Guest Medical Screening Privacy Policy

Daniel Gonzalez

VIKAND GUEST MEDICAL SCREENING PRIVACY POLICY

This VIKAND Guest Medical Screening Privacy Policy (“Privacy Policy“) lays out your data protection rights, outlines how we collect, utilize, and safeguard your personal information, and serves to inform you of our data handling practices. VIKAND’s Guest Medical Screening Services, a service provided by Vikand Medical Solutions, LLC, Vikand Solutions Philippines, Inc., Vikand Medical Solutions (Bahamas) Limited (collectively referred to as “VIKAND“), is dedicated to delivering healthcare services to the maritime industry, including guest medical screening services, telehealth, and remote health care services, while prioritizing the protection of your privacy. As the data controller of your personal data, this Privacy Policy outlines how we collect, utilize, and safeguard the personal information you provide when using our website or engaging in VIKAND’s Guest Medical Screening Services.

In our capacity as a data controller, we hold responsibility for determining the purposes and methods of processing your personal data. This includes ensuring compliance with relevant data protection laws and regulations, such as the Health Insurance Portability and Accountability Act (“HIPAA“) and the European Union’s General Data Protection Regulation (“GDPR“).

Topics:

I. What Data Do We Collect?

II. How Do We Collect Your Data?

III. How Do We Use Your Data?

IV. How Do We Share Your Data?

V. How Do We Store your Data?

VI. Consent

VII. What Are Your Data Protection Rights?

VIII. Subprocessors

IX. What Are Cookies?

X. How Do We Use Cookies?

XI. What Types of Cookies Do We Use?

XII. How to Manage Your Cookies?

XIII. Changes to our Privacy Policy

XIV. How to Contact Us?

XV. How to Contact the Appropriate Authorities?

I.              What Data Do We Collect? 

VIKAND provides a service whereby it conducts a medical review of guests sailing on its clients’ vessels (“Guest Medical Screening Services”).  When contracted to do so, VIKAND receives Guest Medical Screening Forms for review from the cruise line or its guests. These forms contain Protected Health Information (“PHI”), personal data, and sensitive personal data provided by the guests. In the course of providing this service, VIKAND will collect and process this personal data, sensitive personal data and PHI. This processing is essential for creating a comprehensive medical profile of guests, determining their fitness to travel on board VIKAND’s clients’ cruises. 

VIKAND collects various kinds of information to operate effectively and provide our services, and experiences tailored to your needs. Regardless of the source, it’s important to treat your personal information with care and to ensure you maintain your privacy.

In correlation with your relationship with us, we may collect the following personal information from you:

Name, gender, marital status, citizenship, and date of birth: Basic demographic details necessary for identification and communication purposes.

Physical attributes, protected health information, and medical records (if provided through our secure portal): We recognize the sensitivity and importance of Protected Health Information (“PHI”) and sensitive health data. Any medical information provided through our secure portal is handled with the highest level of security and confidentiality in accordance with HIPAA and GDPR requirements.

Contact information: Including email addresses, mailing addresses, telephone numbers, and fax numbers, to facilitate communication and provide relevant updates.

• Financial information: Such as payment card numbers and billing addresses, necessary for processing transactions securely and efficiently.

Government-issued IDs: Such as social security numbers (if provided), essential for identity verification and compliance with regulatory requirements.

II.              How Do We Collect Your Data? 

At VIKAND, safeguarding your privacy and ensuring compliance with stringent data protection laws, including HIPAA, GDPR, and other applicable data privacy regulations, is paramount.

We collect your data through various methods when you interact with us, particularly when you engage with our Guest Medical Screening Services. 

A. Direct Data Collection and Telehealth Consultations (if applicable): 

During your engagement with our Guest Medical Screening Services, you directly provide VIKAND with most of the data we collect.

This may include, but not be limited to:

