HIPAA / HITECH
HIPAA (Health Insurance Portability and Accountability Act) was signed into law on August 21, 1996, Public Law 104-191. This law was designed to provide insurance portability, to improve the efficiency of health care by standardizing the exchange of administrative and financial data, and to protect the privacy, confidentiality and security of health care information. It impacts all areas of the health care industry.
Electronic Prescribing applications created and sold by Daw Systems, Inc. have been reviewed in order to determine how to best assist our customers with their HIPAA readiness issues. Daw Systems, Inc. has taken all reasonable and industry standard steps to ensure compliance with HIPAA standards.
D.A.W. Systems, Inc. may at times have a need to use and disclose patient information which is governed by the rules and regulations established under HIPAA, the Health Insurance Portability and Accountability Act of 1996, and related policies and procedures of D.A.W. Systems, Inc. Therefore, with regard to patient information, D.A.W. Systems, Inc. commits to the following obligations: a) will use and disclose confidential health information solely in accordance with the federal, state and company policies set forth above and elsewhere, including but not limited to the company policy handbook. b) In the event of a unauthorized disclosure (release, transfer, provision of, access to, or divulging in any other manner, of information outside the entity holding the information) of Personal Health Information (PHI), Daw systems, Inc. will immediately take steps to mitigate the exposure, unauthorized use and/or disclosure of PHI. D.A.W. Systems, Inc. will follow company policy and federal state law in dealing with the breach. This shall include notifying the affected individual(s) and following any HIPAA/HITECH related provisions. All workforce members of D.A.W. Systems, Inc. who become aware of or suspect any unauthorized use or disclosure of protected health information (PHI), or a breach in the security of a computerized system containing such information, shall be responsible for reporting such unauthorized access or breach to their supervisor or to the designated Security and Privacy Officer.
Below are the details of the policies and procedures in the event of potential or actual breach of Unsecured PHI:
Step 1 - Discovery: A breach of PHI will be deemed discovered as of the first day Daw Systems, Inc. knows of the breach. If a potential breach is discovered, it must be immediately reported to the Security and Privacy Officer. The Security and Privacy Officer will then notify the Systems Security Officer.
Step 2 - Internal Reporting: All D.A.W. Systems, Inc. employees must incidents that may involve the loss of, improper disclosure of, or improper access to PHI or ePHI (for example, the loss or theft of paper PHI; the loss or theft of a computer, smartphone, or thumb drive storing ePHI; or an electronic intrusion into a computer storing ePHI). Reports should be made to the Security and Privacy Officer who will also notify the Systems Security Officer. Even if you believe that no ePHI or PHI was compromised, you must notify the Security and Privacy Officer if you believe that any type of sensitive data was compromised. You must also promptly notify your immediate supervisor if any physical or information asset is damaged.
Step 3 - Investigation: Upon receipt of notification of potential breach, the Security and Privacy Officer or his/her designee, shall promptly conduct an investigation. The investigation shall include interviewing employees involved, collecting written documentation, and completing all appropriate documentation. The Security and Privacy Officer shall retain all documentation related to potential breach investigations for a minimum of six years.
Step 4 - Risk Assessment and Recommendation: After investigation is complete, the Security and Privacy Officer will perform a Risk Assessment. The purpose of Risk Assessment is to determine if a use or disclosure of PHI constitutes a breach and requires further notification to the Covered Entity. The Security and Privacy Officer shall appropriately document the Risk Assessment and make a recommendation to the President and CEO whether notification to the Covered Entity of the potential breach would be prudent. A written record of an action, activity, or assessment that is required by D.A.W. Systems, Inc. security policies to be documented, must be maintained for six (6) years from the date of its creation or the date when it was last in effect whichever is later.
Step 5 - Sanctions: Daw Systems, Inc. employees who fail to fully comply with D.A.W. Systems, Inc. HIPAA Privacy, Security, and Breach Notification Policies and Procedures contained herein will be subject to sanctions as deemed appropriate by management.
If you have any questions regarding D.A.W. Systems, Inc. processes or HIPAA-readiness issues, please ask your HIPAA question through e-mail. D.A.W. Systems, Inc. is available to enter into any Business Associate Agreements (BAA) for the purpose of HIPAA privacy regulations. To request a HIPAA or BAA information, please email your business name and contact information to: info@dawsystems.com.
Advertising
D.A.W. Systems, Inc. does not permit obtrusive or disruptive advertising formats such, as pop-up messages, within its applications. However, ScriptSure may display brand awareness banners in designated areas of the application interface. These banners are non-intrusive, and do not interfere with core prescribing workflows or clinical use. In addition, D.A.W. Systems, Inc. may provide links to pharmaceutical websites, coupon services, or educational resources intended for use by physicians or patients. Access to such content requires affirmative user action, such as clicking a link, and will never obstruct or delay the functionality of the software.
Prescribing Freedom
It is DAW policy not to influence prescribing decisions of an end users. DAW software may provide a great deal of information on all medications and as pertains to the insurance formulary as received by SureScripts. DAW will not encourage/influence prescribing decisions that exceed formulary, benefit, or any other treatment-based information. The software may present formulary information on-screen; this is for informational purposes only and to assist and not influence the prescriber with prescribing for a particular patient. Furthermore, DAW does not message a patient or prescriber about the benefits of medications over another. All medications are given the same treatment throughout the software. Sometimes pharma will provide a coupon to give to a patient. This is a dynamic print and there is no indication on-screen as to the existence of the coupon prior to printing or sending the prescription electronically.
