Nucurate HIPAA Policy
Last Updated: September 08, 2024
This website is operated by Nucurate, Inc. Throughout the site, the terms “we”, “us” and “our” refer to nucurate. We are committed to maintaining the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This policy outlines how we protect, use, and disclose PHI in connection with our services.
SCOPE
This policy applies to all employees, contractors, and third-party partners who have access to PHI in the course of providing services through our SaaS application.
DEFINITIONS
- Protected Health Information (PHI): Any information that relates to the health status, provision of healthcare, or payment for healthcare that can be linked to an individual.
- Covered Entity: An entity that collects, uses, or discloses PHI.
- Business Associate: A person or organization that performs services involving the use or disclosure of PHI on behalf of a Covered Entity.
COMMITMENT TO HIPAA COMPLIANCE
Safeguards
We employ administrative, physical, and technical safeguards to protect PHI, including secure data transmission methods and restricted physical access to our facilities.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Data Protection
We use industry-standard security measures, including encryption, access controls, and secure data storage, to protect PHI from unauthorized access, use, or disclosure.
Access Control
Access to PHI is restricted to authorized personnel who require it to perform their job duties. Each employee or contractor is required to adhere to strict confidentiality standards.
Use and Disclosure of PHI
PHI will only be used or disclosed as permitted or required by law. We will not share PHI with third parties without appropriate authorization unless necessary for healthcare operations, payment, or treatment purposes.
Business Associate Agreements (BAAs)
We enter into BAAs with any third-party partners who handle PHI on our behalf to ensure they comply with HIPAA regulations.
Training and Awareness
All employees and contractors receive regular training on HIPAA compliance, data protection, and privacy practices.
Incident Response and Reporting
Any unauthorized access, use, or disclosure of PHI will be promptly reported and addressed in accordance with our incident response plan. Affected individuals will be notified as required by law.
Data Minimization
We only collect the minimum necessary PHI required to fulfill our obligations and provide our services.
Individual Rights
Individuals have the right to access their PHI, request corrections, and obtain an accounting of disclosures. Requests should be submitted to privacy@nucurate.com
CHANGES
We may update this policy from time to time to reflect changes in legal, regulatory, or operational requirements. We will notify affected parties of significant changes through our website or other appropriate means.
CONTACT
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us at privacy@nucurate.com