Effective Date: 01/11/2011
1. Who We Are. NCG Medical Systems, Inc. owns and operates this ncgmedical.com website. All references to "we", "us", this "website" or this "site" shall be construed to mean NCG Medical Systems, Inc.
2. What We Do. We provide data processing services to Covered Entities under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, as amended, including without limitation amendments by the Health Information Technology for Economic and Clinical Health (HITECH) Act (collectively referred to herein as “HIPAA”). In the process of providing our services, we may access, receive, process, maintain, archive, and/or transmit information defined by HIPAA as Protected Heath Information (PHI) and/or Electronic Protected Health Information (ePHI) from our Covered Entity customers (PHI and ePHI are collectively referred to herein as “PHI”).
3. Business Associate Agreement. A Business Associate Agreement is a formal written contract between us and a Covered Entity that obligates us to satisfy certain specific obligations regarding PHI of a Covered Entity that we may access, receive, process, maintain, archive, and/or transmit in connection with our services.
5. Use and Disclosure of PHI.
5.1 We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of performing our obligations under our services agreements to Covered Entities, provided that such use or disclosure is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates.
5.2 We may use PHI internally for our own internal management, administration, data aggregation and legal obligations, but only to the extent such use of PHI is permitted or required by the applicable Business Associate Agreement and would not violate HIPAA, including its Privacy Rule or Security Rule as applicable to Business Associates.
5.3 We may disclose PHI for law enforcement purposes as required by law or in response to a valid subpoena.
5.4 We may disclose PHI to downstream subcontractors or agents that provide supporting services to us; however, we will require such subcontractors and agents to comply with the same terms and conditions that apply to us under the applicable Business Associate Agreement and PHI, including the implementation and maintenance of required safeguards.
6. Safeguards. We have established and maintain safeguards that are required by the applicable Business Associate Agreement and HIPAA, including its Privacy Rule and Security Rule as applicable to Business Associates. These safeguards include administrative, physical, and technical safeguards that are reasonable and appropriate for the protection of the PHI that we access, receive, process, maintain, archive, and/or transmit on behalf of our Covered Entity customers.
NCG Medical Systems, Inc.
Attn: Compliance Officer
140 North Westmonte Drive
Altamonte Springs, FL 32714
Telephone: (800) 329-1906
Facsimile: 407 682 7997
Material Modifications Since Effective Date: none.