Privacy Policy
-
MYPCT, L.L.C. (“MyPCT,” “Our,” “We,” or “Us”) shares a
commitment with Covered Entities to protect the privacy and
confidentiality of Protected Health Information (“PHI”) that
we access during the course of providing services to End
Users. These services are subject to the terms of a Business
Associate Agreement.
-
This Privacy Policy (“Policy”) is provided to help you
better understand how we use, disclose, and protect PHI in
accordance with the terms of the Business Associate
Agreement(s). Please read this Policy carefully to
understand our policies and practices regarding the
information that you may provide to us through the MyPCT
Application (the “Application”). If you do not agree with
our policies and practices, please do not download, install,
use the Application and delete it from your device(s). By
accessing or using the Application, you agree to this Policy
which may change from time to time. Your continued use of
the Application after we make changes is deemed to be
acceptance of those changes, so please check the Policy
periodically for updates.
Business Associate Agreement (“BAA”)
-
A Business Associate Agreement is a formal written contract
between MyPCT and a Covered Entity that requires both
parties to comply with specific requirements related to PHI.
Covered Entity
-
A Covered Entity is a health plan, health care provider, or
healthcare clearinghouse that must comply with the HIPAA
Privacy Rule. MyPCT provides services to some Covered
Entities.
Protected Health Information (“PHI”)
-
PHI includes all “individually identifiable health
information” that is transmitted or maintained in any form
or medium by a Covered Entity. Individually identifiable
health information is any information that can be used to
identify an individual and that was created, used, or
disclosed in (a) the course of providing a health care
service, such as diagnosis or treatment, or (b) in relation
to the payment for the provision of health care services.
Use and Disclosure of PHI
-
MyPCT does not create PHI. However, we receive, maintain,
transmit, and have access to PHI of Covered Entities in the
course of our performance of services. MyPCT may use PHI for
purposes of management, administration, data aggregation,
and legal obligations to the extent such use of PHI is
permitted or required by the BAA and not prohibited by law.
We may use or disclose PHI on behalf of, or to provide
services to, Covered Entities for purposes of fulfilling our
service obligations to Covered Entities, if such use or
disclosure of PHI is permitted or required by the BAA and
would not violate the HIPAA Privacy Rule.In the event
that PHI must be disclosed to a subcontractor, MyPCT will
ensure that the subcontractor agrees to abide by the same
restrictions and conditions that apply under the BAA with
respect to PHI, including the implementation of reasonable
and appropriate safeguards.We may also use PHI to
report violations of law to appropriate federal and state
authorities, including when appropriate and required by law.
Information Security
-
MyPCT uses appropriate technical, procedural, and administrative safeguards to prevent the use
or disclosure of PHI other than as provided for in the BAA. We have implemented safeguards
that reasonably and appropriately protect the confidentiality, integrity, and availability of the PHI
that MyPCT may access in the course of performing services. All PHI is protected in transit via
SQL end-to-end encryption security. While MyPCT will exert commercially reasonable efforts
to protect the confidentiality, integrity, and availability of PHI, MyPCT cannot guarantee that
such efforts will prevent an unauthorized breach of the information.
-
The safety and security of PHI also depends on you. If you have created a username and a
password for access the Application (or if we have provided you with a security code), you are
responsible for keeping this information confidential. We ask in particular that you do not share
this information with anyone. We urge you to be careful about the PHI you input, upload, or
otherwise transmit through the Application. The information you share may be viewed by other
users of our Application. Your obligations in this regard are further set forth in the BAA.
Mitigation of Harm
-
In the event of a use or disclosure of PHI that is in violation of the requirements of a BAA,
MyPCT will mitigate any harmful effect resulting from the violation to the extent practicable.
Additionally, MyPCT will report any use or disclosure of PHI not provided for by the BAA and
any security incident of which we become aware to the Covered Entity as set forth in, and
consistent with, the BAA.
Access to PHI
-
As provided in a BAA, and upon request, MyPCT will make internal practices, books, and
records, including policies and procedures relating to the use and disclosure of PHI received
from, or created or received by, MyPCT on behalf of a Covered Entity available to the Secretary
of the U.S. Department of Health and Human Services for the purpose of determining
compliance with the terms of HIPAA regulations.