1. Introduction
As a healthcare IT company entrusted with sensitive Personal Health Information (PHI), Callidus Health respects the privacy of our customers and their patients and is committed to treating customer information responsibly. We are dedicated to protecting confidential information and have established standards and procedures to safeguard that information.
HIPAA guidelines govern the treatment of personal health information and regulates how and with whom that information may be shared. The regulation requires Callidus Health to sign Business Associate Agreements with every partner.
2. Callidus Health’s Privacy Policy
It is the policy of Callidus Health not to disclose personal health information to nonaffiliated third parties except as authorized by law. However, Callidus Health will permit additional information sharing in a manner consistent with legal requirements.
3. Definition of Personal Health Information
Personal Health Information that is collected in connection with providing a product or service within which providers disclose PHI.
4. Information Callidus Health is Allowed to Share
Callidus Health does not share PHI with any third parties beyond the HIPAA secure data centers of our clients. The company also does not disclose any specific information relating to users of the products, but it may disclose aggregated user numbers.
5. Confidentiality
Callidus Health limits the use and collection of information about its users to what is necessary to conduct its business. All Callidus Health employees are responsible for maintaining the confidentiality of customer information.
6. Limits on Employee Access
At Callidus Health, employee access to personally identifiable customer information will be limited to employees with a business reason to know such information.
Strict audit trails are kept to hold accountable any employees and/or subcontractors.
7. Unauthorized Access by Callidus Health Employees
Disciplinary actions, including termination, will be instituted against any employee who inappropriately accesses or discloses personally identifiable information of customers.
8. Security
Callidus Health safeguards user and personal health information according to established standards and procedures based on HIPAA guidelines.
All Callidus Health employees and users are required to have unique user IDs and complex passwords which change every 90 days.
9. Records Destruction
The unnecessary retention of records may lead to inadvertent misuse. Thus, Callidus Health will not retain records longer than is useful to the administration of a customer’s relationship or as subject to the retention schedule required by law. HIPAA guidelines dictate that records must be kept for a minimum of seven years.
10. Training
All employees will receive annual training on the regulations this Policy addresses. All employee training activities are monitored by the founders and employees must receive a passing score on a post-training examination. Supervisors and human resources may impose discipline, including termination, against any employee failing to complete the training.
11. Review of Policy
Callidus Health reviews this Policy annually to ensure it remains responsive, efficient, and effective and will update the Policy as necessary to ensure its continued effectiveness.