1. Purpose for Policy
EBCG LLC dba Vertus places a high value on the privacy of its clients (“Clients”) and the expectation that information regarding Clients remains confidential and is made available only to persons who have a legitimate right to know. In addition, EBCG LLC dba Vertus is contractually obligated to comply with the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). EBCG LLC dba Vertus recognizes that all employees and temporary workers (“Employees”), as well as outside contractors, have an ethical and legal obligation to keep certain information about Clients confidential and to protect and safeguard this information against unauthorized use or disclosure.
The following section outlines the basic procedures necessary to comply with this policy.
Disclosure of Information
- An Employee may access, discuss, use and disclose PHI only for EBCG LLC dba Vertus business as it relates to that employee’s specific job functions and/or responsibilities.
- Employees may disclose PHI only to those who have a legitimate, EBCG LLC dba Vertus-related business need to know or who have prior written authorization. PHI about a Client may only be shared for purposes of claims payment or healthcare operations.
- PHI must never be the subject of casual conversation either inside or outside of the workplace. PHI must not be discussed in lobbies, stairwells, elevators, restrooms, hallways, or any other public area where conversation could be easily overheard by visitors and Employees who do not have a need to know.
- Only “Minimally Necessary” PHI may be disclosed. “Minimally Necessary” means only that amount of PHI necessary to accomplish the intended purpose of the use or disclosure.
Access to Information
- PHI may only be accessed if related to specific job functions and responsibilities.
- Casual reading of PHI is not permitted.
- Employees with legitimate access to PHI will protect this information from casual or unauthorized access.
Security of PHI
- Employees may remove PHI from the facility only as it relates to specific job functions and/or responsibilities. Approval from an employee’s direct manager is necessary to remove PHI from the facility. It is the responsibility of each Employee to protect and safeguard all such information.
- Employees are encouraged to review PHI in a secure area and are responsible for records that are checked out to them. It is the responsibility of the Employee to protect and safeguard all records that are removed from the secure areas.
- Technical security safeguards are used to store, process and transmit electronic PHI. Our IT staff has primary responsibility for the security oversight of electronic PHI. Employees are responsible for complying with these security safeguards. All workstations that store, process or otherwise access electronic PHI must be protected with a strong password. Open sessions will be disconnected after a period of inactivity.
Breach of Confidentiality
- Any Employee who believes he/she has observed a breach of security or confidentiality should promptly notify his or her direct manager or the Managing Principal.
- Employees found to be in violation of this policy may be subject to disciplinary action, up to, and including termination and/or legal action. PHI is protected by federal and state laws and regulations that define civil and criminal penalties for violations of confidentiality.
- EBCG LLC dba Vertus will periodically conduct unscheduled audits to ensure compliance with this policy.
In order to maintain confidentiality, any item containing PHI must be discarded according to the standards identified below:
- Item: Paper; Examples: Medical records, applications, census files, or any other paper-based document containing PHI; Where/How Discarded: Paper-based PHI should be placed in a sealed recycle bin for destruction or destroyed by shredding. Electronic copies stored in the EBCG LLC dba Vertus Document Management System will be password protected using encryption procedures.
- Item: Electronic; Examples: Computer hard drives, disks, e-mails and electronic files; Where/How Discarded: The IT staff will remove the hard drive from each computer or laptop that is scheduled for disposal. These hard drives will be physically secured until they are destroyed or recycled. Computers that will be reused must cleared or purged to remove PHI. Disks should be destroyed or re-formatted. E-mails and electronic files should be purged from the system after use. Employees needing assistance in disposing of electronic files should contact a member of our IT staff.
- Employees must not leave any PHI on fax machines, printers or copiers.
- Employees are to clean their workspace of PHI at the end of their work day and place the PHI in a secure location.
- Employees must exercise caution and discretion when leaving voicemail messages containing PHI.
- Employees are to escort visitors through work areas.
- Employees must exercise caution and discretion when e-mailing PHI internally within EBCG LLC dba Vertus.
- Employees must use appropriate encryption software when e-mailing PHI outside of EBCG LLC dba Vertus.
- Employees must not store PHI on handheld devices, such as smartphones.
- Employees must secure all hardcopy mail containing PHI.
- Employee workstations will be programmed to auto-lock after 10 minutes of inactivity.
- Employees should refrain from loading PHI on pooled laptops. Information stored on laptops will be routinely purged.
4. Website Cookies
If you choose to use our Website, then you agree to the collection and use of information in relation to this policy. Information collected on our Website is used for improving your experience. We will be collecting information about you from visits to our Website, such as information from online forms, and online information collection devices, commonly called “cookies”. If you are browsing, a cookie or tracking mechanism is used to help us measure the number of visits, time spent, pages viewed and other Website metrics. EBCG LLC dba Vertus uses Google Analytics for collecting Website analytics. For more information on Google Analytics, and how it collects and processes data, go to: https://policies.google.com/technologies/partner-sites
Information Collection and Use: For a better experience while using our Website, we may require you to provide us with certain personally identifiable information, including but not limited to your name, company, phone number and email address. The information that we collect will be used to contact or identify you.
Information You Provide to Us: The information we collect on or through our Website may include:
- Information that you provide by filling in forms on our Website. This includes information provided at the time you submit a contact or information request form, or subscribe to our email newsletter. We may also ask you for information if you report a problem with our Website.
- Records and copies of your correspondence (including email addresses), if you contact us.
5. External Links
This Website may contain links to other sites not affiliated with EBCG LLC dba Vertus and shall not be responsible for the privacy practices or the content of such websites.