Notice of Privacy Practices
THIS NOTICE OF PRIVACY PRACTICES APPLIES TO U.S. CUSTOMERS OF MEDTRONIC DIABETES. THIS NOTICE DESCRIBES HOW YOUR PROTECTED HEALTH INFORMATION MAY BE USED AND DISCLOSED BY MEDTRONIC DIABETES, AND YOUR RIGHTS REGARDING SUCH INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices ("Notice") explains how Medtronic handles Protected Health Information, as further defined below, created or received by MiniMed Distribution Corp., a wholly owned subsidiary of Medtronic MiniMed, Inc., doing business as Medtronic Diabetes (“Medtronic Diabetes”), in its capacity as a healthcare provider subject to the Health Insurance Portability and Accountability Act (“HIPAA”). This may include Protected Health Information collected by Medtronic Diabetes through our website and mobile application platforms, as well as through [phone calls, emails, web surveys, etc.]. This Notice also applies to information collected from you or your Medtronic Diabetes product, e.g., your insulin pump, continuous glucose monitor, blood glucose meter, or smart insulin pen, through CareLink™ Personal. For additional information about CareLink™ Personal , please visit https://www.medtronicdiabetes.com/products/carelink-personal-diabetes-software.
This Notice does not apply to personal information collected from other Medtronic entities or business units, including any Medtronic websites and mobile applications that do not reference and link to this Notice, to ex-U.S. customers, or to third-party websites or applications not owned or controlled by Medtronic.
Medtronic Diabetes is committed to maintaining the privacy of your Protected Health Information. Medtronic Diabetes will only use or share your Protected Health Information as described in this Notice, unless we receive your written consent (including consent provided electronically). As a first-time patient, you will be asked to sign an acknowledgement that you received this Notice.
Definition of Protected Health Information
Protected health information ("PHI") means information that identifies you or could reasonably be used to identify you and which is submitted to and/or collected by Medtronic Diabetes in its capacity as a healthcare provider under HIPAA and maintained by Medtronic Diabetes in an accessible form, whether oral, electronic or paper.
Examples of PHI include, but are not limited to:
- Information about your diagnosis/disease
- Information about Medtronic Diabetes health-related products or services provided to you (e.g., device serial number)
- Demographic information (name, physical address, email address, phone number, and date of birth), if connected to health-related information.
Medtronic Diabetes Responsibilities
- Medtronic Diabetes is required by law to maintain the privacy of your PHI.
- Medtronic Diabetes will notify you if a breach occurs that may have compromised the privacy or security of your PHI.
- Medtronic Diabetes must follow the practices described in this Notice and will provide a copy of this Notice to you.
Medtronic Diabetes may use and disclose your PHI without your written authorization under the following circumstances:
Treatment: Medtronic Diabetes may use or share your PHI for all treatment related purposes, within its capacity as a healthcare provider including coordinating your care with other providers and training, supporting, and educating you on your diabetes products. For example, Medtronic Diabetes may fax or securely email documents to your treating physicians or other healthcare providers involved in your care.
Payment: Medtronic Diabetes may share your PHI to bill and obtain payment from health plans or other entities, including for example, federal healthcare programs (Medicare and Medicaid) to obtain payment for devices we sell.
Healthcare Operations: Medtronic Diabetes may utilize and share your PHI to run its business, improve our products and services, and contact you when necessary. For example, Medtronic Diabetes may use your PHI to conduct quality or compliance audits, or to review the quality of our products and services.
As part of Medtronic Diabetes’ treatment, payment, and healthcare operations, we may use or disclose your PHI to provide you with non-promotional marketing communications about the health-related products and services that we provide, and about products, services, treatment, or healthcare providers that may be of interest to you.
Medtronic Diabetes may also use and disclose your PHI without your written authorization under the following circumstances:
Individuals Involved in Your Care or Payment for Your Care
Medtronic Diabetes will only disclose your PHI to family members, other relatives, friends or other persons you identify as involved in your care or in your payment for care.
