Empire Health Care Solutions

Health Care Consulting Privacy Notice

Privacy Notice
 
 
Home About us Contact RFI/RFP Affiliates Privacy Notice Sitemap
 
 
Privacy Notice
Main
News
Services
Downloads
Resources/Links
 
 
 

Contact Us

Empire HCS

716 823 2375

Request Information or a Proposal

RFI/RFP Request Form
 
 
  Privacy Notices  
 

 

It is the Policy of Empire Health Care Services to publicly disclose its Internet and HIPAA Privacy and Security Practices.  We believe that awareness and disclosure of these policies promotes confidence and trust which are the cornerstone of developing good business relationships.

 

Our HIPAA policy reflects the HIPAA Security Regulation published 04/14/2003 with an effective date of compliance of 04/01/2005

    
 
bullet

Internet and Web Security

 

THIS PRIVACY STATEMENT DISCLOSES the privacy practices for Empire Health Care Solutions' URL.  We have agreed to disclose our information practices and believe it is important you are aware how your interaction with our site is maintained as well as what information may be exchanged and for what its use. You will be notified of:

  1. Personally identifiable information about you that is collected from the website or through third parties

  2. The organization collecting the information

  3. How the information is used

  4. with whom the information may be shared

  5. what choices are available to you regarding collection, use and distribution of the information

  6. The security procedures that protect the loss, misuse or alteration of information under Empire Health Care Solutions control

  7. How you can correct any inaccuracies in the information

bullet

Information Collection and Us

Empire Health Care Solutions is the sole owner of the information collected on this site. We do not collect personally identifiable information about you during your visits to our site unless you voluntarily request additional information from us through email the use of the forms on our site.  All information provided in that manner is strictly voluntary and at your discretion.  We will not sell, share or rent this information to others in ways different from what is disclosed in this statement without your prior consent.

bullet

Log Files

We use IP addresses to administer the site, track user movement and gather demographic information for aggregate use. IP addresses are not linked to identifiable information.

bullet

Sharing

We do not share, sell, lease or otherwise distribute aggregated demographic information to our partners, affiliates or others, even though the aggregate information is not linked to any personal information that can identify any individual person.

bullet

Links

This website contains links to other sites. We are not responsible for the privacy practices of other sites. Read the privacy statements of each website that collects identifiable information.

bullet

Security

This website takes every precaution to protect users' information. When users submit sensitive information via the website, their information is protected both online and offline. Our registration, information request forms do not request visitors to enter or otherwise supply sensitive information (such as credit card number, Tax Id Numbers or  Social Security number)

bullet

Supplementation of Information

We do not supplement the information we receive with information from third-party sources.

bullet

Correction/Updating Personal Information

If a user's personally identifiable information changes (such as a ZIP code), or if a user no longer desires our service, we will provide a way to correct, update or remove that user's personal data.

bullet

Choice/Opt-out

used for purposes not directly related to our site at the point where we ask for the information

Questions regarding our privacy policy can be directed to us at:

 

Email:

privacy@empirehcs.com

 

Postal:

Privacy Information

Empire Health Care Solutions

Suite 306

1902 Ridge Rd

West Seneca, NY   14224-3312

      

bullet

HIPAA

 

Empire Health Care Solutions HIPAA Business Associate Contract

(reflecting the HIPAA Security Rule published on April 17, 2003, effect April, 2005)

 

Business Associate Addendum (“Addendum”), effective on the later of April 14, 2003 the Compliance Date (defined in Section 5.3 below) is entered into by and between Empire Health Care Solutions, and ________________ with an address at _________________________, on behalf of itself and its subsidiaries listed on Schedule A attached hereto (“Customer”) (each a “Party” and collectively the “Parties”).

