Privacy Policy

The Privacy Policy of Alita Systems, updated on December 23, 2024, outlines the company's comprehensive approach to protecting the privacy and security of various types of data, including personal and health-related information, across its electronic health record platform and related services.

At Alita Systems, we are committed to safeguarding the privacy and security of your Protected Health Information (PHI) as required by the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy explains how we collect, use, store, and protect your PHI, and outlines your rights regarding your health information.

1. What is Protected Health Information (PHI)?

Protected Health Information (PHI) is any individually identifiable health information that relates to:
- Your past, present, or future physical or mental health condition
- The provision of healthcare services to you
- Payment for healthcare services provided to you

This information can include things like your name, address, phone number, date of birth, social security number, and health information. (45 C.F.R. § 160.103)

2. How We Collect and Use Your PHI

We collect PHI in a variety of ways, including through direct interactions (e.g., in-person, via phone, or electronically), third-party service providers, and our healthcare providers. We may use and disclose your PHI for the following purposes:
- Treatment: To provide, coordinate, or manage your healthcare (45 C.F.R. § 164.506).
- Payment: To obtain payment for the healthcare services we provide to you (45 C.F.R. § 164.506).
- Healthcare Operations: To manage our operations, such as conducting quality assessments, audits, or training programs (45 C.F.R. § 164.506).

3. Disclosure of Your PHI

We will not share your PHI except as outlined below:
- With your consent: We may share your PHI if you provide written consent (45 C.F.R. § 164.508).
- As required by law: We may disclose your PHI to comply with federal, state, or local law, such as reporting health-related statistics or responding to a court order (45 C.F.R. § 164.512).
- For healthcare operations: We may share PHI with business associates, such as those who help us manage appointments, billing, or data analytics, provided they are also HIPAA-compliant (45 C.F.R. § 164.502(e)).
- Public Health and Safety: We may disclose PHI for public health activities, including preventing or controlling disease, reporting adverse events, or complying with FDA regulations (45 C.F.R. § 164.512(b)).

4. How We Protect Your PHI

We implement a variety of physical, administrative, and technical safeguards to protect your PHI from unauthorized access, use, or disclosure. These include:
- Data encryption (45 C.F.R. § 164.312).
- Access controls and authentication procedures (45 C.F.R. § 164.312).
- Security policies and regular staff training (45 C.F.R. § 164.530).
- Secure storage and disposal practices for paper and electronic records (45 C.F.R. § 164.310(d)).

5. Your Rights Regarding Your PHI

You have the following rights regarding your PHI:
- Right to Access: You can request a copy of your PHI, either in paper or electronic form, subject to certain limitations (45 C.F.R. § 164.524).
- Right to Correct: If you believe that your PHI is inaccurate or incomplete, you may request corrections or amendments to it (45 C.F.R. § 164.526).
- Right to Request Restrictions: You can request that we limit the way we use or share your PHI, although we are not required to agree to all such requests (45 C.F.R. § 164.522).
- Right to Confidential Communications: You may request that we communicate with you in a specific way or at a certain location (45 C.F.R. § 164.522).
- Right to Receive an Accounting of Disclosures: You can request an accounting of certain disclosures of your PHI made by us over the last six years (45 C.F.R. § 164.528).
- Right to File a Complaint: If you believe that your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (45 C.F.R. § 164.530).

6. How We Handle PHI After You End the Relationship with Us

If you no longer have an active relationship with Alita Systems, we will continue to protect your PHI as required by HIPAA. We will retain your PHI for the minimum necessary time, as mandated by law, before safely and securely disposing of it (45 C.F.R. § 164.530).

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be communicated to you via the contact information we have on file, and we will post the updated policy on our website. Please review the Privacy Policy periodically to stay informed about how we are protecting your PHI (45 C.F.R. § 164.520).

8. Contact Information

If you have any questions or concerns about this Privacy Policy, or if you would like to exercise any of your rights outlined above, please contact us at:
Alita Systems
1827 N Yellowood Avenue
Broken Arrow, OK 74012
Phone: (800) 450-5211
Email: support@alitasystems.com

References

- 45 C.F.R. Part 160 – General Administrative Requirements
- 45 C.F.R. Part 164 – Security and Privacy of Health Information
- U.S. Department of Health and Human Services, Office for Civil Rights (OCR) – HIPAA Privacy Rule: www.hhs.gov/hipaa/for-professionals/privacy/index.html