Health Research Corporation Privacy Statement

Our Privacy Statement

We respect the privacy of our customers and members. This privacy statement is intended to protect our valuable customers' privacy.

This document will be updated and changed, based on new rules and regulations.

Effective June 1, 2005.

Purpose. The purpose of this Document is to outline the requirements of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and the associated regulations, 45 C.F.R. parts 160-164, as may be amended (the "Privacy Rule") and 45 C.F.R. §142.308(a)(2), as may be finalized and amended (the "Chain of Trust" requirement). Unless otherwise defined in this document, capitalized terms have the meanings given in the Privacy Rule. The Privacy Rule requires us to provide written assurances that it will appropriately safeguard Protected Health Information ("PHI"). The Chain of Trust provision requires that a contract involving exchange of Protected Health Information protect the integrity and confidentiality of the Protected Health Information.

Permitted Uses and Disclosures.

We may use and/or disclose PHI only as permitted or required by Law. We may disclose PHI to, and permit the use of PHI by, our employees, contractors, agents, or other representatives only to the extent directly related to and necessary for the performance of the Services. We will request from our customers no more than the minimum PHI necessary to perform the Services. We will not use or disclose PHI in a manner (i) inconsistent with obligations under the Privacy Rule, or (ii) that would violate the Privacy Rule if disclosed or used in such a manner by our customers.

Safeguards for the Protection of PHI.

We will implement and maintain commercially appropriate security safeguards to ensure that PHI obtained by or on behalf of our customers is not used or disclosed in violation of HIPAA. Such safeguards shall be designed to protect the confidentiality and integrity of such PHI obtained, accessed or created from or on behalf of customers. Security measures maintained by us shall include administrative safeguards, physical safeguards, technical security services and technical security mechanisms as necessary to protect such PHI.

Reporting and Mitigating the Effect of Unauthorized Uses and Disclosures.

If we have knowledge of any use or disclosure of PHI, we will immediately notify our customers. We will establish and implement procedures and other reasonable efforts for mitigating, to the greatest extent possible, any harmful effects arising from any improper use and/or disclosure of PHI.

Use and Disclosure of PHI by Subcontractors, Agents, and Representatives.

We will require any subcontractor, agent, or other representative that is authorized to receive, use, or have access to PHI, to agree, in writing, to adhere to the same restrictions, conditions and requirements regarding the use and/or disclosure of PHI and safeguarding of PHI.

Use and Disclosure for Business Associate's Purposes.

Use. We may use PHI for proper management and administration or to carry out our legal responsibilities.

Disclosure. Except as otherwise limited by additional agreements between usand our customers, we may disclose PHI for the proper management and administration of our services, provided the disclosures are required by law, or we obtain reasonable assurances from the person to whom the PHI is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies us of any instances of which it is aware in which the confidentiality of the PHI has been breached.