NEUROMetrix Information Privacy and Security Statement

NeuroMetrix's goal is to provide physicians with immediate and cost-effective information, which will aid in the diagnosis of common neuromuscular conditions. To this goal, NeuroMetrix customers may transmit patient information and diagnostic results to a centrally located information service. NeuroMetrix recognizes its fiduciary responsibility to physicians and their patients to protect this information, to ensure privacy is maintained and that the data is held securely and confidentially.

Patient Identification - NeuroMetrix does not collect personally identifying information about individuals. To associate nerve conduction study results with a patient, the physician may elect to enter a unique practice-specific patient identification code with each study. NeuroMetrix does not collect or maintain any information that would associate this identification code with a specific patient or individual.

For the purposes of continually improving product performance and advancing scientific knowledge in the field of neuromuscular diseases, NeuroMetrix may from time to time use the aggregated, anonymous information in the onCall™ Information System database. We will not disclose information about our customer's patients to third parties nor will we disclose statistics or information that can be attributed to a specific customer or practice.

HIPAA regulations allow for the use of de-identified health information as long as identifiers have been "stripped" and a key is not disclosed that would allow the information to be re-identified. NeuroMetrix does not possess a key to re-identify patient data.

Privacy of Information - NeuroMetrix will only transmit nerve conduction study reports, test summaries or population reports regarding a specific patient or a practice to the designated fax number(s) and/or email address to which the physician's device is registered. The managing physician of the practice must designate the fax number(s) and/or email addresses in writing.

Access to nerve conduction studies through the World Wide Web is protected by a password protected web site. Transactions are handled securely via state-of-the-art Secure Socket Layer encryption, which protects confidential information from interception and hacking.

NeuroMetrix will not release practice specific or individual diagnostic results to a third party without written permission, except as required by law or legal process, or to comply with authorized government oversight.

Physical and Technical Safeguards - NeuroMetrix takes rigorous precautions to protect its information systems from damage or tampering. These safeguards include but are not limited physical security measures such as locked server cabinets, restricted access to certain offices, or areas, and the use of passwords and encryption. Technical safeguards include the use of passwords, data access permission levels and encryption. Human resource security measures include security training, and confidentiality agreements.

Management Review - NeuroMetrix has established an information security team for the purposes of addressing patient privacy and information security issues. This team is comprised of members of senior management, information systems and quality assurance. The purpose of this team is to ensure that information privacy and security issues continue to be in the forefront of NeuroMetrix's business strategies.