The Electronic Health Record (EHR)
SpinSci Patient Access Care Solution provides a web-based dashboard implemented as part of a contact center with data connectors into the EHR for customers who enter into a Service Agreement (“Customers”) and then authorize EHR users, including contact center physicians, physician assistants, nurse practitioners and non-physician staff members (“Authorized Users”). Customers and Authorized Users are responsible for determining uses and disclosures of patient medical information maintained in the EHR, in accordance with their legal and professional responsibilities as health care professionals and state and federal medical privacy laws, including the federal Health Insurance Portability and Accountability Act (“HIPAA”). To the extent that SpinSci receives patient medical information via the EHR, that information is secured, used and disclosed only in accordance with SpinSci’s obligations as a “business associate” under HIPAA guidelines.
SpinSci Patient Access Care Solution
Customers may choose to make the SpinSci Patient Access Care Solution available to Authorized Users to enable certain interactions between the Customer, Authorized Users and patients, including patient verification/authorization, discussing scheduling appointments, billing and other medical details in the EHR. Customers are solely responsible for the content of the patient’s medical record maintained in the EHR and determining the portion of the EHR data that may be viewed in the SpinSci Patient Access Care Solution.
SpinSci may utilize patient’s medical information on a limited basis as necessary for the following uses and disclosures:
- A phone number stored in the EHR to pull patient details for identification and verification
- MRN (or patient identifier) stored in the EHR to pull patient scheduling, billing details, and past medical history.
- Patient appointment or a bill reminder via voice and text notifications
SpinSci will not maintain any patient related data in SpinSci’s application. SpinSci will not sell any personal information provided by the EHR to a third party.
Personal Information Provided by You
SpinSci collects patient personally identifiable information (“PII”) through SpinSci Patient Access Care Solution only during certain self-service operations and during an agent’s interactions at the contact center. Such information is short lived and is not stored within the SpinSci solution.
Disclosures to Third Parties Assisting In Our Operations
The only information SpinSci may share is the patient address from the EHR for geo-location within Google Maps. As such Google Maps does not persist any data and Google Maps does not have any independent right to share this information with others.
Disclosures under Special Circumstances
We may provide information about patient interactions to respond to subpoenas, court orders, legal process or governmental regulations, or to establish or exercise our legal rights or defend against legal claims. We believe it is necessary to share information in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law.
Automatically Collected Information and Anonymous Information
Each time an interaction is processed via the SpinSci Patient Access Care Solution, SpinSci collects some information for reporting and to improve the overall quality of the solution. SpinSci produces metrics for internal reporting that count, track, and aggregate patient activity.
SpinSci understands that storing patient data in a secure manner is essential. SpinSci’s Patient Access Care Solution accesses patient relevant data during an active session in its memory during the transaction. This data is destroyed once the session is terminated. During the time the patient data is in active memory, patient information is secured using industry-standard security protocols that safeguards any technical or administrative access against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification.