OUR PLEDGE REGARDING THE PRIVACY, CONFIDENTIALITY AND SECURITY OF PROTECTED HEALTH INFORMATION ON OUR SYSTEM

BirthTracks is committed to protecting the privacy and confidentiality of your patients' protected health information. BirthTracks only uses and discloses protected health information as described on our website or as allowed by law. BirthTracks will not use or disclose any of the data provided by you or others in your practice in a manner that would violate the requirements of the Health Insurance Portability and Accountability Act ("HIPAA"), the Health Information Technology for Economic and Clinical Health (“HITECH”) Act or corresponding regulations. We ensure the confidentiality, integrity and availability of all electronic health information that we receive, maintain or transmit.

BirthTracks uses appropriate administrative and physical safeguards to prevent unauthorized use or disclosure of protected health information. BirthTracks' technical safeguards include the following:

• A system for identifying, tracking and authenticating user identity;
• An encrypted passcode system that allows only those persons that have been granted access, rights to access your patients’ protected health information;
• Automatic logoff procedures that terminate an electronic session after a predetermined time of inactivity;
• Audit controls that record and examine activity on our site;
• Policies and procedures that protect health information from improper alteration or destruction;
• Measures to guard against unauthorized access to electronic healthcare information that is being transmitted; and
• Integrity controls to ensure that electronically transmitted electronic health information is not improperly modified without detection until disposed of.

The data provided by you and others in your practice is encrypted through the passcode system. BirthTracks will use this encrypted information for purposes of data aggregation. Aggregated data only will be available for comparison purposes.

BirthTracks will not disclose protected health information to any party other than those who have access to your practice's unique passcode. This passcode is maintained by a person in your practice of your practice's designation.

BirthTracks agrees to make internal practices, policies, and records, relating to the use of protected health information available for the purposes of determining compliance with the HIPAA Privacy and Security Rules, as well as for the purposes of determining compliance with the HITECH Act.

In accordance with the HIPAA and the HITECH Act and implementing regulations, BirthTracks agrees to abide by the terms of the Business Associate Agreement contained on its website.

Data Security Statement

By requiring both a password and a passcode, BirthTracks has established a two-factor authentication system for granting remote access to data. This ensures that the only people able to access data related to your practice are those who have been granted access rights by you or your practice. For added security, BirthTracks uses an automatic logoff protocol that terminates any inactive sessions and minimizes the possibility of unauthorized access to data.

All BirthTracks data is stored on secure servers by a HIPAA compliant web hosting company, LightEdge Solutions. All data transmitted over the internet is protected by the same state of the art security used by hospitals and major financial institutions. BirthTracks transmits data using 256 bit encryption via a secure sockets layer.

BirthTracks deidentifies all protected health information before making the aggregated data of its clients available to its users. For example, we do not include the names, addresses, dates of birth, locations, or phone numbers of your patients in our aggregated data.

For additional information regarding our privacy, confidentiality and security practices, or to discuss any concerns that you may have regarding the same, please contact our Privacy and Security Compliance Officer at support@birthtracks.com.