Privacy Policy

ZirMed understands how important privacy is to our customers, relating both to their personal information and to any personally identifiable healthcare information that they relay to us for claim transaction processing and submission to payers. ZirMed is committed to honoring your privacy and that of your patients, and to offering special protections for any personally identifiable healthcare information you transfer to us. This document is the privacy policy for both the public (open to members and visitors alike), and private (open to customers after authentication) portions of our Web site. It describes what information we may collect about you, what uses we may make of it, how you can tell us what to do with this information, and also what we do to protect personally identifiable information about your patients that you transmit to us for submission to payers. We also review the precautions we take against unauthorized access to, or use of, any of this information.

About this Privacy Policy

Coverage of ZirMed Web Site

This privacy policy applies only to our Web site (www.ZirMed.com), as it is used by healthcare providers and payers, and their representatives, to provide claim processing services and related products, services, reports, and other information to said parties after presentation of appropriate authentication.

When we refer to ourselves as “we” or “ZirMed”, we mean our entire company, including any company that we control (for example, a subsidiary that we own). We may share information among the subsidiaries that we own or control, but it is always protected under the terms of this privacy policy.

Since this privacy policy only applies to ZirMed’s Web site, you should read the privacy policy at each Web site that you visit after you leave our site, especially if you are referred to or linked to it from our site. We are not responsible for how other Web sites treat your privacy, once you leave our Web site.

Privacy Policy Changes

As our privacy policies change in significant ways, we will make every effort to notify you of the changes. For minor changes to the policy that will not affect our use of your individual information or your patients personally identifiable health information, we will note the change at the end of the policy statement. When the privacy policies change in a way that significantly affects the way we handle personal information, we will not use the information we have previously gathered or accumulated without obtaining consent from the appropriate individual/entity. We will post privacy policy changes on our Web site in a timely manner.

HIPAA

This Policy is separate from, but directly affected by, HIPAA requirements on privacy and security. ZirMed continues to track HIPAA’s “administrative simplification” roll out and aids regulators, and ultimately our customers, by providing comments and consultation on the roll out through our membership on the WEDI contact committee (a consultative body composed of healthcare service providers, payers, and interested professionals organized in association with HCFA (now renamed “CMS” — Centers for Medicare and Medicaid Services). ZirMed has made a corporate commitment to the privacy and security of our customers’ (and their patients’) personal, and especially, healthcare information, in addition to required compliance with any regulatory mandates issued under HIPAA. We are presently compliant with HIPAA regulations on transaction sets, and intend to remain compliant as final regulations are issued after legislative scrutiny. Recent CMS rulings have revealed another major benefit that our provider customers receive from utilizing ZirMed’s HIPAA – compliant product: providers facing HIPAA privacy and security requirements in regard to their own practice management systems may be “exempted” from a major portion of the regulations if they receive material claim processing services that are deemed HIPAA-compliant from a third party processor like ZirMed. Thus, ZirMed’s compliance with HIPAA transaction mandates can be attributed to applicable portions of a provider customer’s internal practice management system through its contract relationship with, and service undertaking from ZirMed. We also understand that this exemption is applicable to the payer community and its HIPAA-related obligations. In addition, it should be noted that our transaction clearinghouse has brought us a long way toward HIPAA compliance, since, unlike all others in the industry, it has been built using HIPAA mandated transaction sets at its core.

We track regulatory changes and political debates regarding the scope of HIPAA, work with industry groups to educate our staff on privacy and security issues, and regularly revise and redraft implementation guides to include increasing privacy and security features with an eye both to customer/patient protection and commercial reasonability. By providing staff education and awareness programs, designating a corporate HIPAA compliance team, and conducting a number of business impact analyses on ourselves and several of our customers, we have forged a culture of privacy at ZirMed that will put us in good stead for implementing all HIPAA regulations.

Information We Collect

Information We Collect From Non-Subscriber Visitors

Visitors to our Web site can access the Web site’s home page, and browse some areas of the site, without disclosing any personally identifiable information. We do track information provided to us by your browser, including the Web site you came from (known as the “referring URL”), the type of browser you use, the time and date of access, and other information that does not personally identify you. A person/entity must enroll with us to use much of the site.

Information We Collect When You Register/Enroll

A customer registering or enrolling for use of our services, whether the registration is done on our Web site or via a paper contract entered into by ZirMed and the customer, is asked to provide us with identifying information, such as name, address, and contact information. On our registration screen and in our contracts we clearly specify what information is required for enrollment, and what information is optional and may be given at your discretion.

ZirMed allows users to correct and update their personal information at any time by changing their Personal Profile on-line.

