The HIPAA Privacy Rule
The Centers for Disease Control and Prevention (CDC) and the Food and Drug Administration (FDA) are agencies of the U.S. Government conducting medical record review of persons who recently received a vaccine(s) and reported a health problem. CDC and FDA are public health authorities as defined by the Health Insurance Portability and Accountability Act (HIPAA), Standards for Privacy of Individually Identifiable Health Information; Final Rule (Privacy Rule) [45 CFR §164.501]. Pursuant to 45 CFR §164.512(b) of the Privacy Rule is applicable to the Superior Mesenteric Artery Syndrome Research Awareness and Support (SMASRAS) as follows:
Covered entities such as your organization may disclose, without individual authorization, protected health information to public health authorities ” . . . authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions . . . “
The CDC and the FDA conduct surveillance for vaccine associated adverse events through SMASRAS, a public health activity as described by 45 CFR § 164.512(b), as authorized by 42 USC 300aa-25. The information being requested represents the minimum necessary to carry out the public health purposes of this project pursuant to 45 CFR §164.514(d) of the Privacy Rule.
- Service Service is the http://www.smasyndrome.org website operated by Organization
- Personal Data Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Usage Data Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Cookies Cookies are small files stored on your device (computer or mobile device). Information Collection and Use We collect several different types of information for various purposes to provide and improve our Service to you.
- Personal Data While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to: Email address · First name and last name · Phone number · Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data Usage We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Use of Data SMASRAS uses the collected data for various purposes: · To provide and maintain the Service · To notify you about changes to our Service · To allow you to participate in interactive features of our Service when you choose to do so · To provide customer care and support · To provide analysis or valuable information so that we can improve the service · To monitor the usage of the Service · To detect, prevent and address technical
Disclosure of Data The SMARAS shall provide you with the recipients or categories of recipients of your personal data, if any.
Legal Requirements SMASRAS may disclose your Personal Data in the good faith belief that such action is necessary to: · To comply with a legal obligation · To protect and defend the rights or property of SMASRAS · To prevent or investigate possible wrongdoing in connection with the Service · To protect the personal safety of users of the Service or the public · To protect against legal liability
Security of Data The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security
Data Breach SMASRAS will work within 72 hours of a data breach to gather all related information, conduct a thorough investigation, inform regulators and impacted individuals of the breach, identify what personal data has been impacted and how; and draft a comprehensive containment plan, reporting data breaches to the relevant regulator. If we are unable to provide a notification within the 72-hour window, we will provide reasonable justification for the delay; which may be caused by potentially adding additional disruption to regular business operations and exasperating administrative hassle.
Service Providers We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Analytics We may use third-party Service Providers to monitor and analyze the use of our Service