HIPAA Agreement

1. General
E-Echocardiography may maintain health care information about patients or users of E-Echocardiography on this website. E-Echocardiography is comitted to protecting the privacy and confidentiality of personal healtcare information (PHI).  E-Echocardiography fully supports and complies with all federal and state statues and rules regulating the use, maintenance, transfer, manipulation, and disposition of health care information or records. Healthcare regulations can be found at http://www.hhs.gov/ocr/combinedregtext.pdf
2. Maintenance and Review of Health Care Records
Health care information stored by E-Echocardiography is available to the users that created those records or their patients for whom the record is maintained. E-Echocardiography allows users and/or patients to request information regarding disclosure of their HPI to third parities. E-Echocardiography may deny access to the PHI if a quaified heath care professional judges that such access may cause harm to the individual or user. Users are responsible for the maintenance and updating of health care informaton for their patients. E-Echocardiography does not take any responsibility for the creation, updating, or disposition of health care information for a user's patients. The user that created the record is responsible for the maintenance, updating, deletion, or disposition of that information since the user will have that information DES encoded with their own DES encryption key. E-Echocardiography cannot retrieve records if the encryption key is lost.
3. Physical Security
The health care information created by the users is triple DES encoded with a 256 bit encryption key and maintained and routinely backed up by our servers. E-Echocardiography is not responsible for the loss of an encryption key or for the loss of any information. E-Echocardiography will take reasonable steps to prevent the loss of information, but, E-Echocardiography will not be held responsible for the loss of information. You agree to imdemnify E-Echocardiography for any data losses that may occur. When the user is creating health care information, updating PHI, deleting PHI, or transferring PHI, the user agrees to provide reasonable security against public access of the PHI which is to include preventing public access to the records and to use user name and password protection of the PHI. The user will not enable autologin procedures which may allow unauthorized access to PHI from that user. The user agrees to not share their user name and/or password with anyone else to prevent unauthorized access to PHI. If E-Echocardiography becomes aware of unauthorized access a users access may be restricted. The PHI is entered only through a secure web connection (https).
4. Use and Disclosure of Health Information
We may use wiped informaton or discolsed wiped information as we see fit. Users are responsible for the use or disclosure of their own PHI records. Users, by using the areas of the web site that involve entering, viewing, updating and deleting PHI agree to indemnify us for that use and disclosure.
5. Communication of Health Information
Communication of PHI will be via secure connection (https) and or secure email, including encrypted documents.
6. Marketing and Public Relations
We may use uploaded videos,images, documents that have been 'wiped" for public use in marketing or public relations.
7. Notification and Authorization
Authorization is implied by continual use of web site.  Notification is by email to us via the contact page
8. Business Associates
User agrees to have a HIPPA agreement with all business associates that may have access to this web site and those business associates must agree to our HIPAA policy in order to use the web site.
9. Electronic Data Interchange
Electronic data by email , browser,  or ftp exchange of informatio that has patient data on it is deemed to be electronic data interchange. We agree to wipe off any identifying markers off of the uploaded video, images, and or documents that will become publically available or available to users beyond the uploading user or the user that has uploaded the electronic data.
10. De-Identification of PHI
Purposes: To define the guidelines and procedures necessary for the de-identification of Protected Health Information (PHI) contained in patient records, to provide direction to staff regarding the use of de-identified PHI.
Policy: Protected Health Information is confidential, except when disclosure is authorized or compelled and the university has a duty to protect the privacy of records. PHI can be de-identified by removing identifying characteristics. De-identified
health information is no longer considered to be individually identifiable health information and the requirements of the Privacy Rule do not apply.
De-identification requires the elimination not only of primary or obvious identifiers, such as name, address, date of birth, but also of
secondary identifiers through which a user could deduce the individual’s identity. For PHI to be de-identified the following
identifiers of the individual or of relatives, employers, or household member of the individual, must be removed:

1) Names
2) Address information smaller than a state, including street address, city, county, zip code (except if by combining all zip codes with the same initial three digits, there are more than 20,000 people)
3) Names of relatives and employers
4) All elements of dates (except year), including date of birth, date of medical or health care, date of death; all ages over 89 and all elements of dates including year indicative of such age except that such age elements may be aggregated into a single category of age 90 or older
5) Telephone numbers
6) Fax numbers
7) Email addresses
8) Social Security Number
9) Medical or other record number
10) Health beneficiary plan number
11) Account numbers
12) Certificate/License Number
13) Vehicle identifiers, including license plate numbers
14) Device ID and serial number
15) Uniform Resource Locator (URL)
16) Identifier Protocol (IP) addresses
17) Biometric identifiers, including finger and voice print
18) Full face photographic images and other comparable images
19) Any other unique identifying number characteristic, or code;

E-Echocardiography agrees to remove the above list of information or any other information that E-Echocardiography deems that may reasonably allow the identification of a patient from any PHI record, video, or image that E-Echocardiography uses in the public portion of the web site or to the portion of the web site that is viewable by subscribers.
10. User Responsibility
By using this web site you agree to be bound by the laws of HIPAA. If you download, copy, or print any image, video, animation, or text (content) from this web site that does not have the PHI removed, you will agree to remove the PHI before distribting the content or showing the content to others not bound by this HIPAA agreement. We revew every image, video, animation, and text at least 3 times before publishing. However, since there are well over 100,000 words, 4 million video loops, images, and animaitons we expect to miss a few because the processing of the videos and loops may skip a file during bulk batch runs. If we find better software to run bulk batches we will upgrade. If you would contact the webmaster when you find a file with PHI intact please let us know so we can remove the PHI.
11. Final Agreement
You agree to the HIPAA policy by your continual use of this web site. If you do not agree to this HIPAA agreement, just email the webmaster and your account will be disabled. You should log out and/or exit the web site if you do not agree to the HIPAA agreement.
Thank you for agreeing to this policy.
JLS Interactive, LLC