HIPAA Compliance

CaduRx data management protocols are 100% HIPAA compliant. Great care has been taken to ensure that the data entrusted to us is carefully guarded. State-of-the-art network security, user certification and credentialing, strong login authentication, and comprehensive audit logs have been deployed to ensure maximum compliance. Our nationally prominent legal counsel has helped us craft a user agreement that will provide all parties with maximum protection.

The CaduRx patient record is an Internet-accessible, centralized healthcare record that permits interoperable access to patient data by any authorized healthcare giver who subscribes to the CaduRx system. This means that patient records are truly portable: you can access your patient's records from any Internet connection and patient records that you create can be accessed by other providers if the patient so authorizes or if a care situation requires access.

HIPAA privacy rules are not designed to prevent treating physicians from having access to health records of their patients. In fact, the Privacy Rule specifically provides that a physician "may disclose protected health information for treatment activities of a health care provider." See 45 CFR §164.506(c)(2).

The Office of Civil Rights ("OCR") of the Department of Health and Human Services is charged with enforcing the HIPAA Privacy Rule. The OCR has clarified that healthcare providers may share protected health information to other providers for treatment purposes. In its December, 2002 Guidance on the HIPAA Privacy Rule, the OCR explains: "Ready access to treatment and efficient payment for healthcare, both of which require use and disclosure of protected health information, are essential to the effective operation of the health care system." (OCR Guidance (12/3/2002) at p. 54) Hence, consulting with other health care providers about a patient is within the HIPAA Privacy Rule¿s definition of ¿treatment¿ and, therefore, is permissible. Healthcare providers are expressly permitted to disclose or have access to protected health information about an individual for whom they are providing treatment.

The CaduRx agreement specifically enumerates this authority in § 3 (d) of its Terms of Service Agreement, wherein providers agree that protected health information is stored in interoperable patient records that allow access to multiple providers who have a treatment need.

The CaduRx terms of service agreement combines the software end user license agreement and the business associate agreement into one document that defines the parameters of the software license and delineates the terms of the community-centered patient record.

CaduRx is compliant with all HIPAA requirements that describe data management for protected health information. The CaduRx system is built around patient safety, security and convenience.