1.3 Privacy Notice

ProServe Health Informatics works with industry groups to ensure that its products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). ProServe Health Informatics' products and services are specifically designed to include features that help our customers comply with HIPAA. Planwatch uses a database that employs a secure login process requiring a user name and password. Planwatch supports role-based access. That is, users are assigned to groups, each with certain access rights, which may include the ability to edit and add data or may limit access to data. When a user adds or modifies data within the database, a record is made that includes which data were changed, the user ID, and the date and time the changes were made. This establishes an audit trail that can be examined by authorized system administrators.

Products

ProServe Health Informatics' products, including Planwatch, incorporate the standard codes required by the HIPAA transaction standards, including the related subsets of the International Classification of Diseases, 9th and 10th Edition, Clinical Modification (ICD9 and ICD10-CM) and Current Procedural Terminology, 4th Edition (CPT-4).

Customer Support

ProServe Health Informatics' product support staff will work with customers to help implement ProServe Health Informatics' products in a HIPAA compliant environment. All remote access to customer patient information by ProServe Health Informatics product support staff will be made using a fully encrypted protocol.

Business Associate

HIPAA requires health care providers to enter into "business associate" contracts with certain businesses to which they disclose patient health information. These business associate contracts generally require the recipients of such information to use appropriate safeguards to protect the patient health information they receive. To perform certain service and support functions, ProServe Health Informatics personnel may need access to patient health information maintained by its customers. As a result, ProServe Health Informatics may be considered a "business associate" of customers to whom it provides such services. ProServe Health Informatics provides its customers with a business associate agreement that complies with HIPAA requirements.

ProServe Health Informatics' business associate contract will generally assure its customers that the company will use patient information obtained from them to provide services and support only and will safeguard that information from misuse. The agreement became effective on November 14, 2005.

Privacy & Security Policy

To implement these business associate requirements and protect the confidentiality and integrity of the patient information it receives, ProServe Health Informatics' Privacy and Security Policy will: