HIPAA Policy

Clinical Hero HIPAA Policy

We, at Clinical Hero (CH) (hereafter the “Company”, “Clinical Hero”, or “CH”) treat the privacy of those who use our service, with the highest importance.

APPLICABILITY

Sharing or Renting Information

The Company does not rent, sell, or share subject personal identifiable information with any non-affiliated companies, and makes every reasonable attempt to safeguard subject privacy. Except where required by regulation, court order, official authority or applicable law, Company will not make available individual customer information or data to any non-affiliated third party.

DEFINITIONS

HIPAA: Health Insurance Portability and Accountability Act of 1996, Public Law 104-191

POLICY DETAILS

	HIPAA	Clinical Hero (CH)
Do individuals have access to their study information?	Under HIPAA, patients can request a copy of their medical records from their health care provider. This typically requires completing release paperwork and may require a printing or copying fee. In some circumstances, availability of certain records may be limited.	In CH, subjects study history is not captured or maintained.
Are individuals informed of how their information is used and protected?	Health care providers must provide patients with written notice of their HIPAA privacy rights.	CH does not have a physical research site, and is not considered a ‘health care provider ‘ and is not a ‘covered entity.’
What information is protected?	Under HIPAA, personally identifiable information is protected. De-identified patient information is not protected. Aggregate, de-identified patient information can be published and shared with third parties.	Under the CH privacy policy, personally identifiable information is protected.
When is information sharing permitted?	Health care providers may share information with patient authorization, and may share without authorization, for certain purposes, such as: • When doctors or other health care providers share information to treat patients, like when faxing patient records for a referral • When used for payment, including sharing with insurance companies to pay for care • When employers face workplace injury claims • When public health researchers need aggregate information for studies • For health care operations, including to contractors and vendors operating on a provider’s behalf (subject to security and confidentiality requirements)	CH may share information with explicit user authorization, and may share without authorization in certain limited circumstances, such as: • With contractors and vendors operating solely on Company’s behalf (subject to security and confidentiality requirements) • To protect against imminent harm to the rights, property or safety of CH, its users, or the public, or to address fraud or violations of the Terms of Service
When is information sharing required?	Under various federal and state laws, health care providers must share patient information to comply with court orders and subpoenas. HIPAA itself also allows health care providers to voluntarily share patient information with law enforcement without a subpoena and without permission from or notice to the patient.	Under various federal and state laws, CH must share user information to comply with court orders and subpoenas. When possible, we notify the user in order to give them the opportunity to object. Under the Electronic Communications Privacy Act (ECPA), CH may not voluntarily share most user information with law enforcement.
How does the individual authorize sharing?	Patient authorization is not required for institutions to share information in the case of certain permitted disclosures, described above. When authorization is required, patients provide consent to share information through a written authorization form that must satisfy certain HIPAA requirements. Sharing is revocable under HIPAA.	When an individual uses the CH website, they must agree to the Terms and Conditions, and Privacy Policy, and can opt-out at any time.
Is information protected when used by third parties?	If the third party is covered by HIPAA, HIPAA rules apply. If the third party (e.g., a patient’s family member or employer) is not covered by HIPAA, HIPAA rules do not apply.	If the third party is covered by HIPAA, HIPAA rules apply. If the third party (e.g., a patient’s family member or employer) is not covered by HIPAA, HIPAA rules do not apply. Online services not covered by HIPAA that wish to integrate with CH must comply with CH’s policies, which establish strict privacy standards for how they collect, use, or share user information.
Do individuals have a right to correct inaccurate information in their records?	Patients can request corrections in their records, and the service or doctor can reject or accept the request.	Subject can delete or edit any of their PII stored on the company website.
How is information kept secure?	HIPAA requires that health care providers and other services maintain a minimum standard of “reasonable and appropriate safeguards to prevent intentional or unintentional use or disclosure of health information”.	CH secures information by: • Using electronic security measures such as Secure Socket Layer (SSL) encryption, back-up systems, and other current information security technology • Strongly restricting information access to a limited number of trained and authorized personnel
Who enforces privacy protections?	Under HIPAA, the Department of Health and Human Services enforces HIPAA privacy protections through civil and criminal penalties. Read more information about HIPAA enforcement from the HHS Office of Civil Rights.	Under Section 5 of the Federal Trade Commission Act, the FTC enforces privacy protections in the Clinical Hero (CH) privacy policy through civil and criminal penalties. State attorneys general and district attorneys have similar authority under general consumer protection laws.

Contacting Us

We welcome any questions or comments you may have regarding this HIPAA Policy. Please feel free to contact us at info@clinicalhero.com