate or customer, there is no need for business associate or customers to have access to this data for review and update.

Retention

Business associate contracting data is retained for the duration of the contract and for 6 years after when it is deleted.

Contact

Business associates can contact their primary ibml representative or email security@ibml.com with privacy related questions.