 

  1. BACKGROUND AND PURPOSE.  The Parties have entered into one or more contracts described or listed on Schedule B attached hereto (the “Underlying Contract(s)”), which require Empire Health Care Solutions to be provided with, to have access to, and/or create Protected Health Information that is subject to the federal regulations issued pursuant to the Health Insurance Portability and Accountability Act ("HIPAA") and codified at 45 C.F.R. parts 160 and 164 HIPAA Regulations.  This Addendum shall supplement and/or amend each of the Underlying Contract(s) only with respect to Empire Health Care Solutions receipt, use and creation of PHI under the Underlying Contract(s) to allow Customer to comply with sections 164.502(e) and 164.314(a)(2)(i) of the HIPAA Regulations.  Except as so supplemented and/or amended, the terms of the Underlying Contract(s) shall continue unchanged and shall apply with full force and effect to govern the matters addressed in this Addendum and in each of the Underlying Contract(s)

  2. Definitions.  Unless otherwise defined in this Addendum, all capitalized terms used in this Addendum have the meanings ascribed in the HIPAA Regulations, provided, however, that “PHI” and “ePHI” shall mean Protected Health Information and Electronic Protected Health Information, respectively, as defined in 45 C.F.R. §160.103, limited to the information Empire Health Care Solutions received from or created or received on behalf of Customer as Customer’s Business Associate.

  3. OBLIGATIONS OF THE PARTIES WITH RESPECT TO PHI

    1. Obligations of Empire Health Care Solutions.  With regard to its use and/or disclosure of PHI, Empire Health Care Solutions agrees to:

    2. not to use or disclose PHI other than as permitted or required by this Addendum or as required by law.  [§164.504 (e)(2)(ii)(A)]

    3. use appropriate safeguards to prevent use or disclosure of PHI other than as provided for by this Addendum.  [§164.504 (e)(2)(ii)(B)]

    4. report to Customer any use or disclosure of PHI not provided for by this Addendum of which Empire Health Care Solutions becomes aware.  [§164.504 (e)(2)(ii)(C)]

    5. ensure that any agents and subcontractors to whom it provides PHI received from, or created or received by Empire Health Care Solutions [Vendor] on behalf of Customer agree to the same restrictions and conditions set forth in the business associate provisions of the HIPAA Regulations that apply through this Addendum to Empire Health Care Solutions with respect to such information. [§164.504 (e)(2)(ii)(D)]

    6. within twenty (20) days of receiving a written request from Customer, make available to the Customer PHI necessary for Customer to respond to individuals’ requests for access to PHI about them in the event that the PHI in Empire Health Care Solutions’ possession constitutes a Designated Record Set.  [§164.504 (e)(2)(ii)(E)]

    7. within forty (40) days of receiving a written request from Customer, make available to the Customer PHI for amendment and incorporate any amendments to the PHI in accordance with 45 C.F.R. Part 164 Subpart E (“Privacy Rule”) in the event that the PHI in Empire Health Care Solutions’ possession constitutes a Designated Record Set.  [§164.504 (e)(2)(ii)(F)]

    8. within forty (40) days of receiving a written request from Customer, make available to the Customer the information required for the Customer to provide an accounting of disclosures of PHI as required by the Privacy Rule.  [§164.504 (e)(2)(ii)(G)]

    9. make its internal practices, books and records relating to the use and disclosure of PHI available to the Secretary of HHS for purposes of determining Customer's compliance with the Privacy Rule.  [§164.504 (e)(2)(ii)(H)]

    10. upon the expiration or termination of an Underlying Contract, return to Customer or destroy all PHI, including such information in possession of Empire Health Care Solutions’ subcontractors, as a result of the Underlying Contract at issue and retain no copies, if it is feasible to do so. If return or destruction is infeasible, Empire Health Care Solutions agrees to extend all protections, limitations and restrictions contained in this Addendum to Empire Health Care Solutions’ use and/or disclosure of any retained PHI, and to limit further uses and/or disclosures to the purposes that make the return or destruction of the PHI infeasible.  This provision shall survive the termination or expiration of this Addendum and/or any Underlying Contract. [§164.504 (e)(2)(ii)(I)]

    11. use reasonable commercial efforts to mitigate any harmful effect that is known to Empire Health Care Solutions of a use or disclosure of PHI by Empire Health Care Solutions in violation of the requirements of this Addendum.

