Title II of HIPAA, which contains the Administrative Simplification (AS) provisions, establishes a set of national standards to protect electronically transmitted individually identifiable health information otherwise known as protected health information (PHI). par8o is required to meet these standards because our CareCompass referral management platform transmits PHI between healthcare providers to facilitate the referral of a patient and our 340B Referral Capture platform uses PHI to identify patients and capture claims.
par8o is classified as a Business Associate (BA) of our users, who are defined as health care providers. Per HIPAA, health care providers are considered covered entities (CE) and therefore obligated to comply with the HIPAA Privacy Rule and Security Rule. BAs are required to comply with the HIPAA Security Rule and certain Privacy Rule provisions.
In accordance with HIPAA par8o is required to adhere to the HIPAA Security Rule and certain Privacy Rule provisions. We've taken appropriate measures to ensure compliance with the provisions of HIPAA that apply to BAs.
par8o is required to enter into a BA agreement with all CEs who use the referrals platforms. This means par8o agrees to use protected health information only for the purposes specified in the agreement, to safeguard the information, and to help the CE comply with its duties under the Privacy Rule.
par8o has incorporated all necessary BA provisions into our Terms of Service agreement. All new users must review the Terms of Service agreement and sign electronically during the new user registration process.
HIPAA permits the use and disclosure of PHI for the purpose of treatment, payment, and health care operations, in this case, facilitating referrals from one CE to another one and to assist with the 340B reimbursements.
par8o employees are permitted to use or disclose PHI in a way that is compliant with HIPAA and consistent with the business associate agreements that par8o has executed with its clients.
We share our users' concerns over the necessity to deliver details critical to the receiving CE and their staff, to deliver patient referrals only to the intended recipients both responsibly and effectively, without exposing PHI to any unintended recipients. The same is true for the 340B Referral Capture platform.
The par8o technology has been designed so that the majority of workflow and customer service functionalities can be performed without access to PHI. This lowers the risk of inappropriate access to PHI. Furthermore, functional and technical firewalls exist between the software development and live application environments. This maintains strict separation, so our employees can perform system development, maintenance, and quality assurance without any access to PHI.
Last Reviewed: June 15, 2021