  • Protected Health Information and Personal Information on the Guest Medical Form: PHI (as defined above) and personal information submitted by you through the VIKAND online portal, including both the Guest Section and Doctor Section of the Guest Medical Form, used to assess your fitness for travel and processed in accordance with HIPAA and GDPR regulations.
  • VMS Guest Section Review: The “VIKAND Guest Section Review” refers to the assessment conducted by VIKAND of the Guest Section of the online guest medical form, used to evaluate fitness for travel based on maritime medical standards.
  • VMS Online Consultation: The “VIKAND Online Consultation” refers to the process where guests may elect to have the Doctor Section of their online guest medical form completed by VIKAND. This includes a consultation where a VIKAND medical professional reviews and completes the Doctor Section of the form.
  • Review and Consultation Data: Data collected during the VMS Guest Section Review and VMS Online Consultation, including any information relevant to determining fitness for travel.
  • Personal Information: Details provided during registration or consultation setup, including your name, contact information, and any other necessary information required for telehealth services. This may include basic demographic details such as gender, marital status, citizenship, and date of birth, necessary for identification and communication purposes. 
  • Health Information and Medical Records: We may collect health-related data, including medical history, current symptoms, test results, and other relevant medical information necessary for providing healthcare services remotely. The collection, storage, and handling of medical information adhere strictly to HIPAA regulations and GDPR guidelines to ensure confidentiality and protection of sensitive health data. 
  • Additional Voluntary Information: Any other details voluntarily provided during the registration process or subsequent communications with VIKAND, including information relevant to your health condition, concerns, or preferences discussed during telehealth consultations.
  • Telehealth Consultations (if applicable): If applicable, the telehealth consultation is conducted through a two-way, satellite-based, video link-up, allowing the physician or other health provider at VIKAND to see your image on the screen and hear your voice. In cases where bandwidth limitations prevent video functionality, the consultation may be conducted partially or fully via audio-only functionality.
  • Consent for Consultation Viewing (if applicable): If applicable, subject to your express written consent in advance, the consultation may be viewed by medical and non-medical personnel for evaluation, research, educational, quality, or technical purposes.
  • Recording and Use of Consultation Data (if applicable): If applicable, the telehealth consultation may be recorded for internal quality review or as required by your health coverage plan. However, the video image will only be used for these purposes unless expressly further authorized in writing by you. Medical records from telehealth consultations may also be used for data collection, analysis, and presentation, solely by VIKAND and without identifying you by name or other identifiable markers, subject to your prior written consent.
  • Release of Information: Subject to your express written consent in advance (except in cases of medical emergency), you authorize the release of your medical records and other relevant medical or psychiatric information as required by physicians, health care facilities, Peer Review Organizations, or as may otherwise be mandated by law.
  • Security of Medical Information and Records: All existing laws regarding privacy and security of your health information and copies of your medical records apply to telehealth services provided by VIKAND, including audio and video information transmitted, received, and stored electronically. VIKAND warrants compliance with all applicable requirements under HIPAA, GDPR, and other relevant laws concerning the processing of personal data and privacy.
  • Participation in Telehealth Consultations (if applicable): If applicable, participation in telehealth consultations implies that the client of VIKAND, such as, but not limited to, cruise lines, commercial shipping companies, or shipowners, has received express written consent from you, as the patient. This consent includes authorization for the use of images, audio recordings, and medical information for the outlined purposes or as allowed by applicable law.

**PLEASE NOTE that the collection of PHI is subject to strict confidentiality and is handled in accordance with HIPAA, GDPR and other applicable privacy laws.**

B. Indirect Data Collection: 

In addition to direct interactions via our website and application process, VIKAND may acquire data indirectly from various sources, in compliance with GDPR, HIPAA, and other applicable data privacy regulations: 

  • Referral Sources: This may encompass entities such as healthcare providers or partnering organizations, who might share information with us to ensure the provision of optimal healthcare services.
  • Third-party Integrations: We may collect data indirectly from third-party integrations or platforms that you have authorized to share information with us, such as social media platforms or health tracking applications.
  • Publicly Available Information: We may gather information about you from publicly accessible sources, including professional networking sites or public databases, to ensure the provision of quality healthcare services.
  • Cookies and Tracking Technologies: We may collect data indirectly through the use of cookies and tracking technologies on our website or application, which may gather information about your browsing behavior, preferences, and device characteristics.
  • Analytics and Usage Data: We may collect data indirectly through analytics tools and services, which help us analyze trends, track user interactions, and improve our services based on usage patterns.
  • Communication Channels: We may collect data indirectly through communication channels such as email, phone calls, or online chats, where you voluntarily provide information during interactions with our team members or support staff. 

II.              How Do We Use Your Data?

The data received are used for the sole objective of reviewing Guest Medical Screening Forms prior to boarding one of VIKAND’s clients’ vessels. This process is vital to ensure the health and safety of guests during their cruise. Any external communication regarding this personal data, sensitive personal data or PHI is limited to the cruise line with whom the guest will embark.  VIKAND does not share this information with any other outside parties.  We inform our clients that any personal data, sensitive personal data or PHI received from VIKAND can only be used for purposes for which it was intended, as outlined above.