Business Associates
Some services are provided by Medtronic Diabetes through contracts with other companies (“Business Associates”). Medtronic Diabetes may share your PHI with Business Associates, such as a billing company, so they can assist us with our business operations. All Medtronic Diabetes Business Associates must protect the privacy and security of your PHI just as we do.
The Food and Drug Administration (FDA)
We may disclose your PHI to the FDA, or persons under the jurisdiction of the FDA,: (i) to collect or report adverse events, product defects or problems (including problems with the use or labeling of a product) (ii) to track FDA-regulated products, (iii) to enable product recalls, repairs or replacement, or look back (including locating and notifying individuals who have received products that have been recalled, withdrawn, or are the subject of look back), or (iv) to conduct post-marketing surveillance.
Coroners, Medical Examiners or Funeral Directors: Medtronic Diabetes may disclose PHI when a person dies as needed.
Corporate Change: In the event of a corporate change resulting from a sale to or merger with another entity, or in the event of a sale of assets or bankruptcy, Medtronic Diabetes may transfer your PHI to the new party in control or the entity acquiring assets.
Disaster Relief: Medtronic Diabetes may need to share your location or other information for the purpose of notifying your family, friends or agencies chartered by law to assist in disaster relief efforts.
Judicial and Administrative Proceedings: Medtronic Diabetes may disclose your PHI if required to do so by federal, state, or local law; if ordered by a court or by another properly authorized body; or if you put your PHI at issue in litigation.
Law Enforcement: Medtronic Diabetes may disclose your PHI to law enforcement officials to comply with court orders, subpoenas, or warrants or certain wound reporting obligations. If you are an inmate or are detained by a law enforcement officer, Medtronic Diabetes will disclose your PHI to prison or law enforcement officials only as permitted by law.
Private or Public Safety: Medtronic Diabetes may disclose your PHI if we have a good faith belief that such action is appropriate and necessary to protect and defend the rights of Medtronic Diabetes, or to protect the safety of our customers and the general public.
Public Health and Safety: Medtronic Diabetes may disclose your PHI to authorized government health officials to carry out public health activities, including, for example: reporting diseases/population health; reporting suspected abuse, neglect or domestic violence; to avoid a serious threat to public health or safety; monitoring product recalls; or reporting information for safety and quality purposes.
Research: Medtronic Diabetes may ask for your authorization before using or disclosing your PHI with others to conduct research. In some instances, authorization may not be required to disclose your PHI for research purposes if requested by a regulatory body or approved by an institutional review board.
Worker’s Compensation and Other Government Requests: Medtronic Diabetes may disclose your PHI in relation to workers’ compensation claims payment or hearings; health oversight agencies for activities authorized by law; or special government functions (e.g., military, national security).
Correctional Facilities: We may use or disclose your PHI to a correctional institution or law enforcement official if you are an inmate of a correctional facility and your physician created or received your PHI in the course of providing care to you, and disclosure is necessary for (i) providing you with healthcare; (ii) the health and safety of you, other inmates, or others at the correctional institution; or (iii) the administration and maintenance of the safety, security, and good order of the correctional institution.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (i) for activities deemed necessary by appropriate military command authorities; or (ii) to foreign military authority if you are a member of that foreign military service. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities.
Additional Information Regarding your PHI
De-Identified Information
Medtronic Diabetes may de-identify your PHI for the purpose of analytics and business operations. Medtronic Diabetes complies with the requirements for de-identification under HIPAA to ensure that you cannot be identified as a single unique individual. Once we have de-identified such information, it is non-personal information, i.e., is no longer considered PHI, and we may treat it like other non-personal information.
Authorization
Medtronic Diabetes will obtain your authorization or consent before using or disclosing your PHI for any purpose not described in this Notice, including:
- Using your PHI for promotional marketing purposes.
- Using your PHI for patient testimonials on diabetes products.
- Sale of your PHI.
You may revoke any authorization or consent you have provided to Medtronic Diabetes at any time in writing, via email at takecontrol@medtronic.com or contact our Customer Service Center at 800-646-4633.
Online Third-Party Tracking Technology
Tracking technologies are used to collect and analyze information about how users interact with regulated entities’ websites or mobile applications. Tracking technologies collect information and track users in various ways, including but not limited to, cookies, web beacons or tracking pixels to collect information from users.
