Privacy Policy AaNeel Infotech

Interpretation and Definitions

Interpretation:
The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions:
For the purposes of this Privacy Policy:

You – means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Company – (referred to as either “the Company”, “We”, “Us”, “Our”, or “AaNeel” in this Agreement) refers to AaNeel Infotech LLC, 6650 Gunn Hwy, Tampa, FL 33625.

Service – refers to AaNeel Infotech products and services, such as AaNeel website(s), Electronic Medical Records (EMR) systems, provider practice management systems, healthcare management systems and/or portals (e.g.: Member/Patient Portals, Provider Portals, Broker Portals), software or mobile applications, or other healthcare technology solutions.
Service Provider – means any natural or legal person who processes the data on behalf of the Company. It refers to third party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
Personal Data – is any information that relates to an identified or identifiable individual.
Cookies -are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Breach – unauthorized and not permitted access, use, or disclosure of protected health information, as specified under the Standards for Privacy of Individually Identifiable Health Information (the “Privacy Rule”), that compromises the security or privacy of the protected health information.

Background / Purpose

AaNeel defines Privacy Policy as a legal agreement that is used to disclose the way it gathers, uses and manages the personal information of customers and clients. AaNeel is committed in protecting the privacy of the persons who use the electronic systems that it provides. This document describes AaNeel’s policies and practices regarding the collection and use of personally identifiable information. Personally identifiable information (PII) that AaNeel may collect may include domain names, Internet Protocol (IP) addresses, e-mail addresses contact information (such as name, address, and telephone numbers) and any other information that clients otherwise provide and/or we receive through our systems (“information”).

Policy Statement

AaNeel team provides contractual services, technical and business support for various healthcare organizations, groups and individuals serving Medicare beneficiaries. The Team activities are based on assigned tasks involving healthcare (Medicare) beneficiaries, health care providers and payors. As such, it is expected that each team member performs his/her assigned tasks efficiently and effectively, maintains privacy and security, abides by the workplace discipline and treats clients and beneficiaries with respect and dignity.

DISCLAIMER
IF YOU DO NOT WANT AANEEL TO COLLECT, STORE, AND PROCESS YOUR INFORMATION AS DESCRIBED IN THIS POLICY, THEN YOU HAVE THE OPTION TO OPT-OUT USING OUR CONTACT INFORMATION BELOW.

Data Collection Practice

AaNeel only collects and uses information for the purpose of providing the information and services that clients need and request. AaNeel does not and will not sell or lease information that it collects. Information collected is only used for a proper business purpose and at no time will be used outside that scope. Personal data processed by AaNeel shall not be kept for longer than is necessary for the intended process or purposes and required by the law. Clients have the right to request that their information be deleted, once the request has been verified the data will be deleted within a reasonable timeframe and as per agreement.

Information We Receive from Beneficiaries:
AaNeel collects beneficiary name, postal address, email address, phone number, and other demographic information (such as gender, occupation, and ethnicity) as well as other information provided by the beneficiaries (such as education and language preference).

Information We Get from Other Organizations and Entities:
AaNeel may receive additional information about beneficiaries from clients, organizations, and entities, such as information from third parties, such as regulatory agencies (CMS, HHS, State), business partners, marketers, researchers, analysts, and other parties that we may use to supplement the information that we collect directly from you.

Information from the use of AaNeel Mobile Apps:
When clients use AaNeel mobile application (apps), it may collect information about the type of device and operating system they use. AaNeel may ask you if you want to receive push notifications about activity in your account. If you opt into these notifications and no longer want to receive them, you may turn them off through your operating system. AaNeel doesn’t access or track any location-based information from your mobile device unless you’ve given us permission. AaNeel may use analytics software (such as intercom.io) to help us better understand how people use our application. AaNeel may collect information about how often you use the app, AaNeel follows an opt-in permission-based text message (SMS) enrollment policy. AaNeel will not send unsolicited, bulk or commercial offers or advertisements without permission. All SMS messages contain information on how to unsubscribe from the list. You may leave our lists at any time for any reason. If you have any questions or feel that you received unsolicited email or an unsolicited SMS message, please contact us.

