Privacy Policy

Privacy Policy for Edgewood Pediatric Services

(updated for Bermuda PIPA compliance as of June 2026)

  1. INTRODUCTION Edgewood Pediatric Services (referred to as “we,” “our,” or “us”) is committed to protecting your personal information in accordance with Bermuda’s Personal Information Protection Act 2016 (PIPA).

This Privacy Notice explains how we collect, use, disclose, and protect your personal information (including sensitive personal information such as health data), as well as your rights under PIPA.

Please read this notice carefully. It applies to personal information collected through our services, website (edgewoodpediatrics.com), forms, communications, and other interactions.

  1. PERSONAL INFORMATION WE COLLECT We collect personal information fairly and lawfully, only for specified purposes, and in a manner that is adequate, relevant, and not excessive (PIPA principles of fairness, purpose limitation, and proportionality).

Sources:

  • Directly from you (e.g., new patient forms, appointments, communications, consents).
  • Automatically (e.g., website cookies/device data).
  • From third parties (e.g., referring physicians, labs, insurance providers, or public sources where permitted).

Types of Information:

  • Contact and identification details: Name, date of birth, address, telephone number, email address, government-issued ID.
  • Health and medical information (sensitive personal information under PIPA): Medical history, allergies, medications, records (including results, correspondence, and treatment notes), photographs (if clinically relevant).
  • Demographic details where relevant: Sex/gender, race/ethnicity (for clinical appropriateness).
  • Legal and consent information: Health care proxies, advance directives, powers of attorney.
  • Financial and insurance: Payment details, insurance policy information.
  • Other: Any additional information necessary for providing pediatric care and operating our practice.
  1. HOW WE USE YOUR PERSONAL INFORMATION We use personal information only where permitted under PIPA (e.g., with your consent, for performance of services/contract, legal obligations, or other valid conditions). Health-related uses are primarily based on consent for care or other lawful bases.

Purposes include:

  • Providing pediatric medical care, services, and related support.
  • Processing payments, insurance claims, and billing.
  • Communicating with you about appointments, updates, results, or practice information.
  • Complying with legal, regulatory, or professional obligations (e.g., public health reporting, Department of Health).
  • Liaising with other providers (e.g., hospitals, labs, pharmacies, specialists in Bermuda or overseas).
  • Internal business operations, quality improvement, audits, and practice management.
  • Enhancing services and patient experience.

We obtain appropriate consent where required and maintain records of consents. Sensitive personal information (e.g., health data) receives heightened protection.

  1. COOKIES AND TRACKING TECHNOLOGIES Our website may use cookies and similar technologies to collect limited data such as IP address, browser type, and device information (primarily to distinguish humans from bots and improve functionality). You can manage cookie preferences through your browser settings.
  2. SHARING YOUR PERSONAL INFORMATION We share personal information only as necessary and in compliance with PIPA (e.g., with consent, for care coordination, or legal requirements). We remain responsible for third-party processors.

Recipients may include:

  • Service providers: IT/support, payment processors, cloud hosts, and practice management tools.
  • Healthcare partners: Other providers, Bermuda Hospitals Board, local/overseas labs, hospitals, pharmacies, and specialists.
  • Legal/regulatory authorities: Department of Health, courts, or as required by law.
  • Insurance providers and others: With your consent or as authorized.

For overseas transfers, we ensure comparable protection (e.g., via contracts or other safeguards).

  1. RETENTION AND SECURITY We retain personal information only as long as necessary for the purposes collected, legal obligations (e.g., medical record retention requirements), or legitimate business needs. Once no longer needed, we securely delete or anonymize it.

We implement reasonable physical, technical, and organizational safeguards (e.g., encryption, access controls, staff training, backups) to protect against unauthorized access, loss, or misuse. We work with IT partners for compliance.

Disclaimer: No electronic system is 100% secure. We cannot guarantee absolute security against all threats.

  1. YOUR RIGHTS UNDER PIPA You have the following rights (subject to exemptions, e.g., for medical records where access could prejudice health):
  • Right to be informed about processing.
  • Right of access to your personal information and medical records.
  • Right to correction/rectification of inaccurate or incomplete information.
  • Right to deletion/erasure (subject to legal/contractual obligations).
  • Right to obtain a copy of your data.
  • Right to object or opt out of certain processing (e.g., direct marketing).
  • Right to withdraw consent where processing relies on consent.
  • Other rights such as blocking or restrictions in certain cases.

To exercise these rights, contact our Privacy Officer (details below). We respond within statutory timelines (e.g., generally 45 days for access requests, with possible extensions).

  1. CHANGES TO THIS PRIVACY NOTICE We may update this notice to reflect changes in our practices, PIPA requirements, or guidance from the Privacy Commissioner. Significant updates will be posted on our website and, where appropriate, notified to patients. Updated consents may be requested as needed. We encourage regular review.
  2. COMPLAINTS AND CONTACT US Privacy Officer Edgewood Pediatric Services Phone: (441) 295-8000 Email: manager@edgewood.bm

We accept written complaints about our handling of personal information. Submit via email or mail with your details, a clear description of the issue, and any prior resolution steps. We acknowledge within 5 business days and aim to resolve within 20 business days (or provide updates).

If unsatisfied, you may complain to the Office of the Privacy Commissioner for Bermuda.

This Privacy Notice is provided in accordance with the Bermuda Personal Information Protection Act (PIPA) and applies to all personal information collected and processed by Edgewood Pediatric Services.

For questions, contact the Privacy Officer above.