As a healthcare provider under HIPAA, Medtronic Diabetes is not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors or any other violations of HIPAA.
For additional information about tracking technologies regarding regulated entities, like Medtronic Diabetes, visit the Office for Civil Rights website at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html.
To exercise the rights below, please contact Medtronic Diabetes at 1-800-646-4633 or rs.diabeteslegalprivacy@medtronic.com.
Access Your Account Record
You may request access to or get an electronic or paper copy of your Medtronic Diabetes account record that we have in our designated record set, including your medical and billing records. Medtronic Diabetes must provide access to the PHI requested no later than 30 calendar days from receiving your request but can request a 30-day extension. Under certain limited circumstances, Medtronic Diabetes may deny your request for a copy of your account record. You may be charged a reasonable cost-based fee for your request.
You may also direct Medtronic Diabetes to transmit your PHI (whether in hard copy or electronic form) directly to an entity or person clearly and specifically designated by you in writing.
Amend Your Account Record
If you believe that your PHI is incorrect or incomplete, you may submit a written request for Medtronic Diabetes to amend your account record, for as long as Medtronic Diabetes retains your information. Medtronic Diabetes may deny your request for an amendment, but Medtronic Diabetes will provide an explanation for the denial in writing within sixty (60) days.
Request an Accounting of Disclosures
You may request an "accounting of disclosures," i.e., a list of the times Medtronic Diabetes shared your PHI and reason for sharing your PHI with other persons or organizations within the past six (6) years. This accounting, however, does not include disclosures that are made directly to you, such as those made for treatment, payment or healthcare operations. You may receive one free accounting in any twelve (12)-month period. Medtronic Diabetes will charge you for additional requests.
Request Restrictions on Use of Your PHI
You may request a restriction or limitation on the PHI Medtronic Diabetes uses or discloses for your treatment, payment and healthcare operations. If you directly pay for a product or service in full (without obtaining insurance coverage), then you may request that Medtronic Diabetes not disclose any information to your health plan for purposes of payment or healthcare operations, unless a law requires Medtronic Diabetes to share such information. Medtronic Diabetes is not required to agree to any other requests but will review your request.
Request Confidential Communications
You may request that Medtronic Diabetes contact or send PHI to you in a certain way or at a certain location, such as only at work or home, or only by mail. Medtronic Diabetes will not ask you the reason for your request, and Medtronic Diabetes will accommodate all reasonable requests.
Request a Copy of this Notice
You have the right to receive a copy of this Notice in the format you prefer (paper or electronic) at any time. To receive a copy electronically, email your request to rs.diabeteslegalprivacy@medtronic.com. This Notice is also available on the Medtronic Diabetes website at www.medtronicdiabetes.com/notices.
How to File a Complaint
If you believe your PHI has not been safeguarded, protected, or handled as required by law or pursuant to the terms of this Notice, you may file a complaint with Medtronic Diabetes by submitting your complaint in writing to our Privacy Official. Medtronic will not retaliate or take action against you for filing any such complaint. If you wish, you may also file a complaint or seek resolution with the Secretary of Health and Human Services (200 Independence Avenue, S.W. Washington, D.C. 20201; (202) 619-0257; https://www.hhs.gov/ocr/index.html)
If you have any questions, comments or complaints, you may contact the Privacy Official in the Legal Department by phone at (800) 646-4633, by email at rs.diabeteslegalprivacy@medtronic.com, or by mail at the following address:
MiniMed Distribution Corp, Inc.
ATTN: Privacy Official, Legal Department
18000 Devonshire Street
Northridge, CA 91325-1219
Effective Date of this Notice
The effective date of this Notice is April 14, 2003, and it has been updated most recently on April 26, 2024. Medtronic Diabetes reserves the right to change the terms of this Notice and the changes will apply to all protected health information Medtronic Diabetes has about you. The new Notice will be available upon request and is also available on the Medtronic Diabetes website at www.medtronicdiabetes.com/notices.
US-GDB-2400071