Coverage of Waystar Web Site
This Policy is separate from, but directly affected by, HIPAA requirements on privacy and security. Waystar continues to track HIPAA’s “administrative simplification” roll out and aids regulators, and ultimately our customers, by providing comments and consultation on the roll out through our membership on the WEDI contact committee (a consultative body composed of healthcare service providers, payers, and interested professionals organized in association with HCFA (now renamed “CMS” — Centers for Medicare and Medicaid Services). Waystar has made a corporate commitment to the privacy and security of our customers’ (and their patients’) personal, and especially, healthcare information, in addition to required compliance with any regulatory mandates issued under HIPAA. We are presently compliant with HIPAA regulations on transaction sets, and intend to remain compliant as final regulations are issued after legislative scrutiny. Recent CMS rulings have revealed another major benefit that our provider customers receive from utilizing Waystar’s HIPAA – compliant product: providers facing HIPAA privacy and security requirements in regard to their own practice management systems may be “exempted” from a major portion of the regulations if they receive material claim processing services that are deemed HIPAA-compliant from a third party processor like Waystar. Thus, Waystar’s compliance with HIPAA transaction mandates can be attributed to applicable portions of a provider customer’s internal practice management system through its contract relationship with, and service undertaking from Waystar. We also understand that this exemption is applicable to the payer community and its HIPAA-related obligations. In addition, it should be noted that our transaction clearinghouse has brought us a long way toward HIPAA compliance, since, unlike all others in the industry, it has been built using HIPAA mandated transaction sets at its core. We track regulatory changes and political debates regarding the scope of HIPAA, work with industry groups to educate our staff on privacy and security issues, and regularly revise and redraft implementation guides to include increasing privacy and security features with an eye both to customer/patient protection and commercial reasonability. By providing staff education and awareness programs, designating a corporate HIPAA compliance team, and conducting a number of business impact analyses on ourselves and several of our customers, we have forged a culture of privacy at Waystar that will put us in good stead for implementing all HIPAA regulations.
Information We Collect
Information We Collect From Non-Subscriber Visitors
Visitors to our Web site can access the Web site’s home page, and browse some areas of the site, without disclosing any personally identifiable information. We do track information provided to us by your browser, including the Web site you came from (known as the “referring URL”), the type of browser you use, the time and date of access, and other information that does not personally identify you. A person/entity must enroll with us to use much of the site.
Information We Collect When You Register/Enroll
A customer registering or enrolling for use of our services, whether the registration is done on our Web site or via a paper contract entered into by Waystar and the customer, is asked to provide us with identifying information, such as name, address, and contact information. On our registration screen and in our contracts we clearly specify what information is required for enrollment, and what information is optional and may be given at your discretion. Waystar allows users to correct and update their personal information at any time by changing their Personal Profile on-line. Information Included in Claim Transactions We Receive from You (That We Process, Validate, and Amend if necessary, and Submit to Appropriate Payers for Adjudication, Especially Personally Identifiable Healthcare and Medical Record Information Contained In Such) As part of the rendition of our claim transaction processing services, we will receive certain information from our customers about their patients and healthcare procedures associated with them that is either personally identifiable or otherwise sensitive. In accordance with the spirit and letter of HIPAA, best corporate practices, and rational business ethics for the healthcare industry, we do all within our power to keep such information both secure and private. We work with provider and payer customers to develop ever more precise communication vehicles for encrypting and otherwise securing this information.
E-Mail Help and Customer Support
Waystar offers e-mail help and designated Customer Service representatives to its users. For your protection, we only use Waystar employees for these services and have made it Company policy not to contract specialty service providers for these purposes. Therefore, you should assume that any information (personal to the provider, or patient-identifiable healthcare information) that is disclosed in communications with either or both of these areas will be seen by Waystar personnel. However, although Waystar personnel have all signed confidentiality agreements and undergo regular training on proper use and storage of customer transmitted information, customers should never send details of personal information or patient healthcase information within an e-mail. In order to further assure efficient and effective handling of customer problems referred to us, Waystar has created and maintains an incident tracking system that details referred problems and expedites speedy resolution.
Information From Outside Sources
We may also collect information about physicians and other healthcare professionals who register on our Web site from other sources in order to verify their licensure status and identity. In some cases we may ask customers for information after they enroll, such as credit card information. Where necessary (for example, to process automatic monthly subscription fee billing), our organization may contact financial or credit organizations to confirm customer credit card information.
Additional Forms and E-Mails: We may ask you to provide additional information after you register if you want to obtain additional services or information on new products or to resolve complaints or concerns.
Uses We Make of Information
Marketing and Advertising
We may target our advertising or marketing depending upon information we have about you. In any such case, the marketer or advertiser will not have access to any customer personal information or any patient-related personally identifiable healthcare information.
In addition to aggregate information, we may share some kinds of information with third parties, as described below:
Protection of Information — Security
We have implemented technology and security policies, rules, and other measures to protect the personally identifiable data of customers and their patients that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. We also protect this information by requiring that all of our employees and others who have access to or are associated with the processing of this data to respect your confidentiality, and confirm this obligation to you by signing a confidentiality agreement with us. Where we allow a healthcare provider or payer to access actual medical records created by a healthcare provider, we require that the browser used support a high level of encryption to reduce security risks. Waystar uses security methods to determine the identity of its registered users, so that appropriate rights and restrictions can be enforced for the user. Reliable verification of user identity is called authentication. Waystar uses both passwords and usernames to authenticate users. Users are responsible for maintaining their own passwords. NEVER SHARE YOUR WAYSTAR USERNAME OR PASSWORD WITH ANYONE. PLEASE USE THE “LOG OFF” BUTTON WHEN EXITING THE WAYSTAR WEB SITE; THIS ENDS YOUR SESSION AND HELPS PREVENT UNAUTHORIZED USERS FROM ACCESSING YOUR ACCOUNT.
Security Practices and Technology
Storage and Protection of Healthcare Information
Access to Information
Correction of Information We Have About You
If you believe that non-healthcare-related registration information collected by our Web site is in error, you may edit your personal profile at any time that you wish. You can directly edit your user profile on our Web site. Requests for deletion of your record may result in your removal from our registry of customers causing some future disjunctions, but we are willing to accede to your wishes. Despite such removal, we may keep certain demographic information (non-identifiable) about you for product improvement purposes. You may contact Waystar Customer Support and ask for the changes you would like to make.