Core Mobile, Inc. (the Company) complies fully with all federal and state privacy
protection laws and regulations. Protection of patient privacy is of paramount
importance to this organization. Violations of any of these provisions will
result in severe disciplinary action including termination of employment and
possible referral for criminal prosecution.
This policy is in effect and is updated as of January 1,
It is the policy of the Company to adopt, maintain and
comply with our privacy practices of customer and end-user data, which shall be
consistent with HIPAA and California law.
Notice of Privacy
It is the policy of the Company that a notice of our
of protected health information be done in accord with the Company’s privacy
policy and practices.
and Security Responsibilities
It is the policy of the Company that specific individuals
within our workforce are assigned the responsibility of implementing and
Company that these individuals will be provided sufficient resources and
authority to fulfill their responsibilities.
It is the policy of the Company that privacy protections
extend to information concerning deceased individuals.
Apple Health kit integration is used by the app to provide
number of steps walked, heart rate and steps climbed by users in the app and
communicated to physician treating the patient when patient provides the
consent to provider. All the information is anonymized in our system for HIPAA
compliance. The system is HIPAA and FISMA certified by the US Federal
Use and Disclosure of Protected Health Information
It is the policy of the Company that for all routine and
recurring uses and disclosures of PHI (except for uses or disclosures made 1)
to or as authorized by the customer, client or end-user or 2) as required by
law for HIPAA compliance such uses and disclosures of protected health
information must be limited to the minimum amount of information needed to
accomplish the purpose of the use or disclosure. It is also the policy of the
Company that non-routine uses and disclosures will be handled pursuant to
established criteria. It is also the policy of the Company that all requests
for protected health information (except as specified above) must be limited to
the minimum amount of information needed to accomplish the purpose of the
It is the policy of the Company that any uses or
disclosures of protected health information for marketing activities will be done
only after a valid authorization is in effect.
No Retaliation or IntimidationIt
is the policy of the Company that no employee or contractor may engage in any
intimidating or retaliatory acts against persons who file complaints or
otherwise exercise their rights under HIPAA regulations. It is also the policy
of the Company that no employee or contractor may condition payment on the
provision of an authorization to disclose protected health information except
as expressly authorized under federal and state regulations.
It is the policy of the Company that the responsibility
for designing and implementing procedures to implement this policy lies with
the Privacy Official.
It is the policy of the Company that the identity of all
persons who request access to protected health information be verified before
such access is granted.
It is the policy of the Company that the effects of any
unauthorized use or disclosure of protected health information be mitigated to
the extent possible.
It is the policy of the Company that appropriate physical
safeguards will be in place to reasonably safeguard protected health
information from any intentional or unintentional use or disclosure that is in
violation of the HIPAA Privacy Rule.
It is the policy of the Company that the term “material
change” for the purposes of these policies is any change in our HIPAA
It is the policy of the Company that sanctions will be in
effect for any member of the workforce who intentionally or unintentionally
violates any of these policies or any procedures related to the fulfillment of
these policies. Such sanctions will be recorded in the individual’s personnel
It is the policy of the Company that the HIPAA Privacy
Rule records retention requirement of six years will be strictly adhered to.
All records designated by HIPAA in this retention requirement will be
maintained in a manner that allows for access within a reasonable period of
time. This records retention time requirement may be extended at this Company’s
discretion to meet with other governmental regulations or those requirements
imposed by our professional liability carrier.
It is the policy of the Company to remain current in our
compliance program with HIPAA regulations.
Privacy Oversight Authorities
It is the policy of the Company that oversight agencies such
as the Office for Civil Rights of the Department of Health and Human Services
be given full support and cooperation in their efforts to ensure the protection
of health information within this Company. It is also the policy of the Company
that all personnel must cooperate fully with all privacy compliance reviews and