HIPAA Assurances

FOR THE HEALTH CARE FACILITIES THAT ARE CONTRACTED WITH ALLTHEMED, ALLTHEMED PROVIDES FOLLOWING HIPAA ASSURANCES

HIPAA Assurances. In the event AllTheMed receives or is exposed to personally identifiable or aggregate patient or other medical information defined as Protected Health Information ("PHI") in the Health Insurance Portability and Accountability Act of 1996 or its relevant regulations ("HIPAA") and otherwise meets the definition of Business Associate as defined in the HIPAA Privacy Standards (45 CFR Parts 160 and 164), AllTheMed does:

  1. Not use or further disclose the PHI, except as permitted by law;

  2. Not use or further disclose the PHI in a manner that had our clients done so, would violate the requirements of HIPAA;

  3. Use appropriate safeguards (including implementing administrative, physical, and technical safeguards for electronic PHI) to protect the confidentiality, integrity, and availability of and to prevent the use or disclosure of the PHI other than as provided for by the Agreement;

  4. Report promptly to client any security incident or other use or disclosure of PHI not provided for by this Agreement of which AllTheMed becomes aware;

  5. Ensures that any subcontractors or agents who receive or are exposed to PHI are explained the AllTheMed obligations under this paragraph and agree to the same restrictions and conditions;

  6. Make available PHI in accordance with the individual’s rights as required under the HIPAA regulations;

  7. Account for PHI disclosures for up to the past six (6) years as requested by Covered Entity, which shall include: (i) dates of disclosure, (ii) names of the entities or persons who received the PHI, (iii) a brief description of the PHI disclosed, and (iv) a brief statement of the purpose and basis of such disclosure;

  8. Make its internal practices, books, and records that relate to the use and disclosure of PHI available to the U.S. Secretary of Health and Human Services for purposes of determining Customer’s compliance with HIPAA; and

  9. Incorporate any amendments or corrections to PHI when notified by Customer or enter into a Business Associate Agreement or other necessary Agreements to comply with HIPAA.