Privacy Policy and Procedures

Company – (referred to as either “the Company”, “We”, “Us”“Our” or “AaNeel” in this Agreement) refers to AaNeel Infotech LLC, 6650 Gunn Hwy, Tampa, FL 33625.

Service Provider – means any natural or legal person who processes the data on behalf of the Company. It refers to third party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

AaNeel defines Privacy Policy as a legal agreement that is used to disclose the way it gathers, uses and manages the personal information of customers and clients. AaNeel is committed in protecting the privacy of the persons who use the electronic systems that it provides. This document describes AaNeel’s policies and practices regarding the collection and use of Personally Identifiable Information (PII). Personally Identifiable Information that AaNeel may collect may include domain names, Internet Protocol (IP) addresses, e-mail addresses contact information (such as name, address, and telephone numbers) and any other information that clients otherwise provide and/or we receive through our systems (“information”).

AaNeel team provides contractual services, technical and business support for various healthcare organizations, groups and individuals serving Medicare beneficiaries. The Team activities are based on assigned tasks involving healthcare (Medicare) beneficiaries, health care providers and payors. As such, it is expected that each team member performs his/her assigned tasks efficiently and effectively, maintains privacy and security, abides by the workplace discipline and treats clients and beneficiaries with respect and dignity.

DISCLAIMER
IF YOU DO NOT WANT AANEEL TO COLLECT, STORE, AND PROCESS YOUR INFORMATION AS DESCRIBED IN THIS POLICY, THEN YOU HAVE THE OPTION TO OPT-OUT USING OUR CONTACT INFORMATION BELOW

Based on company capability, the company will provide required resources and adequate training to each employee to perform his/her assigned task. In case of any resource deficiency and training need, an employee must inform his/her supervisor or the department chief. Department will provide reasonable resource and training to the employee to secure privacy and data security

AaNeel only collects and uses information for the purpose of providing the information and services that clients need and request. AaNeel does not and will not sell or lease information that it collects. Information collected is only used for a proper business purpose and at no time will be used outside that scope.Personal data processed by AaNeel shall not be kept for longer than is necessary for the intended process or purposes and required by the law. Clients have the right to request that their information be deleted, once the request has been verified the data will be deleted within 30 days of receiving the
request.

Information We Receive from Beneficiaries:
AaNeel collects beneficiary name, postal address, email address, phone number, and other demographic information (such as your gender, occupation and ethnicity) as well as other information provided by the beneficiaries (such as education and language preference).

Information We Get from Other Organizations and Entities:
AaNeel may receive additional information about beneficiaries from clients, organizations and entities, such as information from third parties, such as regulatory agencies (CMS, HHS, State), business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.

Information from the use of AaNeel Mobile Apps:
When clients use AaNeel mobile apps, it may collect information about the type of device and operating system they use. AaNeel may ask you if you want to receive push notifications about activity in your account. If you opt into these notifications and no longer want to receive them, you may turn them off through your operating system. AaNeel doesn’t access or track any location based information from your mobile device unless you’ve given us permission. AaNeel may use analytics software (such as intercom.io) to help us better understand how people use our application. AaNeel may collect information about how often you use the app AaNeel follows an opt-in permission-based text message (SMS) enrollment policy. AaNeel will not send unsolicited, bulk or commercial offers or advertisements without permission. All SMS messages contain information on how to unsubscribe from the list. You may leave our lists at any time for any reason. If you have any questions or feel that you received unsolicited email or an unsolicited SMS message please contact us.

Use of Personal Information:
AaNeel may use personal information for following purposes:

• To operate, maintain, and improve our sites, products, and services.
• To respond to comments and questions and provide customer service.
• To send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
• To communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
• To process and deliver contest entries and rewards.
• To link or combine user information with other information.
• To provide and deliver products and services at customer’s request.
  • Information may be used for treatment.
    For example, AaNeel may use or disclose health information to aid clients with beneficiary’s coordination of care.
  • Information may be used for payments due to AaNeel or its clients.
    For example, information may be used to determine beneficiary coverage of benefits, to process claims, to identify and report incentive and quality measure data, or for other health care services and solutions provided by AaNeel to its clients.
  • Information may be used for health care operations
    For example, AaNeel may use or disclose health information as necessary to effectively manage daily operations related to contracted services for health care related clients. We may also use or disclose, as-needed, protected health information in order to support AaNeel business activities. These activities may include, but are not limited to, quality improvement initiatives, compliance and auditing activities, training, and accreditation.

Sharing of Information
AaNeel may share information as follows:

• We may use third-party web analytics services on our services to collect and analyze the information discussed above, and to engage in auditing, research and reporting.
• We may share information if company merges or is combined with any other organization, or if it transfers all or substantially all of its assets or operations to another organization, it may disclose information it collects from you to the other organization so that the other organization can continue to provide services to you while maintaining your information rights of both access and choice. The other organization will be bound by this policy. You will be notified via U.S. mail once such decision has been made, when the merger or transfer process begins with an approximate / exact effective date of operations with the new organization / management. You may contact us if you would like to opt out.
• We may share information for legal, protection, and safety purposes.
• We may share information to comply with laws.
• We may share information to respond to lawful requests and legal processes.
• We may share information to protect the rights and property of its agents, customers, and others.This includes enforcing agreements and policies AaNeel may share information in an emergency. This includes protecting the safety of its employees and agents, its customers, or any person.
• We may share information with those who need it to do work for it.
• We are prohibited from using or disclosing protected health information that is genetic information of an individual, unless doing so under contractual obligation for a client that is an issuer of a long-term care policy.
• AaNeel must obtain an authorization for any disclosure of psychotherapy notes, except to carry out the following treatment, payment, or organizational operations:
  • Use for treatment.
  • Use or disclosure for training programs; and/or,
  • Use or disclosure to defend the organization in legal action or other proceeding brought by the individual and/or their legal representative(s).
• AaNeel must obtain an authorization for marketing.
• Other uses and disclosures not described in this Privacy Policy will be made only with the individual’s written authorization, as required by law.
  • Individuals granting authorization may later revoke an authorization in writing as provided by law.

