• The only platform designed for Personal Injury Lien and LOP Holders.

      Automatically connect to:

      • Life Science Companies
      • Bio Technologies
      • Medical Factoring Companies
      • Law Firms
      • Other Providers
      • And more in our proprietary marketplace

    • Patient First

      ​Unparalleled Access

      Our passion at Metaclinic is to provide the best patient experience with your company. We develop world-class applications that ensure patient retention and engagement throughout your case.

      Analytics

      Valuable Insights

      Monitor care/case data in real time to gain insight into clinic performance and patient engagement.

      Virtual Hospital

      Get Connected

      Metaclinic offers custom and off-the-shelf capabilities to support the most Complex care network protocols with virtual visits, from scheduling to incorporating all third parties involved.

      Personal Injury

      Enhanced Communication

      Electronically Source, Digital Referral forms, Electronic Lien Tracking, Community Rules, and Offerings are unified on a global cloud platform.

    • Build your offering

      Bring quality diagnostics and treatment to more patients.

      All Posts
      ×
      ×
      Aptible
      DEPLOY
      GRIDIRON
      META CLINIC, LLC SETTINGS
      APPROVED BY TREVOR REEVES  AT AUGUST 5, 2019 6:49PM UTC
      ← All Policies
      Policies
      HIPAA Privacy
      Purpose
      The purpose of this policy is to establish requirements for data privacy at Meta Clinic pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH").
      
      Summary
      Meta Clinic will only use or disclose HIPAA protected health information as authorized by its business associate contracts or by law. Unauthorized use or disclosure must be reported immediately to the Meta Clinic Privacy Officer.
      
      Scope
      This policy applies to all Meta Clinic HIPAA protected health information ("PHI") created, received, transmitted, or maintained by Meta Clinic information systems, and all workforce members and contractors.
      
      Audience
      This policy applies to all Meta Clinic workforce members and contractors.
      
      Policy Administration
      Ownership
      Management Team owns all Meta Clinic information privacy and security policies, including this policy.
      
      Maintenance
      Legal Team is responsible for maintaining this policy. Legal Team is also responsible for coordinating with policy enforcement entities to develop relevant procedures, guidelines, and standards.
      
      Enforcement
      All Meta Clinic workforce members and contractors are responsible for adhering to this policy. Managers, Dev Team, Ops Team, and system owners are responsible for ensuring that personnel are in compliance with this policy.
      
      Policy
      9.1 - Use and Disclosure of PHI
      Meta Clinic is regulated as a business associate under HIPAA. As a business associate, Meta Clinic is only permitted to use (internally) or disclose (to third parties) PHI as permitted by its upstream business associate contracts and by HIPAA. Any use or disclosure of PHI not expressly permitted by business associate contract or by HIPAA is prohibited.
      
      9.1.1 - Minimum Necessary Use and Disclosure
      Meta Clinic workforce members must make reasonable efforts to limit their use and disclosure of PHI to the minimum amount of information necessary to perform their authorized activities or duties.
      
      This standard does not apply to disclosures:
      
      For treatment,
      To the individual
      Pursuant to patient authorization, or
      When required by law
      For internal use of PHI, Meta Clinic uses access controls to identify and limit access to PHI pursuant to the Meta Clinic Access Control, Authentication, and Audit Logging Policy.
      
      9.1.2 - Accounting of Disclosures
      Patients have the right to request that Meta Clinic provide an accounting of disclosures that Meta Clinic makes of the patient's PHI. Legal Team will track disclosures of PHI on a six-year rolling basis, and is responsible for receiving and processing request for accountings. If you receive a request for an accounting, please contact Legal Team.
      
      Pursuant to 45 CFR §164.528, the following must be tracked:
      
      The date of the disclosure
      The name of the entity or person who received the PHI, and their address (if known)
      A brief description of the PHI disclosed, and
      A brief statement of the purpose of the disclosure
      The following disclosures are exempt from this policy:
      
      Disclosures to carry out treatment, payment, and health care operations (as provided in 45 CFR § 164.506)
      Disclosures to individuals of protected health information about them (as provided in 45 CFR § 164.502)
      Disclosures incident to a use or disclosure otherwise permitted or required by the HIPAA Privacy Rule (as provided in 45 CFR § 164.502)
      Disclosures pursuant to a patient authorization (as provided in 45 CFR § 164.508)
      9.1.3 - Disclosures to Subcontractors
      Meta Clinic may disclose PHI to one of its own business associates that is performing an activity on its behalf when Meta Clinic establishes the permitted and required uses and disclosures of PHI and obtains satisfactory assurances that the business associate will safeguard the information. Satisfactory assurances are documented in writing through a business associate agreement approved by Legal Team. Please contact Legal Team if you have questions about whether a business associate relationship exists in a specific situation.
      
      9.2 - Amendments to PHI
      Patients may ask to correct or amend his or her healthcare record. If the patient is unable to self-serve through the Meta Clinic information systems, immediately contact Legal Team as soon as you become aware of the request. Legal Team will either respond directly or forward to the appropriate covered entity.
      
      9.3 - Notification of Impermissible Use or Disclosure of PHI
      All Meta Clinic workforce members and contractors must report unauthorized use or disclosure of PHI to the Meta Clinic Security Officer immediately. The Security Officer will notify Legal Team and execute the appropriate incident response playbook pursuant to the Meta Clinic Incident Response Plan.
      
      9.4 - HIPAA Privacy Training
      All Meta Clinic workforce members are required to complete HIPAA privacy training, pursuant to the Meta Clinic Privacy & Security Training Policy and Plan.
      
      9.5 - Complaints
      Any complaints or questions about data privacy must be referred to the Meta Clinic Privacy Officer.
      
      9.6 - No Intimidation or Retaliation
      Meta Clinic workforce members shall never intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise by the individual of any right established, or for participation in any process provided for, by HIPAA, including the filing of a complaint.
      
      If any Meta Clinic workforce member witnesses such an act, they shall report it immediately to the Meta Clinic Privacy Officer, or else to Meta Clinic management.
      
      9.7 - No Waiver of Rights
      Meta Clinic workforce members shall never require individuals to waive their rights under HIPAA as a condition of the provision of treatment, payment, enrollment in a health plan, or eligibility for benefits.
      
      References
      HIPAA Administrative Simplification
      AptibleAptible, Inc. © 2019
      Documentation
      Support
      Status