The “Privacy Rule” established a set of standards for the protection of specific health information. These standards were issued so the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) could be implemented. Individually identifiable health information (protected health information – “PHI”) held or transmitted by a covered entity or business associate in both paper or electronic form is protected by the privacy rule.
PharmaCord operates a pharmacy and a customer support center which provides patient services on behalf of its pharmaceutical and biotech customers. Our pharmacy is considered a covered entity under HIPAA guidelines. Our patient service center is not a covered entity but operates within the spirit of patient privacy guidelines and in some instances operates as a business associate for specific external pharmacy interactions. PharmaCord respects the privacy rights of individuals and endeavors to protect patient information by deploying processes and security for the information that we receive and exchange in the operation.
PharmaCord’s patient service center generally provides services pursuant to the express written authorization of patients. Such authorization is granted by patients specific to a customer program and includes a variable grant of authority to use and disclose information for the purposes set forth within such consents.
PharmaCord has designated a Privacy Official to develop and implementing policies and procedures, serve as a contact for receiving complaints and providing individuals with the company’s privacy practices.
Corporate Privacy Official Contact Information
Official Name: Aaron Seamans
Office Location: 150 Hilton Drive Jeffersonville, IN, 47130.
Email Address: Privacy@Pharmacord.com
PharmaCord’s procedure for reporting a privacy complaint is set forth in our privacy practices notice and appears on our website at http://www.pharmacord.com.
PharmaCord will not retaliate against a person for exercising rights provided by the Privacy Rule.
PharmaCord will maintain administrative, physical, and technical safeguards to protect intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule. It will mitigate (to the extent practicable) any harmful effect caused by violations of the Privacy Rule.
Privacy policies and procedures, notices, disposition of complaints and any other required documents will be maintained for six years after the later of the date of creation or last effective date.
The circumstances in which a person’s PHI can be used or disclosed is a major purpose of the Privacy Rule. PHI cannot be used or disclosed except as permitted by the Privacy Rule or pursuant to a valid authorization from the individual (or representative). PharmaCord will make reasonable efforts to use, disclose and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request.
Permitted Uses and Disclosures
An entity is permitted, but not required, to use and disclose PHI without an individual’s authorization in the following circumstances:
- To the individual
- For Treatment, Payment and Health Care Operations
- Treatment: provision, coordination or management of health care and related services for an individual by one or more healthcare providers including consultations and referrals
- Payment: activities of a health plan or entity to obtain payment or be reimbursed for the provision of health care services
- Health Care Operations: this includes areas such as medical reviews, risk management and other administrative and operational services
- For Notification and Other Purposes
- A covered entity may rely on an individual’s informal permission to disclose to a family member, relative or friend or to other person(s) identified by the individual any protected health information directly relevant to that person’s involvement in care or payment for Another example, included in this provision, allows a pharmacist to dispense filled prescriptions on behalf of the patient. This provision also allows information to be disclosed to organizations authorized by law or charter to assist in disaster reliefs.
- Public Interest and Benefit Activities listed below:
- Required by Law
- Public Health Activities
- Victims of Abuse, Neglect or Domestic Violence
- Health Oversight Activities
- Judicial and Administrative Proceedings
- Law Enforcement Purposes
- Medical Examiners
- Health or Safety
- Government Functions
- Workers’ Compensation
Limited Data Sets: These data sets are protected health information that certain specific identifiers of individuals, relatives, household members and employers have been removed. A limited data set may be disclosed for research, health care operations, and public health purposes provided the recipient has agreed to specified safeguards of the protected health information within the data set.
Authorized Uses and Disclosures
In certain circumstances an entity must obtain an individual’s authorization to use or disclose the following:
- Psychotherapy Notes
- Sale of Health Information
Individual Rights to Privacy
Individuals regarding their protected health information have the following:
- Right to Notice of Privacy Practices
- Right to Inspect and Copy of Health Records
- Right to Amendments to Health Records
- Right to Accounting of Disclosures
- Right to Request Restrictions
- Right to Revoke Authorization
- Right to Requests for Alternative Methods of Confidential Communication
PharmaCord will include required elements in each of the above along with the designated timeframes if applicable.