Security & Compliance
Last updated: July 15, 2026
At MedicalProspects, data integrity, transparency, and security are at the core of everything we do. As a trusted B2B healthcare contact database partner, we build high-quality audiences in strict adherence to data protection regulations. This page explains our data security practices, our compliance standards, and our actionable recommendations for customers to ensure their outreach is compliant, ethical, and successful.
1. Our Data Sourcing & Security Practices
We employ standard-setting operational and technical controls to safeguard data and verify its accuracy.
Transparent Data Sourcing
Our B2B contact lists are compiled strictly from publicly accessible professional sources (such as NPI registries, medical association directories, licensing boards, and healthcare publications) and vetted third-party B2B data licensing partners. We never source contact information from patient health records or confidential clinical systems.
Data Storage & Transmission
All datasets are stored in secure cloud environments protected by advanced access control protocols, including multi-factor authentication (MFA) and least-privilege administrative access policies. We encrypt all data in transit using TLS 1.3 and at rest using AES-256 encryption.
2. Our Regulatory Compliance Framework
We align our data compilation practices with the three most prominent regulations governing digital communications and data privacy:
CAN-SPAM Act Compliance (United States)
We ensure all compiled B2B profile records include standard B2B indicators, professional affiliations, and verified business email addresses. Our data supports our clients in building commercial emails that adhere to the Federal Trade Commission's (FTC) requirements.
GDPR Adherence (European Union & United Kingdom)
For individuals in the European Economic Area (EEA) and the UK, we process professional profile and contact data under the lawful basis of Legitimate Interests (GDPR Article 6(1)(f)). We only compile business contact data that is relevant to professional marketing and business-to-business outreach. We honor data subject access and deletion requests (the "Right to be Forgotten") promptly, responding to all inquiries within 30 days.
CCPA / CPRA Compliance (California)
MedicalProspects respects the privacy rights of California residents. We provide a straightforward path to request information access, correction, or complete deletion from our database. We do not sell personal patient health data or clinical records of any kind, and we honor consumer opt-outs without discrimination.
3. Compliance Guidelines for Our Customers
When purchasing databases from MedicalProspects, you are responsible for using the data in compliance with all local, state, and international communication laws. To safeguard your brand reputation and ensure lawful outreach, we suggest adopting the following practices:
A. Provide Clear Opt-Out Mechanisms
Every commercial email you send must include a highly visible, easy-to-use unsubscribe link or opt-out mechanism. Ensure that your unsubscribe system processes requests immediately, and maintain an internal master suppression list to prevent emailing these contacts in future campaigns.
B. Be Transparent About Data Collection
When conducting cold B2B outreach, it is best practice to let the recipient know how you retrieved their details. Being open builds trust and fulfills the transparency requirements of modern privacy rules. We recommend including a brief notice in your footer or introductory paragraph:
C. Provide a Physical Mailing Address
Under CAN-SPAM, you are legally required to list a valid physical postal address for your business at the bottom of every commercial email. This can be your current street address, a registered post office box, or a private mailbox registered with a commercial mail-receiving agency.
D. Avoid Deceptive Subject Lines and Headers
Your "From," "To," "Reply-To," and routing information — including the originating domain name and email address — must be accurate and clearly identify your company. Your subject line must reflect the actual content of the email and must not be misleading or deceptive.
4. Data Subject Rights & Removal Requests
If you are a healthcare professional whose contact information is listed in our directory and you wish to review, update, or completely remove your profile, we are committed to processing your request quickly and without friction. Please contact our data compliance office directly at [email protected] with the email address and profile details you would like removed. Once verified, we will exclude your record from all future database updates.
Contact Our Compliance Team
MedicalProspects — Security & Compliance Office
Email: [email protected]
Address: 7901 4th St N Ste 300, St Petersburg, FL 33702