Privacy at Baxter

On this page:

• SCOPE
• NOTICE
• DISCLOSURE
• ACCESS
• DATA INTEGRITY
• SECURITY
• ENFORCEMENT

I. Baxter recognizes and respects the privacy interests of individuals with regards to Private Information Baxter obtains. This is a fundamental aspect of Baxter's "Global Privacy Position Statement" and Baxter's Global Business Practice Standards." As further evidence of Baxter's commitment, Baxter has developed a set of worldwide, comprehensive Global Privacy Principles ("Baxter's Privacy Principles"), which include a set of Frequently Asked Questions. Baxter's Privacy Principles may be supplemented or superceded by legal requirements in local jurisdictions.

Baxter has implemented Baxter's Privacy Principles in all Baxter business units, divisions, and subsidiaries, including those located in jurisdictions that do not have privacy or data protection laws.

• Top

Baxter's Privacy Principles apply to all of Baxter's Private Information about any person ("Individual") that is collected as part of Baxter's business operations. The relevant Baxter's Privacy Principles also applies to third parties which handle and process Private Information about Individuals on behalf of Baxter.

1. What is "Private Information?"
Private Information means any information relating to an individual that identifies that individual or could reasonably be used to identify the individual regardless of the medium involved (e.g., paper, electronic, video, audio).

2. Whose Private Information is covered?
Any Private Information handled by Baxter in connection with Baxter's business operations, such as information from consumers, patients, health care professionals (e.g., physicians, pharmacists, nurses), employees, third party business associates and others, is covered by Baxter's Privacy Principles.

• Top

A. Collection and Use
Baxter collects and uses Private Information it acquires as a business from Individuals only in a lawful manner.

1. From what types of sources does Baxter collect Private Information?
To the extent practical and appropriate, Baxter collects Private Information directly from the Individual or through third parties. In those cases where Baxter collects Private Information about Individuals from other parties, it takes measures to respect the privacy preferences of Individuals. Examples of when Baxter may seek information from others include, without limitation, and where appropriate, from authorized health care providers.

2. Why does Baxter collect and use Private Information in the business context?
The collection and use of Private Information in the business context is essential to the conduct of many of Baxter's business functions. Examples of the purposes for which Baxter collects and uses Private Information include, without limitation, disease management, patient home delivery, education, decision support systems, requests for product information, clinical trials and employment.

B. Informing the Individual
Baxter informs Individuals from whom it collects Private Information of the type of data Baxter collects, the purposes for which Baxter collects Private Information, how to contact the organization with any inquiries or complaints, the types of parties to whom Baxter discloses Private Information, the privacy and information safeguards Baxter employs, and the right of Individuals to access and, if necessary, correct their Private Information. Baxter will provide this notice when Individuals are first asked to provide Private Information to Baxter, or as soon thereafter as is practicable. Baxter also makes information about its policies available, as appropriate, upon request.

C. Sensitive Information
Baxter exercises special precautions and safeguards for information defined as sensitive, while recognizing that all Private Information deserves to be protected.

1. What is "sensitive information"?
Sensitive information is Private Information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sexual preferences of the individual.

2. What safeguards are required for sensitive information?
Affirmative permission of the Individual is required to collect the sensitive information and if it is to be disclosed to a third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the Individual. Additional safeguards that may be required, along with the definition of sensitive data, can vary from country to country.

• Top

Baxter recognizes the importance of respecting Individuals' privacy preferences.

Baxter may share Individuals' Private Information with its corporate parent, affiliates, divisions, or subsidiaries, or with third parties acting on Baxter's behalf to enable Baxter to provide Individuals with certain services such as personalized health care information. Individuals have the opportunity to refuse or opt-out of, having their information shared. In addition, where consent of Individuals or their representatives for the collection, use, or disclosure of Private Information is required by law, contract or agreement, Baxter requests such consent and respects the Individual's choice in such matters.

1. Are there cases when Baxter may disclose Private Information without consent?
Yes. In certain limited or exceptional circumstances, and in accordance with legal requirements, Baxter may disclose an Individual's Private Information without the Individual's consent, such as when Baxter is required to disclose the information by law or legal process or when the vital interests of the Individual, such as life or health, are at stake.

