Privacy Policy
J&H Copy Services, Inc. (“Company” or “We”) respects your privacy, and we are committed to protecting it through our compliance with this policy.
This policy describes the types of personal information we may collect from you or that you may provide when you visit our website www.jhcopy.com (our “Website”)
or use our services and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect on this website, via our portals, via email, through online applications, offline, or through any other means.
It does not apply to:
- Information collected by any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.
- Protected health information.
- Publicly available information from government records (not considered “personal information”).
- De-identified or aggregated consumer information (not considered “personal information”).
The Company discloses personal identifying information we receive from our clients for the purpose of retrieving medical records (protected health information) from medical
facilities or their designated third-party copy services. We then disclose the protected health information pursuant to appropriate written authorizations to gather
information for, and disclose it to, its clients for the purposes of their underwriting and servicing of insurance policies, and for their other legitimate purposes
authorized by law.
We are required by the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to give you this Notice about our privacy practices, our legal duties,
and your rights concerning your PHI. This Privacy Policy takes effect immediately and will remain in effect until we replace or modify it.
Children Under the Age of 18
Our Website is not intended for children under 18 years of age. No one under the age of 18 may provide any information to or on the Website. We do not knowingly collect
personal information from children under 18. If you are under 18, do not use or provide any information on this Website or through any of its features/register on the Website,
transact any business through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including
your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn that we have collected or received personal information from a
child under 18 without verification of parental consent, we will delete that information.
Individual Consumers
We are not a consumer-facing company, and our website is not intended for individual consumers. Rather, our website is intended for the businesses which we contract or
market our services. We do not knowingly collect personal information from individuals who are not representatives of our customers, or our potential customers.
If you are not a representative of a customer or potential customer, do not use or provide any information on this Website or on or through any of its features/register
on the Website, transact any business through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself
to us, including your name, address, telephone number, e-mail address or any screen name or user name you may use. If we learn we have collected or received personal
information inadvertently, we will delete that information.
The Information We Collect
The types of personal identifying information we collect include: patient name, address, phone number, email address, date of birth, social security number,
and insurance policy number.
We also collect protected health information (PHI) such as: medical conditions, prognosis, diagnosis, treatment, prescriptions, drug or medical history, treatment received,
drug history, drug interactions, medical test data, lab results, or any other type of medical information.
HIPAA Compliance
The Company takes security and compliance very seriously and has built a secure HIPAA compliant website.
We are fully compliant with the standards and procedures outlined in the HIPAA rules and regulations. We have protections and security measures in place to protect
from loss, misuse, and alteration of the information provided to us.
The privacy standards of HIPAA provide a framework for health privacy protection which serves to enhance and insure the protection of patient medical and health information.
The Privacy Rule applies only to health plans, health care clearinghouses, and covered certain health care providers – known as “covered entities” under the legislation.
Most health care providers rely on contractors and other “business associates” to assist them in providing quality care to their patients. J&H Copy Services, Inc. is
considered a business associate.
A business associate is typically defined as, “a person or entity that provides certain functions, activities or services for or to a covered entity, involving the use and/or
disclosure of protected health information.” The business associate rule places restrictions on third parties who perform certain covered functions on behalf of a covered
entity and receive protected health information.
The privacy law requires covered entities to have written agreements and satisfactory assurances that the information they disclose to their business associates will: remain
confidential, only be used for the stated purpose, be safeguarded from misuse, and assist the covered entity in complying with their responsibilities under the law. Information
is only provided to a business associate to help the covered entity carry out their health care function – never for independent use by the business associate.
Privacy Practices
This Privacy Policy describes our privacy practices, which include how we may use, disclose, collect, handle, and protect our clients’ PHI. We protect our clients’ privacy by
taking the following precautions:
- Limiting who may see PHI. Only the Company staff members who are authorized and trained are given access to the private information. Staff members who fail to follow the established
policies and procedures are subject to disciplinary actions.
- Limiting how we may use or disclose PHI.
- Maintaining physical, technical, and administrative safeguards to ensure the privacy of our clients’ information.
- Developing and maintaining security policies and controls to ensure proper handling of confidential information, protecting information from unauthorized access and inappropriate disclosure.
- Informing our clients of our legal duties with respect to PHI.
- Explaining our privacy policies.
- Adhering to the policies currently in effect.
Data Security
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration and disclosure.
All information you provide to us is stored in our secure servers behind firewalls. Any and all information provided through a referral form or through a web portal are encrypted using
TLS technologies.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are
responsible for keeping this password confidential. We ask you not to share your password with anyone.
The security of the transmission of information via the internet is a shared responsibility. Although we do our best to protect your personal information and the other information you
may submit through our Website, we cannot guarantee the security of your personal information and other information transmitted to our Website. Any transmission of personal and other
information is at your own risk.
We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
Copies of this Notice
You may request a copy of our Privacy Policy at any time. It is your right.
The Policy shall also be made available on our website.
If you want more information about our privacy practices, or have questions or concerns, please contact us using the contact information on our website.
Changes to this Notice
The terms of our Privacy Policy apply to all records created or retained by us that contain your PHI. We reserve the right to revise or amend the terms of this Notice.
We are required by law to comply with whatever privacy notice is currently in effect.
Potential Impact of State Law
The HIPAA Privacy Rule generally does not pre-empt (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections.
As a result, to the extent state law applies, the privacy laws of a particular state or other federal laws rather than the HIPAA Privacy Rule might impose a privacy
standard under which we will be required to operate. For example, where such laws have been enacted, we will follow the more stringent state privacy laws that relate
to uses and disclosures of PHI concerning HIV, AIDS, mental health, substance abuse, chemical dependency, genetic testing, and reproductive rights.
Rights You Can Exercise with Regard to Your PHI
If you believe your privacy rights have been violated, or if you are dissatisfied with our privacy practices or procedures, you may file a complaint with the Company’s
Privacy Office and/or with the U.S. Secretary of the Department of Health and Human Services. We assure you that filing a complaint will not in any way impact the
services we provide, nor will there be any retaliatory acts against you.
If you feel the need to interact with us on any issues related to this Notice or to file a privacy complaint with us, you may contact us as follows:
Email: privacy@jhcopyservice.com
Phone: (714) 922-1122 ext. 130