At Operability, LLC, including our family of products, including OperaDDS™, we are committed to maintaining the confidentiality of information entrusted to us by our clients, Business Associates / Subcontractor, especially individually identifiable personal and health information such as names, addresses, and Protected Health Information (PHI).
OperaDDS™ enables our customers to communicate with their employees, patients, vendors, and other health care providers, via electronic messaging while complying with HIPAA.
Operability, LLC ("Operability") protects the confidentiality of information it receives by adhering to the requirements of the HIPAA Privacy Rule and the HIPAA Security Rule. The Privacy Rule governs the acquisition, storage, transfer and retention of Protected Health Information, in both electronic and paper formats. The Security Rule covers all information acquired, maintained or transferred electronically.
We comply with all business associate obligations under HIPAA/HITECH, enabling us to provide the highest level of service to our health care provider customers.
Operability follows the policies and practices it has documented in its HIPAA Privacy Manual and in its HIPAA Security Compliance Plan. These documents cover areas such as:
We respect the privacy of personal health information and take securing all PHI data seriously. Operability's services are HIPAA ready and aids practices using the system to comply with its obligations as a Covered Entity.
Our OperaDDS™ products are HIPAA-ready services that include:
Operability assure the appropriate use and disclosure of PHI is done in the normal course of business and appropriate based on the contracts with clients. Operability will assure appropriate and adequate safeguards are established to protect customers' patient information from unauthorized use and disclosures; where use is defined as the sharing, employment, application, utilization, examination, or analysis of information within an entity that maintains such information; and where disclosure is defined as release, transfer, provision of, access to, or divulging in any other manner of information outside the entity holding the information.
Breach notification will be carried out in compliance with the American Recovery and Reinvestment Act (ARRA)/Health Information Technology Economic and Clinical Health Act (HITECH), Modifications to the HIPAA Privacy, Security Enforcement and Breach Notification Rules under the HITECH Act (Omnibus Rule).
Operability acknowledges the need for practices with accounting of disclosure, electronic access to PHI, fundraising and PHI, sale of PHI, research and PHI, and marketing and PHI. Through the normal course of business, Operability does not take part of any activities that would fall under the classifications of: Fundraising Activities; Sale of PHI; Marketing and Research and PHI.
Operability is focused on protecting the confidentiality, integrity, and accessibility of the PHI. Operability will regularly and timely reviews of threats and vulnerabilities to their organization and systems focused on protecting the confidentiality, integrity, and accessibility of PHI. Operability will take the proper steps to mitigate and reduce the risks to the organization and the PHI maintained.
Operability is committed to proper protection of all uses and disclosures of PHI that it stores and maintains on behalf of a covered entity, and accordingly it is committed to hold all workforce members responsible for the proper protection of privacy and security requirements. Operability will assure that the workforce members logging into the electronic systems that contain PHI are only looking at information needed to complete the daily operational work. Operability doesn't have access to the information of each of the individual organizations that are in the system software. Operability is focused on protection of the physical components of the business that store and maintain PHI for the organization. Operability assures that limitations are put on the ability to provide physical limitations to any PHI. Operability only allow the appropriate access to systems based on business need and client responsibility.
To protect all electronic media used for patient care, Operability will properly report and respond to all potential security incidents that occur within the organization. The contingency plan for Operability's system will focus on data backup, disaster recovery, emergency mode operation plan, testing and revision, and application and data criticality analysis. Operability will assure adequate controls are in place through regular review and evaluation to protect the confidentiality, integrity, and availability of electronic PHI.
Operability will enter maintain a process to assure the information shared and used by subcontractors is properly protected and safeguarded as required in the HIPAA regulation. Operability will enter into a written business associate agreement with all subcontractors that create, receive, maintain, or transmit PHI to support the business operations of Operability. Business Associates/Subcontractors will be obligated to effectively maintain the privacy and security of PHI as required by HIPAA and Operability.
Operability is required by the HIPAA Security Rule to assure that the integrity to the data that it stores and maintains has not been altered or destroyed in an authorized manner. Operability will protect all ePHI that it stores, maintains, and transmits from improper alteration and destruction by implementing a combination of policy and technical solutions, in the maintenance, retention, and eventual destruction/disposal of PHI.
Operability will assure that an individual's is appointed to be the organization's HIPAA Security officer. The security officer is responsible for the oversight and management of the organization's compliance with the HIPAA regulations. The security officer is the individual who is responsible for assuring the development, awareness, and enforcement of all the HIPAA policy and procedures established meet requirements.
Operability will assure timely and appropriate policies and procedures in order to comply with the HIPAA Privacy and Security Regulations; accordingly, documentation will be updated, maintained, stored in accordance with the regulations.
If you have any questions or concerns regarding this notice, please contact: Operability LLC, Attn: Security Officer, 109 Bushaway Road, suite 100, Wayzata MN 55391; or email at care@operadds.com.
Updated: August 8, 2018.