100% free for Law Firms
Metaclinic defines a new category of software-based solutions for law firms, and our affordable solution provides lienholders the essential tools to manage their liens as well.
Medical Expenditure Manager
Monitor medical expenditure in real time form one portal
Tracking medical bills and data can be a real challenge. HIPAA has made medical data difficult to share, even between doctors. Metaclinic aggregates all medical records and lienholder information for your practice
Aptible DEPLOY GRIDIRON META CLINIC, LLC SETTINGS APPROVED BY TREVOR REEVES AT AUGUST 5, 2019 6:49PM UTC ← All Policies Policies HIPAA Privacy Purpose The purpose of this policy is to establish requirements for data privacy at Meta Clinic pursuant to the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH"). Summary Meta Clinic will only use or disclose HIPAA protected health information as authorized by its business associate contracts or by law. Unauthorized use or disclosure must be reported immediately to the Meta Clinic Privacy Officer. Scope This policy applies to all Meta Clinic HIPAA protected health information ("PHI") created, received, transmitted, or maintained by Meta Clinic information systems, and all workforce members and contractors. Audience This policy applies to all Meta Clinic workforce members and contractors. Policy Administration Ownership Management Team owns all Meta Clinic information privacy and security policies, including this policy. Maintenance Legal Team is responsible for maintaining this policy. Legal Team is also responsible for coordinating with policy enforcement entities to develop relevant procedures, guidelines, and standards. Enforcement All Meta Clinic workforce members and contractors are responsible for adhering to this policy. Managers, Dev Team, Ops Team, and system owners are responsible for ensuring that personnel are in compliance with this policy. Policy 9.1 - Use and Disclosure of PHI Meta Clinic is regulated as a business associate under HIPAA. As a business associate, Meta Clinic is only permitted to use (internally) or disclose (to third parties) PHI as permitted by its upstream business associate contracts and by HIPAA. Any use or disclosure of PHI not expressly permitted by business associate contract or by HIPAA is prohibited. 9.1.1 - Minimum Necessary Use and Disclosure Meta Clinic workforce members must make reasonable efforts to limit their use and disclosure of PHI to the minimum amount of information necessary to perform their authorized activities or duties. This standard does not apply to disclosures: For treatment, To the individual Pursuant to patient authorization, or When required by law For internal use of PHI, Meta Clinic uses access controls to identify and limit access to PHI pursuant to the Meta Clinic Access Control, Authentication, and Audit Logging Policy. 9.1.2 - Accounting of Disclosures Patients have the right to request that Meta Clinic provide an accounting of disclosures that Meta Clinic makes of the patient's PHI. Legal Team will track disclosures of PHI on a six-year rolling basis, and is responsible for receiving and processing request for accountings. If you receive a request for an accounting, please contact Legal Team. Pursuant to 45 CFR §164.528, the following must be tracked: The date of the disclosure The name of the entity or person who received the PHI, and their address (if known) A brief description of the PHI disclosed, and A brief statement of the purpose of the disclosure The following disclosures are exempt from this policy: Disclosures to carry out treatment, payment, and health care operations (as provided in 45 CFR § 164.506) Disclosures to individuals of protected health information about them (as provided in 45 CFR § 164.502) Disclosures incident to a use or disclosure otherwise permitted or required by the HIPAA Privacy Rule (as provided in 45 CFR § 164.502) Disclosures pursuant to a patient authorization (as provided in 45 CFR § 164.508) 9.1.3 - Disclosures to Subcontractors Meta Clinic may disclose PHI to one of its own business associates that is performing an activity on its behalf when Meta Clinic establishes the permitted and required uses and disclosures of PHI and obtains satisfactory assurances that the business associate will safeguard the information. Satisfactory assurances are documented in writing through a business associate agreement approved by Legal Team. Please contact Legal Team if you have questions about whether a business associate relationship exists in a specific situation. 9.2 - Amendments to PHI Patients may ask to correct or amend his or her healthcare record. If the patient is unable to self-serve through the Meta Clinic information systems, immediately contact Legal Team as soon as you become aware of the request. Legal Team will either respond directly or forward to the appropriate covered entity. 9.3 - Notification of Impermissible Use or Disclosure of PHI All Meta Clinic workforce members and contractors must report unauthorized use or disclosure of PHI to the Meta Clinic Security Officer immediately. The Security Officer will notify Legal Team and execute the appropriate incident response playbook pursuant to the Meta Clinic Incident Response Plan. 9.4 - HIPAA Privacy Training All Meta Clinic workforce members are required to complete HIPAA privacy training, pursuant to the Meta Clinic Privacy & Security Training Policy and Plan. 9.5 - Complaints Any complaints or questions about data privacy must be referred to the Meta Clinic Privacy Officer. 9.6 - No Intimidation or Retaliation Meta Clinic workforce members shall never intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise by the individual of any right established, or for participation in any process provided for, by HIPAA, including the filing of a complaint. If any Meta Clinic workforce member witnesses such an act, they shall report it immediately to the Meta Clinic Privacy Officer, or else to Meta Clinic management. 9.7 - No Waiver of Rights Meta Clinic workforce members shall never require individuals to waive their rights under HIPAA as a condition of the provision of treatment, payment, enrollment in a health plan, or eligibility for benefits. References HIPAA Administrative Simplification AptibleAptible, Inc. © 2019 Documentation Support Status