Contact Us

HIPAA Compliance.

Grow Your Practice

Dontist Media is dedicated to ensuring the privacy and security of Protected Health Information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA) regulations. Our commitment to HIPAA standards is integral to all our operations, ensuring that your healthcare organization can trust us with your sensitive data.

Our Commitment to HIPAA Compliance

Data Security Measures

  • Encryption: All data, both in transit and at rest, is encrypted using the latest encryption standards to prevent unauthorized access.
  • Access Controls: Access to PHI is strictly controlled and limited to authorized personnel only. We enforce strong password policies and use multi-factor authentication where applicable.
  • Regular Audits: We conduct regular audits and assessments of our systems and processes to identify and mitigate potential security risks.
  • Employee Training: Our employees undergo regular HIPAA compliance training to ensure they understand the importance of protecting PHI.

Privacy Policies

  • Data Minimization: We collect only the minimum necessary PHI required to perform our services.
  • Data Retention: We retain PHI only for as long as necessary to fulfill the purposes for which it was collected, and in accordance with HIPAA guidelines.
  • Data Sharing: We do not share PHI with third parties unless explicitly authorized by our clients or required by law.

HIPAA Compliance in Our Services

Healthcare Marketing Services

  • Email Marketing: Our email marketing campaigns are HIPAA-compliant, ensuring that PHI is not exposed to unauthorized parties.
  • Social Media Marketing: We maintain strict controls over the use of PHI in social media campaigns, ensuring that only de-identified information is used.
  • Website Optimization: Our website optimization strategies are designed to protect PHI and ensure compliance with HIPAA regulations.
  • Reputation Management Review Monitoring: We monitor online reviews while safeguarding patient information.
  • Crisis Management: In the event of a data breach or other security incident, we have protocols in place to address the situation promptly and effectively.

HIPAA Business Associate Agreement Terms and Conditions

The following Standard HIPAA Business Associate Agreement Terms and Conditions (“HIPAA Addendum”) shall be incorporated into the Master Service Agreement for Customers that are Covered Entities which provide Protected Health Information (“PHI”) to Dontist Media in connection with the services they have purchased. These terms supplement the purchase agreement between Dontist Media and Customers in order to comply with the federal Standards for Privacy of Individually Identifiable Health Information, located at 45 C.F.R. Part 160 and Part 164, Subparts A through E (“Privacy Rule”) and the Health Information Technology for Economic and Clinical Health Act, Public Law 111-005 (the “HITECH Act”).

Obligations and Activities of Business Associate

Use and Disclosure of PHI

  • Use Limitation: Dontist Media shall not use or disclose PHI other than as permitted or required by this HIPAA Addendum or as Required by Law. Dontist Media shall not use or disclose PHI for fundraising or marketing purposes. Dontist Media shall not directly or indirectly receive remuneration in exchange for PHI, except with the prior written consent of Covered Entity and as permitted by the HITECH Act; however, this prohibition shall not affect payment by Covered Entity to Dontist Media for services provided pursuant to the Underlying Agreement.

Safeguards

  • Data Security: Dontist Media shall use appropriate safeguards, and comply with Subpart C of 45 CFR Part 164 with respect to electronic PHI, to prevent use or disclosure of PHI other than as provided for by the Agreement.

Mitigation

  • Harm Mitigation: Dontist Media shall mitigate, to the extent practicable, any harmful effect that is known toDontist Media of a use or disclosure of PHI by Dontist Media in violation of the requirements of this HIPAA Addendum.

Reporting

Incident Reporting: Dontist Media shall report to Covered Entity any use or disclosure of PHI not provided for by the Agreement of which it becomes aware, including breaches of unsecured PHI as required at 45 CFR 164.410, and any security incident of which it becomes aware:

  • Business Associate will notify Covered Entity of the breach within a previously agreed-upon timeline, not to exceed 30 calendar days
  • Business Associate will notify the patient of the breach
  • Business Associate will notify HHS Office for Civil Rights of the breach

Disclosure to Agents and Subcontractors

  • Subcontractor Agreement: In accordance with 45 CFR 164.502(e)(1)(ii) and 164.308(b)(2), if applicable, ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of Dontist Media agree to the same restrictions, conditions, and requirements that apply to Dontist Media with respect to such information.

Designated Record Set

  • Access to PHI: Dontist Media shall provide access, at the request of Covered Entity, to PHI in a Designated Record Set to meet the requirements under 45 C.F.R. § 164.524. Business Associate will forward the request for access to the designated record set to Covered Entity within 30 days OR Business associate will respond to the request for access to the designated record set within 30 days. If a Business Associate is unable to respond to the request for access, the Business Associate will notify the requesting party.