Use of Personal Information:
AaNeel may use personal information for following purposes:

To provide service(s) to clients, which includes physicians, physician groups, health management organizations, accountable care organizations, independent provider associations, management services organizations, and other healthcare providers and industry associates.
To operate, maintain, and improve our sites, products, and services.
To respond to comments and questions and provide customer service.
To send information including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages.
To communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
To process and deliver contest entries and rewards.
To link or combine user information with other information.
To provide and deliver products and services at customer’s request.
Information may be used for treatment.
For example, AaNeel may use or disclose health information to aid clients with beneficiary’s coordination of care.
Information may be used for payments due to AaNeel or its clients.
For example, information may be used to determine beneficiary coverage of benefits, to process claims, to identify and report incentive and quality measure data, or for other health care services and solutions provided by AaNeel to its clients.
Information may be used for health care operations
For example, AaNeel may use or disclose health information as necessary to effectively manage daily operations related to contracted services for health care related clients. We may also use or disclose, as-needed, protected health information in order to support AaNeel business activities. These activities may include, but are not limited to, quality improvement initiatives, compliance and auditing activities, training, and accreditation.

Sharing of Information
AaNeel may share information as follows:

We may use third-party web analytics services on our services to collect and analyze the information discussed above, and to engage in auditing, research and reporting.
We may share information if company merges or is combined with any other organization, or if it transfers all or substantially all of its assets or operations to another organization, it may disclose information it collects from you to the other organization so that the other organization can continue to provide services to you while maintaining your information rights of both access and choice. The other organization will be bound by this policy.
We may share information for legal, protection, and safety purposes.
We may share information to comply with laws.
We may share information to respond to lawful requests and legal processes.
We may share information to protect the rights and property of its agents, customers, and others. This includes enforcing agreements and policies AaNeel may share information in an emergency. This includes protecting the safety of its employees and agents, its customers, or any person.
We may share information with those who need it to do work for it
We are prohibited from using or disclosing protected health information that is genetic information of an individual, unless doing so under contractual obligation for a client that is an issuer of a long-term care policy.
AaNeel must obtain an authorization for any disclosure of psychotherapy notes, except to carry out the following treatment, payment, or organizational operations:
- Use for treatment.
- Use or disclosure for training programs; and/or,
- Use or disclosure to defend the organization in legal action or other proceeding brought by the individual and/or their legal representative(s).
AaNeel must obtain an authorization for marketing.
Other uses and disclosures not described in this Privacy Policy will be made only with the individual’s written authorization, as required by law.

Individuals granting authorization may later revoke an authorization in writing as provided by law.

Third Party Providers:
AaNeel may contract with other companies to provide various services to its customers on an outsourced basis rather than performing the services directly. For example, AaNeel may contract with a cloud hosting provider to host some or all of the processing and communication services that AaNeel provides. By continuing to use our services, you consent to AaNeel’s use of these third party providers.

AaNeel processes and/or maintains personal information it receives according to Industry best practices and subsequently transfers any and all liabilities to third parties acting as an agent or on its behalf. AaNeel complies with the industry standards for all onward transfers of personal data including the onward transfer liability provisions.

User Consent Practice

AaNeel follows strict policies on user consent. The five elements below must ALL be met for consent to be considered valid:

Freely given – Individual(s) must not be coerced or pressured into giving consent, or suffer any lack of service or detriment if they refuse to provide consent.
Specific – Individual(s) must agree specifically to each type of data use.
Informed – Individual(s) must be informed of the type of information collected and how it is used.
Unambiguous – Consent language must be clear and easy to understand.
Clear affirmative action – Individual(s) must expressly consent by providing/completing an action that proves consent. For example, individual(s) may submit written consent, use a system consent indicator, such as a system checkbox or another system mechanism to document consent, or may provide verbal consent that can be documented.

