User Agreement |
Privacy Statement | Technical
Terms and Conditions of Use Agreement
with HealthHighway.com to Terms and Conditions of Use HealthHighway.com
web site use depends on your agreement to adhere to the terms
and conditions of use set forth in the following document.
Client Terms and Conditions of Use Agreement
Your Agreement with HealthHighway.com
to Terms and Conditions of Use HealthHighway.com web site use
depends on your agreement to adhere to the terms and conditions
of use set forth in the following document.
Our web site places small,
temporary text files, known as cookies, on your computer to
help us in making our web site more personalized and efficient.
to save your personal passwords. These cookies expire at the
end of each session on logout. None of our employees will
ever ask for a password.
Your personal demographic
and health data is stored and secured using state-of-the-art
technology. Connections to your data by HealthHighway.com and
by your personal Provider's office are only possible using Secure
Socket Layer (SSL) technology. SSL technology provides sufficient
means to maintain a very high level of security for your personal
health data, however no system is unconditionally secure.
All internal communication
between HealthHighway.com and your personal Health Care Provider's
office, as well as your communications with your personal Provider,
are secured using high-level encryption technology via SSL.
This level of encryption effectively defeats unwanted intrusion
into your private communications between you and your personal
to Personal and Health Information
Your account with HealthHighway.com
is password protected. Access to your personal and health information
is limited to your personal Provider's office and those individuals
who "need to know" about you to better administer your interactions
with certain entities (e.g. insurance companies and other 3rd
party payers) and to certain individuals directly involved in
your care. You may ask your provider's office at any time to
review the identity of those individuals who have seen your
online health information. No HealthHighway.com employee should
access your personal or health information unless there is a
problem with an account that requires the attention of our technicians
to address. Every HealthHighway.com employee signs a Privacy
and Confidentiality Agreement. Inappropriate access to a family
member's health information is prohibited
HEALTHHIGHWAY.COM WEB SITE IS PROVIDED ON AN "AS IS" BASIS AND
YOUR USE OF THE WEB SITE IS AT YOUR OWN RISK. HEALTHHIGHWAY.COM
MAKES NO WARRANTIES EITHER EXPLICIT OR IMPLICIT INCLUDING THE
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, TITLE OR NON-INFRINGEMENT. HEALTHHIGHWAY.COM MAKES
NO REPRESENTATION OR WARRANTY THAT ANY CONTENT WILL BE ACCURATE,
COMPLETE, OR TIMELY NOR DOES IT WARRANTY IT FOR ITS PROVIDER
CLIENT OFFICES. ALTHOUGH WE WILL STRIVE TO MAINTAIN HIGHEST
TECHNOLOGICAL STANDARDS, HEALTHHIGHWAY.COM MAKES NO REPRESENTATIONS
OR WARRANTIES THAT YOUR ACCESS OF THE SITE WILL BE UNINTERRUPTED,
ERROR FREE, VIRUS FREE OR UNCONDITIONALLY SECURE.
The HealthHighway.com web
site is not intended to substitute for medical diagnosis / treatment
or in lieu of consulting with a Provider or other health care
professional for medical diagnosis / treatment. HealthHighway.com
does not practice medicine or dispense medical services and
therefore does not assume any liability for data contained within
the application related to any diagnosis or treatment. HealthHighway.com
assumes no liability for the medical content of any site linked
to its own.
Trademarks and Intellectual Property
All contents, processes
and functions of the HealthHighway.com web site and applications,
with the exception of your personal patient health information,
are copyrighted and protected under domestic copyright law.
Trademarks of HealthHighway.com are the sole property of the
company and cannot be used without permission. All intellectual
property, software and code contained within the HealthHighway.com
web site and its applications are the property of HealthHighway.com
and cannot be used without permission.
By agreeing to these Terms
and Conditions of Use, you agree that the liability of HealthHighway.com,
or its agents, if any, arising out of any legal claim (whether
in contract or tort) in connection with the use of the HealthHighway.com
web site or its applications shall not exceed $1000. HealthHighway.com
shall not be liable for any direct, indirect, consequential,
punitive or incidental damages resulting from use or misuse
by you of the HealthHighway.com web site or applications.
By accepting these Terms
and Conditions of Use, you acknowledge that the service and
function found within the HealthHighway.com web site are provided
on an "as is" basis and without warranty either express or implied.
By accepting these Terms and Conditions of Use you also acknowledge
that your use of this web site is at your own risk.
of Agreement Resulting from Client Conduct
the right terminates services to a patient client for breach
of any part of this agreement or for cause, which shall be considered
misuse of the web site, or applications as described below.
