Exhibit C: Training

This exhibit was last updated on June 3, 2024.

Privacy and Security Training

The data contained within the Data Vendor products may contain Protected Health Information and therefore be protected by federal HIPAA laws and requirements. With this category of information you are required to have security and processes in place to protect it and to assure only authorized personnel can access it for approved purposes.

Privacy and Security:

‍Data Vendor data may contain Protected Health Information (PHI) under federal HIPAA regulations. The following are some of the things you can do to keep PHI secure.

Log out of any integrated applications that use contain PHI when not using them.
Don't leave program screens up that contain PHI when you are not using them.
Lock your computer when you walk away from it.
Secure any printouts that contain PHI on your desk; do not leave them where they can be viewed by others.
Only email the minimum amount of data needed via secure email and only to individuals that have authorization to receive the data. Sensitive information such as SSN's or health information should never be sent via normal email.
Only fax the minimum amount of data needed via secure fax and only to individuals that have authorization to receive the data.
Store all PHI per HIPAA guidelines where only authorized personal can access it.
Your organization should regularly review users of any integrated applications that contain PHI to ensure all individuals with access still need access.
Proper privacy and security training is provided to all users of PHI on a regular basis
Any third party vendors employed by clients have the necessary confidentiality and security language in their contracts and are held to the same standards as client employees.
Any data breaches or privacy violations related to data supplied by Data Vendor must be reported to Data Vendor staff.
Any revocations of HIPAA authorizations need to be reported to Data Vendor staff.