This privacy policy has been compiled to better serve those who are concerned with how their Protected Health Information (“PHI”) that is subject to protection under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act Standards (“HITECH Standards”); the HIPAA Privacy Standards; and the HIPAA Security Standards (HIPAA, HITECH, and the regulations promulgated by the U.S. Department of Health and Human Services thereunder are collectively referred to herein as “HIPAA”).

What personal information do we collect from the people that visit our blog, website or app?

Enable Healthcare as a company do not collect any Protected Health Information (PHI), however as you are a patient with your Provider who you have given consent to send PHI data into his Electronic Health Record application to be used by your provider to manage your condition. As a patient if you have consented to participate in Remote Patient Monitoring program with your Provider, you are sharing your vitals to your provider. If you have consented to participate in Chronic Care management program, you have consented to communicate with your Provider using this application. If you are using our Patient Health Record application, you have consented to get access to your medical record with your provider.

When do we collect information?

Enable Healthcare does not collect any Protected Health Information without your direct exclusive consent with your Provider.

How do we use your information?

Enable Healthcare do not access your Protected Health Information. Only Your Provider and you have access to your PHI.

How do we protect your information?

You are protected by HITECH Act and its Requirements.

A. Overview. The Health Information Technology for Economic and Clinical Health Act Title XIII of Division A and Title IV of Division B, including Subtitle D of Division A of the HITECH Act, entitled “Privacy,” (“HITECH Act”) and its implementing regulations impose new requirements on Business Associate (Enable Healthcare) company with respect to privacy, security, and breach notification. The HITECH Act requirements set forth in this Agreement shall apply commencing on the date of enactment of the pertinent regulations, or such other date as may be specified in those regulations, whichever is later (“Applicable Effective Date”).

B. Direct Compliance. Business Associate (Enable Helathcare) agrees to comply with all aspects of the HITECH Act. Business Associate and the Covered Entity further agree that the provisions of HIPAA and the HITECH Act that now apply directly to business associates and that are required to be incorporated by reference in a business associate agreement, including but not limited to those requirements set forth in Subtitle D of HITECH, are incorporated into this Agreement between Business Associate(Enable Healthcare) and Covered Entity (Provider) as if set forth in this Agreement in their entirety and are effective as of the Applicable Effective Date.

C. Standards to Secure Data. The HITECH Act imposes on entities covered by HIPAA and their business associates federal breach notification requirements when "unsecured" PHI is acquired by an unauthorized party. The breach notification requirements will apply to PHI in any form. PHI may be vulnerable in any of the following commonly recognized data states:

(a) "Data in motion": Data that is moving through a wired or wireless network;

(b) "Data at rest": Data that resides in databases, files, or in storage;

(d) "Data disposed": Data that has been discarded or recycled.

PHI in each of these data states, with the possible exception of "data in use," may be secured using one or more methods:

(a) Encryption (which will apply only to electronic information). Encryption of "data at rest" must satisfy National Institute of Standards and Technology (“NIST”) Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices. Valid encryption processes for "data in motion" must comply with the requirements of Federal Information Processing Standards (FIPS) 140-2. These include, as appropriate, standards described in NIST Special Publications 800-52; Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations; 800-77, Guide to IPsec VPNs; or 800-113, Guide to SSL VPNs; and may include others that are FIPS 140-2 validated; and

(b) Destruction. Destruction of PHI on paper, film, or other hard copy media must involve either shredding or otherwise destroying the PHI so that it cannot be read or reconstructed. PHI on electronic media must be cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media Sanitization, such that the PHI cannot be retrieved.

(c) Redaction is specifically excluded as a means of data destruction. Nonetheless, because redaction is an approved method of de-identification under HIPAA, information that has been "de-identified" is not subject to the breach notification requirements because such information is not protected under HIPAA.

Do we use 'cookies'?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.

We use cookies to:

Understand and save user's preferences for future visits.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

If users disable cookies in their browser:

If you turn cookies off, some features will be disabled. Some of the features that make your site experience more efficient and may not function properly.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.

Third-party links

We do not include or offer third-party products or services on our website.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

We do not specifically market to children under the age of 13 years old.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

We collect your email address in order to:

To be in accordance with CANSPAM, we agree to the following:

If at any time you would like to unsubscribe from receiving future emails, you can email us at

and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy, you may contact us using the information below.

100 Eagle Rock Avenue, Suite 306,

New Jersy, NJ 07936

USA

support@ehiconnect.com

Last Edited on 2019-10-05