At Prehensile Software, LLC, including our family of products namely, OperaDDS™, Pager™, Chorus™, Send™, Recare™ , we are committed to maintaining the confidentiality of information entrusted to us by our clients, Business Associates / Subcontractor, especially individually identifiable personal and health information such as names, addresses, and Protected Health Information (PHI).
OperaDDS™, Pager™, Chorus™, Send™, Recare™ enables our customers to communicate with their employees, patients, vendors, and other health care providers, via email and text message while complying with HIPAA.
Prehensile Software, LLC (“Prehensile”) protects the confidentiality of information it receives by adhering to the requirements of the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule governs the acquisition, storage, transfer and retention of Protected Health Information, in both electronic and paper formats. The Security Rule covers all information acquired, maintained or transferred electronically.
We comply with all business associate obligations under HIPAA/HITECH, enabling us to provide the highest level of service to our health care provider customers.
Prehensile follows the policies and practices it has documented in its HIPAA Privacy Manual and in its HIPAA Security Compliance Plan. These documents cover areas such as:
- Physical security of electronic equipment used to acquire and store PHI
- Technical safeguards to prevent unauthorized access to PHI
- Training and awareness for staff members who have access to PHI
We respect the privacy of personal health information and take securing all PHI data seriously. Prehensile’s services are HIPAA ready and enable practices using the system to comply with its obligations as a Covered Entity.
Our OperaDDS™ products are HIPAA-ready services that include:
- Send™ – secure HIPAA compliant Email with unlimited attachment to any address
- Pager™ – instant intraffice messaging, getting all the information to and from staff
- Chorus™ – all lab, doctor, and patient information in one easy solution
- Recare™ – reduce no-shows through email and text confirmations
Use and Disclosures of Health Information:
Prehensile assure the appropriate use and disclosure of PHI is done in the normal course of business and appropriate based on the contracts with clients. Prehensile will assure appropriate and adequate safeguards are established to protect customers’ patient information from unauthorized use and disclosures; where use is defined as the sharing, employment, application, utilization, examination, or analysis of information within an entity that maintains such information; and where disclosure is defined as release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information.
Breach notification will be carried out in compliance with the American Recovery and Reinvestment Act (ARRA)/Health Information Technology Economic and Clinical Health Act (HITECH), Modifications to the HIPAA Privacy, Security Enforcement and Breach Notification Rules under the HITCH Act (Omnibus Rule).
HIPAA Privacy Practices Policy & Procedures:
Prehensile acknowledges the need for practices with accounting of disclosure, electronic access to PHI, fundraising and PHI, sale of PHI, research and PHI, and marketing and PHI. Through the normal course of business, Prehensile does not take part of any activities that would fall under the classifications of: Fundraising Activities; Sale of PHI; Marketing and Research and PHI.
Risk Analysis and Management:
Prehensile is focused on protecting the confidentiality, integrity, and accessibility of the PHI. Prehensile will regularly and timely reviews of threats and vulnerabilities to their organization and systems focused on protecting the confidentiality, integrity, and accessibility of PHI. Prehensile will take the proper steps to mitigate and reduce the risks to the organization and the PHI maintained.
Workforce & Information System Security:
Prehensile is committed to proper protection of all uses and disclosures of PHI that it stores and maintains on behalf of a covered entity, and accordingly it is committed to hold all workforce members responsible for the proper protection of privacy and security requirements. Prehensile will assure that the workforce members logging into the electronic systems that contain PHI are only looking at information needed to complete the daily operational work. Prehensile doesn’t have access to the information of each of the individual organizations that are in the system software. Prehensile is focused on protection of the physical components of the business that store and maintain PHI for the organization. Prehensile assures that limitations are put on the ability to provide physical limitations to any PHI. Prehensile only allow the appropriate access to systems based on business need and client responsibility.
Security Incident & Contingency Plan:
To protect all electronic media used for patient care, Prehensile Software will properly report and respond to all potential security incidents that occur within the organization. The contingency plan for Prehensile system will focus on data backup, disaster recovery, emergency mode operation plan, testing and revision, and application and data criticality analysis. Prehensile will assure adequate controls are in place through regular review and evaluation to protect the confidentiality, integrity, and availability of electronic PHI.
Prehensile will enter maintain a process to assure the information shared and used by subcontractors is properly protected and safeguarded as required in the HIPAA regulation. Prehensile will enter into a written business associate agreement with all subcontractors that create, receive, maintain, or transmit PHI to support the business operations of Prehensile. Business Associates/Subcontractors will be obligated to effectively maintain the privacy and security of PHI (PHI) as required by HIPAA and Prehensile.
Prehensile is required by the HIPAA Security Rule to assure that the integrity to the data that it stores and maintains has not been altered or destroyed in an authorized manner. Prehensile will protect all ePHI that it stores, maintains, and transmits from improper alternation and destruction by implementing a combination of policy and technical solutions, in the maintenance, retention, and eventual destruction/disposal of PHI.
HIPAA Security Officer:
Prehensile will assure that an individual’s is appointed to be the organization’s HIPAA Security officer. The security officer is responsible for the oversight and management of the organization’s compliance with the HIPAA regulations. The security officer is the individual who is responsible for assuring the development, awareness, and enforcement of all the HIPAA policy and procedures established meet requirements.
Prehensile will assure timely and appropriate policies and procedures in order to comply with the HIPAA Privacy and Security Regulations; accordingly, documentation will be updated, maintained, stored in accordance with the regulations.
If you have any questions or concerns regarding this notice, please contact: Prehensile Software LLC, Attn: Security Officer, 109 Bushaway Road, suite 300, Wayzata MN 55391; or email at firstname.lastname@example.org.
Updated: December 8, 2015.