HIPAA Statement

Premier Heart's products and services retain certain information which is considered Protected Health Information (PHI) under the terms of Title II of the Health Insurance Portability and Accountability Act (HIPAA).

This information includes a patient name, identification number/code, certain demographic and physiometric information provided by the testing technician/treating physician. It also includes digitized ECG data and analysis results used to generate the diagnostic report.

Information described above is retained on Premier Heart's central servers for a minimum of seven (7) years from date of testing, however it may be maintained indefinitely at Premier Heart's option.

HIPAA Information Disclosure

Under the terms of HIPAA Title II and the HIPAA Privacy Rule Premier Heart will disclose the Protected Health Information noted above to:

The physician or technician who performed the test, in the ordinary course of using our products/services.
Insurance carriers, hospitals, etc. as required to facilitate treatment, payment, or healthcare operations.
The tested individual, upon request and subject to appropriate identity verification.

Note: It is Premier Heart's policy that patients' requests for information must be made through the physician/user who performed the test.

Direct requests from patients for copies of their MCG data are handled on a case-by-case basis.

HIPAA Information Security

To safeguard your information, Premier Heart employs the following measures to ensure complicance with the HIPAA Security Rule:

Administrative Security

Premier Heart endeavors to collect the minimum amount of personally identifiable information required to provide our services and product support.

When PHI is collected by Premier Heart access to that information is limited to the following classes of employees:

Senior Management
Medical Support Team
Systems Administration Team
Technical Support Team (Limited access)
Administrative/Billing Team (Limited access)

Physical Security

Premier Heart's servers are owned and managed by our company, and are hosted in a secure facility equipped with 24 hour security staff, video surveillance, and biometric authentication for datacenter access.

It is Premier Heart's policy to physically destroy all data storage media which has contained PHI when such media reaches the end of its service life, or when such media becomes otherwise damaged/non-functional. Media destruction is handled in accordance with the media destruction guidance provided in NIST SP 800-88.

Technical Security

Premier Heart's server infrastructure is segmented using industry best practices, minimizing the exposure of servers containing PHI. Access to these servers is restricted to senior members of the system administration team.

Internal and External transfers of PHI are encrypted (SSL/TLS), and certain identifiable information is also encrypted on disk.

Backups are routinely transferred off-site, and the backup data is encrypted prior to leaving the server which contained it to protect your personal information in the event of a compromise of the backup server or theft of the off-site backup media.