The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations restrict Axis Community Health (“Axis”, “Company”) abilities to use and disclose protected health information (PHI). Protected Health Information. Protected health information means information that is created or received by the Company and relates to the past, present, or future physical or mental health condition of a Patient/Client (“Participant”); the provision of health care to a participant; or the past, present, or future payment for the provision of health care to a participant; and that identifies the participant or for which there is a reasonable basis to believe the information can be used to identify the participant. Protected health information includes information of persons living or deceased. Some examples of PHI are: • Participant’s medical record number • Participant’s demographic information (e.g. address, telephone number) • Information doctors, nurses and other health care providers put in a participant’s medical record • Images of the participant • Conversations a provider has about a participant’s care or treatment with nurses and others • Information about a participant in a provider’s computer system or a health insurer’s computer system • Billing information about a participant at a clinic • Any health information that can lead to the identity of an individual or the contents of the information can be used to make a reasonable assumption as to the identity of the individual
It is the Company’s policy to comply fully with HIPAA’s requirements. To that end, all staff members who have access to PHI must comply with this HIPAA Privacy and Security Plan. For purposes of this plan and the Company’s use and disclosure procedures, the workforce includes individuals who would be considered part of the workforce under HIPAA such as employees, volunteers, interns, board members and other persons whose work performance is under the direct control of Axis, whether or not they are paid by Axis. The term “employee” or “staff member” includes all of these types of workers. No third party rights (including but not limited to rights of participants, beneficiaries, covered dependents, or business associates) are intended to be created by this Plan. Axis reserves the right to amend or change this Plan at any time (and even retroactively) without notice. All staff members must comply with all applicable HIPAA privacy and information security policies. If after an investigation you are found to have violated the organization’s HIPAA privacy and information security policies then you will be subject to disciplinary action up to termination or legal ramifications if the infraction requires it.
1.. How do we use your information?
We may use the information we collect from you when you register, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
To improve our website in order to better serve you.
To allow us to better service you in responding to your customer service requests.
To quickly process your transactions.
To send periodic emails and/or text messages regarding your use of the product and service.
2. How do we protect your information?
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order enters, submits, or accesses their information to maintain the safety of your personal information.
3. Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur: We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.