HIPAA Compliance Policy Updated September 2013

Under the HIPAA privacy rules Episode Alert, LLC. is considered a Business Associate. It is our policy to comply with the rules and regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Through our Terms of Service, Business Associate Agreement (BAA) and Addendum with the Covered Entity, we give contractual guarantees that we will use Protected Health Information (PHI) that we are granted access to only for the purposes for which we have been contracted. We will safeguard the information from misuse, and will help the Covered Entity comply with their obligations under the HIPAA rules. Episode Alert provides the Covered Entity with a BAA, Addendum, Terms of Service and Privacy policy at sign up. If required by the Covered Entity we will make the necessary changes to our Terms of Service and/or our BAA to ensure our HIPAA compliance meets their needs.

We have taken the necessary steps to assure Episode Alert is compliant as follows: Accounting of disclosures and audit trail issues: We are appointed by and contracted to the Covered Entity to assist in the payment process and are considered part of the treatment, payment, or health care operations (TPO). A Covered Entity is not required by HIPAA regulation to keep an accounting of anyone within their own organization who has received (or had access to) medical information. The accounting provision only covers "disclosures," which are defined as the sharing of health information with someone outside of an organization that is not a part of the TPO. See Section 164.528(a) (right to accounting of disclosures) and Section 164.501 (definition of "disclosure"). The regulation specifically states that a Covered Entity does not have to keep an accounting of information disclosed to someone outside of the organization or the purposes of treatment, payment, or health care operations. See Section 164.528(a)(1)(i). The result of these exclusions are that a Covered Entity is required to account for only a narrow category of disclosures that primarily are not related to health care, such as those made to law enforcement personnel or pursuant to a request for documents in a lawsuit.

Data is protected from unauthorized viewing/usage:

Covered Entity restricts Episode Alert access via password to only those employees that have a need to know. Servers and data storage units are in a secured SSAE 16 compliant data center with limited access. Data is received and forwarded via automated, electronic processes where no direct human intervention is required. Access or viewing of PHI is only allowed when required to provide further support to the Covered Entity.

Proper disposal of data:

At the end of a Covered Entity’s contract with Episode Alert their data is deleted from the Episode Alert computer systems. No printed reports or paper copies are ever retained in our facility. If reports are ever printed to further support the Covered Entity, they are shredded immediately upon completion of the task that required the paper output.

Privacy and Security Rule(s):

To protect the privacy and security of the PHI we have implemented the following processes:

  • Covered Entities must execute a Terms of Service and BAA to subscribe to our service
  • All employees, contractors, sub-contractors, agents and representatives are required to sign an agreement to abide by the HIPAA Privacy Act and a Confidentiality & Non-Disclosure agreement
  • Support data encryption on all websites and all reports
  • E-mail address verification
  • Restricted access to PHI on a need to know basis (via passwords and company policy)
  • Automatic expiration of passwords
  • 24/7 restricted access to SSAE 16 compliant Data Center
  • Office facility is locked 24/7 and has monitored security system installed throughout
  • Automated encrypted data backups
  • Encrypted data backups stored in secured environment in SSAE 16 compliant data center
  • Automated virus checking
  • HIPAA and Security awareness training for all employees, contractors, sub-contractors, agents and representatives is mandatory
  • Employee termination security procedures in place
  • All retired computer hard drives are shredded
  • HIPAA Transaction and Code Set Rule
  • HIPAA compliant EDI transactions are used when applicable
  • HIPAA compliant Code Sets are used when applicable
  • Episode Alert, LLC is committed to adjust our policies to adhere to Covered Entity’s needs within full and complete compliance of all HIPAA rules and regulations. As necessary, we will adjust to any changes in the HIPAA rules. If you have any questions concerning our HIPAA compliance policies, please contact us at compliance@episodealert.com or at 800 905 0698.

    Privacy / Compliance Policy

    Thank you for visiting the Episode Alert Web sites. Episode Alert recognizes that it is important for individuals and businesses to be confident that their privacy is protected when they visit any Episode Alert Web site.

    Introduction

    Consistent with the provisions of the Internet Security and Privacy Act, the Freedom of Information Law and the Personal Privacy Protection Law, this policy describes Episode Alert's privacy practices regarding information collected from users of its Web site. This policy describes what information is collected and how that information is used. Because this privacy policy only applies to the Episode Alert Web sites, you should examine the privacy policy of any Web site, including government agency Web sites, that you access using this Web site.

    For purposes of this policy, "personal information" means any information concerning a natural person which, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person. Episode Alert does not collect any personal information about you during your visit to its Web sites unless you provide that information voluntarily; for example, by sending such information in an e-mail or by providing it in connection with an online form or transaction.

    Information Collected Automatically When You Visit this Web site


    When visiting Episode Alert web sites, Episode Alert automatically collects and stores the following information about your visit:

    1. The Internet Protocol address and domain name used, but not the e-mail address. The Internet Protocol address is a numerical identifier assigned either to your Internet service provider or directly to your computer;
    2. The type of browser and operating system used;
    3. The date and time you visited this site;
    4. The Web pages or services you accessed at this site;
    5. Any form, publication or document which you download; and
    6. Depending on how you access Episode Alert's site, Episode Alert may also, on occasion, capture the Web site you visited prior to coming to Episode Alert's Web site.

