HIPAA / HITECH
HIPAA (Health Insurance Portability and Accountability Act) was signed into law on August 21, 1996, Public Law 104-191. This law was designed to provide insurance portability, to improve the efficiency of health care by standardizing the exchange of administrative and financial data, and to protect the privacy, confidentiality and security of health care information. It impacts all areas of the health care industry.
Electronic Prescribing applications created and sold by Daw Systems, Inc. have been reviewed in order to determine how to best assist our customers with their HIPAA readiness issues. Daw Systems, Inc. has taken all reasonable and industry standard steps to ensure compliance with HIPAA standards.
D.A.W. Systems, Inc. may at times have a need to use and disclose patient information which is governed by the rules and regulations established under HIPAA, the Health Insurance Portability and Accountability Act of 1996, and related policies and procedures of D.A.W. Systems, Inc. Therefore, with regard to patient information, D.A.W. Systems, Inc. commits to the following obligations: a) will use and disclose confidential health information solely in accordance with the federal, state and company policies set forth above and elsewhere, including but not limited to the company policy handbook. b) In the event of a unauthorized disclosure (release, transfer, provision of, access to, or divulging in any other manner, of information outside the entity holding the information) of Personal Health Information (PHI), Daw systems, Inc. will immediately take steps to mitigate the exposure, unauthorized use and/or disclosure of PHI. D.A.W. Systems, Inc. will follow company policy and federal state law in dealing with the breach. This shall include notifying the affected individual(s) and following any HIPAA/HITECH related provisions. All workforce members of D.A.W. Systems, Inc. who become aware of or suspect any unauthorized use or disclosure of protected health information (PHI), or a breach in the security of a computerized system containing such information, shall be responsible for reporting such unauthorized access or breach to their supervisor or to the designated Security and Privacy Officer.
Below are the details of the policies and procedures in the event of potential or actual breach of Unsecured PHI:
Step 1 - Discovery: A breach of PHI will be deemed discovered as of the first day Daw Systems, Inc. knows of the breach. If a potential breach is discovered, it must be immediately reported to the Security and Privacy Officer. The Security and Privacy Officer will then notify the Systems Security Officer.
Step 2 - Internal Reporting: All D.A.W. Systems, Inc. employees must incidents that may involve the loss of, improper disclosure of, or improper access to PHI or ePHI (for example, the loss or theft of paper PHI; the loss or theft of a computer, smartphone, or thumb drive storing ePHI; or an electronic intrusion into a computer storing ePHI). Reports should be made to the Security and Privacy Officer who will also notify the Systems Security Officer. Even if you believe that no ePHI or PHI was compromised, you must notify the Security and Privacy Officer if you believe that any type of sensitive data was compromised. You must also promptly notify your immediate supervisor if any physical or information asset is damaged.
Step 3 - Investigation: Upon receipt of notification of potential breach, the Security and Privacy Officer or his/her designee, shall promptly conduct an investigation. The investigation shall include interviewing employees involved, collecting written documentation, and completing all appropriate documentation. The Security and Privacy Officer shall retain all documentation related to potential breach investigations for a minimum of six years.
Step 4 - Risk Assessment and Recommendation: After investigation is complete, the Security and Privacy Officer will perform a Risk Assessment. The purpose of Risk Assessment is to determine if a use or disclosure of PHI constitutes a breach and requires further notification to the Covered Entity. The Security and Privacy Officer shall appropriately document the Risk Assessment and make a recommendation to the President and CEO whether notification to the Covered Entity of the potential breach would be prudent. A written record of an action, activity, or assessment that is required by D.A.W. Systems, Inc. security policies to be documented, must be maintained for six (6) years from the date of its creation or the date when it was last in effect whichever is later.
Step 5 - Sanctions: Daw Systems, Inc. employees who fail to fully comply with D.A.W. Systems, Inc. HIPAA Privacy, Security, and Breach Notification Policies and Procedures contained herein will be subject to sanctions as deemed appropriate by management.
If you have any questions regarding D.A.W. Systems, Inc. processes or HIPAA-readiness issues, please ask your HIPAA question through e-mail. D.A.W. Systems, Inc. is available to enter into any Business Associate Agreements (BAA) for the purpose of HIPAA privacy regulations. To request a HIPAA or BAA information, please email your business name and contact information to: info@dawsystems.com.
Advertising
D.A.W. Systems, Inc. does not provide advertising within its applications. Obtrusive advertisements, including pop-up messages, are strictly prohibited. D.A.W. Systems, Inc. may, however, provide links to pharma sites or services or other businesses that provide coupons or educational material for physicians and patients. These will not interfere with the normal use of the software and would require a "click" by the user to access.
Prescribing Freedom
It is DAW policy not to influence prescribing decisions of an end users. DAW software may provide a great deal of information on all medications and as pertains to the insurance formulary as received by SureScripts. DAW will not encourage/influence prescribing decisions that exceed formulary, benefit, or any other treatment-based information. The software may present formulary information on-screen; this is for informational purposes only and to assist and not influence the prescriber with prescribing for a particular patient. Furthermore, DAW does not message a patient or prescriber about the benefits of medications over another. All medications are given the same treatment throughout the software. Sometimes pharma will provide a coupon to give to a patient. This is a dynamic print and there is no indication on-screen as to the existence of the coupon prior to printing or sending the prescription electronically.
