ODI Consulting, Inc. Privacy and Security Compliance Statement

At ODI Consulting, Inc. (“ODI”), we are committed to maintaining the highest standards of privacy and security in compliance with applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), and other relevant privacy frameworks.

Commitment to Privacy and Data Protection

ODI takes privacy and security seriously and adheres to strict policies to ensure the confidentiality, integrity, and availability of personal and sensitive information. We will never sell, give away, or use any private information without the explicit knowledge and consent of the individual or entity to whom the data belongs.

HIPAA Compliance

For clients and partners operating within the healthcare sector, ODI complies with HIPAA regulations to protect Protected Health Information (PHI). Our compliance measures include:

• Administrative Safeguards: Implementing policies and procedures to manage PHI securely, including employee training and access controls.
• Technical Safeguards: Utilizing encryption, secure authentication, and access restrictions to prevent unauthorized access to PHI.
• Physical Safeguards: Ensuring secure storage and restricted access to physical records containing sensitive information.
• Business Associate Agreements (BAAs): Establishing formal agreements with partners and vendors to ensure HIPAA compliance in data handling.

GDPR and Global Privacy Compliance

For clients operating in the European Union or handling EU citizen data, ODI complies with the General Data Protection Regulation (GDPR) by:

• Ensuring lawful data processing based on consent, contractual necessity, or legitimate interest.
• Providing transparency regarding data collection, usage, and retention policies.
• Offering individuals the right to access, correct, or delete their personal data upon request.
• Implementing robust security measures to protect against data breaches and unauthorized access.

Other Privacy Regulations

ODI also complies with additional privacy laws, including but not limited to:

• Federal Trade Commission (FTC) Guidelines: Adhering to fair information practices and consumer protection standards.
• Industry-Specific Regulations: Ensuring compliance with any additional privacy laws relevant to our clients and business operations.

Security Measures

ODI employs industry-leading security protocols to safeguard all data, including:

• Data encryption for both stored and transmitted information.
• Multi-factor authentication for system access.
• Regular security audits to identify and mitigate potential vulnerabilities.
• Strict access controls ensuring only authorized personnel can handle sensitive data.

Transparency and Consent

ODI believes in full transparency regarding data usage. We ensure that individuals and organizations are informed about how their data is collected, stored, and processed. No personal or sensitive information is shared, sold, or used without explicit consent.

Continuous Improvement

ODI continuously monitors evolving privacy regulations and updates our policies and security measures accordingly. We remain committed to protecting the privacy and security of all data entrusted to us.