Privacy Policy

Thank you for visiting M‑TAC.org and reviewing our Privacy Policy. This policy applies to M‑TAC.org and all websites and digital platforms funded or operated by M‑TAC. Your privacy is important to M‑TAC, and this statement explains how we collect, use, safeguard, and disclose information.

M‑TAC is a program of Health Resources in Action (HRiA) and operates in accordance with HRiA’s enterprise‑wide privacy, information security, and data governance policies.

Information We Collect

Non‑Personally Identifiable Information

M‑TAC may collect non‑personally identifiable information through websites and digital platforms, including aggregated usage statistics such as page views, traffic patterns, browser type, and general location data.

This information is used to:

  • Improve website functionality and services
  • Perform quality assurance and evaluation
  • Support reporting to funders and stakeholders

Aggregated data does not identify individual users.

Personally Identifiable Information (PII)

Personally identifiable information is information that can be used to identify or contact an individual. M‑TAC may collect PII when you:

  • Register for trainings or events
  • Request technical assistance
  • Complete evaluations, surveys, or forms
  • Communicate with M‑TAC

PII may also be received via social media platforms depending on your privacy settings.

PII is used only for legitimate programmatic, operational, educational, accreditation, funding, and legal purposes.

Learner Information and Continuing Education Records

Learner information is a specific subset of personally identifiable information collected and maintained in connection with trainings, technical assistance, certifications, and continuing education activities, including records required for the administration of Continuing Education Units (CEUs).

Learner information may include, but is not limited to:

  • Name and contact information
  • Professional affiliation and role
  • Registration, participation, and attendance records
  • Assessment results and completion status
  • CEU transcripts and certificates
  • Course evaluations and feedback

Learner records are maintained solely for legitimate educational, operational, accreditation, funding, and legal purposes, and are protected under this Privacy Policy and HRiA’s enterprise security framework.

M‑TAC does not sell learner information and does not use learner records for commercial marketing purposes.

Learner Record Lifecycle and Release

Learner records are managed throughout their lifecycle, including input, maintenance, issuance, and release:

  • Input: Learner information is entered into approved systems (e.g., LMS) by authorized personnel or directly by the learner during registration. Processes are in place to ensure data accuracy and integrity.
  • Maintenance: Learner records are maintained and updated by authorized personnel in accordance with organizational policies and access controls.
  • Issuance: CEU certificates and transcripts are issued only to learners who have met all completion requirements. Issuance is conducted through secure systems and based on verified learner records.
  • Release: Learner records are released only:
    • Upon written or electronic request by the learner, or
    • As required by law or accrediting bodies
    • With appropriate identity verification prior to release
  • Notification: Learners are notified when records are issued (e.g., CEU certificates) or provided to a third party, where applicable.

Governance, Responsibility, and Oversight

Responsibility for the protection of learner information is established at the enterprise level by HRiA. HRiA is responsible for maintaining organizational privacy, security, and risk‑management policies, while M‑TAC leadership is responsible for ensuring these policies are followed in the administration of M‑TAC programs.

M‑TAC operates within HRiA’s governance structure and complies with HRiA‑approved policies and procedures related to information security, privacy, records management, and risk mitigation.

Access Controls and Acceptable Use

Access to learner records and other sensitive information is restricted to authorized employees, instructors, consultants, and contractors who require access to perform approved job responsibilities.

All individuals with access to learner information are subject to HRiA’s acceptable use, confidentiality, and data protection requirements. Learner information may not be accessed, used, disclosed, or distributed except for authorized business purposes and in accordance with organizational policy. Compliance with these requirements is mandatory and enforced.

Third‑Party Service Providers

M‑TAC may use HRiA‑approved systems, platforms, or third‑party service providers to support training delivery, record management, evaluation, or accreditation reporting.

When learner information is shared with third‑party vendors or contractors:

  • Access is limited to the minimum information necessary
  • Vendors are required to protect information consistent with this Privacy Policy and HRiA requirements
  • Learner information may not be used for any other purpose

M‑TAC does not permit third parties to sell or independently market using learner data.

Data Retention and Secure Disposal

Learner information is retained in accordance with HRiA’s records retention policies and applicable accreditation, funding, contractual, and legal requirements.

When learner records are no longer required, they are securely disposed of in accordance with HRiA‑approved data destruction practices to prevent unauthorized access or disclosure.

Workforce Training and Awareness

HRiA maintains enterprise expectations for staff training and awareness related to information security and privacy. Employees with access to learner information are required to complete applicable training and comply with data protection responsibilities specific to their role.

Security Safeguards and Incident Response

M‑TAC uses commercially reasonable administrative, physical, and technical safeguards, consistent with HRiA enterprise security standards, to protect the confidentiality, integrity, and availability of information under its control.

While no system can be guaranteed to be 100% secure, M‑TAC follows HRiA’s incident response procedures in the event of a suspected or confirmed data security incident involving learner or personal information. Where required by law or regulation, affected individuals will be notified, and appropriate corrective actions will be taken.

Learner Access and Corrections

Learners may request access to their training records, CEU transcripts, or certificates, or request correction of inaccurate information, subject to verification and applicable retention requirements.

Requests may be submitted to [email protected].

Cookies and Tracking Technologies

M‑TAC and authorized third‑party service providers may use cookies and similar technologies to support site functionality, improve user experience, conduct analytics, and perform quality assurance.

Information collected through cookies is governed by this Privacy Policy. M‑TAC is not responsible for the privacy practices of third‑party websites or platforms.

Updates to This Policy

This Privacy Policy may be updated from time to time. The most current version will be posted on the M‑TAC website and will govern the collection, use, and disclosure of information.

Continued use of M‑TAC services or websites constitutes acceptance of the updated policy.

Contact Information

If you have questions about this Privacy Policy or the handling of your information, please contact by mail or by filling out the contact form from this link.

Health Resources in Action
2 Boylston Street, 4th Floor
Boston, MA 02116

Register today for upcoming trainings!