Our client healthcare facilities are Covered Entities subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Medprex understands the importance of the confidentiality, privacy, and security of an individual’s Protected Health Information (PHI) and supports and helps its customers in being HIPAA compliant. HIPAA requires that Covered Entities (those subject to the HIPAA regulations) identify other businesses they disclose PHI to. These other businesses are known as Business Associates and are people or organizations that are contracted to perform functions for Covered Entities. HIPAA allows Covered Entities to disclose PHI to Business Associates if the Business Associate assures that it will use the information only for the purposes for which it was engaged by the Covered Entity, will safeguard the
information from misuse, and will help the Covered Entity comply with some of the Covered Entity’s duties under HIPAA. Covered Entities are required to enter into a Business Associate Agreement with Business Associates that include the aforementioned assurances.
Medprex is a Business Associate to its customers who are Covered Entities. As such, we will enter into a Business Associate Agreement with you upon your signing up of our service, in which Medprex agrees as follows:
- Medprex will not use or disclose PHI other than as permitted or required by the Business Associate Agreement or as required by law.
- Medprex will use appropriate safeguards to prevent use or disclosure of the PHI other than as provided for by the Business Associate Agreement.
- Medprex will mitigate, to the extent practicable, any harmful effect that is known to Medprex of a use or disclosure of PHI by Medprex in violation of the requirements of the Business Associate Agreement.
- Medprex will report to you any use or disclosure of the PHI not provided for by the Business Associate Agreement of which it becomes aware.
- Medprex will ensure that any agent, including a subcontractor, to whom it provides PHI received from you, agrees to the same restrictions and conditions that apply through the Business Associate Agreement with respect to such information.
- Medprex will make internal practices, books, and records, including policies and procedures, relating to the use and disclosure of PHI received from you available to the Secretary of Health and Human Services for purposes of determining your compliance with HIPAA.
Attn: Chief Security Officer, 3126 Wisconsin Ave, Joplin, Missouri 64804.