Kno2 Achieves HITRUST Certification
All disclosures of health information through the Designated Network and the use of information obtained from the Designated Network shall be consistent with all applicable federal, state, and local laws and regulations and shall not be used for any unlawful discriminatory purpose. If applicable law requires that certain documentation exist or that other conditions be met prior to using or disclosing health information for a particular purpose, the requesting Participant or Subparticipant shall ensure that it has obtained the required documentation or met the requisite conditions and shall provide evidence of such at the request of the disclosing institution.
A Participant or Subparticipant may request health information through the Designated Network only for purposes permitted by applicable law. Each Participant and Subparticipant shall provide or request health information through the Designated Network only to the extent necessary and only for those purposes that are permitted by applicable federal, state, and local laws and regulations and this Policy. Information may not be requested for marketing or marketing related purposes as defined under The Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”) without specific patient authorization. Under no circumstances may information be requested for a discriminatory purpose. In the absence of a permissible purpose, a Participant may not request information through the Designated Network.
Each Participant and Subparticipant shall refer to and comply with its own internal policies and procedures regarding disclosures of health information and the conditions that shall be met and documentation that shall be obtained, if any, prior to making such disclosures.
Each Participant and Subparticipant disclosing health information through the Designated Network shall work towards implementing a system to document the purposes for which such disclosures are made, as provided by the requesting Participant or Subparticipant, and any other information that may be necessary for compliance with the HIPAA Privacy Rule’s accounting of disclosures requirement. Each Participant and Subparticpiant is responsible for ensuring its compliance with such requirement and may choose to provide individuals with more information in the accounting than is required. Each requesting Participant and Subparticipant shall provide information required for the disclosing Participant or Subparticipant to meet its obligations under the HIPAA Privacy Rule’s accounting of disclosures requirement.
The Designated Network shall maintain an audit log documenting which Participants and Subparticipants posted and accessed information about an individual through the Designated Network and when such information was posted and accessed.
Each Participant and Subparticipant shall implement commercially reasonable authentication requirements that comply with all applicable requirements of law for verifying and authenticating those within their institutions who shall have access to, as well as other Participants and Subparticipants who request access to, information through the Designated Network.
Each Participant and Participant shall request and disclose through the Designated Network only the minimum amount of health information as is necessary for the purpose of the request or disclosure. Requests and Disclosures to a health care provider for treatment purposes and disclosures required by law are not subject to this minimum necessary policy.
If you have any questions about our Policy or information practices, please feel free to contact us at our designated request address: email@example.com.