THINaër HIPAA Policy
HIPAA stands for the Health Insurance Portability and Accountability Act. This act, approved by Congress in 1996, provides patients with uniform access to their medical records and more control over how their personal health information is used and disclosed. It also requires health care providers to safeguard the security and confidentiality of medical records. Full information about the Act is provided on the US Department of Health & Human Services web site.
THINaër takes all required steps to be in compliance with HIPAA regulations. We have adopted a privacy plan and trained our employees. Our Chief Strategy Officer is responsible for ensuring that the procedures are implemented and up-to-date with current regulations. We have built our technology from the ground up to be HIPAA compliant.
An important aspect of HIPAA is patient notification. When you first register to use THINaër products, you will be asked to read and acknowledge receiving a copy of the following guidelines. Please read them carefully and feel free to ask any questions about how Personal Health Information, PHI will be protected.
Notice of Privacy Policies and Practices
This notice and HIPAA Attestation Form details how THINaër’s technology and staff collects, handles, and protects personal information and data, PHI. This policy and this attestation statement is made available for viewing on all consumer applications, our enterprise applications and on our web site. We will review this policy on an annual basis and monitor our compliance with this policy. Any necessary revisions will be made in a timely fashion.
Information we may collect and maintain
We collect non-public personal information about:
- Past medical history
- Real-time patient vital signs such as pulse, blood oxygen level, EKG/ECG and related current real-time health information including height, weight and BMI
- Current medication, prescriptions and number of times dispensing bottles are opened or accessed
- Real time data from inhalers and injection devices
- History of the present illness/complaint
- Family and social history
- Medications and allergies
- Patient demographics
How we protect your information
Our staff is trained to adhere to the following privacy measures with regards to Protected Health Information (PHI). Each member of THINaër’s staff must read and sign an Employee Confidentiality and Invention Assignment Agreement which outlines THINaër’s HIPAA policy. Additionally:
- PHI transmitted over the Internet is encrypted, and all access is protected by passwords.
- Computer display terminals are exited out to a screensaver when the operator leaves a station. Entry into the system is password protected. Passwords are not to be shared.
- Employees will not discuss PHI in a public area.
- The highest levels of Certified Amazon Web Service encryption is used for all messaging and storage
Information we may disclose and purpose
No PHI will be released without proper written consent from the patient or parent or guardian of the minor patient, unless the request is during an emergency. Occasions for release of PHI are the following:
- Workman’s compensation – The patient signs a record release at the time of the visit, as the chart notes must accompany the insurance billing.
- Legal pursuit – Attorney request (also includes medical record service) or subpoena
- Disability Documentation
- Auto Accident
- Insurance company chart audit
- Driver’s Form
- Insurance Claim adjudication
Our customers, partners and end users have a right to privacy and respect regarding their personal information:
- The right to access and copy health records with reasonable notice.
- The right to request amendment or correction.
- The right to an accounting of disclosures.
- The right to specify how confidential information is communicated.
- The right to request restriction on how health information is disclosed or used.
- The right to file a complaint if they believe that our safeguards and procedures have not been followed.
Any privacy issue complaints should be directed to the THINaër’s Privacy and Chief Strategy Officer. If satisfaction is not received, the patient may notify the Department of Health & Human Services.