NEA Powered by Vyne (The Company) is committed to respecting your privacy and recognizes the need for appropriate protection of personally identifiable information, including name, address, e-mail address, and credit card information. The information collected is limited to what the company believes is necessary to conduct our business, to administer your account, and to comply with laws and regulations.
We authorize access to information about our clients for only those employees who need know that information as part of their job responsibilities. We also educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and our Code of Conduct. We take appropriate disciplinary measures to enforce employee privacy responsibilities.
The Company uses e-mail as a standard means of communication with our clients. As such, we collect and store e-mail addresses for a technical support contact, an administrative contact, and a billing contact. We may also utilize for e-mail address for the following types of e-mail messages:
We make these commitments to you:
The Company collects and securely stores credit card information for account payment processing. The Company follows all Payment Card Industry Data Security Standards (PCI-DSS) in the collection, storage and usage of this information.
HIPAA clearly defines exactly what information, if maintained by those providers and plans that are subject to HIPAA, must be protected from unauthorized use or disclosure. The privacy standards apply to individually identifiable health information that is used, transmitted or stored in any form, such as paper, electronic, data, or verbally, that concerns the individual’s past, present, or future health, or that addresses the individual’s means of receiving that care. Examples of identifiable information protected by HIPAA: names, addresses, cities, phone numbers, fax numbers, e-mail addresses, web addresses, license numbers, zip codes, account numbers, and birth dates.
HIPAA also affords patients a number of new rights under these standards. They have the right to receive privacy policies from providers who are subject to HIPAA, the right to access and copy their own health information, the right to a history of certain types of disclosures of their information, and the right to request an amendment of their information. Covered entities are required to adopt processes in order to notify patients of their rights, and to handle patient requests to exercise their rights. The administrative requirements under the HIPAA privacy rules are many, including a requirement that covered entities appoint privacy officers and train all their work force in privacy issues.
In connection with certain types of disclosures of health information, covered entities are generally permitted to transfer the protected health information to their contractors known as business associates, as long as written contractual assurances are in place with those business associates, requiring the business associate to safeguard the information as required by the HIPAA regulations. Note that a contract for disclosure of health information is not required when that information is being passed from one provider to another for purposes of treatment.
The Final Rule adopting HIPAA standards for the security of electronic health information was published in the Federal Register on February 20, 2003. The Company has hired an outside consulting team who spends time with MEA/NEA to be sure that Privacy and Security Standards are met constantly.
This final rule adopts standards for the security of electronic protected health information to be implemented by health plans, health care clearinghouses, and certain health care providers. The use of the security standards will improve the Medicare and Medicaid programs, and other Federal health programs and private health programs, and the effectiveness and efficiency of the health care industry in general by establishing a level of protection for certain electronic health information. This final rule implements some of the requirements of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
We trust that the electronic standards and code sets and subsequent objectives of HIPAA will improve the general efficiency in which healthcare is administered. More importantly, we are confident that HIPAA will provide for the security and confidentiality of an individual’s health information and provide specific, undeniable rights to the patient with regard to the handling and administration of that information. Under those auspices, The Company will provide products and services that are designed to comply with the law and to help you comply in a timeframe mandated by law. Our customers can rely on us to support them to this extent. However, the Company will not give you legal advice on your obligations under HIPAA, and software and services alone cannot make a healthcare practice HIPAA compliant.
The Company will submit to all required testing and certification of its products and services covered by HIPAA. Additionally, the Company is investing significant resources to analyze and revise all company policies and procedures to ensure complete compliance.
As we have done for more than 11 years, we will continue to provide our customers with significant upgrades and enhancements, many of which will assist our customers in their efforts to become compliant. Please note that HIPAA standards require our customers to address internal policies and procedures and change their practices in ways that extend beyond the scope of our products and services. While we will continue to provide our customers with product upgrades and information that will assist customers in becoming compliant, we also strongly encourage our customers to become familiar with all HIPAA regulations and how they impact their own respective practices. The Company actively attends standards meetings across the country and will continue to work with organizations that are involved not only with standards but engaged with RHIOs and Attachments.