Effective date: September 9, 2021
Boston Scientific's mission is to improve the quality of patient care and the productivity of health care delivery through the development and advocacy of less-invasive medical devices and procedures. As part of this mission, Boston Scientific designed and implemented the LATITUDE Patient Management system (LPM). The LPM allows healthcare providers to remotely monitor Boston Scientific implantable cardiac medical devices.
It is the policy of Boston Scientific to comply with all applicable laws governing the processing of personal information, including those associated with the safeguarding of sensitive or protected health information. Implementation of this policy is subject to specific laws in the countries where the patients reside.
To transfer personal data from the European Union to the United States, Boston Scientific has implemented the European Commission’s Standard Contractual Clauses between its EU, Swiss and US entities and with its service providers. Additionally, Boston Scientific has additional safeguards in place such as encrypting the data at rest and in transfer. An overview of the suppliers Boston Scientific uses to help support LATITUDE can be found at http://bostonscientific.eu/latitude (under key resources).
Furthermore, Boston Scientific abides by the Generally Accepted Privacy Principles (GAPP), as set forth below:
In addition to this policy, the personal information handling practices are also governed by the privacy policies of the LATITUDE-participating healthcare providers.
Choice and consent:
Compliance with EU General Data Protection Regulation 2016/679:
In some EU countries or with some clinics, Guidant Europe will only be recognized in a processor role, which will be in any case clarified in the contract with the clinic. Patient consent is a cornerstone of protecting the rights of LATITUDE patients. Boston Scientific relies on clinics to inform potential users about the LPM system and Boston Scientific’s role and collect the associated consent. Boston Scientific requires each clinic that they work with to sign an agreement detailing the modalities by which patient consent is obtained. These agreements, known as Data Processing Agreements, establish mutual obligations regarding the processing of personal data between the parties.
Boston Scientific collects personal information for the purpose of providing remote monitoring services for patients who have certain models of Boston Scientific implantable cardiac medical devices and have been enrolled in LPM through their healthcare provider. The types of personal information collected may include:
- Full name
- Date of birth
- Device model and serial numbers
- Telephone number
- E-mail address
- Health-related information, including cardiac
condition and data relating to and generated by the patient's cardiac device:
such as device settings and status indicators; health data, including various
types of cardiac measurements and events, and measurements from external
- Business contact information such as first and last
name, title, telephone number, e-mail address, and postal address
- LPM credentials and browser information such as client IP address, client browser, client OS version. This data is written to log files and not to the Latitude database. The logs are retained for 2 years.
Use, retention, and disposal:
Boston Scientific uses personal information for the management of its remote monitoring services, which includes customer and technical support, system maintenance, data compilation and analysis, data hosting, event reporting, program analysis and maintenance as well as internal reporting and to comply with reporting obligations to regulatory health authorities.
Boston Scientific retains personal information for only as long as necessary to fulfill the stated purposes or as required by law or regulations and thereafter appropriately disposes of such information. Boston Scientific will keep personal information of patients for as long as they are equipped with the medical device and enrolled in the System and for up to six (6) years after their device has been taken out of service, unless a longer retention period is necessary to comply with a legal or regulatory obligation. Personal information related to healthcare professionals will be maintained for so long as LPM services are provided or requested, as necessary for Boston Scientific's legitimate business purposes, or as required by law. Clinic administration is responsible for managing access to the LPM platform.
Access to Personal Information:
Disclosure to third parties:
Security of your personal information:
Monitoring, enforcement and privacy rights:
Boston Scientific Corporation
For inquiries in the EU/EEA:
Boston Scientific Corporation
GlobalPrivacy@bsci.com or via our Data Subject Request Form
EuropePrivacy@bsci.com or via our Data Subject Request Form
California Privacy Rights:
The Boston Scientific Privacy Notice for California Residents provides additional information for California residents under the California Consumer Privacy Act of 2018 (CCPA).