When is Consent Required?:

Consent: the individual or client has given clear consent to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract AaNeel has with the individual / client or because the individual or client has asked to take specific steps before entering into a contract.
Legal Obligation: The processing is necessary to comply with the law (beside contractual obligations).
Vital Interest: The processing is necessary to protect someone’s life.
Legitimate interest: The processing is necessary for AaNeel’s legitimate interest or legitimate interests of a third party, unless there is a good reason to protect personal data which overrides those legitimate interests.

Generally speaking, AaNeel will not ask for consent if:

AaNeel is carrying out a core or contracted service.
AaNeel is required to process personal data by law (legal obligation).
AaNeel is processing personal data to the benefit of clients in a way that the users would reasonably expect, with minimal risk and impact on individuals (legitimate interests).

AaNeel will ask for consent while offering a genuine choice over a non-essential service. Typical examples include:

Using tracking/advertising cookies.
Sending marketing emails or newsletters.
Sharing personal data with other companies for commercial purposes.

Security Policy

AaNeel maintains Data Security by protecting the integrity, confidentiality, and availability of Protected Health Information (PHI) and electronic-PHI (e-PHI) that is held or transmitted by AaNeel. AaNeel maintains reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI that it receives, stores, and transmits.

How Information is Protected by AaNeel

AaNeel ensures the confidentiality, integrity, and availability of all e-PHI it creates, receives, maintains, or transmits.
AaNeel identifies and protects against reasonably anticipated threats to the security or integrity of the information.
AaNeel protects against reasonably anticipated, impermissible uses or disclosures.
AaNeel ensures compliance by its workforce.
AaNeel implements and maintains protective measures like, secure user access and encryption.

AaNeel ensures the three core components of data protection as follows:

Confidentiality

That e-PHI is not available or disclosed to unauthorized persons
Prohibits against improper uses and disclosures of PHI.

Integrity (storage)

That e-PHI is not altered or destroyed in an unauthorized manner.

Availability (Access)

That e-PHI is accessible and usable on demand by an authorized person.

How AaNeel Ensures HIPAA Security
Risk Analysis and Management

Identify Risk
Implement appropriate security measure
Maintain continuous, reasonable, and appropriate security protections

Administrative Safeguards

Establish a Security Management Process
Designate security personnel
Workforce Training and Management
Perform periodic evaluation

Technical Safeguard

Access control – Implement technical guidelines to allow only authorized people to handle e-PHI
Audit controls – hardware, software, and/or procedural mechanisms to record and examine access and other activity in information systems that contain or use e-PHI
Integrity control – Electronic measures must be put in place to confirm that e-PHI has not been improperly altered or destroyed
Transmission Security – guard against unauthorized access to e-PHI when transmitted over an electronic network

AaNeel Guideline for Cyber Security and Breach Notification Policy
Reporting Requirements

Office of Civil Rights (OCR) – Notice of breach to the Secretary and US Department of Health and Human Services (HHS):
- Breaches Affecting 500 or More Individuals
  If a breach of unsecured protected health information affects 500 or more individuals, as a Covered Entity, AaNeel shall notify required parties timely. Notification to the Secretary of the breach shall be provided as required and without unreasonable delay.
- Breaches Affecting Fewer than 500 Individuals
  If a breach of unsecured protected health information affects fewer than 500 individuals, as a Covered Entity, AaNeel shall notify required parties timely. Notification to the Secretary of the breach shall be provided within 60 days of the end of the calendar year in which the breach was discovered.
Federal Bureau of Investigation (FBI) – AaNeel shall work with authorized federal agencies and investigations, responding timely to authorized requests.
Homeland Security – AaNeel shall work with authorized federal agencies and investigations, responding timely to authorized requests.
Office of Inspector General (OIG) – AaNeel shall work with authorized federal agencies and investigations, responding timely to authorized requests.
Federal Trade Commission (FTC) – AaNeel shall work with authorized federal agencies and investigations, responding timely to authorized requests.

What AaNeel Will Do?

Perform Risk Assessment
Address Identified Risks
Provide notification(s) following a breach of protected health information as per applicable breach notification provisions implemented and enforced by applicable local and federal regulatory agencies.

Who It Applies To?

