HIPAA Business Associate Privacy Policy

Providentis, LLC.

HIPAA Business Associate Privacy Policy. Effective Date:  March 05, 2013.

PLEASE READ THIS PRIVACY POLICY CAREFULLY

By accessing or otherwise using this Providentis.com site, you agree to be bound contractually by this Privacy Policy. We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information that we obtain subject to the terms of a Business Associate Agreement.

1. Who We Are. Providentis, LLC, owns and operates Providentis.com website. All references to “we”, “us”, this “website” or this “site” shall be construed to mean Providentis, LLC.

2. What We Do. We provide data processing services to Covered Entities and other organizations under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as amended, including without limitation amendments by the Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively referred to herein as “HIPAA”). In the process of providing our services, we may access, receive process, maintain, archive, and/or transmit information defined by HIPAA as Protected Heath Information (PHI) and/or Electronic Protected Health Information (ePHI) from our Covered Entity customers (PHI and ePHI are collectively referred to herein as “PHI”).

3. Business Associate Agreement. A Business Associate Agreement is a formal written contract between us and a Covered Entity that obligates us to satisfy certain specific obligations regarding PHI of a Covered Entity that we may access, receive process, maintain, archive, and/or transmit in connection with our services.

4. Covered Entity. A Covered Entity is a health plan, health care provider, healthcare clearinghouse, or any authorized entity representative that must comply with the HIPAA Privacy Rule.

5. Protected Health Information (PHI). PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.

6. Purpose. This Privacy Policy provides information regarding how we use, disclose, and protect PHI in accordance with HIPAA and the Business Associate Agreements with our Covered Entity customers.

7. Use and Disclosure of PHI.

7.1 We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of performing our obligations under our services agreements to Covered Entities, provided that such use or disclosure is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates.

7.2 We may use PHI internally for our own internal management, administration, data aggregation and legal obligations, but only to the extent such use of PHI is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates.

7.3 We may disclose PHI for law enforcement purposes as required by law or in response to a valid subpoena.

7.4 We may disclose PHI to downstream subcontractors or agents that provide supporting services to us; however, we will require such subcontractors and agents to comply with the same terms and conditions that apply to us under the applicable Business Associate Agreement and PHI, including the implementation and maintenance of required safeguards.

8. Safeguards. We have established and maintained safeguards that are required by the applicable Business Associate Agreement and HIPAA, including its Privacy Rule and Security Rule as applicable to Business Associates.  These safeguards include administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the PHI that we access, receive process, maintain, archive, and/or transmit on behalf of our Covered Entity customers. Examples of safeguards include but not limited to: Such safeguards include:

  • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follow appropriate security procedures;
  • Providing appropriate training for our staff to assure that our staff complies with our security policies;
  • Making use of appropriate encryption when transmitting PHI over the Internet;
  • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
  • Utilizing appropriate authentication and access controls to safeguard PHI;
  • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
  • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.

9. Contact Us. If you have any questions regarding this Privacy Policy, please contact the owner and operator of this website business at:
Privacy Officer
Providentis, LLC.

HIPAA@Providentis.com

Material Modifications Since Effective Date: none.