| |
Daw Systems, Inc. & HIPAA / HITECH
HIPAA (Health Insurance Portability and Accountability Act) was
signed into law on August 21, 1996, Public Law 104-191. This law
was designed to provide insurance portability, to improve the
efficiency of health care by standardizing the exchange of administrative
and financial data, and to protect the privacy, confidentiality
and security of health care information. It impacts all areas
of the health care industry.
Practice
management software, Electronic Prescribing, Electronic Medical
Record and Electronic Health Record programs created and sold
by Daw Systems, Inc. have been reviewed in order to determine
how to best assist our customers with their HIPAA readiness issues.
Daw Systems, Inc. has taken all reasonable and industry standard
steps to ensure compliance with HIPAA standards.
Daw Systems, Inc. may at times have a need to use and disclose patient information which is governed by the rules and regulations established under HIPAA, the Health Insurance Portability and Accountability Act of 1996, and related policies and procedures of Daw Systems, Inc. Therefore, with regard to patient information, Daw Systems, Inc. commits to the following obligations:
a) will use and disclose confidential health information solely in accordance with the federal, state and company policies set forth above and elsewhere, including but not limited to the company policy handbook.
b) In the event of a unauthorized disclosure (release, transfer, provision of, access to, or divulging in any other manner, of information outside the entity holding the information) of Personal Health Informaton (PHI), Daw systems, Inc. will immediately take steps to mitigate the exposure, unauthorized use and/or disclosure of PHI. Daw Systems, Inc. will follow company policy and federal state law in dealing with the breach. This shall include notifying the affected individual(s) and following any HIPAA/HITECH related provisions. All workforce members of Daw Systems, Inc. who become aware of or suspect any unauthorized use or disclosure of protected health information (PHI), or a breach in the security of a computerized system containing such information, shall be responsible for reporting such unauthorized access or breach to their supervisor or to the designated Security and Privacy Officer. Below are the details of the policies and procedures in the event of potential or actual breach of Unsecrured PHI:
1. Step 1 - Discovery -
A breach of PHI will be deemed “discovered” as of the first day Daw Systems, Inc. knows of the breach. If a potential breach is discovered, it must be immediately reported to the Security and Privacy Officer. The Security and Privacy Officer will then notify the Systems Security Officer.
2. Step 2 – Internal Reporting -
All Daw Systems, Inc. employees must incidents that may involve the loss of, improper disclosure of, or improper access to PHI or ePHI (for example, the loss or theft of paper PHI; the loss or theft of a computer, smartphone, or thumb drive storing ePHI; or an electronic intrusion into a computer storing ePHI). Reports should be made to the Security and Privacy Officer who will also notify the Systems Security Officer.
Even if you believe that no ePHI or PHI was compromised, you must notify the Security and Privacy Officer if you believe that any type of sensitive data was compromised. You must also promptly notify your immediate supervisor if any physical or information asset is damaged.
3. Step 3 – Investigation -
Upon receipt of notification of potential breach, the Security and Privacy Officer or his/her designee, shall promptly conduct an investigation. The investigation shall include interviewing employees involved, collecting written documentation, and completing all appropriate documentation. The Security and Privacy Officer shall retain all documentation related to potential breach investigations for a minimum of six years.
4. Step 4 – Risk Assessment and Recommendation -
After investigation is complete, the Security and Privacy Officer will perform a Risk Assessment. The purpose of Risk Assessment is to determine if a use or disclosure of PHI constitutes a breach and requires further notification to the Covered Entity. The Security and Privacy Officer shall appropriately document the Risk Assessment and make a recommendation to the President and CEO whether notification to the Covered Entity of the potential breach would be prudent.
A written record of an action, activity, or assessment that is required by Daw Systems, Inc. security policies to be documented, must be maintained for six (6) years from the date of its creation or the date when it was last in effect whichever is later.
5. Sanctions -
Daw Systems, Inc. employees who fail to fully comply with Daw Systems, Inc. HIPAA Privacy, Security, and Breach Notification Policies and Procedures contained herein will be subject to sanctions as deemed appropriate by management.
If you have any
questions regarding Daw Systems, Inc. processes or HIPAA-readiness
issues, please ask your HIPAA question through e-mail. Daw
Systems, Inc. is available to enter into any Business Associate
Agreements (BAA) for the purpose of HIPAA privacy regulations. To request a HIPAA or BAA information, please email your business name and contact information to: info@dawsystems.com.
Links
to Third Party Web Sites
The links in this web site will allow you to leave Daw Systems,
Inc.'s web site. The linked sites are NOT under the control of
Daw Systems, Inc., and Daw Systems, Inc. is not responsible for
the contents of any linked site or any link contained in any linked
site. Daw Systems, Inc. is not responsible for any changes or
updates to such sites. Daw Systems, Inc. provides these links
to you solely as a convenience. The inclusion of any link does
not constitute nor imply endorsement by Daw Systems, Inc. of the
linked site.
Disclaimers
A.) First DataBank has utilized reasonable care in collecting
and reporting the information contained in the Licensed Products
and has obtained such information from sources believed to be
reliable. First DataBank, however, does not warrant the accuracy
of codes, prices or other data contained in the Licensed Products.
Information reflecting prices is not a quotation or offer to sell
or purchase. The clinical information contained in the Licensed
Products is intended as a supplement to, and not a substitute
for, the knowledge, expertise, skill, and judgment of physicians,
pharmacists, or other healthcare professionals in patient care.
The absence of a warning for a given drug or drug combination
should not be construed to indicate that the drug or drug combination
is safe, appropriate or effective in any given patient.
B.)
FIRST DATABANK MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR
IMPLIED AND FURTHER MAKES NO WARRANTY OR REPRESENTATION, EXPRESS
OR IMPLIED, AS TO THE ACCURACY OF THE DATA FROM WHICH THE PRODUCTS
ARE COMPILED., AND SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
C.)
IN NO EVENT SHALL FIRST DATABANK BE LIABLE TO LICENSEE OR ANY
THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, RELIANCE,
OR SPECIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS,
EVEN IF FIRST DATABANK HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
D.)
IN NO EVENT SHALL FIRST DATABANK'S LIABILITY EXCEED THE AMOUNT
PAID TO IT BY LICENSEE FOR THE CURRENT FEE TERM OF THIS LICENSE
AGREEMENT, REGARDLESS OF THE FORM OF THE ACTION OR CLAIM, AND
REGARDLESS OF WHETHER THE ACTION OR CLAIM IS BASED ON ANY ALLEGED
ACT OR OMISSION OF FIRST DATABANK, INCLUDING BUT NOT LIMITED TO
ANY ACTION BASED ON NEGLIGENCE, BREACH OF WARRANTY OR BREACH OF
CONTRACT.
Safe Harbor
Click here for safe harbor statement
|
|
|
|
|
|
|
|
ScriptSure
by Daw Systems, Inc.
Contact
Daw Systems, Inc. Toll-Free: (866) 755-1500
Email: info@dawsystems.com
|
|
|
