THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT ("HIPAA") AND THE HEALTH INFORMATION FOR TECHNOLOGY FOR ECONOMIC AND CLINICAL HEALTH ("HITECH") ACT
Although many people assume that HIPAA protects all personal health information, however obtained and wherever stored, HIPAA is actually somewhat limited in its applicability. HIPAA governs only "covered entities" and their "business associates." Covered entities under HIPAA include (i) health plans (insurance companies, HMOs, etc.); (ii) health care clearinghouses (entities that convert health information into or out of standard formats for billing or other purposes); and (iii) most health care providers (physicians, hospitals, etc.). Business associates are entities that contract with covered entities to provide certain services that involve the use or disclosure of individually identifiable health information.
Remedy is not a covered entity under HIPAA but does, in some circumstances, act as a business associate. In such circumstances, Remedy will comply with the rules promulgated by the Department of Health and Human Services under both HIPAA and HITECH that apply to business associates, including the rules relating to security of personal health information and rules requiring notification of security breaches of unsecured protected health information.
The federal government has issued guidance regarding encryption standards for personal health information and intends to issue updated guidance on appropriate security measures as technology advances. Remedy will monitor the federal guidance and, wherever practicable and appropriate, intends to encrypt all information on its servers and otherwise secure personal information in accordance with the federal guidance or otherwise in accordance with industry standards.
Remedy's Intelecare system maintains a current industry-standard real-time intrusion detection system on all systems' external access. Remedy actively monitors the intrusion detection system for signatures that correspond to attempts at breaking or circumventing the security or availability of networks and systems. In this way, Remedy can act quickly to prevent or mitigate any adverse affects of any improper access.
MITIGATION, REMEDIATION AND NOTIFICATION OF SECURITY BREACHES
Remedy intends to comply with all applicable state and federal laws that require mitigation, remediation and notification of security breaches. It is the policy of Remedy to take reasonable steps to mitigate any known harmful effects of the use or disclosure of personal information in violation of its policies and procedures, applicable state or federal law, or the terms of any business associate agreements to which it is a party. In addition, Remedy will make any legally required notifications of security breaches involving personal information, including notifications required by HITECH and the American Recovery and Reinvestment Act, applicable state law, and other applicable laws.
Suspected security incidents may be reported to Remedy's Privacy Officer by emailing firstname.lastname@example.org or sending a letter via regular mail to the following address:
Remedy Health Media, LLC.
500 5th Avenue, Suite 1900
New York, New York 10110
Attention: Office of Compliance
Remedy will evaluate all reports to determine whether a violation has occurred and to assess appropriate mitigation and remedial measures and notification requirements, if any.
In the event that a reported incident relates to information that Intelecare has received in its role as a business associate, Remedy will coordinate all notifications and mitigation/remediation efforts with the applicable covered entity as appropriate. IN THE UNLIKELY EVENT OF A BREACH THAT REQUIRES NOTIFICATION, IF YOU ARE PARTICIPATING IN REMEDY'S INTELECARE REMINDER SERVICE THROUGH A HEALTH PLAN OR HEALTH CARE PROVIDER, YOU MAY NOT RECEIVE NOTICE FROM REMEDY, BUT MAY INSTEAD RECEIVE NOTICE DIRECTLY FROM YOUR HEALTH PLAN OR HEALTH CARE PROVIDER.
NOTIFICATION OF CHANGES
If Remedy decides to change this Security Policy, we will post those changes on our website so our users are always aware of our security efforts.
NOTE: IF YOU DO NOT AGREE WITH THE MANNER IN WHICH REMEDY WILL PROTECT YOUR INFORMATION AS DESCRIBED IN THIS SECURITY POLICY, PLEASE DO NOT USE ANY REMEDY SERVICES.
© 2011 Remedy Health Media, LLC. All rights reserved.
Any rights not expressly granted herein are reserved.
Last Updated: 7 June 2011