2. Under what circumstances does Baxter disclose Private Information to agents and contractors, and what steps does Baxter take to safeguard that information?
As a part of its normal business operations, Baxter hires agents and contractors to carry out certain functions that require use of "Private Information." Baxter binds such parties through written agreements to observe the relevant Baxter's Privacy Principles, restricts the use and retention of the information to the purposes and timeframe of such outsourcing, and takes other measures to require the observance of the relevant Baxter's Privacy Principles.

3. What happens if Individuals object to the collection, use, and disclosure of their Private Information?
If an Individual objects to Baxter's collection, use, or disclosure of certain Private Information, Baxter will make reasonable efforts to address the concerns of the Individual.

In no case will an Individual be subject to sanction or retaliation for objecting to the collection, use or disclosure of the Individual's Private Information. An individual withholding Private Information or prohibiting its collection, use or disclosure, however, may be disadvantaged as a result of not making the information available. For example, unwillingness to provide information required to use a service or receive a benefit may make a user ineligible for that service or benefit.

4. How are decisions reached about who has access to Private Information about Individuals?
Access to Private Information about Individuals is given only to those entities with a legitimate need to know the information to carry out their responsibilities.

5. What is to prevent a person who has access to some of an Individual's Private Information from browsing through other parts of it for other reasons?
It is the policy of Baxter to grant employees, agents and contractors access only to the amount of information necessary to carry out their responsibilities.

• Top

Baxter provides Individuals about whom it maintains Private Information with a reasonable opportunity to examine their information, to challenge its accuracy, and to have it corrected, amended or deleted as appropriate, subject to certain exceptions.

1. How do Individuals exercise their rights under the Access Principle?
Upon request, Individuals will be given reasonable access to the Private Information Baxter holds about them. Reasonable access applies to both the process of accessing Private Information and the types of Private Information to be accessed. In terms of the process, reasonable access means, for example, that requests for access are made during normal business hours, following standard procedures, and that the frequency of access requests is not excessive. In terms of the types of Private Information to be accessed, reasonable access means recognizing certain exceptions discussed in FAQ 2 that follows. If Baxter denies an Individual access, however, Baxter will provide such Individual with the reason(s) for denying access and a contact point for further inquiries.

If notified that Private Information Baxter maintains is incorrect, where requested, and provided with appropriate supporting documentation, Baxter will either correct the information or direct the Individual to the source of the information for correction. If, upon review, Baxter believes that the existing information is correct, Baxter will inform the Individual. If the Individual continues to dispute the accuracy of the information, Baxter will note that dispute in the Individual's record upon request.

2. Is there any Private Information of an Individual maintained by Baxter that such Individual would not be permitted to access?
Yes, there are some exceptions to the obligation to provide access. These may include access to confidential or proprietary information, such as physician notes, or situations in which granting access might have to be balanced against the privacy interests of others. In addition, access may be denied when the information requested relates to an ongoing investigation of the individual, litigation or potential litigation or where the burden or expense of providing access would be disproportionate to the risks to the Individual's privacy. In cases of sensitive medical information, it may be more appropriate to provide such information to the individual's healthcare professional who in turn can provide such information to the individual and be available to interpret properly the meaning of the information collected.

• Top

A. Accuracy
Baxter employs reasonable steps to keep Private Information accurate, complete, and up-to-date.

Is there a role for Individuals to play in maintaining the accuracy of Private Information?
Yes. Keeping Private Information as accurate, complete, and up-to date as required for the purposes for which it is used is in the best interests of both Individuals and Baxter. Baxter expects all Individuals to assist it in keeping the Private Information Baxter holds about them accurate, complete and up-to-date, and facilitates cooperation by Individuals in doing so.

B. Retention
Baxter retains Private Information only as long as needed to meet the purposes for which it was collected or as required by contractual agreement or legal requirements. Baxter uses reasonable procedures, following retention guidelines, to ensure that it archives or destroys Private Information no longer than is required for the purposes for which it was originally collected, unless otherwise agreed to by the Individual. Some Private Information of Individuals may be archived to meet legal requirements, to provide evidence in cases of litigation or for statistical purposes.

