Introduction

The “Privacy Rule” established a set of standards for the protection of specific health information. Thesestandards were issued so the requirements of the Health Insurance Portability and Accountability Act of 1996(HIPAA) could be implemented. Individually identifiable health information (protected health information – “PHI”) held or transmitted by a covered entity or business associate in both paper or electronic form is protected by theprivacy rule

PharmaCord operates a pharmacy and a customer support center which provides patient services on behalf of itspharmaceutical and biotech customers. Our pharmacy is considered a covered entity under HIPAA guidelines. Our patient service center is not a covered entity but operates within the spirit of patient privacy guidelines and in some instances operates as a business associate for specific external pharmacy interactions. PharmaCord respects the privacy rights of individuals and endeavors to protect patient information by deploying processes and security for the information that we receive and exchange in the operation.

PharmaCord’s patient service center generally provides services pursuant to the express written authorization of patients. Such authorization is granted by patients specific to a customer program and includes a variable grant ofauthority to use and disclose information for the purposes set forth within such consents.

PharmaCord has designated a Privacy Official to develop and implementing policies and procedures, serve as acontact for receiving complaints and providing individuals with the company’s privacy practices.

Corporate Privacy Official Contact Information

Official Name: Aaron Seamans
Office Location: 150 Hilton Drive Jeffersonville, IN, 47130. Telephone: 502-805-3495
Email Address: Privacy@Pharmacord.com

Employees will receive privacy and security training including but not limited to PharmaCord’s Privacy Policy, asnecessary and appropriate for their role in the organization.

PharmaCord’s procedure for reporting a privacy complaint is set forth in our privacy practices notice and appearson our website at http://www.pharmacord.com.

PharmaCord will not retaliate against a person for exercising rights provided by the Privacy Rule.

PharmaCord will maintain administrative, physical, and technical safeguards to protect intentional orunintentional use or disclosure of protected health information in violation of the Privacy Rule. It will mitigate (to theextent practicable) any harmful effect caused by violations of the Privacy Rule.

Privacy policies and procedures, notices, disposition of complaints and any other required documents will bemaintained for six years after the later of the date of creation or last effective date.

The Privacy Rule includes standards regarding the Uses and Disclosures of protected health information along withan individuals’ privacy rights to understand and control how their health information is used. If a client provides PharmaCord with a policy that is more restrictive than the PharmaCord privacy policy, PharmaCord will adhere to the client policy for the respective client program data.

The circumstances in which a person’s PHI can be used or disclosed is a major purpose of the Privacy Rule. PHI cannot be used or disclosed except as permitted by the Privacy Rule or pursuant to a valid authorization from the individual (orrepresentative). PharmaCord will make reasonable efforts to use, disclose and request only the minimum amount ofprotected health information needed to accomplish the intended purpose of the use, disclosure, or request.

Permitted Uses and Disclosures

An entity is permitted, but not required, to use and disclose PHI without an individual’s authorization in the followingcircumstances:

  1. To the individual
  2. For Treatment, Payment and Health Care Operations
    • Treatment: provision, coordination or management of health care and related services for anindividual by one or more healthcare providers including consultations and referrals
  • Payment: activities of a health plan or entity to obtain payment or be reimbursed for the provision ofhealth care services
  • Health Care Operations: this includes areas such as medical reviews, risk management and otheradministrative and operational services
  1. For Notification and Other Purposes
    • A covered entity may rely on an individual’s informal permission to disclose to a family member, relative or friend or to other person(s) identified by the individual any protected health information directly relevant to that person’s involvement in care or payment for Another example, included inthis provision, allows a pharmacist to dispense filled prescriptions on behalf of the patient. Thisprovision also allows information to be disclosed to organizations authorized by law or charter to assistin disaster reliefs.

Note: PharmaCord treats other entities under the same ownership as one for purposes of this Privacy Policy.

  1. Public Interest and Benefit Activities listed below:
    • Required by Law
    • Public Health Activities
    • Victims of Abuse, Neglect or Domestic Violence
    • Health Oversight Activities
    • Judicial and Administrative Proceedings
    • Law Enforcement Purposes
    • Medical Examiners
    • Research
    • Health or Safety
    • Government Functions
    • Workers’ Compensation

Limited Data Sets: These data sets are protected health information that certain specific identifiers of individuals, relatives,household members and employers have been removed. A limited data set may be disclosed for research, health care operations,and public health purposes provided the recipient has agreed to specified safeguards of the protected health information withinthe data set.

Authorized Uses and Disclosures

In certain circumstances an entity must obtain an individual’s authorization to use or disclose the following:

  1. Psychotherapy Notes
  2. Marketing
  3. Sale of Health Information


Individual Rights to Privacy

Individuals regarding their protected health information have the following:

  1. Right to Notice of Privacy Practices
  2. Right to Inspect and Copy of Health Records
  3. Right to Amendments to Health Records
  4. Right to Accounting of Disclosures
  5. Right to Request Restrictions
  6. Right to Revoke Authorization
  7. Right to Requests for Alternative Methods of Confidential Communication

PharmaCord will include required elements in each of the above along with the designated timeframes if applicable.

About PharmaCord

PharmaCord is the connector between manufacturers, patients, physicians, and payers. The company provides customized solutions to life sciences companies that span three core areas: patient support, pharmacy services and manufacturer support. These integrated services are designed to increase accessibility, clinical oversight and market acceptance of prescription therapy. Independently owned and organically built, PharmaCord is free from any competing priorities, enabling it to design and implement patient access and support programs that align with the objectives of its life sciences clients. PharmaCord’s experienced team coupled with its proprietary CORscend™ technology platform optimizes workflow to deliver improved program execution, more rapid therapy initiation and increased patient engagement. To learn more about how PharmaCord improves commercial outcomes for life sciences companies, visit pharmacord.com.

Contact:
Beth Roberts
(502) 805-3450
beth@pharmacord.com