parameds.com

About Us

History

Management

Contact Us

Log in

Privacy and Security Policy
Parameds.com, a PDC Company

1. Introduction
Parameds.com recognizes and respects the importance of maintaining the privacy of our customers' personal and health-related data, including Protected Health Information (PHI). As part of our commitment to safeguarding privacy, we continually review and enhance our operating practices, procedures, and controls. This Privacy Policy outlines how we collect, use, disclose, and protect PHI in compliance with HIPAA, HITECH, and applicable customer contracts, and it reflects Parameds.com's ongoing efforts to ensure privacy and security.

2. Scope
This Privacy Policy applies to all employees, contractors, business associates, and any third parties who have access to PHI as part of their relationship with Parameds.com. It governs the handling of PHI in all formats-electronic, paper, and oral communications-and ensures compliance with contractual obligations regarding PHI use and disclosure.

3. Recognition of Customer Privacy Expectations
Parameds.com acknowledges that customers expect privacy and security for their personal, financial, and health-related data. As part of our commitment, we take all reasonable and necessary steps to maintain standards and procedures designed to protect against unauthorized access, use, or disclosure of this information.

4. Policy Statement
Parameds.com will collect, use, and disclose PHI only in accordance with HIPAA, HITECH, customer contracts, and other applicable regulations. We are committed to ensuring that PHI is handled responsibly, with the utmost care and confidentiality, throughout its lifecycle.

4.1. Collection of PHI
We will collect PHI only as necessary to provide data retrieval services, as permitted by law and as outlined in our contracts with customers. The information will be used to:

  1. Protect and manage customers' records.
  2. Comply with applicable laws and regulations.
  3. Improve our products and services.
  4. Fulfill contractual obligations.

4.2. Use of PHI
PHI will be used solely for the purposes outlined in customer contracts and as permitted by HIPAA/HITECH, including but not limited to:

  • Data retrieval, analysis, and aggregation services.
  • Administrative tasks necessary to service customer contracts.
  • Quality control and audit purposes.

4.3. Disclosure of PHI
Parameds.com will not disclose PHI to third parties except as permitted by law, as required by contract, or as follows:

  • With customer consent or direction.
  • To service the customer's account or in connection with a requested service.
  • To prevent fraud, manage risk, or protect the security of PHI.
  • To third parties involved in underwriting, rating, or auditing, such as consultants, attorneys, or auditors, where allowed by law and contract.
  • To comply with lawful requests, subpoenas, or investigations by governmental authorities.
  • As required for public health activities, judicial proceedings, or law enforcement purposes.

4.4. Safeguarding PHI
Appropriate administrative, physical, and technical safeguards are in place to protect the confidentiality, integrity, and availability of PHI. We follow strict security standards, including encryption and access controls, to prevent unauthorized access and ensure data protection.

  • Administrative Safeguards: Workforce training, access management, and risk assessments are conducted to ensure compliance with privacy and security standards.
  • Physical Safeguards: Only authorized personnel have access to facilities containing PHI, and proper disposal methods (such as shredding and wiping of electronic media) are employed.
  • Technical Safeguards: PHI is encrypted in transit and at rest, with access control mechanisms to monitor and restrict data access.

4.5. Limiting Employee Access of Information
Access to PHI is restricted to employees who need it to perform their duties. All employees are trained on the importance of confidentiality and sign a "Code of Conduct" agreement, ensuring they understand and comply with privacy obligations. Employee access is limited on a "need to know" basis, with strict controls in place to prevent unauthorized use or disclosure.

4.6. Retention and Destruction of PHI

  • Retention: PHI will be retained only as long as necessary to fulfill business or legal requirements, as specified in customer contracts and applicable regulations.
  • Destruction: When PHI is no longer needed, it will be securely destroyed in accordance with HIPAA/HITECH regulations and customer contracts. This includes securely wiping electronic devices and shredding paper documents.

4.7. Incident Reporting and Response

  • Incident Reporting: Any suspected or actual breach of PHI must be reported immediately to the Privacy Officer. All incidents will be thoroughly investigated, and affected customers will be notified as required by HIPAA, HITECH, and contract terms.
  • Breach Notification: In the event of a breach, Parameds.com will notify affected individuals, customers, and regulators in accordance with contractual agreements, HIPAA/HITECH, state, and local mandates. Notifications will be made no later than 60 days after discovery of the breach.

4.8. Individual Rights
Parameds.com recognizes customers' rights to access, amend, and control the use of their PHI.

  • Access to PHI: Customers can request access to their PHI at any time. Requests will be fulfilled within the legally required time frame.
  • Amendments: Individuals may request corrections to their PHI if they believe it is inaccurate or incomplete. Parameds.com will address such requests in compliance with HIPAA and customer contracts.
  • Disclosure Accounting: Upon request, Parameds.com will provide a record of disclosures of PHI that were not for treatment, payment, or healthcare operations.

4.9. Monitoring and Auditing
To ensure compliance with this policy, HIPAA, HITECH, and customer contracts, regular internal audits will be conducted. Any gaps identified will be addressed promptly to prevent recurrence. Additionally, the Parameds.com will cooperate with external audits conducted by customers or regulators.

4.10. Ending Customer Relationships
When a customer relationship ends, Parameds.com will continue to treat any retained PHI as if the relationship still existed. PHI will not be disclosed unless required by law or for purposes related to the termination of the relationship, such as final audits or dispute resolution.

4.11. Compliance with Legal and Contractual Obligations
This Privacy Policy is designed to comply with all applicable federal, state, and local laws, including HIPAA and HITECH. It also incorporates and aligns with any additional obligations outlined in our customer contracts, ensuring comprehensive data protection.

4.12. Training and Awareness
All employees and contractors with access to PHI receive mandatory training on this Privacy Policy, HIPAA/HITECH requirements, and any customer-specific contractual obligations. Ongoing training ensures that all personnel are aware of updates to the policy and legal requirements.

5. Updates to the Policy
This Privacy Policy will be reviewed and updated at least annually or as required by changes in applicable laws, regulations, or customer contracts. Any updates will be communicated to customers and employees as necessary.

6. Contact Information
For questions or concerns about this Privacy Policy, please contact:

     Privacy Officer: Neil Harrington
     Email: neil.harrington@parameds.com
     Phone: 718-233-2775
     Mailing Address: 120-10 Queen's Blvd., Kew Gardens NY 11415

 

Helpful links for more information on health information privacy rights in the United States of America: www.privacyrights.org

© 2025 Parameds.com, Inc. All rights reserved. | Privacy Policy