Covered Entities
Business Associates
Healthcare vendors, software developers, medical device companies, and other third-party service providers (monitored by the FTC)

Career Note

Please be advised that AaNeel Infotech, nor its affiliates or representatives, will ask for money from individuals under any circumstances to lure them with employment opportunities. If you receive any offer that purports to be from our company, which ask for money, these types of offers are fraudulent. Under no circumstances will AaNeel, its affiliates, or representatives, be liable or responsible for any loss, damage, expense, or inconvenience resulting from these unauthorized attempts and/or activities.

Our Duty

AaNeel is required by law to maintain the privacy of protected health information, to provide clients and/or individuals with notice of its legal duties and privacy practices with respect to protected health information, and to notify affected clients and/or individuals following a breach of unsecured protected health information.

All AaNeel products, subsidiaries, and affiliates are required to abide by the terms of the notice currently in effect. AaNeel reserves the right to change the terms of this Privacy Policy and to make the new notice and provisions effective for all protected health information that it maintains. In the event AaNeel makes a material change this Privacy Policy it shall notify all impacted clients and provide them with a revised notice prior to effectuation in electronic or hardcopy format.

Contact Us

AaNeel recognizes individuals’ rights with respect to protected health information. If you have any questions about this notice or want to exercise any of your rights or file a complaint, please contact us at the below.

By Mail: AaNeel Infotech LLC
ATTN: Privacy Officer
6650 Gunn Hwy
Tampa, FL 33625
By email: compliance@aaneel.com
Ext.135
Toll-Free Compliance Hotline: 1 (800) 828-1358
By Phone: 813-200-5600

AaNeel will not retaliate or act against individuals exercising their rights or for filing a complaint. Our senior privacy and security officials monitor these channels and will respond to you as soon as possible. Individuals may also submit privacy related complaints directly to the Secretary of the U.S. Department of Health and Human Services. You may email your complaint to OCRComplaint@hhs.gov

Effective 12/21/2023

Certification Criterion	Description of Capability	Example Description of Capability	Regulation	Costs or Fees Costs or fees that may be required to support the implementation and/or use of the capability -OR- in connection with data generated using the capability.
Electronic Health Information export	170.315 (b)(10)	Enables a user to electronically export health information at individual patient level or for the entire patient population without developer assistance, providing data in computable electronic format with a publicly accessible hyperlink to AaNeel’s export file technical specifications.	This functionality enables a user to extract reporting data without assistance. The reporting data will be based on criteria selected by the user which will allow user to export the data for their entire patient population or will allow the user to drill down to individual patient(s). When user exports the file, a hyperlink to a publicly accessible page is provided at the header of the file export. The hyperlink will allow one to access the technical specifications file for the electronic export file provided in a computable format.	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Clinical quality measures (CQMs) — record and export	§170.315(c)(1)	Enables a user to electronically record all data necessary to calculate Clinical Quality Measures (CQMs) presented for certification.	This functionality enables a user to electronically capture and export all the data necessary to calculate each of the supported Clinical Quality Measures (CQM), including the codification of CQM exceptions and exclusion.	AaNeelCare is licensed to customers as per the terms of the User Agreement; additional software and/or licensing fees may be required to use the capability.
Clinical quality measures (CQMs) — import and calculate	§170.315(c)(2)	Enables users to import a data file formatted in accordance with HL7 QRDA Category I Release 3 or the corresponding version of the Quality Reporting Document Architecture (QRDA) standard for the CMS annual measure update being certified for one or multiple patients in order to perform calculations on the Clinical Quality Measures (CQMs) presented for certification.	This functionality enables a user to electronically import all the captured data needed to calculate each of the supported Clinical Quality Measures (CQM), and to calculate each certified CQM using the Quality Reporting Document Architecture standard.	AaNeelCare is licensed to customers as per the terms of the User Agreement; additional software and/or licensing fees may be required to use the capability.
Clinical quality measures (CQMs) — report	§170.315(c)(3)	Enables a user to electronically create a data file for transmission of Clinical Quality Measures (CQMs) data in accordance with the CMS Quality Reporting Document Architecture (QRDA) standard.	This functionality enables a user to electronically create a data file for transmission of Clinical Quality Measures (CQM) data according to the Quality Reporting Document Architecture standard.	AaNeelCare is licensed to customers as per the terms of the User Agreement; additional software and/or licensing fees may be required to use the capability.
Clinical quality measures (CQMs) — filter	§170.315(c)(4)	Enables users to record the data listed in §170.315 (c)(4)(iii) in accordance with the identified standards where specified.	This functionality enables a user to electronically filter by any combination of the proposed data elements (i.e., by any one data element (e.g., provider type) or a combination of any of the data elements).	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Authentication, access control, authorization	§170.315(d)(1)	Requires user’s unique identifier(s) (e.g., username or number) is/are verified by AaNeelCare as the one claimed prior to receiving access to electronic health information.	Managing authorized and authenticated users access to the My Health EHR	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Auditable events and tamper-resistance	§170.315(d)(2)	AaNeelCare records actions pertaining to electronic health information in accordance with standards when AaNeelCare is in use, changes to user privileges when AaNeelCare is in use, and records the date and time in accordance with requirements.	Governs what the EHR must capture in an audit log	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Audit report(s)	§170.315(d)(3)	Enables a user to create one or more audit reports for a specific time period that includes some or all of the data specified, including changes to user privileges when AaNeelCare is in use, and record the date and time of the action in accordance with requirements, allowing content included in each audit log to be sortable.	Governs what the EHR must be able to report related to audit logs.	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Automatic access time-out	§170.315(d)(5)	Requires AaNeelCare to automatically stop a user’s access to health information after inactivity for a predetermined period.	Requires the EHR to automatically log off a user after a pre-determined time of inactivity	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Encrypt authentication credentials	§170.315(d)(12)	“Requires AaNeelCare to encrypt stored authentication credentials in accordance with standards adopted in §170.210(a)(2). OR The criterion does not require certified health IT to have these capabilities or for health IT developers to implement these capabilities for a specific use case or any use case, just that they attest “yes” or “no” to whether the Health IT Module encrypts authentication credentials.”	Encrypting authentication credentials may include password encryption or cryptographic hashing, which is storing encrypted or cryptographically hashed passwords, respectively (85 FR 25700).	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Multi-factor authentication	§170.315(d)(13)	The criterion does not require certified health IT to have these capabilities or for health IT developers to implement these capabilities for a specific use case or any use case, just to attest “yes” or “no” to whether the Health IT Module supports multi-factor authentication.	“Requires a setting to authenticate users when logging on to the application. The authentication can be configured based on various Multifactor Authentication (MFA) Methods such as Email, SMS, and Mobile Authenticator. The OTP (One-Time Password) can be sent to one or all these methods.	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Quality management system	§170.315(g)(4)	Requires AaNeelCare to identify the specific QMS used that was established by the federal government or a Standards Development Organization (SDO)	Ensures that a quality management system used by the health IT developer	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.
Accessibility-centered design	§170.315(g)(5)	This certification criterion requires AaNeelCare to identify relevant standards or laws; or, alternatively, permits AaNeelCare to state that its health IT product presented for certification does not meet any accessibility-centered design standards or any accessibility laws.	Ensures that accessibility-centered design principles have been employed by the health IT developer	AaNeelCare is licensed to customers as per the terms of the User Agreement; no additional software required to use the capability, all required is included in AaNeelCare.

Products

Roles

Services

About

Contact

Support

Media

Brochures

Privacy Policy

Interpretation and Definitions

Background / Purpose

Policy Statement

Data Collection Practice

User Consent Practice

Security Policy

Career Note

Our Duty

Contact Us

Say hello to the new wave of healthtech innovation.

Products

Roles

Services

About

Contact

Support

Media

Brochures

Products

Roles

Services

About

Contact

Support

Media

Brochures

Privacy Policy

Interpretation and Definitions

Background / Purpose

Policy Statement

Data Collection Practice

User Consent Practice

Security Policy

Career Note

Our Duty

Contact Us

Say hello to the new wave of healthtech innovation.

Certified

Products

Roles

Services

About

Contact

Support

Media

Brochures