We utilize your data for the following purposes, essential for fulfilling our contractual obligations and maintaining transparency:

  • Assessing Healthcare Needs: We review your medical history and relevant information to understand your healthcare requirements. Please note that providing certain personal data, including PHI, is necessary for assessing and addressing your healthcare needs. Failure to provide such data may impact our ability to provide comprehensive healthcare services.
  • Communication: We engage in communication with you regarding your healthcare needs, appointment scheduling, and other relevant matters pertaining to your engagement with VIKAND’s Guest Medical Screening Services. Your data is handled with the utmost confidentiality and respect for your privacy rights.
  • Service Improvement: We may use your data to analyze trends, monitor service usage patterns, and identify areas for service improvement within VIKAND. This helps us ensure that our services meet your needs effectively.
  • Security Measures: Your data is subject to secure security measures to protect against unauthorized access, disclosure, alteration, or destruction. We implement industry-standard security protocols and encryption techniques to safeguard your information.
  • Legal Compliance: We may use your data to comply with legal obligations, such as responding to legal requests or court orders, or to investigate and prevent fraudulent or unlawful activities related to the Guest Medical Screening Services.
  • Data Retention: We retain your data only for as long as necessary to fulfill the purposes outlined in this privacy policy or as required by law. Once the data is no longer needed, it is securely disposed of or anonymized to prevent identification. 

IV.              How Do We Share Your Data?

When it comes to sharing your data, we adhere to strict protocols to ensure the protection of your sensitive information.

We may share your data with third parties for the following purposes: 

  • Healthcare Provision: Your medical information may be shared with healthcare providers or partnering organizations to facilitate the provision of VIKAND’s Guest Medical Screening Services. This sharing is conducted in strict adherence to GDPR, HIPAA, and any other applicable data privacy regulations, ensuring the confidentiality and security of your data.
  • Employer: Your data may be shared with your employer with whom VIKAND has a contractual relationship. These employers have confidentiality obligations through our contract that comply with GDPR, HIPAA, and any applicable data protection regulations. This sharing is done for purposes such as facilitating communication regarding your healthcare needs and ensuring compliance with employment-related regulations.
  • Compliance with Legal Obligations: In certain circumstances, we may be required to disclose your data to comply with legal obligations, respond to lawful requests from government authorities, or protect the rights, property, or safety of VIKAND, our clients, or others. Any such disclosures are made in accordance with applicable data privacy laws and regulations.

We take comprehensive measures to ensure that any sharing of your data is conducted in full compliance with GDPR, HIPAA, and other applicable data privacy laws. This includes implementing contractual safeguards and obtaining your explicit and unambiguous consent where necessary, particularly when sharing sensitive health data or PHI or other confidential information.

Any sharing of your data with healthcare providers, partnering organizations, or employers is strictly limited to the above purposes. They are informed that any personal data received from VIKAND can only be utilized for the intended purposes as outlined above.

If you have provided your explicit and unambiguous consent, VIKAND will proceed with sharing your data with such entities, ensuring transparency and compliance with all applicable regulations.

V.            How do We Store Your Data? 

At VIKAND, safeguarding the confidentiality of your personal data is of utmost importance to us. We employ regulatory-compliant technology to securely store your data, ensuring the highest standards of protection.

To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of information, we have implemented a range of physical, electronic, and managerial procedures. These measures are designed to safeguard and secure the information we collect online, in compliance with GDPR, HIPAA, and other relevant data privacy regulations.

Your personal data, sensitive personal data, and PHI will be retained by VIKAND only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy. The specific retention period may vary depending on the nature of the data and the purposes for which it is processed. Once the data is no longer needed for these purposes, we will securely delete or anonymize it in accordance with our data retention policies and legal obligations.

This ensures that your data is handled responsibly and in accordance with the highest standards of data privacy and security.

VI.              Consent 

VIKAND assures that each guest grants them proper explicit, affirmative, unconditional, and unambiguous consent and authorization through clear affirmative action prior to processing any personal data ,sensitive personal data or PHI.  The guest further authorizes VIKAND to administer and store this data for the purpose outlined above. 

By selecting an online appointment with a VIKAND Doctor, guests agree that, if necessary, the VIKAND Doctor may complete the Guest Section of the Guest Medical Screening Form on their behalf, based on their verbal responses gathered during the consultation. Guests have the option to indicate their agreement or disagreement with this practice. Consent is voluntary, and guests may choose to complete the form themselves. 

Further, for parents or legal guardians accompanying children, they are permitted to complete the questionnaire on behalf of their child. However, they must confirm their role as the holder of parental responsibility and demonstrate the capacity to provide consent on their child’s behalf. 

For individuals with limited mental capacity, as determined by a court, and with an appointed guardian, it is necessary to ensure that the guardian completes the questionnaire on their behalf. This process includes confirming their role as the guardian and providing consent on behalf of the individual with limited mental capacity. 

