FIGmd, Inc. (“FIGmd”, “we” or “us”) takes privacy very seriously. We protect the privacy and confidentiality of data that we obtain subject to the terms of a Business Associate Agreement and pursuant to the Health Insurance Portability and Accountability Act of 1996, as amended by the Privacy and Security provisions set forth in the Health Information Technology for Economic and Clinical Health Act (“HIPAA”).
This Policy is provided to help you better understand how we at FIGmd, Inc. use, disclose and protect such data in accordance with the terms of Business Associate Agreements.
Our HIPAA Privacy Policy attests to our commitment to privacy and demonstrates the ways we ensure that patient privacy is protected. Our Privacy Policy applies to the personal health information of all our patients that is in our possession and control.
Terms used but not otherwise defined in this Agreement shall have the same meaning as those terms in the Standards for Privacy of Individually Identifiable Health Information at 45 CFR Part 160 and Part 164, Subparts A and E, under HIPAA (the “Privacy Rule”) and the Security Standards for the Protection of Electronic Protected Health Information at 45 CFR Part 160 and Part 164, Sub parts A and C, under HIPAA (the “Security Rule”).
PHI includes all Individually Identifiable Health Information that is transmitted or maintained in any form or medium by a Covered Entity.
A Covered Entity is a health plan, health care provider or healthcare clearinghouse that must comply with the Privacy Rule.
A BAA is a formal written contract between FIGmd, Inc. and a Covered Entity that requires FIGmd, Inc. to comply with specific requirements related to PHI.
We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BAA and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BAA and would not violate the Privacy Rule.
In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BAA with respect to PHI, including the implementation of reasonable and appropriate safeguards.We may also use PHI to report violations of law to appropriate federal and state authorities.
We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BAA. We have implemented administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic protected health information that we create, receive, maintain or transmit on behalf of a Covered Entity. Such safeguards include:
In the event of a use or disclosure of PHI that is in violation of the requirements of the BAA, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:
As provided in the BAA, we will make available to Covered Entities, information necessary to give individuals their rights of access, amendment and accounting in accordance with HIPAA regulations.
Upon request, we will make our internal practices, books and records, including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by us on behalf of a Covered Entity, available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BAA and HIPAA regulations.