<img alt="" src="https://secure.perk0mean.com/180803.png" style="display:none;">

HIPAA Compliance, Confidentiality & Security

Why do HIPAA regulations apply to par8o?

Title II of HIPAA, which contains the Administrative Simplification (AS) provisions, establishes a set of national standards to protect electronically transmitted individually identifiable health information otherwise known as protected health information (PHI). par8o is required to meet these standards because our CareCompass referral management platform transmits PHI between healthcare providers to facilitate the referral of a patient and our 340B Referral Capture platform uses PHI to identify patients and capture claims.

How is par8o classified from a regulatory perspective?

par8o is classified as a Business Associate (BA) of our users, who are defined as health care providers. Per HIPAA, health care providers are considered covered entities (CE) and therefore obligated to comply with the HIPAA Privacy Rule and Security Rule. BAs are required to comply with the HIPAA Security Rule and certain Privacy Rule provisions.

What are par8o's obligations regarding HIPAA?

In accordance with HIPAA par8o is required to adhere to the HIPAA Security Rule and certain Privacy Rule provisions. We've taken appropriate measures to ensure compliance with the provisions of HIPAA that apply to BAs.

Does par8o have additional contractual obligations as a BA?

par8o is required to enter into a BA agreement with all CEs who use the referrals platforms. This means par8o agrees to use protected health information only for the purposes specified in the agreement, to safeguard the information, and to help the CE comply with its duties under the Privacy Rule.

Does par8o extend these obligations to its users?

par8o has incorporated all necessary BA provisions into our Terms of Service agreement. All new users must review the Terms of Service agreement and sign electronically during the new user registration process.

When, specifically, is par8o permitted to use and/or disclose PHI?

HIPAA permits the use and disclosure of PHI for the purpose of treatment, payment, and health care operations, in this case, facilitating referrals from one CE to another one and to assist with the 340B reimbursements.

Which par8o employees are permitted to use and/or disclose PHI?

par8o employees are permitted to use or disclose PHI in a way that is compliant with HIPAA and consistent with the business associate agreements that par8o has executed with its clients.

How does par8o ensure that PHI is only disclosed to the appropriate healthcare providers?

We share our users' concerns over the necessity to deliver details critical to the receiving CE and their staff, to deliver patient referrals only to the intended recipients both responsibly and effectively, without exposing PHI to any unintended recipients. The same is true for the 340B Referral Capture platform.

How does par8o ensure that its employees maintain confidentiality of PHI?

The par8o technology has been designed so that the majority of workflow and customer service functionalities can be performed without access to PHI. This lowers the risk of inappropriate access to PHI. Furthermore, functional and technical firewalls exist between the software development and live application environments. This maintains strict separation, so our employees can perform system development, maintenance, and quality assurance without any access to PHI.

Last Reviewed: June 15, 2021