VENDOR CREDENTIALING SERVICE LLC
Notice of Privacy Practices
If you have any questions about this Notice please contact our
Privacy Contact: Jon Morales
PLEASE REVIEW THIS NOTICE CAREFULLY.
This Notice of Privacy Practices describes how we are Protecting Employee Personal
Identifiers while Combating Identity Theft and how we may use and disclose your Protected
Health Information (PHI) Personal Identification Information to carry out operations and for other
purposes that are permitted or required by law. It also describes your rights to access and control
your protected information. Protected information is information about you, including
demographic information and Social Security Number (SSN) that may identify you.
We are required to abide by the terms of this Notice of Privacy Practices. We may change
the terms of our notice, at any time. The new notice will be effective for all protected information
that we maintain at that time. Upon your request, we will provide you with any revised Notice of
Privacy Practices by calling the office and requesting that a revised copy be sent to you.
1. Uses, Disclosures and protection of Personal Information based upon consent.
You will be asked by VENDOR CREDENTIALING SERVICE LLC (VCS) to sign a
consent form. Once you have consented to the use and disclosure of your protected information
for business operations by signing the consent form, VCS will use or disclose your protected
health information as described in this Section 1. Your protected information may also be used
and disclosed to support the operation of VCS.
Operations: We will share your protected information with limited specific third party “business
associates” that perform various activities (e.g., background checks, proper document
verification) for VCS. Whenever an arrangement between our office and a business associate
involves the use or disclosure of your protected information, we will have a written contract that
contains terms that will protect the privacy of your protected information and personal identifiers.
Privacy Protection: Vendor Credentialing Services recognizes that it collects and maintains
confidential information relating to its employees and individuals associated with VCS and is
committed to maintaining the privacy and confidentiality of an individual's Social Security
Number (SSN) and other personal identifier. This policy applies to all individuals that have
access to, collect or use an individual's personal identification information.
A Vendor ID shall replace the SSN as the primary identifier used by VCS. VCS will
discontinue the use of SSN as the primary identifier. Therefore, the use of SSN as an
identification number within the company shall be limited as permitted by law.
To protect the privacy of persons whose personal identification information is collected,
all employees and officers will follow procedures maintained by the Policy Administrator.
Rules of Conduct: Persons responsible for breaching the privacy of another person by
improperly obtaining, using or disclosing a SSN or personal identifiers are subject to immediate
termination follow by full prosecution and discipline as provided by the law.
· Employees and shall comply with the provisions of this policy as well as related institutional policies and procedures. Employees shall not disclose the SSN of another person to unauthorized persons or entities.
· Employees may not request disclosure of a SSN or personal identifiers from an individual if it is not necessary for the purposes of the company and the particular function for which the employee is responsible.
• Employees may not seek out or use the SSN or personal identifiers of another person for their own interest or advantage.
• Employees responsible for the maintenance of records containing SSNs or personal identifiers shall observe all institutionally-established administrative, technical, and physical safeguards in order to protect the confidentiality of such records.
• Employees shall report promptly to their supervisor any inappropriate disclosure of a SSN or personal identifiers.
• If SSNs or personal identification information are inappropriately disclosed and individuals have been put at risk of identity theft or other harm as a result of the disclosure, upon review of the revelant information-all related parties shall be notified promptly.
• The head of each department shall ensure that persons having access to or involved in the creation, development, processing, use, or maintenance of personnel records are informed of pertinent record keeping regulations and requirements of Vendor Credentialing Service.
• Individual Vendors asked to voluntarily provide their SSN shall suffer no penalty or denial of benefits for refusing to provide it.
Combating Identity Theft: Managers of personnel records shall continue to establish and
update administrative, technical, physical, and security safeguards for data about individuals in
automated records, including input and output documents, reports, punched cards, magnetic tapes,
disks, and on-line computer storage. Executive Officers will ensure that all employees and
contractors are reminded of their obligation to follow the Privacy Act.
Those individuals who are authorized to access the SSN must understand their
responsibility to protect sensitive and personal information. This includes securing this
information when working from home or another remote location. Annual training and
educational programs, which include Privacy Act and Freedom of Information Act requirements,
should be employed to reinforce awareness of these responsibilities.
Privacy and confidentiality statements that describe accountability clearly and warn of
possible disciplinary action for unauthorized release of the SSN and other personally identifiable
information will be signed by all individuals who have access to the Social Security Number.
