HIPAA商业伙伴隐私政策
我们与受保护实体共同承诺保护受保护健康信息的隐私和机密性.
Hipaa隐私政策
我们非常重视隐私. 我们与受保护实体共同承诺保护受保护健康信息的隐私和机密性 that we obtain subject to the terms of a Business Associate Agreement and under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, including, 但不限于, 《火狐体育手机官网》修正案(统称为《火狐体育手机》), “HIPAA /高科技”).
提供本隐私政策是为了帮助您更好地了解我们如何使用, disclose, 并根据业务合作协议的条款保护受保护的健康信息.
Definitions
- “Business Associate” (“BA”) means an entity that performs functions or activities on behalf of a Covered Entity when those services involve access to, 的使用或披露, 受保护的运行状况信息.
- “Business Associate Agreement” (“BAA”) means a formal written contract between a BA and a Covered Entity that requires the BA to comply with specific requirements related to PHI.
- “承保实体”指健康计划, 医疗服务提供者, 或必须遵守HIPAA隐私规则的医疗保健信息交换中心.
- “受保护的运行状况信息” (“PHI”) means all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. 个人可识别的健康信息是已创建的可用于识别个人的任何信息, used, 或在提供诊断或治疗等保健服务过程中披露的信息, 或与提供保健服务的付款有关.
PHI的使用和披露
- 我们可能代表…使用或披露PHI, 或为…提供服务, 用于履行我们在服务协议项下对适用实体的义务, provided that such use or disclosure is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA/HITECH, 包括适用于业务伙伴的隐私规则或安全规则.
- 我们可能会在内部使用PHI作为我们自己的内部管理, administration, 数据汇总和法律义务, but only to the extent such use of PHI is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA/HITECH, 包括适用于业务伙伴的隐私规则或安全规则.
- 我们可能会根据法律要求或响应有效传票,出于执法目的披露个人信息.
- We may disclose PHI to downstream subcontractors or agents that provide supporting services to us; however, we will require such subcontractors and agents to comply with the same terms and conditions that apply to us under the applicable Business Associate Agreement and PHI, 包括执行和维持所需的保障措施.
- 本隐私政策中未描述的其他使用和披露将仅在您明确书面授权的情况下进行.
撤销您对使用和披露PHI的同意
只有在您明确同意的情况下,才有可能使用和披露PHI. 对于非用于治疗的PHI的任何使用或披露,都需要您的书面授权, 支付或医疗保健业务, 或隐私规则允许或要求的. 需要您授权的披露的例子包括为承保目的向人寿保险公司披露, 向雇主披露受雇前的体检或化验结果, 为了营销目的向制药公司披露的信息, 以及心理治疗记录的披露. 关于心理治疗记录披露的授权要求是例外的. 一个例外是,产生票据的承保实体可以将其用于治疗. 另一个例外是受保实体可能使用或披露, 未经您授权, 心理治疗是为了自己的训练, 并在笔记所涉及的个人提起的法律诉讼中为自己辩护, for the U.S. 卫生与公众服务部调查或确定受保实体遵守《火狐体育手机官网》的情况, 避免对公众健康或安全造成严重和迫在眉睫的威胁, 给卫生监督机构对心理治疗记录的作者进行合法监督, 供死因裁判官或法医进行合法活动之用, 或者按照法律的要求. As stated, a Covered Entity must obtain your authorization to use or disclose your PHI for marketing and for a Covered Entity’s provision of promotional gifts of nominal value. 承保实体与个人之间的面对面营销通信不需要您的授权. In addition, 您的授权不需要进行属于营销定义例外的通信. 这些例外情况是描述与健康有关的产品或服务的通信, 或者支付给他们, provided by or included in a benefit plan of the Covered Entity making the communication; communications about participating providers in a provider or health plan network, 替换或加强健康计划, 健康相关的产品或服务只提供给健康计划的参保人,增加价值, 但不属于, the benefits plan; communications for treatment of the individual; and communications for case management or care coordination for the individual, 或指导或推荐替代疗法, therapies, 卫生保健提供者, 或者对个人的护理设置.
You may revoke your consent to use and disclose your PHI at any time by sending written revocation of your consent to the processing of your PHI to us at HIPAA.Privacy@tincyn.net. 在我们收到您的撤销同意之前处理的所有PHI将被视为在您的同意下合法处理. In addition, you may request that all of your PHI be removed from our systems and processes by sending written request for removal and destruction of all your data to us at HIPAA.Privacy@tincyn.net. 收到您的请求后, 我们将采取一切必要措施,彻底且永久地删除您的所有PHI,除非我们因法律原因无法这样做, compliance, 或者其他正当理由.
Your Rights
你可索取以下资料:
- 我们使用和披露您的个人信息的目的;
- 您的个人信息和个人信息披露的法律依据;
- PHI的类别及有关主题;
- 有关您的个人信息可能被披露的第三方类型或身份的信息以及所提供的保护;
- The source of the PHI (if you didn’t provide it directly to us); and
- 它将被存储多久.
您有权:
- 访问您的PHI;
- 纠正不准确的PHI;
- 请求删除PHI;
- 限制对PHI的处理;
- 反对处理你们的PHI;
- 数据可移植性;
- Opt out of PHI being transferred to a third party, unless there is a legal reason to do so; and
- 选择退出直接营销.
要行使您的权利,您可以写信给我们的HIPAA合规官 HIPAA.Privacy@tincyn.net.
有关PHI的要求
请求访问您的PHI, 要求修改你们的PHI, 或要求对您的PHI披露进行核算,应以书面形式提交给我们的HIPAA合规官,地址为 HIPAA.Privacy@tincyn.net. 我们将在收到您的请求后不迟于三十(30)个日历日对您的请求采取行动. 如果我们不能在这段时间内采取行动, 我们将向您提供一份书面声明,说明延迟的原因以及我们将根据您的要求完成我们的行动的日期, 哪个日期将在原来三十(30)天的基础上增加不超过三十(30)个日历日.
如果我们拒绝任何请求, 答复将包括解释拒绝访问的原因. 拒绝你的请求可能是基于一些原因. An individual does not have a right to access PHI that is not part of a designated record set given that such information is not used to make decisions about individuals. 这些信息可能包括某些质量评估或改进记录, 患者安全活动记录, 或者商业计划, development, 管理记录更广泛地用于商业决策,而不是对个人做出决策. For example, 医院的同行评议文件或从业人员或提供者的绩效评估, 或用于改善客户服务或处方开发记录的健康计划的质量控制记录, may be generated from and include an individual’s PHI but might not be in the Covered Entity’s designated record set and subject to access by the individual. 此外,有两类信息被明确排除在访问权之外. 一个是心理治疗笔记, 哪些是精神卫生保健提供者记录或分析咨询会议内容的个人笔记, 这些信息与病人的其他医疗记录分开保存. 另一种是在合理预期下编制的信息, or for use in, a civil, criminal, 或行政行为或程序. However, the underlying PHI from the individual’s medical or payment records or other records used to generate the above types of excluded records or information remains part of the designated record set and is subject to access by the individual.
Access to PHI
根据BAA的规定, 我们将向受保实体提供必要的信息,使受保实体授予个人访问权, amendment, 并按照HIPAA规定进行会计核算.
Upon request, 我们将进行内部实践, books, and records, 包括政策和程序, 有关个人信息的使用和披露, 或由业务伙伴代表承保实体创建或接收的, 可向受保实体或美国商务部部长提供.S. 以确定是否遵守BAA和HIPAA条例的条款.
我们的责任
作为商业伙伴,我们有许多法律责任. 其中包括与受保实体签订书面BAA的责任,该BAA要求我们维护PHI的隐私, 将我们对PHI的使用或披露限制在承保实体授权的目的范围内, and assist Covered Entities in responding to your requests concerning your PHI; the responsibility to amend PHI relating to you when requested by a Covered Entity; the responsibility to make certain disclosures available to a Covered Entity in order for the Covered Entity to fulfill its obligation to you to provide accountings of certain disclosures to you; the responsibility to enter into a BAA with each of our subcontractors who may have access to your PHI; the responsibility to comply with Privacy Rule provisions, including rules governing the uses and disclosure of PHI and your rights concerning your PHI; the responsibility to perform a Security Rule risk analysis; the responsibility to implement Security Rule safeguards; the responsibility to train personnel concerning the HIPAA Rules; the responsibility to respond immediately to any security violation or breach; the responsibility to timely report security incidents and breaches; and the responsibility to maintain required documentation.
Safeguards
我们使用适当的保护措施来防止使用或披露除BAA规定之外的个人信息. 我们实施了行政管理, physical, 以及合理、恰当地保护机密的技术保障措施, integrity, 以及我们创建的电子保护健康信息的可用性, receive, maintain, 或代表受保实体传送. 这些保障措施包括:
- Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
- 为员工提供适当的培训,以确保员工遵守我们的安全政策;
- 在互联网上传输PHI时使用适当的加密;
- 利用适当的存储、备份、处置和再利用程序来保护PHI;
- 利用适当的身份验证和访问控制来保护PHI;
- Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
- Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.
减轻损害
在违反BAA要求的情况下使用或披露PHI, 我们会减轻, 在切实可行的范围内, 因违反规定而产生的任何有害影响. 这种缓解将包括:
- Reporting any use or disclosure of PHI not provided for by the BAA and any security incident of which we become aware to the Covered Entity; and
- Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.
更改我们的隐私政策
我们可能会不时更改或更新我们的隐私政策. 我们保留随时更改或更新的权利. 如果我们对你们PHI的处理方式做出重大改变, 我们将通过我们的服务或其他沟通渠道向您提供通知.
如何联络我们
如果您对本隐私政策有任何疑问, 请火狐体育手机的HIPAA合规官:
助理:法律,HIPAA合规官
ALE USA Inc.
企业中心道2000号
千橡市,加州91320
Email: HIPAA.Privacy@tincyn.net
电话:(747)388-7468
修订日期:2023年8月24日