Use this banner to inform your visitors of something important.

HIPAA Privacy and Security

What is HIPAA Privacy and Security?

The HIPAA Privacy Rule provides federal protections for Personal Health Information (PHI) held by covered entities, and gives patients an array of rights with respect to that information. In addition, the Privacy Rule is balanced so that it permits the disclosure of PHI needed for patient care and other important purposes.

The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI). The HITECH Act, which is an addition to the overall HIPAA mandates, holds business associates responsible for being compliant with the HIPAA Privacy Rule and Security Rule.

The HITECH Act also mandates the Business Associate’s responsibility for holding the covered entity to the Business Associate contract and the HIPAA Privacy Rule and Security Rule. If the Business Associate becomes aware of any non-compliance by the Covered Entity, the business associate must fix the breach, terminate the Business Associate contract, and/or report the non-compliance to the Department of Health and Human Services (HHS).

In order to fulfill HIPAA regulations, Business Associates have to comply with the HIPAA Privacy Rule and Security Rule effective February 17, 2012.

Office Ally is a clearinghouse Covered Entity under HIPAA, providing Business Associate services.

What are Covered Entities and Business Associates?

Covered Entities include:

  • Health Plans
  • Health Care Clearinghouses, and
  • Health Care Providers who transmit any health information in electronic form in connection with a transaction covered by HIPAA (such transactions mostly relate to payment)**

** The HIPAA Privacy and Security Rules require Covered Entities and their Business Associates to maintain the confidentiality and the security of protected health information (“PHI”) and electronic PHI (“ePHI”).

Business Associates are third parties (not employees of a Covered Entity) that create, receive, maintain, or transmit PHI in the course of providing administrative (not health care) services for or on behalf of a Covered Entity. Examples of Business Associate services include:

  • Claims processing or administration
  • Data analysis, processing or administration
  • Utilization review
  • Quality Assurance
  • Patient Safety Activities
  • Billing
  • Benefit management
  • Practice management
  • Repricing

Accountants, EMR vendors, health care attorneys, health information exchange organizations, medical billing companies, and medical record storage companies are some examples of Business Associates.  All of these companies provide services to Covered Entities which require the Covered Entity to disclose PHI to the Business Associate to enable the Business Associate to perform its services.

Office Ally is a health care clearinghouse that acts as a Business Associate when it provides clearinghouse functions to health plans and health care providers.  In other situations, if Office Ally stores or de-identifies PHI for a client that is a Covered Entity or a Business Associate, Office Ally is acting as a Business Associate or Business Associate Subcontractor, respectively, of that Covered Entity or Business Associate.

What is a Business Associate Agreement?

The Business Associate Agreement (BAA) is Office Ally’s contract between the Covered Entity (the User) and the Business Associate (Office Ally) to ensure the protection of privacy and security of the PHI (ePHI) the User sends to Office Ally. The HIPAA Privacy and Security Rule require a contract of this kind.

The user (Covered Entity) must have a fully executed Office Ally Business Associate Agreement (BAA) on file with Office Ally in order to utilize Office Ally services.

What are the Obligations of Office Ally (Business Associate)?

The Business Associate Agreement (BAA) stipulates the requirements and limitations on how PHI (ePHI) is handled by Office Ally (Business Associate). Office Ally is a clearinghouse Covered Entity under HIPAA, providing Business Associate services.

Limitations on Use and Disclosures

  • The BAA specifically limits what Office Ally (Business Associate) can do with PHI (ePHI) that has been received or created for the User (Covered Entity). Strict limits are set so Office Ally is only able to use PHI (ePHI) to complete the agreed upon services for the User.
  • Specific Uses and Disclosures that are permitted for Office Ally are listed in the BAA

Implement Safeguards to protect PHI (ePHI)

  • Administrative
  • Physical
  • Technical
  • Policies and Procedures determined by HIPAA

Reporting a Breach of PHI (ePHI) security

  • Outlines the responsibilities of Office Ally (Business Associate) if there was any unauthorized discloser of PHI (ePHI)
  • Required to inform the User (Covered Entity) of any breach of PHI (ePHI) within a reasonable timeframe, no more than 10 days from discovery, unless specifically indicated in BAA
  • The notice needs to include what information was breached, and who it may have affected
  • Office Ally (Business Associate) will assist in investigating and responding to the breach by providing the necessary information to the User (Covered Entity)

Availability of Information to Covered Entity

The BAA outlines the type of information and the timeframe in which, if requested, Office Ally (Business Associate) must provide to the User (Covered Entity). This could include, but not limited to:

  • Request to amend PHI
  • Accounting of PHI
  • Availability of Books and Records
  • Record Retention

What are the Obligations of the User (Covered Entity)?