Links to Third Party Web Sites
The links in this web site will allow you to leave Daw Systems, Inc.'s web site. The linked sites are NOT under the control of D.A.W. Systems, Inc., and D.A.W. Systems, Inc. is not responsible for the contents of any linked site or any link contained in any linked site. D.A.W. Systems, Inc. is not responsible for any changes or updates to such sites. D.A.W. Systems, Inc. provides these links to you solely as a convenience. The inclusion of any link does not constitute nor imply endorsement by D.A.W. Systems, Inc. of the linked site.
Disclaimers
A.) First DataBank has utilized reasonable care in collecting and reporting the information contained in the Licensed Products and has obtained such information from sources believed to be reliable. First DataBank, however, does not warrant the accuracy of codes, prices or other data contained in the Licensed Products. Information reflecting prices is not a quotation or offer to sell or purchase. The clinical information contained in the Licensed Products is intended as a supplement to, and not a substitute for, the knowledge, expertise, skill, and judgment of physicians, pharmacists, or other healthcare professionals in patient care. The absence of a warning for a given drug or drug combination should not be construed to indicate that the drug or drug combination is safe, appropriate or effective in any given patient.
B.) FIRST DATABANK MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED AND FURTHER MAKES NO WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, AS TO THE ACCURACY OF THE DATA FROM WHICH THE PRODUCTS ARE COMPILED, AND SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
C.) IN NO EVENT SHALL FIRST DATABANK BE LIABLE TO LICENSEE OR ANY THIRD PARTY FOR ANY CONSEQUENTIAL, INDIRECT, INCIDENTAL, RELIANCE, OR SPECIAL DAMAGES, INCLUDING BUT NOT LIMITED TO LOST PROFITS, EVEN IF FIRST DATABANK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
D.) IN NO EVENT SHALL FIRST DATABANK'S LIABILITY EXCEED THE AMOUNT PAID TO IT BY LICENSEE FOR THE CURRENT FEE TERM OF THIS LICENSE AGREEMENT, REGARDLESS OF THE FORM OF THE ACTION OR CLAIM, AND REGARDLESS OF WHETHER THE ACTION OR CLAIM IS BASED ON ANY ALLEGED ACT OR OMISSION OF FIRST DATABANK, INCLUDING BUT NOT LIMITED TO ANY ACTION BASED ON NEGLIGENCE, BREACH OF WARRANTY OR BREACH OF CONTRACT
Hosted Solution and Prescription Server Uptime
a. Service Uptime - DAW does not promise that the Services or the Severs that EDI Partner may communicate through at DAW will be uninterrupted or error-free, however, we strive for 99% uptime. This means that for up to 87 hours and 36 minutes per year, there may service interruption for updates and upgrades. DAW Service Availability will be provided at 99% uptime measured on a monthly basis, excluding planned outages. Planned outages will not exceed 20 hours per month. Planned weekly outages will generally be during the hours of 9:00 p.m. Wednesday through 1:00 a.m. Thursday, EST. DAW may announce up to three weekend outages per year to install new software releases or for other operational purposes. Weekend outages will be during the hours of 9:00 a.m. Saturday through 12:00 a.m. Monday, EST. EDI Partner will be notified of changes to the schedule of planned outages or of weekend outages at least fourteen (14) days in advance of the change, by email, fax, on-screen notification or DAW website. DAW has no responsibility for the availability of EDI Partners, EDI Partners Customers or any Participants system and those systems may not have the same availability as the DAW Services. DAW will measure and report on this Service Level on a regular basis.
i. Planned outages: From time to time, DAW may need to perform updates and upgrades to existing systems and software. Any planned outages will take place during off-peak hours, unless not feasible.
ii. Emergency outages: If at any time there is a critical failure of service critical service outside the standard maintenance schedule prior to a planned outage. The EDI Partner will be notified immediately after DAW has become aware of such an occurrence.
b. Transaction Performance - 99% of transaction requests received by DAW from EDI Partner or EDI Partners Customers will be delivered immediately or within 2-5 seconds as measured between the last byte of request received by DAW from EDI partner or EDI Partners Customers and the first byte of response sent. DAW will measure and report on this Service Level on a regular basis. DAW is not responsible for slowness due to EDI Partners internet provider service level.
c. Technical Support. Technical support will be available seven days a week by phone or email. An initial response to a problem report will be provided within 30 minutes or less. A help desk will be staffed with qualified personnel during the hours of 9:00 a.m. through 5:00 p.m. EST, Monday through Friday, excluding holidays. DAW has no responsibility to assist in resolving EDI Partners Customer problems related to EDI Partners System or EDI Partners products and services provided to EDI Partner Customers. DAW will log and track all problem calls and will respond according to the severity levels.