|
Security & Privacy
DocuMD is committed to protecting the privacy
and confidentiality of medical information we transmit and store.
We have implemented state-of-the-art electronic and physical security
measures and established stringent security procedures to protect
medical information from unauthorized access, improper use, alteration
and unlawful or accidental destruction. DocuMD also closely follows
and monitors developments regarding the Health Insurance Portability
& Accounting Act of 1996 (HIPAA) and related regulations. Our
company policies and procedures focus on the privacy and confidentiality
of all protected health information entrusted to us.
HIPAA Frequently Asked Questions
Is DocuMD subject to
HIPAA's Privacy Regulations?
Only "covered entities" (health care providers, health
plans, and healthcare clearinghouses) are directly subject to HIPAA's
Privacy Regulations. However, "business associates," such
as transcription providers, electronic medical record companies,
and billing and collections companies, are required to comply with
certain HIPAA Privacy Regulations as a result of their business
relationships with covered entities (such as physician practices).
DocuMD is considered a business associate of our Partners and Clients
and we diligently strive to comply with the Privacy Regulations'
requirements for business associates.
^ Back to Top
What is required of DocuMD under the HIPAA
Privacy Regulations?
As a business associate of our Partners and Clients, DocuMD may
process, store or transmit protected health information on behalf
of a Partner or Client. DocuMD performs these tasks in the same
manner that the practice itself uses or discloses the information
under the Privacy Regulations. DocuMD and the Partner or Client
must enter into a written agreement, known as a "Business Associate
Agreement” to guarantee such policy.
^ Back to Top
Do Partners or Clients sign a "Business
Associate Agreement" with DocuMD?
Yes, DocuMD has a Healthcare Information Services Agreement that
incorporates the requirements for HIPAA Business Associate Agreements
in the section entitled "Security and Confidentiality of Patient
Information." We structured this section to comply with the
Privacy Regulations' requirements for Business Associate relationships.
^ Back to Top
What are some the key HIPAA-related
provisions of DocuMD's Service Agreement?
Some of the Agreement's key aspects include:
- The Agreement clearly states the permitted
and required uses and disclosures of the protected healthcare
information and prohibits DocuMD from using or further disclosing
the information in a manner that would violate the Privacy Regulations
if done by the Partner or Client.
- DocuMD must implement and utilize safeguards
to prevent use or disclosure of the information other than as
provided for by the Service Agreement.
? DocuMD must report to the Partner or Client any use or disclosure
not permitted by the Service Agreement.
- DocuMD's agents and employees must abide
by the same restrictions and conditions imposed upon DocuMD by
the Service Agreement.
- At the termination of the Service Agreement,
DocuMD will be required to continue to maintain and safeguard
any information at its possession in a manner consistent with
its obligations under the Service Agreement.
^ Back to Top
Will DocuMD share protected health information
from patient records with other persons or entities?
As stated in our Service Agreement, DocuMD will never share patients'
protected health information with a third party.
^ Back to Top
Will DocuMD disclose Partner or Client contact information
to others?
No, as with patient information, DocuMD does not release any identifying
information about Partners or Clients to others.
^ Back to Top
Do Partners or Clients need to obtain additional
patient approval before transmitting patients' medical information
to DocuMD?
Due to our business associate role, the Privacy Regulations permit
the transmittal of patient information to DocuMD, for the purposes
contemplated in the Service Agreement, without obtaining any additional
consent or authorization from the patient. State laws, however,
may require additional patient approvals, and therefore, the Partner
or Client should confirm that it is in compliance with state statutes
or regulations pertaining to the transmission or use of patient
information.
^ Back to Top
What security measures does DocuMD utilize
to protect patient information?
The security and privacy of medical data is of paramount concern
to DocuMD. Currently, we utilize 128-bit encryption and secure socket
layer (SSL) technologies for all data transmissions.
^ Back to Top
What about state laws?
The HIPAA Privacy Regulations preempt only those state laws that
are less restrictive than HIPAA. More restrictive state laws, therefore,
will also be applicable to Partners and Clients. Privacy laws vary
widely from state to state and each Partner or Client should consult
its legal counsel as to whether such laws may impose additional
restrictions upon the Partner's or Client’s ability to use
or disclose patient information. Some state laws may impose additional
obligations upon DocuMD for the use or disclosure of patient information.
DocuMD will diligently strive to comply with all applicable state
laws and work with Partners and Clients to ensure that the Service
Agreement fully complies with state and federal laws.
^ Back to Top
What happens if the privacy or security
laws change?
DocuMD recognizes the importance of laws governing the privacy and
security of patient information to Network Partners. We work closely
monitor the status of current and forthcoming state and federal
privacy and security laws and regulations. When new or revised laws
are enacted, we will immediately review our Service Agreement and
business model, and modify them as necessary to comply with these
changes.
^ Back to Top
|
