We take our legal and ethical obligations regarding your privacy very seriously. After all, we are dealing with your personal information, including medical information. Our clients and members must be able to trust us to exercise the greatest care possible to maintain your right to confidentiality. You can rest assured that confidential information you share with us will stay with us. Your personal information will never be used for any purpose other than to provide you the service you have requested from MedExpert. We will never disclose your information to any third party, for any reason.
II. Personal Information Collected
We may collect personal information about you from the following sources:
III. How We Use That Information
The personal information that MedExpert collects about you helps us and the clients for whom we work to efficiently and effectively represent you and provide you with the benefits due to you.
IV. Available Choices
Any personal information that you provide to us is voluntary. MedExpert users may update their personal information at any time.
V. Your California Privacy Rights
California residents have a right under state law to ask entities with whom they have an established business relationship to provide certain information regarding the sharing of personal information for direct marketing purposes during the past year.
MedExpert will honor such a request coming from any current or former MedExpert user or other person who has provided personal information to us in connection with obtaining an MedExpert product or service-whether residing in California or not.
VI. Information Security
We maintain administrative, technical, and physical safeguards designed to: (1) ensure the security and confidentiality of your personal information; (2) protect against any anticipated threats or hazards to the security or integrity of such information; and (3) protect against unauthorized access to or use of such information.
We store and process your personal information on our computers in the United States, and we protect it by maintaining physical, electronic and procedural safeguards in compliance with applicable U.S. federal and state regulations. We use computer safeguards such as firewalls and data encryption. We enforce physical access controls to our buildings and files. We also authorize access to personal information only for those employees who require it to fulfill their job responsibilities.
VII. HIPAA (Health Insurance Portability and Accountability Act) Compliance
MedExpert is fully compliant with HIPAA, which stands for the Health Insurance Portability and Accountability Act of 1996. A major component of HIPAA addresses the privacy of individuals' health information and how it can be used and disclosed. The HIPAA privacy laws became effective on 14 April, 2003.
HIPAA rules cover any health or medical information of identifiable individuals, including their medical records, medical billing records, any clinical or research databases, and tissue bank samples.
A HIPAA-compliant entity cannot use or disclose protected health information for any purpose other than treatment, payment, or health care operations without either the authorization of the individual or under an exception in the HIPAA regulations.
In addition to limiting the use and disclosure of protected health information, HIPAA also gives the patients the right to access this information and to know who the covered entity has disclosed this information to (including investigators' research files). It also restricts most disclosures to the minimum to accomplish the intended purpose and establishes criminal and civil penalties and fines for improper use and disclosure by HIPAA covered entities.
HIPAA "Marketing" Exemptions
"A communication is not "marketing" if it is made for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the individual."
HIPAA requires compliant entities to:
Compliance with the Health Information Technology for Economic and Clinical Health Act (HITECH)
The Health Information Technology for Economic and Clinical Health (HITECH) Act introduces more stringent requirements concerning HIPAA compliance. MedExpert is fully compliant with the HITECH Act, meeting or exceeding these new requirements.