If HealthHighway.com should decide to terminate your use of
the web site, we will disable your password and notify your
personal Provider by fax within 72 hours. Your personal Provider
then has an obligation to establish an alternate means of communication.
Any unlawful use or misuse
of the web site or applications shall be grounds for termination
of this agreement. Misuse is exemplified by willful or otherwise
malicious interaction with your personal Provider's office,
which jeopardizes patient care or the ability of the Provider
to care for the patient. An example of such misuse is the sharing
of passwords, which is prohibited. HealthHighway.com believes
that it has a responsibility to its user client community to
maintain a high level of standards and is committed to enforcing
You acknowledge that this
document is complete and is the entire agreement.
The provisions of this agreement
are severable and complete. In the event that any provision
is determined to be invalid or unenforceable, this will not
affect the validity of the remaining provisions.
Statement and Verification of Standards
HealthHighway.com has adopted this privacy statement in
order to demonstrate our firm commitment to Provider and Patient privacy.
This Privacy Statement tells you how our company gathers information at the http://www.HealthHighway.com/
website. It also describes the protections we have in place for that information
This web site handles three broad categories of information. Contact and demographic
information, such as patient name, age and contact information, unique identifiers such as
social security numbers or office medical ID numbers. Other types of information includes
personally identifiable health information, practice management, scheduling, billing, financial and clinical information.
The high level of security for each of these types of information is the same. We protect all
Provider and patient data by encrypting it whenever that data is transmitted (see technical
security below for details), and by requiring a series of user identification symbols,
authentication techniques and passwords when the data is stored on the website.
E-mail Address, Name and other Contact Information
Our site's registration form asks you to give us contact information (such as name and
email address), which we use to contact you when necessary and to identify you when you
visit the web site. We do not provide this information available to other entities, and
we protect it from unauthorized access.
of Cookies and Internet Address
We do not use "cookies", small temporary text files,
placed on your computer in order to help you more easily navigate and get your information.
We may use your Internet address to
diagnose problems with our server, administer our web site and assist with your web site
sessions as described above.
Unique Identifiers (such as social security number or other
unique identifying number) may be collected to verify your identity or for use as account numbers
in our system
Electronic Messaging System
Our secure electronic messaging for communications between providers
and patients may be used only when both agree to use the system. We recommend that you discuss any
questions your patients may have regarding the privacy of information that might be
contained in the messaging system, should you and your patient(s) both decide to
use it..HealthHighway.com is not responsible for the privacy policies or practices of individual
Provider's offices or their associations.
Each HealthHighway.com employee and independent contractor signs a
Confidentiality and Privacy Agreement in which they agree to uphold the privacy policies and
practices of HealthHighway.com
Right to Not to Participate in Portions of this Web Site
When you register for this website, you have a choice whether or not to participate in any or
all of the services that we offer.
Data and Opt-In Option for Receipt of Additional Information
When we ask you for demographic information during registration and other applications in the web site. The site allows you to choose whether or not to receive any online or mail communications from ProvidersAccess.com
or its partners. You will not receive any unsolicited information without your consent.
Although HealthHighway.com makes every effort to seek out and associate with companies
who respect your privacy as much as we do, we do not control and therefore cannot be
may be found within the HealthHighway.com web site. If you are concerned about or
interested in the privacy practices or policies of these other web sites, you may wish to
review the statements posted on their web sites and/ or contact them directly with your
Certain companies and their products sponsor the HealthHighway websites. The accuracy
and use of the information provided by them including their product and services is yours and theirs
responsibility. If you are concerned about or interested in the privacy practices or policies of
these other vendors, you may wish to review the statements posted on their web sites and
or contact them directly with your questions.
Contacting HealthHighway.com If you have questions regarding this privacy statement or
the practices of this web site you can contact us by e-mail at: support@HealthHighway.com.
As an application service provider facilitating communications between patients and Provider
offices and their associations, as an enterprise that maintains individually identifiable health
information on behalf of these parties, and as a company dependent on health care
transaction revenues for a significant portion of its income, HealthHighway.com (the
Company) has a vital stake in ensuring the highest level of data security and confidentiality
on behalf of its constituent users. For one thing, it will soon be mandated in regulations
from the US Department of Health and Human Services (DHHS); criminal penalties will be
exacted for knowingly and inappropriately releasing individually identifiable health
information. For another, knowing how important confidentiality is to Provider-patient
relationships, it simply is good business for Company employees to act as trustworthy
stewards of this data
On the other hand, there will never be perfect data security; malicious or inadvertent
confidentiality breaches will occur. However, companies at least must be diligent in
protecting confidentiality and in maintaining data security to the greatest practical extent.
