EpicCare Link Terms & Conditions

 

EpicCare Link is provided by OHSU and affiliates with whom OHSU has agreed to share an electronic medical record (collectively, “Health Care Providers”).  For the purpose of these Terms and Conditions, Health Care Providers include Oregon Health & Science University (“OHSU”), Tuality Healthcare d/b/a Hillsboro Medical Center, Adventist Health Portland and Adventist Health Columbia Gorge.    You will be able to access health information for patients of the Health Care Providers for care, treatment and limited research purposes through one OHSU EpicCare Link account (“Health Records”).  Access to EpicCare Link is provided subject to compliance with the Terms and Conditions set forth below. 

 

If OHSU discovers that you have misused or abused EpicCare Link access privileges in any way, OHSU, without prior notice, may discontinue your participation in EpicCare Link and may report your actions to the Department of Health and Human Services Office for Civil Rights and other appropriate agency as may be required by State or Federal law. Your use of EpicCare Link is voluntary and requires that you read and accept the following Terms & Conditions of Use.

 

Covered Entity/Business Associate Status
If I am a covered entity or business associate as those terms are defined by 45 CFR § 160.103 by agreeing to these Terms and Conditions, I acknowledge and agree that I am subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA).

If I am not a covered entity or business associate under HIPAA, I acknowledge that by agreeing to these Terms and Conditions, I also agree to adhere to all of the limitations, prohibitions and requirements applicable to my access, use and disclosure under HIPAA. 

 

Use of EpicCare Link for research purposes

 

1.     EpicCare Link is not to be used for Reviews Preparatory to Research.   Please contact the EpicCare Link Help Desk or OHSU IRB for more information.

 

2.     If I am accessing OHSU Connect for a research monitoring, I represent the following: 

 

a.     No PHI from EpicCare Link will be removed, downloaded, copied, saved, printed, faxed, retained on a device, subject to data scraping or otherwise removed from EpicCare Link in the course of the review.

b.     Remote access connectivity (i.e., out-of-office computer access achieved through secure connections with access controls and authentication) involves a transmission of electronic PHI, which is not necessarily a removal of PHI under the Privacy Rule, even though the covered entity is providing access to the PHI, and the PHI is being accessed and/or used by the researcher. However, although the access to PHI through a remote access connection is not itself a removal of PHI, the printing, downloading (with a limited exception), copying, saving, data scraping, or faxing of such PHI, or any other means by which a researcher outside the covered entity might control or retain the PHI, would be considered to be a removal of PHI from a covered entity.

 

3.     I further agree to comply with the terms and conditions applicable to Protected Health Information (PHI) as defined in HIPAA and only use and disclose PHI as permitted by HIPAA

 

EpicCare Link Terms and Conditions for Use
I understand and acknowledge the following:

 

1. I am an authorized user who is using EpicCare Link to gain access via the Internet to a Health Care Provider patient's Health Record for treatment, payment or health care operations purposes, as those terms are defined by HIPAA. I understand a patient's Health Record may include both Health Care Provider proprietary data and Protected Health Information (PHI) as defined in HIPAA. I agree to access, use and disclose an Health Care Provider Health Records only for purposes permitted or required by HIPAA and other federal and state laws.

 

2. I agree to use all reasonable and necessary safeguards as required by HIPAA and other federal and state laws to ensure the confidentiality, integrity and availability of all Health Records received, transmitted, downloaded, copied, printed, or stored via EpicCare Link.

 

3. I am responsible for securing and maintaining the confidentiality of any Health Record that I print or download from EpicCare Link and that I am responsible for any breach of the confidentiality or integrity of such Health Records.

 

4. I will use EpicCare Link only to access Health Records for patients with whom I have a business or treatment reason for accessing and only for reasons permitted by HIPAA.

 

5. I am fully responsible for any resulting harm caused by misuse of or failure to maintain the confidentiality and integrity of any OHSU Health Record that I access through EpicCare Link.

 

6. Without limiting the general agreements above, I further agree to:
1. Thoroughly review the on-line training materials once I have logged in to the site. If I am unsure how to use certain EpicCare Link functionality, I agree to contact the EpicCare Link Help Desk for guidance before proceeding.
2. Report to the EpicCare Link Help Desk any unauthorized use or disclosure of any portion of an OHSU Health Record of which I become aware;
3. Advise patients requesting amendments to their medical records that I do not have the authorization or the ability to alter Health Care Provider records and that any amendments or corrections to it must be accomplished by contacting their health care provider directly;
4. Take appropriate precautions to ensure that unauthorized personnel will not have access to see data during my use of EpicCare Link and that I will logout or “secure” the EpicCare Link screen when the application is not being used;
5. Document my disclosures of any Health Records as required by 42 CFR § 164.528 and provide this documentation to OHSU if requested;
6. If I receive a request from a court or governmental agency for disclosure of any OHSU Health Record that I accessed from EpicCare Link, I will immediately notify the EpicCare Link Help Desk unless such disclosure is otherwise prohibited by law.

 

7. I understand that use of EpicCare Link is subject to OHSU vendor contracts that may restrict the use of the product. As an authorized user, I agree that I may not:

 

1. Use, sell, disclose, transfer or otherwise permit or facilitate third-party access to OHSU Health Records via EpicCare Link or otherwise except as permitted by these Terms & Conditions; or
2. Use or disclose any Health Record with the intent to negatively impact the competitive advantage of OHSU in the marketplace.

 

8. If a use or disclosure of Health Records is not permitted by these Terms & Conditions.  Any use or disclosure of any Health Records when access to such record was obtained via EpicCare Link shall require express written permission of OHSU if such use or disclosure is not permitted by these Terms & Conditions.

