VIPatient LLC, an Indiana limited liability company, (the "Company") provides telemedicine services (internet teleconferencing health care consultations or related services, through an Internet-based platform ""VIPatient") to healthcare providers (the "Providers") for use with their patients and clients (the "Patients") (individually and collectively "Users").
"Business Associate" As defined by HIPAA is a person or entity, other than a member of the workforce of a covered entity (in this instance, "Providers"), who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information; or, is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate.
"Business Associate Agreement(s)" are the agreements prescribed by HIPAA to govern the relations of the Company with the Providers with which it has an agreement to provide telemedicine services.
"Protected Health Information" ("PHI") means information that is created or received by the Company and relates to the past, present, or future physical or mental health or condition of a person; the provision of health care to a participant; or the past, present, or future payment for the provision of health care to a participant; and that identifies the participant or for which there is a reasonable basis to believe the information can be used to identify the participant. PHI includes information concerning persons living or deceased. The Company does not store PHI and accesses PHI incidentally only for the operation of VIPatient.
"Personal Information" ("PI") means any information that may be used to identify an individual, including, but not limited to, first and last name, employment information, home or work address, email address, phone number, or other contact information. The Company stores PI for purposes of the operation of VIPatient, including, but not limited to, identification and registration of users, system diagnostics, system repair and customer service to the Providers and occasionally Patients using VIPatient as captured by the Company’s on-line registration forms and as loaded into VIPatient by the Providers using VIPatient.
"HIPAA" means the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations and rules, as amended, as administered by the United States Department of Health and Human Services.
Technical Data means the technical data and related information the Company may collect and use as part of its operations, including but not limited to technical information about a User’s device, system and application software, peripherals, IP address, cookie information, location-based information, browser information and interactions with VIPatient.
The Company’s Operations and Privacy Obligations
The Company will have access to PI and PHI to the extent it identifies a Patient as a part of its registration process and may have incidental access to a Patient’s PHI as may be required for the operation of the Company as a Business Associate of the Providers with whom the Company has a business relationship.
The Company’s Obligations as a Business Associate
Requirements for Business Associates
Although the Company will have specific Business Associate Agreements with each Provider with which it has a business relationship, generally, HIPAA generally requires that covered entities and business associates enter into contracts with their business associates to ensure that the business associates will appropriately safeguard protected health information. The Business Associate Agreement also serves to clarify and limit, as appropriate, the permissible uses and disclosures of protected health information by the Business Associate, based on the relationship between the parties and the activities or services being performed by the Business Associate.
Accordingly, the Company may use or disclose PHI and the PI of Patients (which is PHI) only as permitted or required by its Business Associate Agreement or as required by law. The terms and conditions of each Business Associate Agreement shall govern the legal relationship of the Company and the applicable Provider and control over these general obligations of the Company.
Use of PI which is Not PHI
The Company will use PI which does not constitute PHI only for purposes of User support, billing to Providers and administrative notices regarding VIPatient to Users. The Company does not disclose any PI of any User to any third-party for any purpose, excepting only to its Employees.
The Company may disclose PI to law enforcement or other government officials as the Company, in its sole discretion, believes necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose the Company to legal liability.
PI that constitutes PHI is governed by the Business Associate Agreements the Company has with the Providers with whom it has a business relationship.
Use of Technical Data
Technical Data that does not identify a User or does not otherwise constitute PHI is not deemed by the Company to constitute PI and such Technical Data is the property of the Company and may be aggregated and used by the Company in any manner for any purposes the Company deems appropriate.