Connective Health

Connective Health Privacy and Data Security Policy Statement

 

Connective Health takes information privacy and data security very seriously. The company is committed to protecting the privacy of confidential information with which we have been entrusted by our partners and customers. “Confidential information” includes protected health information and other sensitive information of or about an individual.

Connective Health’s products and solutions rely on a system for secure transmission of electronic clinical information between health care providers and organizations authorized to obtain, maintain and share patient information. More specifically, Connective Health acts on behalf of Covered Entities (e.g., physicians), as defined by HIPAA, to obtain patient medical histories to enable more effective patient evaluation, treatment and care. Connective Health is a Business Associate (as defined under HIPAA) of each of its customers. Connective Health is not a medical provider and does not make clinical decisions. 

Connective Health obtains and transmits data on behalf of Covered Entities and intends to only  maintain limited confidential information of patients. The confidential information that Connective Health transmits and maintains is governed by the company’s privacy and data security policies, which are described below.   

Privacy Policies and Notice of Privacy Practices

Connective Health maintains a set of Privacy Policies that establish the requirements for all Connective Health employees to protect and to use confidential information as required and permitted under applicable federal and state laws. The policies are intended to establish administrative and technical safeguards in compliance with HIPAA and other data privacy laws.

Connective Health’s privacy policies include the following fundamental requirements:

  • Use and Disclosure. Confidential information shall only be used and/or disclosed for the stated purposes in Connective Health’s agreements with its customers (health care providers) and in accordance data source requirements and with federal and state laws. Company may receive a customer’s authorization to de-identify certain confidential information for specific purpose(s). In these cases, once the confidential information has been de-identified, the company may use and disclose the de-identified information in accordance with the authorization.  In addition, Connective Health may use or disclose confidential information as required by law.
  • Data Storage. Any Confidential Information retained by Connective Health shall be stored and retained in accordance with the company’s contracts with Covered Entities, to fulfill a valid business purpose or as otherwise  required by law. See the company’s summary of Data Security Policies below.
  • Other HIPAA Requirements. Connective Health maintains Business Associate Agreements with each of its Covered-Entity customers and pursuant to such agreements the company will respond to all HIPAA related requests. However, Connective Health does not maintain a designated record set for any Covered Entity.  Consequently, certain HIPAA obligations related to patient rights may not apply to Connective Health.    
  • Training on Privacy Policies. Connective Health requires all employees and contractors to be trained on its privacy policies. Each employee and contractor is responsible for the privacy and security of confidential information and shall take reasonable and appropriate precautions to safeguard the information.
  • Chief Privacy and Security Officer. Connective Health will designate a Chief Privacy and Security Officer who shall be responsible for developing, implementing and maintaining the company’s Privacy and Data Security policies and procedures. All such policies, and all previous versions of such, shall be maintained by the Chief Privacy and Security Officer as required by the company’s record retention policies.

Data Security Policies

Connective Health maintains a set of Data Security Policies that establish the requirements, processes and procedures for all Connective Health employees to protect confidential information.  These requirements comply with applicable federal and state laws as well as Connective Health’s contracts with partners and customers.

Connective Health deploys industry standard methods to safeguard confidential information maintained, transmitted or otherwise made available Connective Health’s products and solutions. These methods meet the requirements of applicable data protection laws and the privacy and security requirements in our contractual agreements with our partners and customers. These safeguards are intended to prevent unlawful use or disclosure of confidential information. Connective Health Data Security Policies include the following fundamental requirements:

  • Administrative, Physical and Technical Security Safeguards. In accordance with HIPAA and Connective Health’s obligation as a Business Associate of its customers, Connective Health has implemented administrative, physical and technical security safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of the electronic personal health information that it receives, maintains or transmits.
  • Data Integrity. Connective Health is committed to maintaining the integrity of confidential information it transmits and deploys appropriate technical safeguards and audits to ensure data integrity. 
  • Partner, Customer and Vendor Requirements. Connective Health requires that all of its partners, customers and vendors may only connect to or receive information from Connective Health products and solutions if such parties meet the data security and system requirements established by Connective Health (or Connective Health’s data partners). Connective Health requires vendors who enable data transactions to certify their products for compliance with data security requirements of applicable laws. This process ensures that all parties can send and receive confidential information in a secure fashion. Connective Health requires all connected parties to have systems that operate in accordance with industry-accepted standards for the electronic exchange of confidential data between health care providers and data sources.
  • Secure Transmission Technologies: Connective Health requires all customers, vendors and partners who connect or service the company’s solutions and products use secure connections in accordance with applicable law and industry standards.
  • System Audits: The company and its data partners require and will perform periodic data security audits of the company’s system. Some audits may be performed by independent auditing entities.
  • Certifications and Accreditations. Connective Health is in the process of obtaining certification and/or accreditation by certain data security and privacy organizations. These organizations are nationally recognized and provide independent evaluation of an organization’s ability to perform in accordance with the highest industry standards and applicable law.

Questions related to Connective Health’s Privacy and Data Security policies and procedures should be directed to:   support@connectivehealth.io

 

Created:  June 2, 2022

Last Updated:  N/A

Owner:  Chief Privacy and Security Officer of Connective Health