The User (Covered Entity) is responsible for conforming to all HIPAA regulations in their own practice/office/facility, as well as in their dealings with Office Ally (Business Associate). Office Ally is a clearinghouse Covered Entity under HIPAA, providing Business Associate services. Outlined in the BAA, there are multiple notifications the User (Covered Entity) must give Office Ally (Business Associate) if any of the following circumstances apply:

  • One of the HIPAA Privacy Rule regulations is the Notice of Privacy Practices for PHI. If there are any restrictions or changes to that notice that would hinder Office Ally’s (Business Associate) ability to perform its services, the User (Covered Entity) must notify Office Ally.
  • If there are any changes in who is authorized to access PHI (ePHI) in the User’s (Covered Entity) organization or practice, Office Ally (Business Associate) must be notified if the change would, in any way, affect the services provided.
  • The User (Covered Entity) must notify Office Ally (Business Associate) of any new restrictions or changes they have agreed to for the use or disclosure of PHI (ePHI) that would hinder the Business Associate’s ability to provide services.

The HIPAA Privacy and Security Rules establish new regulations to protect patients’ privacy, and improve the security surrounding that information. New obligations and responsibilities for Covered Entities and Business Associates help accomplish this. Office Ally strives continuously to ensure the utmost privacy and security for our users, in both the Covered Entity and Business Associate roles.

How can I obtain a copy of Office Ally’s Security Policies and Procedures?

Send an email to Office Ally’s Compliance Department, Compliance@OfficeAlly.com, with the following information:

  • Office Ally Username
  • Phone Number
  • Security Policy requested (e.g., disaster recovery, SOC 2 report, backup policy)
  • Reason For Request

Security Contacts / Incident Reporting

If you have questions about Office Ally’s Security and Privacy Policies, would like to report a suspected incident, non-compliance or unethical behaviors, contact Office Ally’s Compliance Department using one of the methods below:

  • Office Ally, Inc.
    Attn: Chere Jensen, Compliance Manager
    P.O. Box 872020
    Vancouver, WA 98687
  • Email:
    compliance@officeally.com
  • Compliance Hotline: 360-975-7004
    Leave an anonymous or identified message on Office Ally’s Compliance Hotline.

Terms and Notices

Office Ally Legal Terms and Notices

Please review the following terms and conditions concerning your use of the Web Site. By accessing, using or downloading any materials from the Web Site, you agree to follow and be bound by these terms and conditions (the "Terms"). If you do not agree with these Terms, please do not use this Web Site.

General Use Provisions

All materials provided on this Web Site, including but not limited to information, documents, products, logos, graphics, sounds, images, software, and services ("Materials"), are provided either by Office Ally or by their respective third party manufacturers, authors, developers and vendors ("Third Party Providers") and are the copyrighted work of Office Ally and/or its Third Party Providers. Except as stated herein, none of the Materials may be copied, reproduced, distributed, republished, downloaded, displayed, posted or transmitted in any form or by any means, including but not limited to electronic, mechanical, photocopying, recording, or other means, without the prior express written permission of Office Ally or the Third Party Provider. Also, you may not "mirror" any Materials contained on this Web Site on any other server without Office Ally's prior express written permission.

Except where expressly provided otherwise by Office Ally, nothing on this Web Site shall be construed to confer any license under any of Office Ally's or any Third Party Provider's intellectual property rights, whether by estoppel, implication, or otherwise. You acknowledge sole responsibility for obtaining any such licenses. See the "Legal Contact Information" below if you have any questions about obtaining such licenses. Materials provided by Third Party Providers have not been independently reviewed, tested, certified, or authenticated in whole or in part by Office Ally. Office Ally does not provide, sell, license, or lease any of the Materials other than those specifically identified as being provided by Office Ally.

