HIPAA Policy

California Attending Physicians' and it's affiliates, hereafter referred to as “Agency” and parties utilizing this service hereafter referred to as “user” do hereby agree as follows,

WHEREAS, the U.S. Department of Health and Human Services (“HHS”) has issued final regulations, pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), governing the privacy of individually identifiable health information obtained, created or maintained by certain entities, including healthcare providers (the “HIPAA Privacy Rule”); and

WHEREAS, the HIPAA Privacy Rule requires that the User enter into the Agreement with Agency in order to protect the privacy of individually identifiable health information maintained by the User (“Protected Health Information”, or “PHI”, as identified in the HIPAA Privacy Rule); and

WHEREAS, Agency and its employees, affiliates, agents or representatives may access paper and/or electronic records containing PHI in carrying out their obligations to the User pursuant to either an existing, perspective, or contemporaneously executed agreement for services (“Services Agreement”), and

WHEREAS, the Parties desire to enter into this Agreement to protect PHI, and to amend any agreements contained herein the parties agree as follows:

  1. The Agency agrees to receive information from the User by virtue of this electronic collection process, facsimile, mail service and other means User and Agency may elect to transfer necessary information include telephonic means.

  2. Agency and User agree to utilize due diligence to protect the PHI.

  3. Agency and User agree that Agency may transmit by any and all means the PHI information as deemed appropriate by Agency to its intermediaries, carriers, and other insurance related parties necessary to facilitate the services of the Agency to User. This includes requested and prospective services of Agency.

  4. Use and Disclosure of PHI to Provide Services. The Agency will not use or further disclose PHI (as such term is defined in the HIPAA Privacy Rule) other than to make use of PHI necessary to perform services to User either perspective or by agreement. All other uses not authorized by this agreement are prohibited.

  5. Contemporaneous Service Agreements. In the event that User and Agency are not parties to a Services Agreement existing prior to this date, but instead enter into a services agreement, at the same time as executing this agreement, such agreement shall be attached as exhibit A, and incorporated here by reference. In the event of conflict between the terms of the service agreement, and this agreement, the terms and conditions of this agreement shall govern.

  6. Agency may utilize the PHI in its possession for its proper management and administration and/or to fulfill any present or future legal responsibilities of the Agency.

  7. Agency agrees to disclose the minimum necessary PHI in performing the activities called for in providing perspective or requested services.

  8. Either party to this agreement may terminate this agreement by legal notification granting 30 days notice. Notices to Agency are to be made in writing, certified, return receipt requested, to Diederich, Inc., Steven R. Green, J.D., General Counsel, 506 W. Main Street, Carbondale, Illinois 62901.

  9. All parties certify agreement to be bound this agreement by virtue of acceptance to proceed through this electronic media. No signatures are required as disclosure and continuance to restricted with certification of review of this agreement.

CAN-SPAM Act of 2003

This website does not give, sell, or otherwise transfer any information including email addresses for the use in bulk communications such as bulk emails. Such use of any such information obtained at this website, any related website, or any website pointing to this notice is illegal and/or strictly prohibited.

For more information about the CAN-SPAM Act of 2003 and its requirements for businesses, please refer to http://business.ftc.gov/documents/bus61-can-spam-act-compliance-guide-business/.

What is SSL?

Secure Sockets Layer, or SSL, is a technology that secures the connection between your browser and the website you’re visiting. To verify that SSL is protecting a page, look for a URL beginning with https://, instead of http://, and a green, closed padlock icon. This allows visitors to navigate the website and submit information through a secure connection.

SSL provides three important security benefits:

  • Privacy: Encrypts the connection between the browser and web server and securely transmits information (like login credentials) to prevent unauthorized parties from eavesdropping.

  • Data integrity: Prevents unauthorized parties from altering data during transmission (like during a Form Block submission).

  • Authentication: Protects against impersonation by requiring web server proof of identity.

Enabling SSL may help your site load faster, as Squarespace uses HTTP/2 for SSL-enabled sites. It may also help more visitors find your site: in 2014, Google announced that SSL-secured websites would potentially enjoy a rankings boost in their search results.

How Squarespace uses SSL

If you have custom domains linked and pointed to your Squarespace site, we automatically generate an SSL certificate for your site. This allows visitors to view your site over an HTTPS connection. This is automatically included for Squarespace Domains and third-party domains that point to Squarespace. We use 2048 bit SSL encryption on all pages except checkout pages, and we use TLS version 1.2 for all HTTPS connections.

If you’re using a third-party domain, ensure that it’s correctly connected and pointing to your site to allow a secure SSL connection. Specifically, confirm that you’re using our required CNAME records and A records and that the domain points to Squarespace.