 

9. All Health Records will remain the property of Health Care Providers. There is no intent to transfer any rights or legal interest in any Health Record to the authorized user. t I will not copy or utilize any OHSU Health Record for any purpose except as permitted or required by HIPAA and other federal and state laws.

 

10. I understand that the EpicCare Link system is not a substitute for direct dialog with a Health Care Provider about a patient encounter.

 

11. I understand that any Health Record received via EpicCare Link may be incomplete, out-of-date or incorrect. I understand OHSU does not make any representations or warranties regarding any Health Record, and I agree to waive any and all claims against Health Care Providers, including OHSU, its directors, employees and agents for any loss, injury or claims of any kind resulting from incomplete, out-of-date or incorrect information in the Health Record.

 

12. I agree to review the general guidelines below to help protect electronic information:
1. Passwords

                                          i.    Do not share passwords

                                         ii.    Do not write down passwords

                                        iii.    Do not use Web browser's “save password” functionality and always type in the password

                                        iv.    Change passwords often

                                         v.    Conventions for choosing a password:

1.     Avoid passwords that are easy to guess such as names of pets, children, spouse, birth dates, addresses, or any words in a dictionary or thesaurus

2.     Passwords should be at least 8 characters long and include all of the following elements:

3.     An alpha character (e.g., zyxwvut…)

4.     A numeric character (e.g., 12345…)

5.     A capitalized letter or non-alphanumeric character (e.g., ! @ # $…)For example, passwords constructed from the first letter of words from the title of a favorite song are easy to remember and difficult to guess

6.     Another choice is a “phrase key” password (Don't Just Sit There! Do Something) translates to the password: DJST!DS. For security reasons please do not use this example.

 

2. Printing Health Records on Paper:

                                          i.    Only print something if a hard copy is needed

                                         ii.    Make sure print outs are secured

                                        iii.    Destroy (cross-shred or burn) printed material when it is no longer needed

 

3. Transferring Health Records to Electronic Media:

                                          i.    Only access data if access is authorized

                                         ii.    Encrypt all transmissions and storage media

                                        iii.    Store discs, backup tapes, flash drives and other electronic media in a locked cabinet/safe

                                        iv.    Completely wipe the data from electronic storage devices before discarding or reusing. Note: Simple delete or reformat functions do not adequately eliminate electronic data. Determine where your applications store their temporary files, and examine these areas on a regular basis to make sure they do not contain any confidential information.

 

4. Physical Security of Area When Accessing EpicCare Link:

                                          i.    Be aware of your environment:

1.     Limit visibility of the EpicCare Link screen when working on the computer

2.     Limit access to files and hardware that contain confidential Health Care Provider information to those with a need to know

3.     Password protect files

4.     Power-on password for computer

5.     Use a password on screen saver

6.     Logout of applications when finished

7.     Logout when leaving the computer unattended

8.     Any loss or suspected burglary of equipment or software containing or used to access confidential OHSU information should be reported to the EpicCare Link Help Desk.

 

EpicCare Link Username and Password

I have received a unique identification code, called a Username, as well as a Password to be used to access EpicCare Link. The Username and Password in combination will identify me in the EpicCare Link computer system. By using my Username and Password, the system will know when I make inquiries and will know the OHSU Health Records to which I've been granted access. The system will maintain an audit trail of my access which may be used by Health Care Providers at any time for compliance and operational reasons.

I understand that it is extremely important I keep my Username and Password completely confidential. If the confidentiality of my Password has been compromised, I am responsible for contacting the EpicCare Link Help Desk and requesting a new Password. I understand that OHSU takes no responsibility for and disclaims any and all liability including direct, indirect or consequential damages arising from a breach of health record confidentiality resulting from my sharing or losing my username and/or password.

 

Surveys

I understand that from time to time I may be asked to complete satisfaction surveys via EpicCare Link. OHSU asks for survey participation so that better service can be provided to those using OHSU Connect. At times, my information may be combined with others to provide general reports. In that circumstance, everyone's personal identifiers will be removed so no one can be identified in the combined reports.

 

Disclaimer

• I understand that EpicCare Link may not be available to me at all times due to system failures, back-up procedures, maintenance, or other causes beyond the control of OHSU. Access is provided on an "as-is, as-available" basis and OHSU does not guarantee that I will be able to access EpicCare Link at any particular time.
• During times when EpicCare Link is unavailable, other communication methods (e.g., telephone) should be used to access a patient's Health Record.

 

I UNDERSTAND THAT OHSU TAKES NO RESPONSIBILITY FOR AND DISCLAIMS ANY AND ALL LIABILITY ARISING FROM ANY INACCURACIES OR DEFECTS IN SOFTWARE, COMMUNICATION LINES, VIRTUAL PRIVATE NETWORK, THE INTERNET OR MY INTERNET SERVICE PROVIDER (ISP), SYSTEM ACCESS, COMPUTER HARDWARE OR SOFTWARE, OR ANY OTHER SERVICE OR DEVICE THAT I USE TO ACCESS EpicCare Link.

 

I understand that access to EpicCare Link can be denied, restricted or revoked at any time and for any reason by Health Care Providers, without prior notice, including if I misuse or abuse my EpicCare Link access privileges or do not comply with these terms and conditions.  OHSU reserves the right to enter into a separate agreement with users with additional Terms and Conditions.  By clicking on “Accept” (button is found in lower-right corner of this page), I understand and agree to abide by the Terms and Conditions stated above.