data confidentiality policy
Purpose
Clinical Pathways’ confidentiality policy outlines our expectations for handling confidential information. Contractors will receive and handle personal and private information about clients, partners, and our company during the regular course of day-to-day tasks. The purpose of the policy is to ensure that this information is well-protected.
We must protect this information for two reasons. It may:
Be legally binding (e.g., sensitive customer data).
Constitute the backbone of our business, giving us a competitive advantage (e.g., business processes or intellectual property).
Scope
This policy applies to our employees, contractors, interns, and anyone who has permanent or temporary access to our electronic systems.
Responsibilities
Each individual who will access our systems is required to read, understand, and comply with this policy.
Definitions
Confidential information:
Common examples of confidential or proprietary information are:
Unpublished financial information
Data of Customers/Partners/Vendors (existing and prospective)
Intellectual property
Data entrusted to our company by external parties
Pricing/marketing and other undisclosed strategies
Documents and processes explicitly marked as confidential
Unpublished goals, forecasts, and initiatives marked as confidential
Procedure
Confidential and Proprietary Information
Contractors may have various levels of authorized access to confidential information. Data should only be shared on an as needed basis and only among other contractors who have access permissions to that data.
Best Practices
What Personnel Should Do:
Lock or secure confidential information at all times.
Shred confidential documents (paper) or delete and empty trash (electronic) when they are no longer needed.
Make sure to only view confidential information on secure devices.
Only disclose information to other contractors when it is necessary and authorized.
Keep confidential documents within our company’s systems unless it is absolutely necessary to move them.
What Personnel Shouldn’t Do:
Don’t use confidential information for any personal benefit or profit.
Don’t disclose confidential information to anyone outside of our company without authorization.
Don’t replicate confidential documents and files and store them on insecure devices or locations.
When contractors or interns stop working for our company, they are obliged to return any confidential files and delete them from their personal devices.
Confidentiality Measures
We take measures to ensure that confidential information is well protected by:
Storing and locking paper documents, when applicable.
Safeguarding electronic information and databases.
Requiring contractors and interns to sign non-disclosure agreements (NDAs).
Asking for authorization from the Operations Director to allow contractors to access certain confidential information.
Exceptions
Confidential information may occasionally have to be disclosed for legitimate reasons. Examples are:
If a regulatory body requests it as part of an investigation or audit.
If our company examines a venture or partnership that requires disclosing some information (within legal boundaries).
In such cases, contractors involved should document their disclosure procedure and collect all needed authorizations. Only that information that is required to be disclosed should be.
Working Remotely
When working remotely, the confidentiality policy still applies.
Disciplinary Consequences
When best practices and the company’s policy are not followed, disciplinary actions may be implemented. Each incident will be assessed on a case-by-case basis. In case of breaches that are intentional or repeated, the contract will be terminated and could have the potential for legal action (for example, intentional theft of intellectual property for personal gain).
Duration
This policy is binding even after contract end date.
Last updated: 01-Dec-2022
Last reviewed: 21-Dec-2022
CONTACT US
If you have any questions about this Confidentiality Policy, please contact us.