Internal Policy and Procedure

Policy Availability: Dontist Media shall make available its internal practices, books, and records, including policies and procedures and PHI, relating to the use and disclosure of PHI received from, or created or received by Dontist Media on behalf of, Covered Entity available to the Covered Entity and to the Secretary of Health and Human Services (“Secretary”) for purposes of the Secretary determining Covered Entity’s compliance with the Privacy Rule and the HITECH Act.

Disclosures

Accounting of Disclosures: Dontist Media agrees to maintain the information required to provide an accounting of disclosures of PHI in accordance with 45 C.F.R. § 164.528 and to make this information available to the Covered Entity upon the Covered Entity’s request in order to allow the Covered Entity to respond to an Individual’s request for accounting of disclosures.

Security Obligations

Safeguard Implementation: Dontist Media shall implement appropriate safeguards as are necessary to prevent the use or disclosure of PHI otherwise than as permitted by the Underlying Agreement or this HIPAA Addendum including, but not limited to, administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the Covered Entity’s electronic PHI as required by 45 C.F.R. Sections 164.308, 164.310, and 164.312, as amended from time to time. Dontist Media shall ensure that any agent, including a subcontractor, to whom it provides such electronic PHI, agrees to implement reasonable and appropriate safeguards to protect it. Dontist Media shall comply with the policies and procedures and document requirements of the Privacy Rule including, but not limited to, 45 C.F.R. Section 164.316. Dontist Media agrees to report promptly to the Covered Entity any security incident of which it becomes aware.

Breach Pattern or Practice by Covered Entity

Breach Response: If Dontist Media knows of a pattern of Activity or practice of the Covered Entity that constitutes a material breach or violation of the Covered Entity’s obligations under the HIPAA policy set forth here, Dontist Media shall take reasonable steps to cure the breach or end the violation. If the steps are unsuccessful, Dontist Media must terminate the Underlying Agreement, if feasible, or if termination is not feasible, report the problem to the Secretary.

Permitted Uses and Disclosures by Dontist Media

Permitted Uses and Disclosures: Except as otherwise limited in this HIPAA Addendum, Dontist Media may use or disclose PHI to perform functions, Activities, or services for or on behalf of the Covered Entity as specified in the Underlying Agreement provided. Such use or disclosure would not violate the Privacy Rule including, but not limited to, each applicable requirement of 45 C.F.R. § 164.504(e) and the HITECH Act if done by the Covered Entity.

Use for Management and Administration: Except as otherwise limited in this HIPAA Addendum, Dontist Media may use PHI for the proper management and administration of Dontist Media or to carry out the legal responsibilities of Dontist Media.

Disclosure for Management and Administration: Except as otherwise limited in this HIPAA Addendum, Dontist Media may disclose PHI for the proper management and administration of Dontist Media, provided that disclosures are Required by Law or Dontist Media obtains reasonable assurances from the person to whom the information is disclosed that it will remain confidential, and used or further disclosed only as Required by Law or for the purpose for which it was disclosed to the person, and the person notifies Dontist Media of any instances of which it is aware in which the confidentiality of the information has been breached.

Minimum Necessary: Dontist Media (and its agents or subcontractors) shall request, use, and disclose only the minimum amount of PHI necessary to accomplish the purpose of the request, use, or disclosure. Dontist Media understands and agrees that the definition of “minimum necessary” is subject to change from time to time and shall keep itself informed of guidance issued by the Secretary with respect to what constitutes “minimum necessary.”

Data Aggregation: Except as otherwise limited in this HIPAA Addendum, Dontist Media may use PHI to provide Data Aggregation services related to health care operations to the Covered Entity as permitted by 45 C.F.R. §164.504(e)(2)(i)(B).

Report Violations of Law: Dontist Media may use PHI to report violations of law to appropriate Federal and State authorities consistent with 45 C.F.R. §164.502(j)(1).

Provisions for Covered Entity to Inform Business Associate of Privacy Practices and Restrictions
The Covered Entity shall notify Dontist Media of any limitation(s) in the notice of privacy practices of the Covered Entity under 45 C.F.R. § 164.520, to the extent that such limitations may affect Dontist Media’s use or disclosure of PHI.

Changes in Permission: The Covered Entity shall notify Dontist Media of any changes in, or revocation of, permission by an Individual to use or disclose his or her PHI, to the extent that such changes may affect Dontist Media’s use or disclosure of PHI.

