Last Updated: 10/5/2021
This Privacy Notice (“Notice”) sets forth Medline Industries, LP. (“Medline,” “we” and “our”) practices regarding the collection, use and disclosure of protected health information (“PHI”) that you may provide through your use of this website and any other Medline websites that display this Notice, or when you use any Medline mobile applications that link to this Notice (collectively, our “Site(s)”). Medline collects, uses and discloses all such PHI in our capacity as a Business Associate (as defined by 45 C.F.R. § 160.103), on behalf of our customers, which are considered Covered Entities (as defined by 45 C.F.R. § 160.103), subject to the terms of our Business Associate Agreements (“BAA”) with those customers.
Please read this entire Notice before using the Site or submitting information to Medline through the Site. By using the Site, and submitting information through the Site, you acknowledge receipt of this Notice and, to the extent permitted under applicable law, you consent to our collection, use and disclosure of PHI detailed herein. To obtain a copy of the Notice of Privacy Practices, as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), please reach out to your referring healthcare provider, which is the Covered Entity.
Collection of PHI: Medline collects certain categories of PHI on behalf of our customers, including: your name, address, telephone number, email address, as well as information about your visits to the Site when you voluntarily submit it to Medline via the Site, or otherwise consent to its collection via the Site.
To the extent you provide information to us about an individual other than yourself (e.g., a patient of yours or another health care provider) or provide additional information about yourself pursuant to your query, you agree that you are legally permitted to submit such information to us for the purposes described in this paragraph and have obtained any and all legally required consents for our processing of such information as described herein.
Uses and Disclosures of PHI: Medline collects, uses, and discloses PHI on behalf of, or in order to provide services to our customers (the Covered Entities), for the purposes of fulfilling our service and other contractual obligations to them, if such uses and disclosures are permitted or required by the applicable BAA and do not otherwise violate the HIPAA Privacy Rule.
We also use and disclose PHI to operate, maintain and administer the Site, as well as for data aggregation, and to meet our own legal obligations (including to report violations of law to federal and state authorities and in response to court orders or other legally-binding requests), to the extent such use is permitted or required by the applicable BAA and not prohibited by HIPAA or other applicable law.
In the event that we disclose PHI to subcontractors or agents, we will ensure that our agreements with such subcontractors or agents include restrictions and conditions that are materially the same as those that apply to us under the BAA, including with respect to the implementation of reasonable and appropriate safeguards, as required by the HIPAA Security Rule.
The information we collect and process via the Site will never be used or disclosed by Medline for marketing or profiling purposes.
Cross-border Transfers: This Site is intended solely for use in the United States. If you are not located in the United States, please note that your information will be transferred to the United States and other third countries, which may not provide an equivalent level of protection to that of your country, to facilitate the use of the Site and its functionality. Your continued use of the Site constitutes your consent to such transfers.
Retention: Medline will store and maintain PHI collected via the Site for as long as necessary (i) for the purposes for which it was collected, (ii) to meet its current and future legal obligations, including compliance with Medline’s records retention policy, as well as federal or state medical record retention requirements, and (iii) as permitted by applicable law.
Safeguards: We use appropriate safeguards to prevent the unauthorized use and disclosure of PHI, as required by the HIPAA Security Rule and the BAA. We have implemented administrative, physical, and technical safeguards that reasonable protect the confidentiality, integrity, and availability of the PHI we collect, maintain, and use, and disclose on behalf of Covered Entities.
Notifications of breaches involving PHI will be handled as required under the applicable BAA and the HIPAA Breach Notification Rule.
Your Rights in Connection with Your PHI: In accordance with HIPAA, individuals have certain rights with respect to their PHI. As provided in the BAA, we make available to Covered Entities the information necessary for Covered Entities to administer such requests and fulfill individuals’ rights of access, amendment, and accounting in accordance with HIPAA regulations.
If you want to exercise any of these rights, please contact your referring healthcare provider.
Updates to this Notice: Medline may, at any time, update this Notice. Your PHI will be handled in accordance with the Notice in eﬀect at the time the data is collected.
Contacting Us: If you have any questions, inquiries or complaints about this Notice, please contact Medline at: [email protected] or by regular mail addressed to: Medline Industries, LP. Attn: Privacy Office, Three Lakes Drive, Northfield, IL 60093.
Medline Industries, Inc.
401 Edwards Street, Suite 208
Shreveport, LA 71101