Overview:
The Prism Health Group is committed to protecting client’s data and information. This
Privacy Notice explains how we collect, use, disclose, and safeguard personal
information in connection with our consulting services and our interactions with clients,
pharmacy benefit managers, brokers, vendors, and other business partners.
This notice applies to personal information collected through our business operations,
consulting engagements, and communications. We comply with applicable privacy and
security laws, including the Health Insurance Portability and Accountability Act (HIPAA),
where required. All Prism Health Group employees, contractors, and applicable third-
party associates are required to read, understand, and adhere to this policy.
Security:
Prism Health Group maintains a comprehensive security policy designed to protect our
clients’ information. We use appropriate physical, electronic, and administrative
safeguards to prevent unauthorized access, use, or disclosure of information collected
for business purposes.
Data Collection:
We collect and process personal information for legitimate business purposes related to
our consulting services and operations.
Providing consulting services related to pharmacy benefit plans
Analyzing and evaluating pharmacy benefit plan design, performance, and costs
Supporting client engagements and ongoing consulting relationships
Performing data analytics and reporting
Improving services, methodologies, and internal processes
Complying with legal, regulatory, and contractual obligations
Managing business operations, security, and risk
Data Retention
We retain personal information only for as long as reasonably necessary to fulfill
the purposes described in this Privacy Notice, unless a longer retention period is
required or permitted by law.
Retention Periods are based on the following requirements:
Duration of client engagement
Contractual retention requirements
Legal or regulatory retention obligations
Internal recordkeeping and audit requirements
Data Security
We implement reasonable administrative, technical, and physical safeguards designed
to protect personal information against unauthorized access, use, or disclosure.
All information may be stored in internal systems, such as customer relationship or
sales management applications. Access to these systems is limited to authorized
personnel and is permitted solely for purposes related to client services, business
administration, internal reporting, statistical analysis, and the marketing of the
Company’s products and services.
All incidents, breaches, or violations should be reported confidentially and immediately
to:
Prism Health | Data data@theprismhealthgroup.com