THIS DISCLAIMER DESCRIBES HOW PROTECTED HEALTH INFORMATION MAY BE ACCESSED, DISCLOSED, TRANSFERRED AND USED WITHIN THE COMPANY
Crowdin OÜ1 (hereinafter – “Company” or “We”) acknowledges its duty and responsibility to protect the privacy and security of Individually Identifiable Health Information (hereinafter – the “IIHI”) generally, and Protected Health Information (hereinafter the - “PHI”) as defined in the Health Portability and Accountability Act (hereinafter – the “HIPAA”) as amended by the Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 (Title XIII of division A and Title IV of division B of the American Recovery and Reinvestment Act “ARRA”) and the HIPAA Omnibus Rule (Effective Date: March 26, 2013) and other federal and state laws protecting the confidentiality of personal information, and under principles of general and professional ethnics.
Company, acting as a Business Associate under HIPAA, also acknowledges its duty and responsibility to support and facilitate the time and unimpeded flow of health information for lawful and appropriate purposes.
Collection and Use of PHI: We collect and use PHI only as necessary to provide our services to Covered Entities or as required by law. We will not use or disclose PHI for any other purpose without the explicit written consent of the Covered Entity.
Security of PHI: We have implemented appropriate administrative, physical, and technical safeguards to protect the confidentiality, integrity, and availability of PHI, as required by HIPAA. We regularly review and update our security measures to ensure that they are effective and compliant with applicable laws and regulations. We have drafted our inner HIPAA Compliance Policy, which is mandatory for our employees and contractors, who works under HIPAA-related projects.
Breach Notification: In the event of a breach of unsecured PHI, we will provide notification to the affected Covered Entity as required by HIPAA.
Business Associate Agreements: We enter into written Business Associate Agreements with all Covered Entities that we provide services to upon their request, in order to ensure compliance with HIPAA and other applicable laws and regulations. Covered Entities that are subject to HIPAA and want to utilize Crowdin in connection with Protected Health Information (PHI) must sign Crowdin’s Business Associate Agreement.
Access to PHI: Covered Entities and individuals have the right to access and receive a copy of their PHI that we maintain. Requests for access should be made in writing to our Privacy Officer, whose contact information is provided below.
Contact Information: If you have any questions or concerns about our HIPAA Policy or the handling of PHI, please contact our Privacy Officer at: [firstname.lastname@example.org]
Complaints: In case you are not satisfied with the manner in which the Company as well as the Covered Enity handles your PHI, you may submit a complaint at: [email@example.com]
Crowdin OÜ hereunder also refers to Crowdin LLC as the main subcontractor, which is subject to a similar list of obligations and responsibilities in terms of HIPAA compliance. ↩