Terms of Use for HIPAA - NovaWeb

TO COMPLY WITH OUR HIPAA STATEMENT, PLEASE SCROLL TO THE BOTTOM OF THE DOCUMENT AND CLICK I ACCEPT

 

AZ-TECH RADIOLOGY & OPEN MRI, LLC
POLICY ON CONFIDENTIALITY OF PROTECTED HEALTH INFORMATION
AND PRACTITIONER CONSENT

 

  1. Purpose.           The Purpose of this Policy and Practitioner Consent is to describe the Policy adopted by AZ-Tech Radiology & MRI, LLC (“AZ-Tech”) regarding the confidentiality of Protected Health Information and to document the undersigned practitioner’s commitment to comply with this Policy and with all applicable privacy rules and regulations governing the use and disclosure of individually identifiable personal health and financial information. 
  2. Definitions.       Terms used this Exhibit are defined as follows:
    1. Administrative Safeguards means administrative actions, policies and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic Protected Health Information and to manage the conduct of AZ-Tech’s workforce and practitioners who access Protected Health Information held by AZ-Tech.
    2. Disclose or Disclosure means the release, transfer, provision of access to, or divulging in any other manner of information outside the person or entity holding the information.
    3. Individual means the person who is the subject of protected health information and shall include persons who qualify as a personal representative.
    4. Individually identifiable health information is health information, including demographic information collected from an individual, that:
      1. Is created or received by a health care provider, health plan, employer, or health care clearinghouse;
      2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
      3. Either identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
    5. Personally identifiable financial information means any information regarding a specific Individual that is obtained in connection with the services provided by AZ-Tech.
    6. Physical Safeguards means physical measures, policies, and procedures to protect a covered entity's electronic information systems and related buildings and equipment from natural and environmental hazards and unauthorized intrusion.
    7. Privacy Rule means the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E.
    8. Protected Personal Information (“PPI”) means personally identifiable financial information and individually identifiable Protected Health Information that is maintained in any form, including electronic media and/or transmitted in any form, including by electronic media.
    9. Security Incident means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.
    10. Security Rule means the Security Standards at 45 CFR Part 160, 162 and 164.
    11. Technical Safeguards means the technology and the policy and procedures for its use that protects electronic Protected Health Information and controls access to it.
    12. Use means, with respect to individually identifiable health information, the sharing, employment, application, utilization, examination, or analysis of such information within an entity that maintains such information.
  3. Practitioner’s Privacy Obligations.         Any practitioner accessing PPI held by AZ-Tech agrees to:
    1. Refrain from Using or Disclosing PPI for any purpose other than as specifically required in order to perform the services for which the practitioner has been engaged or as permitted by law;
    2. Implement and utilize appropriate safeguards to prevent the Use or Disclosure of PPI other than as provided for by this Policy;
    3. Mitigate, to the extent practicable, any harmful effect that is known to the practitioner as a result of a Use or Disclosure of PPI by the practitioner in violation of the requirements of this Policy;
    4. Report to AZ-Tech any Use or Disclosure of PPI not provided for by this Policy of which the practitioner becomes aware;
    5. Ensure that any contractor, consultant or vendor to whom the practitioner provides PPI received from AZ-Tech agrees to the same restrictions and conditions that apply through this Policy to the practitioner with respect to such information;
    6. Make the practitioner’s internal practices, books, and records, including policies and procedures, relating to the Use and Disclosure of PPI available to AZ-Tech or to the Secretary of the Department of Health and Human Services upon request for purposes of determining AZ-Tech’s compliance with the Privacy Rules;
    7. Document any and all Disclosures of PPI by practitioner and information related to such Disclosures as would be required in order to permit AZ-Tech to respond to a request by an Individual for an accounting of such Disclosures of PPI in accordance with the Privacy Rule;
    8. Implement and utilize safeguards to Use or Disclose only the minimum necessary information in the performance of the practitioner’s obligations under this Policy; and
