If you have any questions concerning our HIPAA compliance policies,
please contact us at compliance@episodealert.com or at 1(800) 905-0698.
Thank you for visiting the Episode Alert Web sites. Episode Alert
recognizes that it is important for individuals and businesses to be confident that
their privacy is protected when they visit any Episode Alert Web site.
HIPAA Compliance Policy Updated Sept. 2013
Under the HIPAA privacy rules Medgi, LLC. is considered a Business Associate.
It is our policy to comply with the rules and regulations of the Health Insurance
Portability and Accountability Act of 1996 (HIPAA). Through our Terms of Service,
Business Associate Agreement (BAA) and Addendum with the Covered Entity, we give
contractual guarantees that we will use Protected Health Information (PHI) that
we are granted access to only for the purposes for which we have been contracted.
We will safeguard the information from misuse, and will help the Covered Entity
comply with their obligations under the HIPAA rules. Episode Alert provides the
Covered Entity with a BAA, Addendum, Terms of Service and Privacy policy at sign
up. If required by the Covered Entity we will make the necessary changes to our
Terms of Service and/or our BAA to ensure our HIPAA compliance meets their needs.
We have taken the necessary steps to assure Episode Alert is compliant as follows:
Accounting of disclosures and audit trail issues:
We are appointed by and contracted to the Covered Entity to assist in the payment
process and are considered part of the treatment, payment, or health care operations
(TPO).
A Covered Entity is not required by HIPAA regulation to keep an accounting of anyone
within their own organization who has received (or had access to) medical information.
The accounting provision only covers "disclosures," which are defined as the sharing
of health information with someone outside of an organization that is not a part
of the TPO. See Section 164.528(a) (right to accounting of disclosures) and Section
164.501 (definition of "disclosure"). The regulation specifically states that a
Covered Entity does not have to keep an accounting of information disclosed to someone
outside of the organization or the purposes of treatment, payment, or health care
operations. See Section 164.528(a)(1)(i). The result of these exclusions are that
a Covered Entity is required to account for only a narrow category of disclosures
that primarily are not related to health care, such as those made to law enforcement
personnel or pursuant to a request for documents in a lawsuit.
Data is protected from unauthorized viewing/usage
Covered Entity restricts Episode Alert access via password to only those employees
that have a need to know. Servers and data storage units are in a secured SSAE 16
compliant data center with limited access. Data is received and forwarded via automated,
electronic processes where no direct human intervention is required. Access or viewing
of PHI is only allowed when required to provide further support to the Covered Entity.
Proper disposal of data
At the end of a Covered Entity’s contract with Episode Alert their data is deleted
from the Episode Alert computer systems. No printed reports or paper copies are
ever retained in our facility. If reports are ever printed to further support the
Covered Entity, they are shredded immediately upon completion of the task that required
the paper output.
Privacy and Security Rule(s)
To protect the privacy and security of the PHI we have implemented the following
processes:
- Covered Entities must execute a Terms of Service and BAA to subscribe to our service
- All employees, contractors, sub-contractors, agents and representatives are required
to sign an agreement to abide by the HIPAA Privacy Act and a Confidentiality & Non-Disclosure
agreement
- Support data encryption on all websites and all reports
- E-mail address verification
- Restricted access to PHI on a need to know basis (via passwords and company policy)
- Automatic expiration of passwords
- 24/7 restricted access to SSAE 16 compliant Data Center
- Office facility is locked 24/7 and has monitored security system installed throughout
- Automated encrypted data backups
- Encrypted data backups stored in secured environment in SSAE 16 compliant data center
- Automated virus checking
- HIPAA and Security awareness training for all employees, contractors, sub-contractors,
agents and representatives is mandatory
- Employee termination security procedures in place
- All retired computer hard drives are shredded
- HIPAA Transaction and Code Set Rule
- HIPAA compliant EDI transactions are used when applicable
- HIPAA compliant Code Sets are used when applicable
Introduction
Consistent with the provisions of the Internet Security and Privacy Act, the Freedom
of Information Law and the Personal Privacy Protection Law, this policy describes
Episode Alert's privacy practices regarding information collected from users of
its Web site. This policy describes what information is collected and how that information
is used. Because this privacy policy only applies to the Episode Alert Web sites,
you should examine the privacy policy of any Web site, including government agency
Web sites, that you access using this Web site.
For purposes of this policy, "personal information" means any information concerning
a natural person which, because of name, number, symbol, mark, or other identifier,
can be used to identify that natural person. Episode Alert does not collect any
personal information about you during your visit to its Web sites unless you provide
that information voluntarily; for example, by sending such information in an e-mail
or by providing it in connection with an online form or transaction.
Information Collected Automatically When You Visit this Web site
When visiting Episode Alert web sites, Episode Alert automatically collects and
stores the following information about your visit:
- The Internet Protocol address and domain name used, but not the e-mail address.
The Internet Protocol address is a numerical identifier assigned either to your
Internet service provider or directly to your computer;
- The type of browser and operating system used;
- The date and time you visited this site;
- The Web pages or services you accessed at this site;
- Any form, publication or document which you download; and
- Depending on how you access Episode Alert's site, Episode Alert may also, on occasion,
capture the Web site you visited prior to coming to Episode Alert's Web site.
None of the foregoing information is deemed to constitute personal information.
The information that is collected automatically is used to improve the Web site's
content and to help Episode Alert understand how users are interacting with its
Web sites. This information is collected for statistical analysis, to determine
what information is of most and least interest to our users, and to improve the
utility of the material available on its Web sites. The information is not collected
for commercial marketing purposes and Episode Alert is not authorized to sell or
otherwise disclose the information collected from its Web sites for commercial marketing
purposes.
Cookies
The use of cookies is a standard practice among Internet Web sites. The Episode
Alert Web sites use cookies. Cookies are small files stored on your computer by
your Web browser to provide a means of distinguishing among users of the Web site.
The cookies Episode Alert utilizes do not contain personal information and do not
compromise your privacy or security.
The software and hardware you use to access the Episode Alert Web sites allow you
to refuse new cookies or delete existing cookies. Refusing or deleting cookies may
limit your ability to take advantage of some features of the Episode Alert Web sites.
We also use third party cookies (such as DoubleClick) to run Google Analytics Demographics and Interest Reporting. These cookies gather website visitor data (such as age, gender, and interests) to optimize website content and marketing and do not collect any personally identifiable information.
Information Collected When You Send Episode Alert an E-mail or Conduct an Online
Transaction through its Web sites
During your visit to Episode Alert Web sites you may send an e-mail to Episode Alert.
Your e-mail address and the contents of your message will be collected. Your e-mail
address and the information included in your message will be used to respond to
you, to address issues you identify, or to improve the Episode Alert Web sites.
Your e-mail address is not collected for commercial purposes and Episode Alert is
not authorized to sell or otherwise disclose your e-mail address for commercial
purposes.
During your visit to Episode Alert Web sites you may conduct an online transaction.
This includes, for example, contracting for online services, filling out an online
survey or order form or utilizing any of Episode Alert's online services. The information,
including personal information and customer information, provided by you in conducting
the transaction is used by Episode Alert to operate Episode Alert programs, which
include the provision of services and information. The information collected by
Episode Alert may, to the extent permitted by law, be disclosed by Episode Alert
for those purposes that may be reasonably ascertained from the nature and terms
of the transaction in connection with which the information was submitted.
Episode Alert does not knowingly collect personal information from children or create
profiles of children through its Web sites. Users are cautioned, however, that the
collection of personal information submitted in an e-mail will be treated as though
it was submitted by an adult, and may, unless exempted from access by federal or
State law, be subject to public access. Episode Alert strongly encourages parents
and teachers to be involved in children's Internet activities and to provide guidance
whenever children are asked to provide personal information online.
Information and Choice
As noted above, Episode Alert does not collect any personal information about you
during your visit to its Web sites unless you provide that information voluntarily
by sending an e-mail or conducting an online transaction. This includes, for example,
contracting for services online, filling out an online survey or order form or utilizing
any of Episode Alert's online services. You may choose not to send an e-mail, not
to contract for services, not to fill out a survey or online order form and/or not
to utilize any of Episode Alert's online services. Your choice not to participate
in these activities may limit your ability to receive specific services through
the Episode Alert Web sites.
Disclosure of Information Collected Through this Web site
The collection of information through the Episode Alert Web sites and the disclosure
of that information are subject to the provisions of the Internet Security and Privacy
Act. Episode Alert will only collect personal information through its Web sites
or disclose personal information collected through its Web sites if the user has
consented to the collection or disclosure of such personal information. The voluntary
disclosure of personal information to Episode Alert by the user, whether solicited
or unsolicited, constitutes consent to the collection and disclosure of the user's
information by Episode Alert for the purposes for which the user disclosed the information
to Episode Alert, as was reasonably ascertainable from the nature and terms of the
disclosure.
Further, the disclosure of information, including personal information, collected
through this Web site is subject to the provisions of the Freedom of Information
Law, the Personal Privacy Protection Law and conforms to the rules and regulations
of the HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT ("HIPAA").
The transfer of information by a user on individuals through an upload of such information
pursuant to a contract between the user and Episode Alert will not be disclosed
by Episode Alert except to such providers as necessary to fulfill the contractual
obligation between Episode Alert and the user. Such disclosure of information collected
through this website shall be subject to the provisions of the Internet Security
and Privacy Act, the Freedom of Information Law, the Personal Privacy Protection
Law and of the HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT ("HIPAA").
Episode Alert may disclose personal information to federal or state law enforcement
authorities to enforce Episode Alert's rights against unauthorized access or attempted
unauthorized access to Episode Alert's information technology assets.
Retention of Information Collected Through this Web site
In general, the Internet services logs of Episode Alert, comprising electronic files
or automated logs created to monitor access and use of Episode Alert services provided
through this Web site, are retained for at least three months. Information, including
personal information, that you submit in an e-mail or when you conduct an online
transaction is retained in accordance with the records retention and disposition
schedule established for the records of the program unit to which you submitted
the information.
Confidentiality and Integrity of Personal Information and Collected Through this
Web site and Uploads made through this Web site
Episode Alert is committed to protecting personal information collected through
its Web sites and Uploads made through its Web sites against unauthorized access,
use or disclosure. Consequently, Episode Alert limits access to personal information
collected through its Web sites to only those employees or subcontractors who need
access to the information in the performance of their official duties. Employees
and subcontractors who have access to this information follow appropriate procedures
in connection with any disclosures of personal information.
In addition, Episode Alert has implemented procedures to safeguard the integrity
of its information technology assets including, but not limited to, authentication,
monitoring, auditing, and encryption. These security procedures have been integrated
into the design, implementation, and day-to-day operations of its Web sites as part
of Episode Alert's continuing commitment to the security of electronic content as
well as the electronic transmission of information.
For Web site security purposes and to maintain the availability of its Web sites
for all users, Episode Alert employs software to monitor traffic to identify unauthorized
attempts to upload or change information or otherwise damage its Web sites.
Disclaimer
The information provided in this privacy policy should not be construed as giving
business, legal, or other advice, or warranting as fail proof, the security of information
provided via the Episode Alert Web sites.