HIPAA Compliance Statement

HIPAA Compliance Statement

Z-Score is committed to protecting the privacy and security of our users' protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This HIPAA Compliance Statement outlines the measures we take to ensure the confidentiality, integrity, and availability of PHI collected, stored, and processed through our mobile application and website (collectively referred to as the "Service").

1. Privacy Rule Compliance 1.1 Permitted Uses and Disclosures We use and disclose PHI only as permitted by HIPAA regulations. This includes using PHI to provide and improve the Service, and disclosing PHI to third-party service providers (Business Associates) who assist us in operating the Service, subject to strict confidentiality agreements. 1.2 Minimum Necessary Standard We adhere to the minimum necessary standard, limiting the use, disclosure, and request of PHI to the minimum amount necessary to accomplish the intended purpose. 1.3 Individual Rights We respect the rights of individuals under HIPAA, including the right to access, amend, and receive an accounting of disclosures of their PHI. Users may exercise these rights by contacting our Privacy Officer at privacy@z-score.com.
2. Security Rule Compliance 2.1 Administrative Safeguards We have implemented policies and procedures to prevent, detect, contain, and correct security violations. This includes conducting regular risk assessments, providing HIPAA training to employees, and implementing incident response and contingency plans. 2.2 Physical Safeguards We maintain physical measures to protect PHI, including facility access controls, workstation security, and device and media controls. 2.3 Technical Safeguards We employ technical measures to protect PHI, including access controls, audit controls, integrity controls, and transmission security. PHI is encrypted both at rest and in transit using industry-standard encryption methods.
3. Breach Notification Rule Compliance In the event of a breach of unsecured PHI, we will provide notification to affected individuals, the Secretary of the U.S. Department of Health and Human Services, and the media (if required) in accordance with HIPAA regulations.
4. Business Associate Agreements We enter into Business Associate Agreements (BAAs) with any third-party service providers who may have access to PHI. These BAAs require our Business Associates to safeguard PHI in accordance with HIPAA regulations.
5. Training and Awareness All Z-Score employees receive regular training on HIPAA compliance and data privacy best practices. We foster a culture of privacy and security awareness to ensure the protection of PHI.
6. Ongoing Compliance Efforts We regularly review and update our HIPAA compliance program to ensure ongoing adherence to privacy and security regulations. This includes conducting periodic audits, risk assessments, and policy reviews.
7. Contact Information If you have any questions or concerns about our HIPAA compliance efforts, please contact our Privacy Officer at: Z-Score Attn: Privacy Officer 3423 Piedmont Rd NE Atlanta, GA 30305 privacy@z-scorehealth.com We take our responsibility to protect the privacy and security of PHI seriously and are committed to maintaining the trust and confidence of our users.

Please note that this HIPAA Compliance Statement is provided for informational purposes only and does not constitute legal advice. For specific guidance on HIPAA compliance, please consult with a qualified legal professional.