Links to Third Party Web Sites
The links in this web site will allow you to leave Daw Systems, Inc.'s web site. The linked sites are NOT under the control of D.A.W. Systems, Inc., and D.A.W. Systems, Inc. is not responsible for the contents of any linked site or any link contained in any linked site. D.A.W. Systems, Inc. is not responsible for any changes or updates to such sites. D.A.W. Systems, Inc. provides these links to you solely as a convenience. The inclusion of any link does not constitute nor imply endorsement by D.A.W. Systems, Inc. of the linked site.
Disclaimers
A.) First DataBank has utilized reasonable care in collecting and reporting the information contained in the Licensed Products and has obtained such information from sources believed to be reliable. First DataBank, however, does not warrant the accuracy of codes, prices or other data contained in the Licensed Products. Information reflecting prices is not a quotation or offer to sell or purchase. The clinical information contained in the Licensed Products is intended as a supplement to, and not a substitute for, the knowledge, expertise, skill, and judgment of physicians, pharmacists, or other healthcare professionals in patient care. The absence of a warning for a given drug or drug combination should not be construed to indicate that the drug or drug combination is safe, appropriate or effective in any given patient.
B.) FIRST DATABANK MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED AND FURTHER MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, AS TO THE ACCURACY OF THE DATA FROM WHICH THE PRODUCTS ARE COMPILED, AND SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
C.) IN NO EVENT SHALL FIRST DATABANK BE LIABLE TO LICENSEE OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, RELIANCE, OR SPECIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS, EVEN IF FIRST DATABANK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
D.) IN NO EVENT SHALL FIRST DATABANK'S LIABILITY EXCEED THE AMOUNT PAID TO IT BY LICENSEE FOR THE CURRENT FEE TERM OF THIS LICENSE AGREEMENT, REGARDLESS OF THE FORM OF THE ACTION OR CLAIM, AND REGARDLESS OF WHETHER THE ACTION OR CLAIM IS BASED ON ANY ALLEGED ACT OR OMISSION OF FIRST DATABANK, INCLUDING BUT NOT LIMITED TO ANY ACTION BASED ON NEGLIGENCE, BREACH OF WARRANTY OR BREACH OF CONTRACT
Hosted Solution and Prescription Server Uptime
For purposes of this section, electronic data interchange (EDI) partner means any third-party organization, vendor, or system integrator authorized to electronically exchange data with D.A.W. Systems, Inc. through a certified interface. This includes, but is not limited to, electronic health record systems, practice management systems, pharmacy management systems, veterinary platforms, or other software applications that send or receive prescription-related transactions using D.A.W. Systems, Inc.'s network or hosted services. End user means an individual who is authorized by an EDI partner or directly by D.A.W. Systems, Inc. to access and use the services for purposes permitted under the applicable agreement, including but not limited to licensed healthcare professionals, administrative staff, or pharmacy personnel. End users may interact with the services via an EDI partner platform or directly through D.A.W. Systems, Inc.'s user interfaces.
a. Service Uptime - D.A.W. Systems, Inc. targets 99.99% uptime for its services and hosted prescription servers. This equates to a maximum of approximately 52 minutes of downtime per year. While uninterrupted service cannot be guaranteed, D.A.W. Systems, Inc. will provide monthly uptime measurements excluding planned maintenance.
i. Planned outages: Routine system updates and upgrades will typically occur during off-peak hours, primarily between 9:00 p.m. Wednesday and 1:00 a.m. Thursday EST. Planned outages will not exceed 20 hours per month. D.A.W. Systems, Inc. may schedule up to three full weekend maintenance windows per year (Saturday 9:00 a.m. to Monday 12:00 a.m. EST) for major releases or operational changes. At least 14 days' advance notice will be provided via email, on-screen notification, or the D.A.W. Systems, Inc. website.
ii. Emergency outages: In the event of a critical failure outside of the standard maintenance window, D.A.W. Systems, Inc. will notify the EDI partner as soon as possible upon detection.
D.A.W. Systems, Inc. is not responsible for the availability or uptime of the EDI partner's systems, the EDI partner's customers' systems, or any third-party systems connected through the EDI partner.
b. Transaction Performance - D.A.W. Systems, Inc. endeavors to ensure that 99% of all transaction requests submitted by the EDI partner or its customers are processed within 2-5 seconds, measured from the last byte received to the first byte of response sent. D.A.W. Systems, Inc. will monitor and report on transaction latency regularly. Delays resulting from the EDI partner's internet service or infrastructure are outside of D.A.W. Systems, Inc.'s control.
c. Technical Support - D.A.W. Systems, Inc. provides technical support via phone from 8:00 a.m. to 8:00 p.m. EST, seven days a week (excluding holidays), and by email outside those hours. D.A.W. Systems, Inc. endeavors to respond to all support requests within 30 minutes or less, regardless of submission channel. D.A.W. Systems, Inc. will log and track all support issues and respond according to severity. D.A.W. Systems, Inc. does not provide support for issues arising from the EDI partner’s own systems or services provided to its end users and will refer such customer cases to the EDI partner to support.
Forward-Looking Statements Disclaimer
The information presented on this website, in our communications, and in any accompanying materials may include forward-looking statements. These statements relate to our current expectations, projections, plans, goals, and other future events or performance.
Such forward-looking statements are based on assumptions and estimates that involve risks and uncertainties, which are subject to change and may cause actual outcomes to differ materially from those expressed or implied. These risks include, but are not limited to, evolving market conditions, technological developments, regulatory changes, and business execution factors.
DAW Systems, Inc. undertakes no obligation to update or revise any forward-looking statements, whether as a result of new information, future events, or otherwise.
The inclusion of such statements on this site or in our materials should not be regarded as a representation that the projected outcomes will be achieved or that we intend to update these statements at any future date.