And when breaches inevitably occur, companies must actively monitor its systems to detect
them, must take corrective action as quickly as possible upon detection, and must
continually adjust its security and confidentiality policies and procedures to insure that they
remain adequate. All of this is recognized implicitly or explicitly in the proposed rules on
privacy that have resulted from the original HIPAA legislation from DHHS.
The Company has NEVER planned nor suggested to customers that it would be advisable to
eliminate paper records from its customer's practices. In fact, the Company has always
regarded the data it collects and maintains on behalf of its users to be supplemental to
medical care processes. Its operating model has been to function as an "electronic shadow
chart" - recording information maintained for the convenience and improved efficiency of
the Providers and other health care providers that use the system; as with other shadow
charts; the final arbiter of, and source of documentation about, patient care remains the
main (paper) chart. We recommend the Health care Providers to keep the paper backups,
as they do it now.
Nevertheless, the Company has put in place a number of measures to assure the security of
its users data. First, data is hosted at the co-location facility (COLO) of an Internet Service
Provider (ISP). The COLO is monitored by ISP personnel, and the hosted
systems are monitored continuously by ISP systems to detect a variety of possible attacks.
The Company is notified by pager of any suspected security breaches.
The computers on which customer data is located at the COLO. The COLO has security, and policies and
procedures are in place to log all entry and access to the computers containing customer
data. ISP electrical power is carefully conditioned. There is an on-line battery and automatic
backup to temporarily keep the servers running for a short period of time.
The Company has automatic tape-backup units for all computers containing customer data.
Backup tapes are made at least nightly and stored in locked vaults that only selected
Company employees can access.
Beyond that, the Company designed its systems to be compliant with industry standards.
In particular, all data interchange through company applications is encrypted (currently using up to strong domestic
triple-DES 56-bit encryption via SSL where supported by client browser). Data access is protected by a system of User
IDs and passwords. All updates to data are accompanied by audit information stored with it
that records (among other things) date, time, user, nature of the change, and optional user
comments. Finally, the system has an office-administrator-definable time-out, which upon
expiration requires re-authentication of the user before further data access is allowed.
In addition, the Company protects its customers' (and its own) data using a state-of-the-art, market leading firewall, with a strict security policy. Additionally, strong
encryption and industry standard access controls are used to safeguard the privacy and
availability of customer information.
The Company is planning to
regular internal security assessments.
The most important aspect
of the proposed HIPAA regulations is the following: any organization
that plans to exchange individually identifiable health information
electronically with another individual or organization can only
do so when appropriate "chain-of-trust" agreements are in place
between these organizations or individuals.
Specifically, this means
that these entities must themselves have an explicitly set of
policies assuring some level-of-protection of this data, that
there is effective administrative enforcement of these policies,
and that there is continuous monitoring of the policies and
their enforcement to insure that protection endures and improves
over time to meet any threats.
Of course, the requirements
for entering into chain-of trust agreements apply to the Company
itself. HIPAA has a proposed two-year phase-in period before
compliance is required. During that time, the Company must:
a. Hire or
designate a Chief Security Officer to assume responsibility
for the Company's security measures.
in place specific policies and procedures for ensuring adequate
security and privacy protections; fully document this activity.
in place adequate monitoring procedures to detect security breaches
in a timely manner, and to assure that corrective measures are
instituted as quickly as possible; fully document this activity.
technical security and privacy protections as needed to keep
up with technical requirements; fully document this activity.
engage the Company's data interchange partners with chain-of-trust
agreements based on the above; fully document this activity.
The requirement for entering
into chain-of-trust agreements applies equally to small-office
Providers (Providers in practices of 10 or fewer providers -
including solo practitioners). The Company is uniquely positioned
to make it feasible for this constituency to enter into these
The Company plans to offer
to its office users a system of templates and reminders that
will assist them in becoming and remaining HIPAA-compliant.
In particular (almost exactly parallel to what the Company itself
must do), it will implement a system that:
Helps assign a party responsible for office security; documents
and periodically updates policies and procedures for ensuring
adequate security and privacy protections; documents this activity
and reports possible security breaches to these offices as soon
as they occur; recommends corrective measures; documents this
updates its own technical security and privacy protections (on
behalf of its office and consumer users); documents this activity.
and submits to data interchange partners chain-of-trust agreements
based on the above; fully documents this activity. The Company
is committed to providing users with the information necessary
to stay ahead of industry regulations, and keep their medical