Web Site Privacy Policy

The StateServ Holdings LLC and its affiliates ("StateServ", "us", "our", or "we") is committed to protecting the right to privacy of Authorized Users (as defined below) of the DMETrack web site (the "Application") and the patients you serve. We understand and respect the sensitive nature of information transmitted through the Application, as well as the right and responsibilities of users to protect this information. We created our Privacy Policy and are sharing it here with you, the Authorized User, so that you understand the ways in which collected information may be used and the steps we take to protect and safeguard your privacy and the privacy of patients, as well as steps you must take as an Authorized User of the Application to do the same.

By using the Application, you agree to the terms of this Privacy Policy and attest that you, as an employee or agent of a HIPAA Covered Entity (as defined below) customer of StateServ, or as an employee or agent of a Subcontractor (as defined below) of StateServ, will comply with this Privacy Policy, the HIPAA Privacy and Security Rule, the BA Agreement (as defined below), as well as your organization's privacy policies and procedures (collectively, "Compliance Requirements").

Definitions

Authorized User. An employee or agent of a contracted Covered Entity customer of StateServ, or Subcontractor business associate of StateServ, who needs to use the Application to access the DMETrack System to perform job responsibilities and who is expressly authorized by such Covered Entity or Subcontractor to use the DMETrack System on its behalf.

Business Associate Agreement ("BA Agreement"). A Business Associate Agreement is a formal written contract entered into between StateServ and a Covered Entity or between StateServ and a Subcontractor to ensure the parties will appropriately safeguard protected health information.

Covered Entity. A Covered Entity is a health plan, health care provider, or health care clearinghouse that must comply with the HIPAA Privacy Rule.

Protected Health Information (PHI). PHI includes all "individually identifiable health information" that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services. Information included in or transmitted through, the Application is PHI and must be treated by you as such.

"Business Associate" is a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. For the purposes of this Privacy Policy, a Business Associate also is a Subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another Business Associate.

"Subcontractor" means a person or entity to whom a business associate delegates a function, activity, or service, other than in the capacity of a member of the workforce of such business associate.

Use and Discolsure of PHI

We use PHI submitted by you through the Application to provide or to facilitate or to arrange for the provision of medical treatment in the form of durable medical equipment services and/or related supplies and/or services to a Covered Entity or for the use of its patients. We may also use PHI submitted by users for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or not otherwise restricted by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to or to arrange or procure services for, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or not otherwise prohibited by the BA Agreement and would not violate the Privacy Rule. In addition to any other uses that are not prohibited by the BA Agreement, we may also use PHI to report violations of law to appropriate federal and state authorities.

Safeguards

Subject to the terms of the BA Agreement, we use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement.

Mitigation of Harm; Reporting OF Unauthorized Use or Access to PHI

In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, StateServ, and/or Authorized Users of a Covered Entity or Subcontractor, will mitigate as required by the BA Agreement.

In the event you become aware of any unauthorized use of, or access to, the Application, then you must report such matter as provided in the BA Agreement. Such obligation to report would include, for example, reporting to the Covered Entity or Subcontractor, as applicable, the loss or theft of the device on which the Application is installed, as well as:

  • Reporting to the Covered Entity or Subcontractor, as applicable, any use or disclosure of PHI that may be in breach of the Compliance Requirements and any security incident of which you become aware; and
  • Documenting to the Covered Entity or Subcontractor, as applicable, such disclosures of PHI and information related to such disclosures as would be required for the Covered Entity or Subcontractor, as applicable, to assess and respond to such matter in accordance with HIPAA.

Access to PHI

As provided in the BA Agreement, we will make available to the Covered Entity, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.

Usage By Children

The Application is not intended to attract users who are under the age of 18. StateServ is committed to preventing the unintentional collection of personal information and PHI from children under the age of 13. By providing any Personal Information or PHI of a child under 13, you represent and warrant that you are an authorized provider treating such child.

Changes to Privacy Policy

This Privacy Policy sets forth our current practices and procedures with respect to privacy. We reserve the right, at our sole discretion, to change, modify or alter all or portions of this policy at any time with or without notice. StateServ reserves the right to delete, modify or supplement this Privacy Policy at any time and for any reason without notification. By continuing to use the Application after such changes, you unconditionally agree to follow and be bound by such revised Privacy Policy should therefore periodically visit this page to review the then-current terms.

Your Feedback and Comments

We welcome your input. You may contact us with any comments, complaints or concerns regarding our Privacy Policy at:

StateServ Holdings LLC
Attn: Compliance Officer
1201 S Alma School Rd
Suite 4000
Mesa, AZ 85210

You may also contact us with any comments, complaints or concerns regarding our Privacy Policy by phone at:
Telephone (US toll free): 877-633-7250

Your Acceptance of These Terms

By downloading, installing and/or using the Application, you are agreeing to this Privacy Policy. You consent to the collection and use of information as set forth above. You also acknowledge our right to change this policy, without prior notification.

If you do not agree to this Privacy Policy, please do not use the Application.

Last Updated

Last updated: November 1, 2019

Copyright © 2019 StateServ Holdings LLC

Download Privacy Policy