|
|
Since many of our clients are entities covered by HIPAA (Health Insurance
Portability and Accountability Act of 1996), much of the information
we host is individually identifiable health information protected
by HIPAA.
As a business associate of HIPAA covered entities, we are obligated
to safeguard the confidentiality, integrity, and availability of their
protected health information and to use and disclose it only as provided
in our contracts with them or as required by law.
While compliance with HIPAA standards for electronic transactions
and identifiers is straightforward, compliance with the security standards
is an ongoing process that grows as we grow and incorporate new technology.
We regularly review our policies, systems, and facilities to anticipate
any security risks and mitigate them before they become issues. We
make sure that all employees and consultants are aware of HIPAA objectives
and trained in the requirements that apply to them. We require any
contractors such as hosting facilities and escrow agents that receive
protected health information from us to agree to the same restrictions
on its use and disclosure as we have agreed to.
Many of our clients are also covered by FERPA (Family Educational
Rights and Privacy Act of 1974), which entitles students and the
parents of minor students to review, correct, and consent to the
disclosure of their education records. Student rights under FERPA
are comparable to patient rights under HIPAA privacy standards.
We as a company and the members of our dedicated workforce have
made a commitment to maintain the privacy of all information entrusted
to our care. Our basic privacy policy, applicable to all client
information whether or not protected by HIPAA or FERPA, is not to
disclose any information without client authorization. Should disclosure
be required by law, we will make every effort to advise and consult
with our client before having to comply with the requirement
|
