The Privacy Rule limits the activities of health care providers and administrators who have access to personal health records and prevents them from acting carelessly or irresponsibly. Providers and organizations are obligated to take measures to insure that the personal health information in their hands is protected from unauthorized disclosure and is used only for its intended purposes as defined by law.

Under the Privacy Rule, a “covered entity,” such as a health plan, may disclose personal health information to “business associates” who have been contracted to provide health care services or health care operations support on behalf of the covered entity.

As a business associate acting on behalf of employer-sponsored health plans, Cardium Health is fully obligated under the business associate provisions of the Privacy Rule. Cardium Health receives information that is protected under the Privacy Rule (“protected health information” or PHI) through claim records, HRA's and referrals for medical or pharmacy benefits, and through contact with participants’ doctors.

Cardium Health participants can be certain that the organization is in full compliance with HIPAA and that their personal information is well protected at all times. Cardium Health also guarantees the protection of any information, of any nature, exchanged between participants and Cardium Health clinicians.

< Previous Page