All security incidents involving personally identifiable information, especially SSN(s),
must be reported in accordance with current VCS guidance regarding the reporting of incidents
involving personally identifiable information. In addition, all individuals authorized to access the
Social Security Numbers must be familiar with their incident reporting requirements.
Emergencies: We may use or disclose your protected health information in an emergency
medical treatment situation. If this happens, we may disclose to a member of your family, your
physician or any other person you identify. We shall try to obtain your consent as soon as
reasonably practicable.
2. Permitted Uses and Disclosures That May Be Made Without Your Consent,
Authorization or Opportunity to Object
Required By Law: We may use or disclose your protected information to the extent that law
requires the use or disclosure. The use or disclosure will be made in compliance with the law and
will be limited to the relevant requirements of the law. You will be notified, as required by law,
of any such uses or disclosures.
Communicable Diseases: We may disclose your protected health information, if authorized by
law, to a person who may have been exposed to a communicable disease or may otherwise be at
risk of contracting or spreading the disease or condition.
Food and Drug Administration: We may disclose your protected health information to a person
or company required by the Food and Drug Administration to report adverse events, product
defects or problems, biologic product deviations, track products; to enable product recalls; to
make repairs or replacements, or to conduct post marketing surveillance, as required.
Legal Proceedings: We may disclose protected health information in the course of any judicial
or administrative proceeding, in response to an order of a court or administrative tribunal (to the
extent such disclosure is expressly authorized), in certain conditions in response to a subpoena,
discovery request or other lawful process.
Law Enforcement: We may also disclose protected health information, so long as applicable
legal requirements are met, for law enforcement purposes. These law enforcement purposes
include (1) legal processes and otherwise required by law, (2) limited information requests for
identification and location purposes, (3) pertaining to victims of a crime, (4) suspicion that death
has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises
of a hospital or visitation site.
Coroners, Funeral Directors, and Organ Donation: We may disclose protected health
information to a coroner or medical examiner for identification purposes, determining cause of
death or for the coroner or medical examiner to perform other duties authorized by law.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your
protected health information, if we believe that the use or disclosure is necessary to prevent or
lessen a serious and imminent threat to the health or safety of a person or the public. We may also
disclose protected health information if it is necessary for law enforcement authorities to identify
or apprehend an individual.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when
required by the Secretary of the Department of Health and Human Services to investigate or
determine our compliance with the requirements of Section 164.500 et. Seq.
3. Your Rights
Following is a statement of your rights with respect to your protected information and a brief
description of how you may exercise these rights.
You have the right to inspect and copy your protected information. This means you may
inspect and obtain a copy (unless prohibited by Federal Law) of protected information about you
that is contained in a designated record set for as long as we maintain the protected health
information. A “designated record set” contains medical and background records and any other
records that VCS uses
You have the right to request a restriction of your protected information. This means you
may ask us not to use or disclose any part of your protected information for the purposes of
credentialing operations. Your request must state the specific restriction requested and to whom
you want the restriction to apply.
VCS is not required to agree to a restriction that you may request. If VCS believes it is in
your best interest to permit use and disclosure of your protected information, your protected
information will not be restricted. If VCS does agree to the requested restriction, we may not use
or disclose your protected information in violation of that restriction unless it is needed in an
emergency. With this in mind, please discuss any restriction you wish to request with VCS. You
may request a restriction by notifying our Privacy Contact, Jon Morales.
You may have the right to have VCS amend your protected information. This means you
may request an amendment (update) of protected information about you in a designated record set
for as long as we maintain this information. Please contact our Privacy Contact to determine if
you have questions about amending your record.
You have the right to receive an accounting of certain disclosures we have made, if any, of
your protected information. This right applies to disclosures for purposes other than business
operations as described in this Notice of Privacy Practices. You have the right to receive specific
information regarding these disclosures that occurred after your consent date. The right to
receive this information is subject to certain exceptions, restrictions and limitations.
You have the right to obtain a paper copy of this notice from us, upon request, even if you
have agreed to accept this notice electronically.
4. Complaints
You may file a complaint with us by notifying our privacy contact of your complaint. We will not
retaliate against you for filing a complaint.
You may contact our Privacy Contact, Jon Morales at (866) 373-9725 for further information
about the complaint process.
This notice was published updated and becomes effective on August 27, 2007.
616 Cypress Creek Parkway · Suite 800 · Houston, TX 77090
Office 281·528·4039 Toll free 866·373·9725 Fax 936·946·8300 Toll Free Fax 866·839·1647
www.VCSdatabase.com |
