Eebu Health Notice of Privacy Practices

January 1, 2021

We take privacy very seriously. We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (PHI) and other Personally Identifiable Information (PII) that we obtain subject to the terms of a Business Associate Agreement or in the course of operating our website.

This policy is provided to help you better understand how we use, disclose, and protect (a) PHI in accordance with the terms of Business Associate Agreements and (b) other PII that is collected in the course of operating our website.

Definitions

  • Business Associate Agreement (BA Agreement). A formal written contract with a Covered Entity that requires it to comply with specific requirements related to PHI.

  • Covered Entity. A health plan, healthcare provider, or healthcare clearinghouse that must comply with the HIPAA Privacy Rule.

  • Protected Health Information (PHI). PHI includes all individually identifiable health information that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services. 

  • Personally Identifiable Information (PII). PII includes all individually identifiable information that Eebu Health collects about an individual that is not also classified as PHI.

  • Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a law enacted on August 21, 1996 that requires the Secretary of Health and Human Services to publicize standards for the electronic exchange, privacy and security of health information.

This privacy policy ("policy") will help you understand how Eebu Health ("us", "we", "our") uses and protects the data you provide to us when you visit and use www.eebu.health ("website", "service").

We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

What User PII We Collect

When you visit the website, we may collect the following data:

  • Your IP address.

  • Your contact information and email address.

  • Other information such as interests and preferences.

  • Data profile regarding your online behavior on our website.

What PHI We Collect

We may collect any PII related to your care under a Covered Entity for which we have a BA Agreement. 

Why We Collect Your PII and PHI

We are collecting your data for several reasons:

  • To provide services to a Covered Entity with which we have a BA Agreement and which is allowed access under HIPAA (see below for more details).

  • To provide services to you in connection with your treatment.

  • To better understand your needs.

  • To improve our services and products.

  • To send you emails containing the information related to your treatment on behalf of your healthcare providers.

  • To contact you to fill out surveys and participate in other types of market research.

  • To customize our website according to your online behavior and personal preferences.

Services We Provide to Covered Entity

We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by HIPAA. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to them, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate HIPAA.

In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.

We may also use PHI to report violations of HIPAA to appropriate federal and state authorities.

Safeguarding and Securing the PHI and PII

Eebu Health is committed to securing your PHI and PII and keeping it confidential. Eebu Health has done all in its power to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.

Our Cookie Policy

Once you agree to allow our website to use cookies, you also agree to allow us to use the data it collects regarding your online behavior (e.g., analyze web traffic, web pages you spend the most time on, and websites you visit).

The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems.

Please note that cookies don't allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.

If you want to disable cookies, you can do it by accessing the settings of your internet browser. As these settings can change from time to time, we recommend that you do an internet search for the phrase “edit cookie settings in [insert name of your browser].”

Links to Other Websites

Our website contains links that lead to other websites. If you click on these links Eebu Health is not held responsible for your data and privacy protection. Visiting those websites is not governed by this Notice of Privacy Practices. Make sure to read the privacy policy documentation of the website you go to from our website.

Restricting the Collection of your PII and PHI

At some point, you might wish to restrict the use and collection of your personal data. You can achieve this by doing the following:

  • When you are filling the forms on the website, make sure to check if there is a box to indicate whether you don't want to disclose your PII.

  • If you have already agreed to share your information with us, feel free to contact us at support@eebu.health and we will be more than happy to change this for you.

Your PHI is provided to us our updated under the terms of a BA Agreement with a Covered Entity. Therefore, our use of the PHI will be governed by those terms and your agreements with the Covered Entity.

Eebu Health will not lease, sell or distribute your PII to any third parties, unless we have your permission or to a Covered Entity requiring your information for provision of care and legally allowed to obtain it. We might do so if the law forces us. 

Safeguards

We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include:

  • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;

  • Providing appropriate training for our staff to assure that our staff complies with our security policies;

  • Making use of appropriate encryption when transmitting PHI over the Internet;

  • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;

  • Utilizing appropriate authentication and access controls to safeguard PHI;

  • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and

  • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.

Mitigation of Harm

In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:

  • Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and

  • Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPPA.

Access to PHI

As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by us on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.

Public Reporting

If you are aware of any incident that needs to be addressed, any clear and present threats that exist to our organization or our patient data, any vulnerabilities that could be exploited, please notify us at support@eebu.health.

For the protection of our patients’ data, while we do not have an expectation that you will indefinitely not disclose this to the public but we request a providing us 2 weeks to properly remediate the issue.