Privacy Policy
Overview
ESI Healthcare Business Solutions LLC (ESI) understands the importance of both the sensitivity of the information that the company receives, transmits, and stores regarding patients and the moral, legal and ethical responsibility for maintaining the privacy of the information. This Protected Health Information (PHI) is covered under the HIPAA statutes administered by the Office of Civil Rights and ESI makes every effort to ensure not only strict compliance with the regulations, but also to safeguard our data above and beyond the statutory requirements.
Under HIPAA, ESI is classified as a ‘Business Associate’. ESI typically does business with ‘Covered Entities’, but in some instances the company also deals with other Business Associates. As a Business Associate, we must safeguard PHI and ensure that it remains confidential. We are prohibited from disseminating PHI to unauthorized users and we are responsible for the data when it is in our control.
If we were to accidentally release any PHI, we are responsible for notifying the Covered Entity and the individuals affected.
Covered Entities must have a written ‘Privacy Policy’ and provide notice to their patients of their policies. Once a patient has received a written ‘Privacy Policy’ from a Covered Entity, the Covered Entity may share PHI with their Business Associate(s) for purposes of performing healthcare operations.
Covered Entities must have HIPAA language in their Business Associate contracts. ESI has agreed in our Business Associate agreements to be in compliance will all state and federal laws, including HIPAA, and that we will meet or exceed the minimum standards in safeguarding PHI.
The information below describes how ESI handles PHI for our products
Contract Administration Payment Solutions (CAPS) – ESI receives PHI from Covered Entities and provides claim adjudication information to the Covered Entities. PHI is securely sent and received. Only those individuals who work with the data have the ability to access the data. All desktops and laptops are encrypted. We do not share this data between different non-related Covered Entities, and provide detailed reports that contain PHI and other summarized reports that do not contain PHI. Those containing PHI are only sent to authorized users.
Pharmacy Products – ESI Rx HistoryTM is the only pharmacy product whereby ESI retrieves, stores and transmits PHI. This service allows authorized healthcare providers to access a patient’s medication history at the point of care. ESI retrieves this information from data stored in databases from several different pharmacy sources, consolidates the information and returns the medication history information to the requesting healthcare provider in a consistent format. Providers must attest that they have patient consent to retrieve the medication history before any action is taken to obtain medication history.
Our other pharmacy products either do not contain PHI or ESI does not have access to PHI in working with our clients. ESI does not mine PHI for internal or external third party purposes. The Company also periodically conducts internal reviews and self-assessment of its Privacy Practices to confirm its compliance with this Privacy Policy and HIPAA. ESI will make every effort to correct any non-compliance identified in the course of these reviews. Additionally, this Privacy Policy may be updated as needed. Any updates will be made available on our web site.
Access to your information and complaints
If you have any questions regarding ESI’s Privacy Policy you may write us at the following address:
ESI Healthcare Business Solutions LLC
Attention: Privacy Office
8111 LBJ Freeway, Ste. 985
Dallas, TX 75201