    12. implement administrative, physical, and technical safeguards (‘Safeguards”) that reasonably and appropriately protect the confidentiality, integrity, and availability of ePHI as required by 45 C.F.R. Part 164 Subpart C (“Security Rule”) [§164.314 (a)(2)(i)(A)];

    13. ensure that any agent and subcontractor to whom Empire Health Care Solutions provides ePHI agrees to implement reasonable and appropriate safeguards to protect ePHI [§164.314 (a)(2)(i)(B)];

    14. report promptly to Covered Entity any Security Incident of which Empire Health Care Solutions becomes aware.  [§164.314 (a)(2)(i)(C)]; and

    15. make its policies, procedures and documentation required by the Security Rule relating to the Safeguards available to the Secretary of HHS for purposes of determining Customer's compliance with the Security Rule.  [68 Fed. Reg. 8334, 8359]

  4. Permitted Uses and Disclosures of PHI. Except as otherwise specified in this Addendum, Empire Health Care Solutions may make any and all uses and disclosures of PHI necessary to perform its obligations under the Underlying Contracts. Unless otherwise limited herein, Empire Health Care Solutions may:

    1. use the PHI in its possession for its proper management and administration and to carry out the legal responsibilities of Empire Health Care Solutions  [§164.504 (e)(4)(i)];

    2. disclose the PHI in its possession to a third party for the purpose of Empire Health Care Solutions’ proper management and administration or to carry out the legal responsibilities of Empire Health Care Solutions, provided that the disclosures are required by law or Empire Health Care Solutions obtains reasonable assurances from the third party regarding the confidential handling of such PHI as required under the Privacy Rule [§164.504 (e)(4)(ii)];

    3. provide Data Aggregation services relating to the health care operations of the Customer [§164.504 (e)(2)(i)(B)] and

    4. e-identify any and all PHI obtained by Empire Health Care Solutions under this Addendum, and use such de-identified data, all in accordance with the de-identification requirements of the Privacy Rule.  [§164.502 (d)(1)]  [Listing of specific uses and disclosures required to perform the Underlying Contract(s).]

  5. TERMINATION BY CUSTOMER Should Customer become aware of a breach of a material term of this Addendum by Empire Health Care Solutions, the Customer shall provide Empire Health Care Solutions with written notice of such breach in sufficient detail to enable Empire Health Care Solutions to understand the specific nature of the breach.  Customer shall be entitled to terminate the Underlying Contract associated with such breach if, after Customer provides the notice to Empire Health Care Solutions, fails to cure the breach within a reasonable time period specified by Customer in such notice; provided, however, that such time period specified by Customer shall be based on the nature of the breach involved. [§§164.504 (e)(1)(ii)(A),(B) & 164.314 (a)(2)(i)(D)]

  6. MISCELLANEOUS

    1. in case of any conflict with the terms of any Underlying Contract to the extent necessary to allow Customer to comply with the HIPAA Regulations.  The bracketed citations to the HIPAA Regulations in several paragraphs of this Addendum are for reference only nd shall not be relevant in interpreting any provision of this Addendum, except as set forth in Section 5.3 below.

    2. No Third Party Beneficiaries.  Nothing in this Addendum shall confer upon any person other than the Parties and their respective successors or assigns, any rights, remedies, obligations, or liabilities whatsoever.

    3. Compliance Date.  For the purposes of this Addendum, the Compliance Date for a section of this Addendum is defined as the date on which the HIPAA Regulations require compliance by the Customer with the referenced provision of the HIPAA Regulations; if multiple regulations are referenced, the one requiring earliest compliance shall apply.  If a section does not reference a provision of the HIPAA Regulations, for each Underlying Contract such section shall be effective on the later of April 14, 2003 or the effective date of such Underlying Contract.

     

Amendment.  To the extent that any relevant provision of the HIPAA Regulations is materially amended in a manner that changes the obligations of Business Associates or Covered Entities, the Parties agree to negotiate in good faith appropriate amendment(s) to this Addendum to give effect to these revised obligations.

Questions regarding our HIPAA  policies can be directed to us at:

 

Email:

hipaa@empirehcs.com

 

Postal:

HIPPA Privacy Information

Empire Health Care Solutions

Suite 306

1902 Ridge Rd

West Seneca, NY   14224-3312

   More About U s . . . ..
      

             Mission Statement

           Profile and Message from the President/CEO

           Return to About Us

 

About us Contact RFI/RFP Affiliates Privacy Notice Sitemap

  
 

Main | News | Services | Download | Mission Statement | Privacy | Resources | Site Map

Send mail to webmaster@empirehcs.com with questions or comments about this website.

Copyright 2005 Empire Health Care Solutions. All rights reserved