Third Party Providers:
AaNeel may contract with other companies to provide various services to its customers on an outsourced basis rather than performing the services directly. For example, AaNeel may contract with a cloud hosting provider to host some or all of the processing and communication services that AaNeel provides. By continuing to use our services, you consent to AaNeel’s use of these third party providers.

AaNeel intends to process the personal information it receives according to Industry best practices and subsequently transfers any and all liabilities to third parties acting as an agent or on its behalf. AaNeel complies with the industry standards for all onward transfers of personal data including the onward transfer liability provisions.

AaNeel follows strict policies on user consent. If you are missing any one of below listed five elements, you do not have consent.

1. Freely given – the person must not be insisted and or pressured into giving consent or suffer any lack of service or detriment if they refuse
2. Specific – the person must be asked to consent to individual types of data processing.
3. Informed – the person must be told what they are consenting to.
4. Unambiguous – language must be clear and simple to understand.
5. Clear affirmative action – the person must expressly consent by doing or saying something that can be documented, i.e. when asked for someone’s consent, he/she or they understand the question and the implications, and then make a genuine choice.

When is Consent Required?:

1. Consent: the individual or client has given clear consent to process their personal data for a specific purpose
2. Contract: the processing is necessary for a contract AaNeel has with the individual / client or because the individual or client has asked to take specific steps before entering into a contract
3. Legal Obligation: The processing is necessary to comply with the law (beside contractual obligations)
4. Vital Interest: The processing is necessary to protect someone’s life.
5. Legitimate interest: The processing is necessary for AaNeel’s legitimate interest or legitimate interests of a third party, unless there is a good reason to protect personal data which overrides those legitimate interests.

Generally speaking, AaNeel will not ask for consent if:

• AaNeel is carrying out a core or contracted service.
• AaNeel is required to process personal data by law (legal obligation).
• AaNeel is processing personal data to the benefit of clients in a way that the users would reasonably expect, with minimal risk and impact on individuals (legitimate interests)

AaNeel will ask for consent while offering a genuine choice over a non-essential service. Typical examples include:

• Using tracking/advertising cookies
• Sending marketing emails or newsletters
• Sharingpersonal data with other companies for commercial purposes

AaNeel maintains its Data Security (electronic PHI) by protecting the

• Integrity
• Confidentiality
• Availability

of e-PHI that is held or transmitted by AaNeel. AaNeel maintains reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI that it receives, stores, and transmits

How Information is Protected by AaNeel?

1. Ensures the confidentiality, integrity, and availability of all e-PHI it creates, receives, maintains, or transmits.
2. Identifies and protects against reasonably anticipated threats to the security or integrity of the information.
3. Protects against reasonably anticipated, impermissible uses or disclosures.
4. Ensures compliance by its workforce.
5. Information is protected by AaNeel using different protective measures like, secure user access and encryption

AaNeel ensures the three core components of data protection as follows:

Confidentiality

• That e-PHI is not available or disclosed to unauthorized persons
• Prohibits against improper uses and disclosures of PHI.

Integrity (/storage)

• That e-PHI is not altered or destroyed in an unauthorized manner.

Availability (/Access)

• That e-PHI is accessible and usable on demand by an authorized person.

How AaNeel Ensures HIPAA Security?
Risk Analysis and Management

• Identify Risk
• Implement appropriate security measure
• Maintain continuous, reasonable, and appropriate security protections

Administrative Safeguards

• Establish a Security Management Process
• Designate security personnel
• Workforce Training and Management
• Perform periodic evaluation

Technical Safeguard

• Access control – Implement technical guidelines to allow only authorized people to handle e-PHI
• Audit controls – hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI
• Integrity control – Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed
• Transmission Security – guard against unauthorized access to e-PHI when transmitted over an electronic network

AaNeel Guideline for Cyber Security
Report to law enforcement requirement

• OCR (must report) – No later than 60 days after the discovery of a breach affecting 500 or more individual
• Local FBI (if FBI wants to investigate, wait for their written request or 30 days).
• ISAO (information – sharing and analysis organization)
• Homeland Security
• HHS Assistant Secretary for Preparedness and Response

AaNeel Breach Notification Policy
AaNeel defines the Breach Notification rules as, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

What AaNeel Will Do?

• Perform Risk Assessment
• Provide notification following a breach of unsecured protected health information per breach notification provisions implemented and enforced by the Federal Trade Commission (FTC)

Who It Applies To?

• Applies to vendors of personal health records and their third-party service providers, pursuant to relevant statutes e.g. section 13407 of the HITECH Act.
• Information includes coding, billing and insurance verification

Burden of Proof of Extent of Damage and Subsequent Actions

1. Training
   • AaNeel trains its employees on Privacy Policy
   • Applies appropriate sanctions against workforce members who do not comply with these policies and procedures.
2. Breach involving Less Than 500 members (OCR & Asst. Secretary for Preparedness and Response)
   • AaNeel will report such breaches at the time they are discovered.
   • AaNeel will report all of its breaches affecting fewer than 500 individuals on one date, but will
   • AaNeel will submit the notice electronically completing all of the fields of the breach notification form