ManageBGL eliminates concerns regarding the transfer of protected health information (PHI), as all data stored in and transferred through ManageBGL follows the “Safe Harbor” de-identification standard. More
In addition to HIPAA-compliant policies for data storage and handling, the following procedures are in place to ensure HIPAA compliance:
Client Data includes data stored by Clients in ManageBGL applications, information about a Client’s usage of the application, data instances in the CRM system that we have access to, or data that the Client has supplied to use for support or implementation. Here are the special considerations we take into account when managing Client Data:
All ManageBGL staff members are made aware of relevant external regulations as part of their induction process, and all staff who may come into contact with PHI are trained in our PHI handling processes.
ManageBGL anonymizes PHI upon receipt and destroys the original except in exceptional circumstances. Where anonymization is not possible (for example for technical reasons or where a product problem can only be recreated using PHI or if the Client specifies the data cannot be anonymized (e.g. if we are investigating a problem on a Client’s workstation), access to the data is restricted and the data is destroyed or returned to the Client as soon as it is no longer needed. Under no circumstances should identified data be added to the company dataset library.
ManageBGL expects professional integrity of our collaborators, Clients and partners providing PHI to us and will assume that they have obtained the data subject’s consent to use their data in this way.
Where a Business Associate agreement or similar contract relating to PHI is in place, ManageBGL staff members work under the terms of that agreement. Where no such agreement exists, the ManageBGL PHI handling policy and process are followed.
ManageBGL conducts periodic internal audits on compliance with this policy.
Last Modified: 4-Feb-2014