Office Ally hereby grants you permission to display, copy, distribute and download Office Ally's Materials on this Web Site provided that: (1) both the copyright notice identified below and this permission notice appear in the Materials; (2) the use of such Materials is solely for personal, non-commercial and informational use and will not be copied or posted on any networked computer, broadcast in any media, or used for commercial gain; and (3) the Materials are not modified in any way. This permission terminates automatically without notice if you breach any of these terms or conditions. Upon termination, you will immediately destroy any downloaded or printed Materials.

Any unauthorized use of any Materials contained on this Web Site may violate copyright laws, trademark laws, the laws of privacy and publicity, and communications regulations and statutes.

Links to Third Party Sites

This Web site may contain links to web sites controlled by parties other than Office Ally. Office Ally is not responsible for and does not endorse or accept any responsibility for the contents or use of these third party web sites. Office Ally is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Office Ally of the linked web site. It is your responsibility to take precautions to ensure that whatever you select for your use is free of viruses or other items of a destructive nature.

Software use Restrictions

Any software that may be made available to download from this Web Site ("Software") is the copyrighted work of Office Ally and/or Third Party Providers. Use of the Software is governed by the terms of the end user license agreement that accompanies or is included with the Software ("License Agreement"). An end user agrees to the License Agreement terms by installing, copying, or using the Software. The Software is made available for downloading solely for use by end users according to the License Agreement. Without limiting the foregoing, the copying or reproduction of the Software to any other server or location for further reproduction or redistribution is expressly prohibited. Any reproduction or redistribution of the Software not in accordance with the License Agreement is expressly prohibited by law, and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.

THE SOFTWARE IS WARRANTED, IF AT ALL, ONLY ACCORDING TO THE TERMS OF THE LICENSE AGREEMENT. EXCEPT AS MAY BE EXPRESSLY WARRANTED IN THE LICENSE AGREEMENT, Office Ally HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED REPRESENTATIONS, WARRANTIES, GUARANTIES, AND CONDITIONS WITH REGARD TO THE SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED REPRESENTATIONS, WARRANTIES, GUARANTIES, AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Installation assistance, product support and maintenance, if any, of the Software is available from Office Ally and/or the Third Party Providers, as applicable.

Restricted Rights Legend

Any Software, which is downloaded from this Server for or on behalf of the United States of America, its agencies and/or instrumentalities ("U.S. Government"), is provided with Restricted Rights. Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software - Restricted Rights at 48 CFR 52.227-19, as applicable. Manufacturer is Office Ally.

Submissions

Except where expressly provided otherwise by Office Ally, all comments, feedback, information or materials submitted to Office Ally through or in association with this Web Site ("Submissions") shall be considered non-confidential and Office Ally's property. By providing such Submissions to Office Ally, you agree to assign to Office Ally, at no charge, all worldwide rights, title and interest in copyrights and other intellectual property rights to the Submissions. Office Ally shall be free to use and/or disseminate such Submissions on an unrestricted basis for any purpose. You acknowledge that you are responsible for the Submissions that you provide, and that you, not Office Ally, have full responsibility for the Submissions, including their legality, reliability, appropriateness, originality and copyright.

Disclaimer

EXCEPT WHERE EXPRESSLY PROVIDED OTHERWISE BY OFFICE ALLY, THE MATERIALS ON THE WEB SITE ARE PROVIDED "AS IS", ARE EXPERIMENTAL, AND ARE FOR COMMERCIAL USE ONLY, AND OFFICE ALLY HEREBY DISCLAIMS ALL EXPRESS OR IMPLIED REPRESENTATIONS, WARRANTIES, GUARANTIES, AND CONDITIONS, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. OFFICE ALLY MAKES NO REPRESENTATIONS, WARRANTIES, GUARANTIES, OR CONDITIONS AS TO THE QUALITY, SUITABILITY, TRUTH, ACCURACY, OR COMPLETENESS OF ANY OF THE MATERIALS CONTAINED ON THE WEB SITE.

