Use of our websites, services, and applications requires you to review our HIPAA Statement.

Protected health information

Med-Stop is strongly committed to guarding all your protected health information you may transmit and receive using our websites, services, and tools whether Med-Stop is a "business associate" under HIPAA (Health Insurance Portability Accountability Act) or not.

The intention of the Med-Stop HIPAA Statement is to provide satisfactory assurance that we will protect all this information. Med-Stop has implemented organizational and technical safeguards that comply with the HIPAA regulations in order to protect the confidentiality and integrity of protected health information.

Business associates

A "business associate" is a person or entity, who performs functions or activities on behalf of or provides certain services to, a "covered entity" that involve access by the "business associate" to protected health information. A "business associate" also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another "business associate".

Med-Stop is the "business associate" to the health care providers identified as Certified Medical Examiners under the National Registry of Certified Medical Examiners federal program, that act as a "covered entity" to their customers. Med-Stop enters into the written Med-Stop Business Associate Agreement with every "business associate" assuring use of protected health information only for the purposes for which it was collected, safeguarding the information from misuse, disclosing only as permitted or required by Med-Stop Business Associate Agreement or as permitted, required by law.

Your rights

Federal and State laws determine your right to your protected health information and set rules and limits on who can look at and receive your health information.

As a Customer, patient, you have the right to see and get a copy of your Medical Examination Report and other medical records related to your DOT Medical Examination process. You can do so using Med-Stop online services, print, fax or visually verify all your medical records.

You can ask to change any wrong information in your file or add information to your file if you think something is missing or incomplete. Using Med-Stop online services you can submit the information change request.

By law, your health information can be used and shared for specific reasons only. Your DOT regulated Medical Examination Report will be shared with your Employer only after your written authorization when you agree to release it to the specified Employer.

If you believe your rights are being denied or your health information is not being protected, you can contact Med-Stop or the Certified Medical Examiner who performed your Medical Examination, file a complaint by e-mail or postal mail, file a complaint with the U.S. Government.

HIPAA privacy rule

HIPAA Privacy Rule establishes national standards to protect individuals medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.

HIPAA security rule

The HIPAA Security Rule establishes national standards to protect individuals electronic personal health information that is created, received, used, or maintained by a "covered entity" or by its "business associates". The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.

Disclosure of protected health information

Med-Stop "business associates" acting to you as a "covered entity" under HIPAA regulations, transmit and store your protected health information using Med-Stop websites, services, and tools. Med-Stop is obligated to maintain privacy and security of this information as required by the Med-Stop Business Associate Agreement, state, and federal laws and will not disclose it to third parties unless explicitly authorized by you or forced by law.

Your DOT regulated Medical Examination Report will be shared with your Employer only after your written authorization when you agree to release it to the specified Employer.

Med-Stop may disclose your protected health information, if necessary, to law enforcement officials, as required to comply with a court or administrative order. We may disclose your protected health information in response to a subpoena, discovery request or other legal processes in the course of a judicial or administrative proceeding, but only if efforts have been made to tell you about the request or to obtain an order of protection for the requested information.

State laws

For all of the above purposes, when state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Med-Stop Technical Safeguards

Physical Security of Data

Equipment used by Med-Stop is located at a facility that provides 24-hour physical security with redundant power generators and air conditioners, as well as fire protection systems. Access to the facility is safeguarded by access cards with video surveillance.

Encrypted Data Transfer

Med-Stop websites, services, and tools use industry standard 128/1024/2048-bit SSL encryption based on Microsoft Cryptography technologies. Unencrypted transfer of protected health information is specifically disabled.

Network protection

Firewalls protect Med-Stop network from outside intrusion, Med-Stop monitors and logs network and firewall data. Inside the firewalls, network systems are safeguarded with network address translation, port redirection.

Backup of Data

Med-Stop uses redundant database servers as well as automated on-site and off-site daily backup of electronic data. Med-Stop off-site backups protect against hardware failure, physical and logical theft, viruses, accidental or intentional deletion, and natural disasters, they are protected by strong encryption and passwords and transmitted over the secure network connection.

Written contingency plan

Med-Stop developed the written contingency plan for responding to system emergencies as required by the HIPAA security rules, this plan includes a detailed plan concerning data backup and recovery and related processes in the event of a disaster.

Complaints

If you think Med-Stop does not guard your protected health information, you can file a complaint with us. Click here to submit your request. You may also file a complaint with the Office for Civil Rights in the U.S. Department of Health and Human Services. We will not take action against you for filing a complaint.

Contact information

If you have questions or concerns regarding Med-Stop management of your protected health information, Med-Stop Business Associate Agreement please first contact our Privacy and Security Officer by e-mail as specified on the Contact page. For full Contact information please click here.

Last Updated: 9/1/2016