What is HIPAA?
Nash Drugs, Inc. is a HIPAA compliant agency.
HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. HIPAA does the following:
Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information
The HIPAA Privacy regulations require health care providers and organizations, as well as their business associates, develop and follow procedures that ensure the confidentiality and security of protected health information (PHI) when it is transferred, received, handled, or shared. This applies to all forms of PHI, including paper, oral, and electronic, etc. Furthermore, only the minimum health information necessary to conduct business is to be used or shared.
Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. This includes covered anyone who provides treatment, payment and operations in healthcare, and business associates, anyone with access to patient information and provides support in treatment, payment or operations. Subcontractors, or business associates of business associates, must also be in compliance.
The HIPAA Privacy Rule addresses the saving, accessing and sharing of medical and personal information of any individual, while the HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically, also known as electronic protected health information (ePHI) and certain administrative, physical and technical safeguards with regard to the hosting of data with a HIPAA compliant hosting provider are required to be in place, according to the U.S. Department of Health and Human Services. The physical and technical safeguards are most relevant to services provided by a HIPAA compliant host as listed below, with detail on what constitutes a HIPAA compliant data center. Physical safeguards include limited facility access and control, with authorized access in place. All covered entities, or companies that must be HIPAA compliant, must have policies about use and access to workstations and electronic media. This includes transferring, removing, disposing and re-using electronic media and electronic protected health information (ePHI).
Technical safeguards require access control to allow only the authorized to access electronic protected health data. Access control includes using unique user IDs, an emergency access procedure, automatic log off and encryption and decryption. Audit reports, or tracking logs, must be implemented to keep records of activity on hardware and software. This is especially useful to pinpoint the source or cause of any security violations. Technical policies should also cover integrity controls, or measures put in place to confirm that ePHI hasn’t been altered or destroyed. IT disaster recovery and offsite backup are key to ensure that any electronic media errors or failures can be quickly remedied and patient health information can be recovered accurately and intact. Network, or transmission, security is the last technical safeguard required of HIPAA compliant hosts to protect against unauthorized public access of ePHI. This concerns all methods of transmitting data, whether it be email, Internet, or even over a private network, such as a private cloud.
A supplemental act was passed in 2009 called The Health Information Technology for Economic and Clinical Health (HITECH) Act which supports the enforcement of HIPAA requirements by raising the penalties of health organizations that violate HIPAA Privacy and Security Rules. The HITECH Act was formed in response to health technology development and increased use, storage and transmittal of electronic health information.
For more information about HIPAA visit the U.S. Department of Health & Human Services website.
Privacy & Security
Information Collected By Automated Means: Personally Identifiable Information is information we collect that uniquely identifies you, our customer. This information may contain your name, shipping address, email address, phone number, and prescription information, as well as other information you may choose to share while interacting with our employees, website and online services.
Collection: You can browse our site without telling us who you are or revealing any personal information about yourself. However, once you give us your personal information, you are not anonymous to us. If you choose to provide us with personal information, you consent to the transfer and storage of that information on our servers.
We may collect and store the following personally identifiable information: Email address, physical contact information, and shipping, billing and other information you provide to purchase or ship an item. Clicks and page information such as the address (or URL) of the web site that you came from before visiting our site, which pages you visit on our site, which browser you used to view our site and any search terms you have entered on our site. Customer service history including dispute resolution, correspondence through our sites, and correspondence sent to us. Other information from your interaction with our sites, services, content and advertising, including computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information. Information you choose to provide through the linking of devices where you are actively choosing to share personal information, including health information, to interact with an application or program we host on our site. Information you choose to allow us access to through social media channels. Information from other companies, such as demographic and navigation data.
When you sign up for pharmacy services or order prescription drugs, our registration process asks you to provide us with a limited amount of personal and/or health-related information. This information is necessary to process your order. Categories of personally identifiable information include: name, address, phone number, e-mail address, date of birth, billing/shipping information, and Rx number.
- Allowing you to enter your password less frequently. Remembering your preferences
- Presenting information that’s targeted to your interests •Measuring the effectiveness of our sites, services, content, and advertising
A “web beacon” is an electronic image placed in the code of a web page. We use web beacons to monitor the traffic patterns of users from one page to another and to improve site performance.
We don’t sell or rent your personal information online to third parties for their marketing purposes. We may combine your information with information we collect from other companies and use it to improve and personalize our services, content and advertising, as well as measure and improve its effectiveness.
Other Ways We May Use or Disclose Information Our primary purpose in collecting personal information is to provide you with a safe, smooth, efficient, and customized experience.
Prescriptions: We will not intentionally release your prescription information other than to you, Nash Drugs, Inc. employees or agents (such as contracted fulfillment parties, if any), your authorized representative, your prescriber or other authorized medical professional. We may forward your prescription information to your insurance plan, so that we can handle reimbursement of your prescription purchase for your convenience. As required by law we will disclose medical and other information which may relate to you. For example, in compliance with the Methamphetamine Control Act of 1996, We will provide the Drug Enforcement Administration with the name and address of each individual who purchases products on this website which contain the ingredients ephedrine or pseudophedrine.
Third Party Service Providers: We may work with other companies who place cookies or web beacons on our websites. These companies help operate our websites and provide you with additional products and services. Our web site uses a third-party email service provider. This service allows us to improve your overall customer experience by sending newsletters, information about sales and specials, coupons, and other pertinent information. Contracted vendors are prohibited from using the information obtained in the course of providing these services to Nash Drugs in any manner other than to help us provide the services available on our website.
Third Party Partnerships: We may work with other companies who operate their own websites or mobile apps, to allow them to offer Nash Drugs customers the ability to connect to access services that will give you more options to use Nash Drugs services from websites or apps that are not owned or operated by Nash Drugs, Inc..
Does Nash Drugs collect information from children? It is our policy to not sell to persons under the age of 18. We sell children’s products for purchase by adults. If you are under 18, you may use this website only with involvement of a parent or guardian.
How secure is the information I provide? Nash Drugs is committed to securing your personal information. We use technology that is designed for use with secure web servers. Prescription drug information resides in a database behind a firewall where it cannot be accessed without proper authorization. Secure Sockets Layer (“SSL”) technology encrypts your personal information as well as your prescription health history as it is transmitted over the Internet. You maintain the security of your medical information by keeping your user name, password and other personal information confidential. Nash Drugs, Inc. employees, or customer service representatives will never request your password or other sensitive personal information.
Actions You Can Take: Keep your computer software up to date with the latest browser and anti-virus security software. Be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Nash Drugs, Inc. will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Nash Drugs.
You may choose to stop receiving any e-mail and mobile marketing communications at any time by changing your preferences online in your online account. If you do not have an online account you may click Unsubscribe from the bottom of any Nash Drugs emails through the provided link or request directly by email to: email@example.com
Effective Date: 01/01/2014