CORE Medical Solutions recognizes the importance of protecting Protected Health Information (“PHI”) and supporting healthcare providers in maintaining compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
CORE Medical Solutions may provide technology, communications, analytics, marketing, automation, and patient engagement services that interact with healthcare-related information on behalf of healthcare providers and organizations.
Where applicable, and where the Services involve the creation, receipt, maintenance, or transmission of Protected Health Information, CORE Medical Solutions may operate as a Business Associate under HIPAA and enter into a separate written Business Associate Agreement (“BAA”) with Covered Entities.
Any obligations regarding the handling of PHI are governed by the applicable BAA, service agreement, and applicable federal and state laws.
CORE Medical Solutions implements reasonable administrative, technical, and physical safeguards designed to protect Protected Health Information (“PHI”), electronic Protected Health Information (“ePHI”), and other sensitive information from unauthorized access, disclosure, alteration, or destruction.
Security measures may include:
However, no system, network, software platform, or method of electronic transmission or storage can be guaranteed completely secure. CORE Medical Solutions cannot guarantee absolute security.
Healthcare providers and organizations using the Services are responsible for:
Clients should avoid transmitting highly sensitive medical information through unsecured channels unless expressly configured, authorized, and appropriate for the intended use.
CORE Medical Solutions may utilize third-party service providers, infrastructure providers, cloud hosting providers, communication platforms, analytics tools, and other subcontractors in connection with delivering the Services.
Where required by applicable law or contractual obligations, CORE Medical Solutions implements appropriate safeguards and agreements with such providers to support the protection of PHI and other sensitive information.
CORE Medical Solutions maintains procedures designed to identify, investigate, and respond to suspected security incidents affecting systems used in connection with the Services.
Where required by applicable law, contractual obligations, or a Business Associate Agreement, CORE Medical Solutions will provide notification regarding reportable security incidents or breaches involving PHI in accordance with applicable requirements.
Unless expressly stated in a separate written agreement, CORE Medical Solutions does not represent or warrant that its website, platforms, or Services serve as an official electronic medical record (“EMR”), electronic health record (“EHR”), or permanent clinical records repository.
Healthcare providers remain solely responsible for maintaining patient medical records and documentation in accordance with applicable laws, regulations, and professional obligations.
HIPAA compliance depends upon numerous factors, including implementation, configuration, user practices, internal policies, workforce training, and operational procedures.
Nothing contained in this HIPAA Compliance Notice constitutes legal advice, compliance advice, or a guarantee of regulatory compliance. Healthcare providers and organizations are encouraged to consult qualified legal, compliance, and security professionals regarding their specific obligations.
If you believe information transmitted through the Services may have been compromised, improperly accessed, or disclosed without authorization, please contact:
CORE Medical Solutions
privacy@coremedicalsolutions.net