VII.          What are Your Data Protection Rights? 

VIKAND would like to make sure you are fully aware of all of your data protection rights. Every data subject is entitled to the following:

  1. The Right to Access: You have the right to request VIKAND for copies of your personal data. 
  1. The Right to Rectification: You have the right to request that VIKAND correct any information you believe is inaccurate. You also have the right to request VIKAND to complete information you believe is incomplete. 
  1. The Right to Erasure: You have the right to request that VIKAND erase your personal data. This right is also known as the “right to be forgotten.” 
  1. The Right to Restrict Processing: You have the right to request that VIKAND restrict the processing of your personal data under certain conditions. This means we will limit how we use your data while resolving any concerns you may have. 
  1. The Right to Object to Processing: You have the right to object to VIKAND’s processing of your personal data under certain conditions. This includes the right to opt-out of certain types of data processing, such as direct marketing. 
  1. The Right to Data Portability: You have the right to request that VIKAND transfer the data we have collected about you to another organization or directly to you. This allows you to move, copy, or transfer your personal data easily between IT systems or platforms.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us our Data Protection Officer, Daniel Gonzalez at Daniel.gonzalez@vikand.com

VIII.              Subprocessors

VIKAND may engage third-party subprocessors to assist in the provision of healthcare services and the maintenance of our systems. These subprocessors may have access to personal data as part of their service delivery.

VIKAND maintains comprehensive agreements with all subprocessors to ensure the protection of personal data and compliance with applicable data protection laws. We regularly review and assess the performance of subprocessors to ensure they meet our data protection standards.

Currently, we do not use any subprocessors for our Guest Medical Screening Services, but we will update this policy if we engage third parties in the future. 

IX.           What Are Cookies? 

Cookies are small text files placed on your computer or device when you visit our website. They are commonly used to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar tracking technologies.

For further information, visit allaboutcookies.org.

X.            How Do We Use Cookies? 

VIKAND uses cookies for various purposes to enhance your experience on our website, including but not limited to:

  • Authentication: We use cookies to keep you signed in to your account and to personalize your experience.
  • Website Analytics: We use cookies to understand how you interact with our website, such as which pages you visit and how long you spend on each page. This helps us improve the performance and usability of our website.
  • Customization: We may use cookies to remember your preferences and provide you with customized content and advertising based on your interests.
  • Personalization: We may use cookies to tailor your experience on our website based on your browsing history, preferences, and interactions with our site.
  • Advertising: Cookies may be used to deliver targeted advertising messages to you based on your interests and browsing behavior, both on our website and on third-party websites.
  • Performance Monitoring: We may use cookies to monitor the performance of our website, including tracking error messages and page load times, to ensure optimal functionality and user experience.
  • Security: Cookies may be utilized to enhance the security of our website and detect any fraudulent or unauthorized activities.
  • Third-Party Integrations: We may use cookies in conjunction with third-party services and integrations to provide additional functionality or features on our website.

By using our website, you consent to the use of cookies as described in this notice. You can control and manage your cookie preferences through your browser settings. Please note that blocking certain types of cookies may impact your experience on our website.

XI.              What Types of Cookies Do We Use?

There are several different types of cookies, but on our website, we primarily use the following:

  • Functionality Cookies: VIKAND utilizes these cookies to recognize you on our website and remember your previously selected preferences. This may include language preferences and your geographic location. These cookies may be first-party or third-party cookies.
  • Advertising Cookies: These cookies are used to collect information about your visit to our website, including the content you viewed, the links you followed, and information about your browser, device, and IP address. VIKAND may share limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. As a result, you may see targeted advertisements on other websites based on your browsing patterns on our website.
  • Analytics Cookies: We use analytics cookies to gather information about how visitors use our website, such as which pages they visit most frequently, how long they spend on each page, and any error messages encountered. This data helps us analyze and improve the performance and usability of our website.

XII.              How to Manage Your Cookies?

You have the option to manage cookies through your browser settings. Most web browsers allow you to control cookies through their settings preferences. You can typically find these settings in the “Options” or “Preferences” menu of your browser. For detailed instructions on managing cookies in your specific browser, you can refer to the help documentation provided by your browser’s manufacturer. 

XIII.        Changes to Our Privacy Policy 

VIKAND keeps its Privacy Policy under regular review and places any updates on this web page. This privacy policy was last updated on 03 September 2024.

XIV.        How to Contact Us 

If you have any questions about VIKAND’s Privacy Policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: info@vikand.com

Call us: +17547154961

XV.         How to Contact the Appropriate Authorities? 

Should you wish to report a complaint or if you feel that VIKAND has not addressed your concern in a satisfactory manner, you may contact the appropriate data protection authority.

Please refer to the following link on how to contact the Information Commissioner’s Officer: https://ico.org.uk/global/privacy-notice/how-you-can-contact-us/.

To contact the European Data Protection Board please use the following link: https://www.edpb.europa.eu/about-edpb/more-about-edpb/contact-us_en

For HIPAA questions related to Health Information Privacy or Patient Safety, email OCRPrivacy@hhs.gov.