Limitation of Liability

OFFICE ALLY SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED AS A RESULT OF USING, MODIFYING, CONTRIBUTING, COPYING, DISTRIBUTING, OR DOWNLOADING THE MATERIALS. IN NO EVENT SHALL OFFICE ALLY BE LIABLE FOR ANY INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGE (INCLUDING BUT NOT LIMITED TO LOSS OF BUSINESS, REVENUE, PROFITS, USE, DATA OR OTHER ECONOMIC ADVANTAGE), HOWEVER IT ARISES, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE FROM THIS WEB SITE, EVEN IF OFFICE ALLY HAS BEEN PREVIOUSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. YOU HAVE SOLE RESPONSIBILITY FOR THE ADEQUATE PROTECTION AND BACKUP OF DATA AND/OR EQUIPMENT USED IN CONNECTION WITH THE WEB SITE AND YOU WILL NOT MAKE A CLAIM AGAINST OFFICE ALLY FOR LOST DATA, RE-RUN TIME, INACCURATE OUTPUT, WORK DELAYS, OR LOST PROFITS RESULTING FROM THE USE OF THE MATERIALS. YOU AGREE TO HOLD OFFICE ALLY HARMLESS FROM, AND YOU COVENANT NOT TO SUE OFFICE ALLY FOR, ANY CLAIMS BASED ON OR RELATED TO THE USE OF THE WEB SITE.

Local Laws; Export Control

Office Ally controls and operates this Web Site from its headquarters in various locations in the United States of America and makes no representation that these Materials are appropriate or available for use in other locations. If you use this Web Site from other locations, you are responsible for compliance with applicable local laws including but not limited to the export and import regulations of other countries. Unless otherwise explicitly stated, all marketing or promotional materials found on this Web Site are solely directed to individuals, companies or other entities located in the United States of America. You acknowledge and agree that Materials are subject to the U.S. Export Administration Laws and Regulations. Diversion of such Materials contrary to U.S. law is prohibited. You agree that none of the Materials, nor any direct product there from, is being or will be acquired for, shipped, transferred, or re-exported, directly or indirectly, to proscribed or embargoed countries or their nationals, nor be used for nuclear activities, chemical biological weapons, or missile projects unless authorized by the U.S. Government. Proscribed countries are set forth in the U.S. Export Administration Regulations. Countries subject to U.S. embargo are: Cuba, Iran, Iraq, Libya, North Korea, Syria, and the Sudan. This list is subject to change without further notice from Office Ally, and you must comply with the list as it exists in fact. You certify that you are not on the U.S. Department of Commerce's Denied Persons List or affiliated lists or on the U.S. Department of Treasury's Specially Designated Nationals List. You agree to comply strictly with all U.S. export laws and assume sole responsibility for obtaining licenses to export or re-export as may be required.

General

This Web Site may include inaccuracies or typographical errors. Office Ally and the Third Party Providers may make improvements and/or changes in the products, services, programs, and prices described in this Web Site at any time without notice. Office Ally may periodically make changes to the Web Site. California law and controlling U.S. federal law will govern any action related to these Terms. No choice of law rules of any jurisdiction will apply. These Terms represent the entire understanding relating to the use of the Web Site and prevail over any prior or contemporaneous, conflicting or additional, communications. Office Ally has the right to revise these Terms at any time without notice by updating this posting. Any rights not expressly granted herein are reserved by Office Ally.

Intellectual Property Notices

Elements of the Web Site are protected by trade dress and other laws and may not be copied or imitated in whole or in part. No logo, graphic, sound or image from the Web Site may be copied or retransmitted unless expressly permitted by Office Ally.

Office Ally, the Office Ally logo, and/or other Office Ally products referenced herein are trademarks of Office Ally, and may be registered in certain jurisdictions. All other product names, company names, marks, logos, and symbols may be the trademarks of their respective owners.

Copyright © 1999 - 2022 Office Ally. All rights reserved.

Legal Contact Information

If you have any questions about these Terms, or if you would like to request permission to use any Materials, please contact Office Ally Legal at (360) 975-7000.

Talk with a Trusted Ally

Sales Professionals

Need help finding a product or figuring out which product(s) to is right for you?

If so, please speak with one of our Sales Consultants. We're helpful, friendly, and provide easy-to-understand breakdowns of our products. Connect with us today.

Connect with Sales
arrow

Support Experts

Need help setting up a product or figuring out how to do something specific? Or is it a bit more complicated?

If so, please talk with one of our Support Experts.
We're your Ally, here to help support you and your team. Connect with us today for live support, , & more.

Connect with Support
arrow