• Top

Baxter takes reasonable precautions, including administrative, technical, personnel, and physical measures to safeguard Private Information against loss, misuse and unauthorized access, disclosure, alteration, destruction, and theft.

Is there a role for Individuals to play in maintaining the security of Private Information?
Individuals play a vital role in maintaining security, and should be held accountable for safeguarding their own "Private Information," for example, by protecting passwords used to access a systems, in keeping their own paper records under lock and key when not in use, and in disposing of records and reports no longer needed in a secure manner.

• Top

A. Compliance
Baxter maintains active processes to ensure compliance with Baxter's Privacy Principles, as well as with legal requirements, contractual agreements, and other commitments in the handling of "Private Information".

A senior Baxter Privacy Official is responsible for implementing and overseeing the administration of Baxter's Privacy Principles. In addition, a Data Privacy and Security representative in each business and region is responsible for assisting this privacy executive with the administration of Baxter's Privacy Principles within that business, region or country. To contact Baxter's Privacy Official, please submit a general inquiry via Baxter's on-line form, call: 1-800-422-9837 (847-948-4770) or fax your inquiry to 847-948-3642.

It is the responsibility of Baxter affiliates and subsidiaries to act in accordance with Baxter's Privacy Principles and obligations with respect to Private Information.

1. What are the responsibilities of the senior Baxter Privacy Official?
Responsibilities of the senior Baxter Privacy official include but are not limited to:

• Ensuring that the privacy guidelines, programs, procedures, training, and other measures necessary to implement Baxter's Privacy Principles are developed and put into practice;
• Overseeing responses to inquiries, and resolution of complaints, relating to privacy;
• Working with Baxter's legal staff to ensure Baxter's ongoing compliance with applicable privacy laws and agreements; and
• Overseeing periodic assessments of Baxter's internal practices to ensure that they conform to Baxter's Privacy Principles and related company obligations.

2. What steps are taken to promote compliance with Baxter's Privacy Principles?
Compliance measures include:

• Educating Baxter employees as to the purpose and application of Baxter's Privacy Principles;
• Training those individuals with access to Private Information on privacy policies and procedures;
• Requiring employees, agents, and contractors with access to the Private Information of others to sign confidentiality agreements;
• Holding employees, agents, and contractors accountable for violations of Baxter's Privacy Principles, with sanctions, including the possibility of termination of contracts and employment; and
• Having designated points of contact in each business or region to answer questions regarding Baxter's Privacy Principles and Baxter's privacy practices and to investigate complaints regarding conduct inconsistent with Baxter's Privacy Principles or related obligations.

B. Complaint Resolution
Baxter recognizes the importance of having mechanisms in place to address and resolve complaints by Individuals about the processing of Private Information. Therefore, in addition to any legal remedies that may be available, if an Individual covered by Baxter's Privacy Principles makes a complaint about the processing of the Individual's Private Information, and the complaint is not resolved to the Individual satisfaction through Baxter's internal procedures, then Baxter will use a readily available and affordable independent dispute resolution mechanism to resolve the complaint.

1. What are the procedures for filing a complaint about the handling of Private Information?
All individuals having questions or complaints concerning Baxter's privacy's practices can submit an inquiry via Baxter's on-line Privacy Complaint Form, call: 1-800-422-9837 (847-948-4770) or fax your inquiry to 847-948-3642. For more information on Baxter's complaint process, please read Baxter's Dispute Resolution Process.

2. What types of independent dispute resolution mechanisms are available?
Some jurisdictions have established data protection authorities overseeing the processing of Private Information that are willing to assist in the resolution of complaints. Baxter is committed to working with these authorities to resolve any complaint and to complying with their decisions in such cases.

Alternatively, in jurisdictions where there is no data protection authority available to provide dispute resolution, Baxter has identified and will utilize an independent alternative dispute resolution mechanism to resolve the complaint administered by the CPR Institute for Dispute Resolution (www.cpradr.org).

The senior Baxter Privacy official in charge of administering Baxter's Privacy Principles or the designated regional officials will be able to provide additional information about the use of independent dispute resolution mechanisms.

• Top