Notification of Restrictions: The Covered Entity shall notify Dontist Media of any restriction to the use or disclosure of PHI that Covered Entity has agreed to or is required to abide by under 45 C.F.R. § 164.522, to the extent that such restriction may affect Dontist Media’s use or disclosure of PHI.

Permissible Requests by Covered Entity: The Covered Entity shall not request Dontist Media to use or disclose PHI in any manner that would not be permissible under the Privacy Rule and the HITECH Act if done by Covered Entity. Exceptions if certain provisions are made; Data aggregation, Management and administration, and Legal responsibilities of Dontist Media (one or more may apply).

Term and Termination

Term: The Term of this HIPAA Addendum shall be effective as of the first day that the Covered Entity provides PHI to Dontist Media and shall terminate when all of the PHI provided by the Covered Entity to Dontist Media, or created or received by Dontist Media on behalf of the Covered Entity, is destroyed or returned to the Covered Entity, or if it is infeasible to return or destroy PHI, protections are extended to such information in accordance with the termination provisions set forth here.

Termination with Cause: Dontist Media authorizes termination of this Agreement by the Covered Entity, if the Covered Entity determines Dontist Media has violated a material term of the Agreement:

  • Provide 30 days advance written notice specifying the nature of the breach or violation to Dontist Media. Dontist Media shall have 60 days from the date of the notice in which to remedy the breach or violation. If such corrective Action is not taken within the time specified, this HIPAA Addendum and the Underlying Agreement shall terminate at the end of the 30 days.
  • Immediately terminate this HIPAA Addendum and the Underlying Agreement if Dontist Media has breached a material term of this HIPAA Addendum and cure is not possible.
  • Report the violation to the Secretary if neither cure of the breach nor termination of this HIPAA Addendum and the Underlying Agreement are feasible.

Obligation of Dontist Media Upon Termination:

Upon termination of this HIPAA Addendum or the Underlying Agreement, for any reason, Dontist Media shall return or destroy all PHI received from Covered Entity, or created, maintained or received by Dontist Media on behalf of Covered Entity. This provision shall apply to PHI that is in the possession of subcontractors or agents of Dontist Media. Dontist Media shall retain zero copies of the PHI.

In the event that Dontist Media determines that returning or destroying PHI is not feasible, Dontist Media shall notify Covered Entity in writing of the conditions that make return or destruction infeasible. If return or destruction of the PHI is not possible, Dontist Media shall extend the protections of this HIPAA Addendum to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for as long as Dontist Media maintains such PHI.

Regulatory References:

A reference in this HIPAA Addendum to a section in the Privacy Rule or the HITECH Act means the section as in effect or as amended.

Amendments:

Dontist Media reserves the right to change the terms and conditions of this HIPAA Addendum at any time. Dontist Media will notify the Covered Entity of any material changes to this HIPAA Addendum by sending the Covered Entity an email to the last email address the Covered Entity provided to Dontist Media or by prominently posting notice of the changes on Dontist Media’s website. Any material changes to this HIPAA Addendum will be effective upon the earlier of thirty (30) calendar days following Dontist Media’s dispatch of an email notice to the Covered Entity or thirty (30) calendar days following Dontist Media’s posting of notice of the changes on its website. These changes will be effective immediately for new Dontist Media Clients. Please note that at all times the Covered Entity is responsible for providing Dontist Media with its most current email address. In the event that the last email address that the Covered Entity has provided Dontist Media is not valid, or for any reason is not capable of delivering to the Covered Entity the notice described above, Dontist Media’s dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. If the Covered Entity does not agree with the changes to this HIPAA Addendum, the Covered Entity must notify Dontist Media prior to the effective date of the changes that the Covered Entity wishes to terminate its subscription to the applicable Dontist Media services. Continued use of the Dontist Media services following notice of such changes shall indicate the Covered Entity’s acknowledgment of such changes and agreement to be bound by the terms and conditions of such changes.

Interpretation:

The provisions of this HIPAA Addendum shall prevail over the provisions of any other agreement that exists between the Parties that may conflict with, or appear inconsistent with, any provision of this HIPAA Addendum, the Privacy Rule or the HITECH Act.

Your trusted dental marketing agency, focused on growing your practice by attracting more patients and building a strong online presence.

Meta-Partner-Badge-2
google-partner
Dental Marketing Services
Important Links
Contact Us
Facebook Twitter Instagram Linkedin

© 2024 — Dontist Media | All Rights Reserved.

Powered by Crawl Math.