HIPAA Policy
Study Scavenger LLC, DBA Clinical Hero
SS CH HIPAA Policy
We, at StudyScavenger.com (SS) DBA Clinical Hero (CH) (hereafter the “Company”, “Clinical Hero”, or “CH”) treat the privacy of our subjects with the highest importance. This policy details the measures we taken to preserving and safely guarding your privacy of their personal identifiable date (PII) medical data (covered by HIPAA) when you visit or communicate with our site or personnel. Regular updates of the HIPAA Privacy Policy are done which require you to check back on this Policy from time to time.
APPLICABILITY
Sharing or Renting Information
The Company does not rent, sell, or share subject personal identifiable information with other people or non-affiliated companies and makes every reasonable attempt to safeguard subject privacy. Except where required by regulation, court order, official authority or applicable law, Company will not make available individual customer information or data to any third party.
DEFINITIONS
HIPPA: Health Insurance Portability and Accountability Act of 1996, Public Law 104-191
POLICY DETAILS
HIPAA | Clinical Hero (CH) | |
Do individuals have access to their study information? | Under HIPAA, patients can request a copy of their medical records from their health care provider. This typically requires completing release paperwork and may require a printing or copying fee. In some circumstances, availability of certain records may be limited. | In CH, subjects study history is not captured or maintained. |
Are individuals informed of how their information is used and protected? | Health care providers must provide patients with written notice of their HIPAA privacy rights. | CH’s research site is not considered ‘health care providers ‘ and is not a covered entity. Subject’s information is encrypted and sits behind a SSL of protection. |
What information is protected? | Under HIPAA, personally identifiable information is protected. De-identified patient information is not protected. Aggregate, de-identified patient information can be published and shared with third parties. | Under the CH privacy policy, personally identifiable information is protected. |
When is information sharing permitted? | Health care providers may share information with patient authorization, and may share without authorization, for certain purposes, such as: • When doctors or other health care providers share information to treat patients, like when faxing patient records for a referral • When used for payment, including sharing with insurance companies to pay for care • When employers face workplace injury claims • When public health researchers need aggregate information for studies • For health care operations, including to contractors and vendors operating on a provider’s behalf (subject to security and confidentiality requirements) |
CH may share information with explicit user authorization, and may share without authorization in certain limited circumstances, such as: • With contractors and vendors operating solely on Company’s behalf (subject to security and confidentiality requirements) • To protect against imminent harm to the rights, property or safety of CH, its users or the public, or to address fraud or violations of the Terms of Service |
When is information sharing required? | Under various federal and state laws, health care providers must share patient information to comply with court orders and subpoenas. HIPAA itself also allows health care providers to voluntarily share patient information with law enforcement without a subpoena and without permission from or notice to the patient. | Under various federal and state laws, CH must share user information to comply with court orders and subpoenas. When possible, we notify the user in order to give them the opportunity to object. Under the Electronic Communications Privacy Act (ECPA), CH may not voluntarily share most user information with law enforcement. |
How does the individual authorize sharing? | Patient authorization is not required for institutions to share information in the case of certain permitted disclosures, described above. When authorization is required, patients provide consent to share information through a written authorization form that must satisfy certain HIPAA requirements. Sharing is revocable under HIPAA. | CH must perform due diligence in writing via email or text to alert subjects if data is being shared at anytime. Subjects must request and give the company permission to share information entered into Clinical Hero (CH) account. Sharing is revocable at any time by simply opting out of the service. |
Is information protected when used by third parties? | If the third party is covered by HIPAA, HIPAA rules apply. If the third party (e.g., a patient’s family member or employer) is not covered by HIPAA, HIPAA rules do not apply. | If the third party is covered by HIPAA, HIPAA rules apply. If the third party (e.g., a patient’s family member or employer) is not covered by HIPAA, HIPAA rules do not apply. Online services not covered by HIPAA that wish to integrate with CH must comply with CH’ss policies, which establish strict privacy standards for how they collect, use, or share user information. |
Do individuals have a right to correct inaccurate information in their records? | Patients can request corrections in their records, and the service or doctor can reject or accept the request. | Subject can delete or edit any of their PII stored on the company websites. |
How is information kept secure? | HIPAA requires that health care providers and other services maintain a minimum standard of “reasonable and appropriate safeguards to prevent intentional or unintentional use or disclosure of health information”. | CH secures information by: • Using electronic security measures such as Secure Socket Layer (CHL) encryption, back-up systems, and other cutting-edge information security technology • Strongly restricting information access to a limited number of trained and authorized personnel |
Who enforces privacy protections? | Under HIPAA, the Department of Health and Human Services enforces HIPAA privacy protections through civil and criminal penalties. Read more information about HIPAA enforcement from the HHS Office of Civil Rights. | Under Section 5 of the Federal Trade Commission Act, the FTC enforces privacy protections in the Clinical Hero (CH) privacy policy through civil and criminal penalties. State attorneys general and district attorneys have similar authority under general consumer protection laws. |
Contacting Us
We welcome any queries, requests you may have regarding this HIPAA Privacy Policy, or comments. Please do not hesitate and feel free to contact us at info@clinicalhero.com
HISTORY
Revision No. | Description of Change: |
00 | No changes to Policy Content. The policy header and footer information updated to follow new CH Policy Template and a policy number were assigned. |