    9. Refrain from Using or Disclosing PPI for any marketing purposes not authorized by this Policy.
  4. Practitioner’s Security Obligations.        At all times the practitioner agrees to:
    1. Implement Administrative Safeguards, Physical Safeguards, and Technical Safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic PPI that it receives from AZ-Tech.  In implementing the obligations contained in this Section, the practitioner may utilize those Administrative Safeguards, Physical Safeguards, and Technical Safeguards that allow the practitioner to reasonably and appropriately implement the standards and implementation specifications as specified in the Security Rule.  In deciding which Administrative Safeguards, Physical Safeguards and Technical Safeguards to implement, the practitioner may take into account:
      1. The practitioner’s size and capabilities;
      2. The cost and complexity of any prospective Administrative Safeguard, Physical Safeguard, and Technical Safeguard;
      3. The practitioner's technical infrastructure, hardware, and software security capabilities; and
      4. The probability and criticality of potential risks to electronic PPI posed by not implementing any prospective Administrative Safeguard, Physical Safeguard, or and Technical Safeguard.
    2. Enter into a contractual agreement with any subcontractor to whom practitioner provides such information that requires such subcontractor to implement reasonable and appropriate Administrative Safeguards, Physical Safeguards, and Technical Safeguards to protect electronic PPI that the subcontractor creates, receives, maintains, or transmits on behalf of the practitioner as part of the practitioner’s responsibilities under this Policy.
    3. Report to AZ-Tech any Security Incident of which the practitioner becomes aware.
  5. AZ-Tech’s Obligations.            At all times AZ-Tech agrees to:
    1. Notify the practitioner of any changes in the Policy, to the extent that any such change may affect the practitioner’s use or disclosure of PPI; and
    2. Notify the practitioner of any restriction on the practitioner’s right to access, use or disclose PPI. 
  6. Permitted Usage of PPI.           The practitioner may use or disclose PPI for the following purposes or under the following circumstances:
    1. Except as otherwise limited in this Policy, the practitioner may use PPI as reasonably necessary for the practitioner to provide medical services for the Individual to whom the PPI applies;
    2. Except as otherwise limited in this Policy, for the proper management and administration of the practitioner’s practice, provided that disclosures are required by Law, or the practitioner obtains reasonable assurances from the person or entity to whom the PPI is disclosed that it will remain confidential and be used or further disclosed only as required by Law or for the purpose for which it was disclosed to the person or entity, and the person or entity notifies the practitioner of any instances of which it is aware in which the confidentiality of the PPI has been breached;
    3. Except as otherwise limited in the this Policy, to provide data aggregation services as permitted by the Privacy Rules;
    4. To report violations of law to appropriate federal and state authorities; and
    5. To contractors, consultants and vendors of the practitioner in order to permit such contractors, consultants and vendors to perform the services for which they have been engaged, subject to the conditions of Section 3(e) of this Policy.
  7. Amendment.     AZ-Tech reserves the right to amend this Policy from time to time as is necessary for AZ-Tech to comply with the requirements of the Privacy Rule, the Security Rule and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191.
  8. Regulatory References. A reference in this Policy to the Privacy Rule means the section of the Privacy Rule then in effect or as amended. A reference in this Policy to the Security Rule means the section of the Security Rule then in effect or as amended
  9. Interpretation.   Any ambiguity in this Policy shall be resolved to permit AZ-Tech to comply with the Privacy Rule, Security Rule and the Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191.
  10. Commitment To Comply With This Policy.          The practitioner shall document his/his commitment to comply with this Policy by signing a copy of this document and returning it to AZ-Tech at the following address:  AZ-Tech Radiology & Open MRI to:  13404 South 33rd Court, Phoenix, AZ 85044.

 

If practitioner is committing to comply with this Policy electronically, by clicking the “I Accept” icon below, the practitioner agrees to fully comply with this Policy.

 

The undersigned practitioner hereby agrees to fully comply with the foregoing Policy in consideration for being granted access to Individuals’ PPI held by AZ-Tech.

By Clicking Accept I agree that any access I have is authorized and will be followed by the HIPAA compliance stated above!

I ACCEPT: