We take patient information very seriously. All information you store on the list is encrypted during transmission. Only you (and your group) have access to this information. All data is stored on a dedicated server and is not shared by any other organization or entity. We are 100% HIPAA compliant.
This privacy policy tells you how we use personal information collected at this site. Please read this privacy policy before using the site or submitting any personal or patient information. By using the site, you are accepting the practices described in this privacy policy. These practices may be changed, but any changes will be posted and changes will only apply to activities and information on a going forward, not retroactive basis. You are encouraged to review the privacy policy whenever you visit the site to make sure that you understand how any personal information you provide will be used.
Note: the privacy practices set forth in this privacy policy are for this web site only. If you link to other web sites, please review the privacy policies posted at those sites. Collection of Information We collect personally identifiable information, such as names, postal addresses, email addresses, etc., when voluntarily submitted by our visitors or added by your local administrator. This information is only used to fulfill your specific requests and use within the edoclist site only, unless you give us permission to use it in another manner, for example to add you to one of our mailing lists.
The Site may use cookie and tracking technology depending on the features offered. Cookie and tracking technology are useful for gathering information such as browser type and operating system, tracking the number of visitors to the Site, and understanding how visitors use the Site. Cookies can also help customize the Site for visitors. Personal information cannot be collected via cookies and other tracking technology, however, if you previously provided personally identifiable information, cookies may be tied to such information. We do NOT share any data (even from cookies) with third parties.
We do NOT share any personal information with other corporations, individuals or institutions. We may only do so when: (1) permitted or required by law; or, (2) trying to protect against or prevent actual or potential fraud or unauthorized transactions; or, (3) investigating fraud which has already taken place. The information is not provided to these companies for marketing purposes.
Your personally identifiable information is kept secure. Only authorized employees, agents and contractors (who have agreed to keep information secure and confidential) have access to this information. All emails and newsletters from this site allow you to opt out of further mailings.
HIPAA is the Health Insurance Portability and Accountability Act of 1996 that specifies laws for the protection and use of Personal (or Protected) Health Information (PHI) which is essentially your medical record.
In 2010, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in order to update HIPAA rules and provided federal funds for deploying electronic medical records (EMR), also referred to as electronic health records (EHR). HITECH upgraded HIPAA because medical records were now in digital form, and as a result, they needed new rules for protection and availability.
HIPAA covers the Privacy, Security and Enforcement rules of PHI. The Privacy and Security rules contain information on how one must treat PHI (whether it's electronic or not). The enforcement rules specify what happens if you don't (the penalties).
There are three things that HIPAA requires: Integrity of information – The medical record must be accurate Confidentiality – The medical record should only be seen by those with a need to know and all uses of that data should be knowable by the individual. Availability – The medical record must be available, in essence, no reasonably avoidable downtime.
HIPAA was intended to ease the sharing of Personal Health Information (PHI) between entities that have a need to know while maintaining an acceptable and reasonable level of privacy to the individual whose information is at stake. HITECH was intended to fund and define sharing rules for Electronic Medical Records (EMR) to further their use in hopes of curtailing growing health care costs.
The Acts are administered by the Department of Health and Human Services (HHS) in the Office of Civil Rights (OCR). It is the OCR which has the right to enforce, audit, fine and charge companies and individuals for violations of the Act. They interpret the law in the Act and write the rules and regulations.
The rules and regulations are documented in the Code of Federal Regulations (CFR). Parts 160 and 164 of the CFR are the two that pertain to HIPAA. When someone says they adhere to HIPAA rules, it means they adhere to the paragraphs in the Parts. For example, one of the paragraphs says: Paragraph 164.308(a)(1)(i) Standard: Security Management Practices – Implement policies and procedures to prevent, detect, contain, and correct security violations. We are then required to do precisely what it says: prevent, detect, contain and correct security violations.
If you have any questions, concerns, or comments about our privacy policy you may contact us. We reserve the right to make changes to this policy. Any changes to this policy will be posted.