    None of the foregoing information is deemed to constitute personal information.

    The information that is collected automatically is used to improve the Web site's content and to help Episode Alert understand how users are interacting with its Web sites. This information is collected for statistical analysis, to determine what information is of most and least interest to our users, and to improve the utility of the material available on its Web sites. The information is not collected for commercial marketing purposes and Episode Alert is not authorized to sell or otherwise disclose the information collected from its Web sites for commercial marketing purposes.

    Cookies

    The use of cookies is a standard practice among Internet Web sites. The Episode Alert Web sites use cookies. Cookies are small files stored on your computer by your Web browser to provide a means of distinguishing among users of the Web site. The cookies Episode Alert utilizes do not contain personal information and do not compromise your privacy or security.

    The software and hardware you use to access the Episode Alert Web sites allow you to refuse new cookies or delete existing cookies. Refusing or deleting cookies may limit your ability to take advantage of some features of the Episode Alert Web sites.

    Information Collected When You Send Episode Alert an E-mail or Conduct an Online Transaction through its Web sites




    During your visit to Episode Alert Web sites you may send an e-mail to Episode Alert. Your e-mail address and the contents of your message will be collected. Your e-mail address and the information included in your message will be used to respond to you, to address issues you identify, or to improve the Episode Alert Web sites. Your e-mail address is not collected for commercial purposes and Episode Alert is not authorized to sell or otherwise disclose your e-mail address for commercial purposes.

    During your visit to Episode Alert Web sites you may conduct an online transaction. This includes, for example, contracting for online services, filling out an online survey or order form or utilizing any of Episode Alert's online services. The information, including personal information and customer information, provided by you in conducting the transaction is used by Episode Alert to operate Episode Alert programs, which include the provision of services and information. The information collected by Episode Alert may, to the extent permitted by law, be disclosed by Episode Alert for those purposes that may be reasonably ascertained from the nature and terms of the transaction in connection with which the information was submitted.

    Episode Alert does not knowingly collect personal information from children or create profiles of children through its Web sites. Users are cautioned, however, that the collection of personal information submitted in an e-mail will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or State law, be subject to public access. Episode Alert strongly encourages parents and teachers to be involved in children's Internet activities and to provide guidance whenever children are asked to provide personal information online.

    Information and Choice

    As noted above, Episode Alert does not collect any personal information about you during your visit to its Web sites unless you provide that information voluntarily by sending an e-mail or conducting an online transaction. This includes, for example, contracting for services online, filling out an online survey or order form or utilizing any of Episode Alert's online services. You may choose not to send an e-mail, not to contract for services, not to fill out a survey or online order form and/or not to utilize any of Episode Alert's online services. Your choice not to participate in these activities may limit your ability to receive specific services through the Episode Alert Web sites.

    Disclosure of Information Collected Through this Web site


    The collection of information through the Episode Alert Web sites and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. Episode Alert will only collect personal information through its Web sites or disclose personal information collected through its Web sites if the user has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to Episode Alert by the user, whether solicited or unsolicited, constitutes consent to the collection and disclosure of the user's information by Episode Alert for the purposes for which the user disclosed the information to Episode Alert, as was reasonably ascertainable from the nature and terms of the disclosure.

    Further, the disclosure of information, including personal information, collected through this Web site is subject to the provisions of the Freedom of Information Law, the Personal Privacy Protection Law and conforms to the rules and regulations of the HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT ("HIPAA").

    The transfer of information by a user on individuals through an upload of such information pursuant to a contract between the user and Episode Alert will not be disclosed by Episode Alert except to such providers as necessary to fulfill the contractual obligation between Episode Alert and the user. Such disclosure of information collected through this website shall be subject to the provisions of the Internet Security and Privacy Act, the Freedom of Information Law, the Personal Privacy Protection Law and of the HEALTH INSURANCE PORTABILITY ACCOUNTABILITY ACT ("HIPAA").

    Episode Alert may disclose personal information to federal or state law enforcement authorities to enforce Episode Alert's rights against unauthorized access or attempted unauthorized access to Episode Alert's information technology assets.

    Retention of Information Collected Through this Web site


    In general, the Internet services logs of Episode Alert, comprising electronic files or automated logs created to monitor access and use of Episode Alert services provided through this Web site, are retained for at least three months. Information, including personal information, that you submit in an e-mail or when you conduct an online transaction is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which you submitted the information.

    Confidentiality and Integrity of Personal Information and Collected Through this Web site and Uploads made through this Web site




    Episode Alert is committed to protecting personal information collected through its Web sites and Uploads made through its Web sites against unauthorized access, use or disclosure. Consequently, Episode Alert limits access to personal information collected through its Web sites to only those employees or subcontractors who need access to the information in the performance of their official duties. Employees and subcontractors who have access to this information follow appropriate procedures in connection with any disclosures of personal information.

    In addition, Episode Alert has implemented procedures to safeguard the integrity of its information technology assets including, but not limited to, authentication, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of its Web sites as part of Episode Alert's continuing commitment to the security of electronic content as well as the electronic transmission of information.

    For Web site security purposes and to maintain the availability of its Web sites for all users, Episode Alert employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage its Web sites.

    Disclaimer

    The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided via the Episode Alert Web sites.