Information Included in Claim Transactions We Receive from You (That We Process, Validate, and Amend if necessary, and Submit to Appropriate Payers for Adjudication, Especially Personally Identifiable Healthcare and Medical Record Information Contained In Such)

As part of the rendition of our claim transaction processing services, we will receive certain information from our customers about their patients and healthcare procedures associated with them that is either personally identifiable or otherwise sensitive. In accordance with the spirit and letter of HIPAA, best corporate practices, and rational business ethics for the healthcare industry, we do all within our power to keep such information both secure and private. We work with provider and payer customers to develop ever more precise communication vehicles for encrypting and otherwise securing this information.

E-Mail Help and Customer Support

ZirMed offers e-mail help and designated Customer Service representatives to its users. For your protection, we only use ZirMed employees for these services and have made it Company policy not to contract specialty service providers for these purposes. Therefore, you should assume that any information (personal to the provider, or patient-identifiable healthcare information) that is disclosed in communications with either or both of these areas will be seen by ZirMed personnel. However, although ZirMed personnel have all signed confidentiality agreements and undergo regular training on proper use and storage of customer transmitted information, customers should never send details of personal information or patient healthcase information within an e-mail.

In order to further assure efficient and effective handling of customer problems referred to us, ZirMed has created and maintains an incident tracking system that details referred problems and expedites speedy resolution.

Information From Outside Sources

We may also collect information about physicians and other healthcare professionals who register on our Web site from other sources in order to verify their licensure status and identity. In some cases we may ask customers for information after they enroll, such as credit card information. Where necessary (for example, to process automatic monthly subscription fee billing), our organization may contact financial or credit organizations to confirm customer credit card information.

Other Information

Additional Forms and E-Mails: We may ask you to provide additional information after you register if you want to obtain additional services or information on new products or to resolve complaints or concerns.

Use of Cookies

Cookies are a technology used by the ZirMed Web site to identify a user (through using the login ID) as the user moves through the Web site. Your browser allows us to place some information on your computer’s hard drive that identifies the computer you are using and may indicate parts of the site you visited. We use cookies to personalize our Web site, to track your usage of the Web site, and to provide security protection in the form of an authentication barrier against unauthorized use of the site.

There are two types of cookies used by the industry: (i) “session cookies” that are deleted when you close your browser and Web viewing session, and (ii) “permanent cookies” that are stored until a date we specify or until you remove them. ZirMed ONLY USES session cookies which exist for only one session, and thus are less open to misuse by unauthorized parties.

You do not have to accept cookies if you do not want to. You simply have to set your browser to reject cookies, or to notify you each time a cookie is sent to you. If your browser rejects cookies, Web sites that are “cookie enabled” will not recognize you when you return to them and you may have to re-register, etc. The “Help” section of your browser will aid you in whatever determination you make about retention or rejection of cookies.

Uses We Make of Information

Marketing and Advertising

We may target our advertising or marketing depending upon information we have about you. In any such case, the marketer or advertiser will not have access to any customer personal information or any patient-related personally identifiable healthcare information.

Third Parties

In addition to aggregate information, we may share some kinds of information with third parties, as described below:

Protection of Information — Security

General Policies

We have implemented technology and security policies, rules, and other measures to protect the personally identifiable data of customers and their patients that we have under our control from unauthorized access, improper use, alteration, unlawful or accidental destruction, and accidental loss. We also protect this information by requiring that all of our employees and others who have access to or are associated with the processing of this data to respect your confidentiality, and confirm this obligation to you by signing a confidentiality agreement with us.

Where we allow a healthcare provider or payer to access actual medical records created by a healthcare provider, we require that the browser used support a high level of encryption to reduce security risks.

ZirMed uses security methods to determine the identity of its registered users, so that appropriate rights and restrictions can be enforced for the user. Reliable verification of user identity is called authentication. ZirMed uses both passwords and usernames to authenticate users. Users are responsible for maintaining their own passwords.

NEVER SHARE YOUR ZirMed USERNAME OR PASSWORD WITH ANYONE.

PLEASE USE THE “LOG OFF” BUTTON WHEN EXITING THE ZirMed WEB SITE; THIS ENDS YOUR SESSION AND HELPS PREVENT UNAUTHORIZED USERS FROM ACCESSING YOUR ACCOUNT.

Security Practices and Technology

Access to Information

Correction of Information We Have About You

If you believe that non-healthcare-related registration information collected by our Web site is in error, you may edit your personal profile at any time that you wish. You can directly edit your user profile on our Web site. Requests for deletion of your record may result in your removal from our registry of customers causing some future disjunctions, but we are willing to accede to your wishes. Despite such removal, we may keep certain demographic information (non-identifiable) about you for product improvement purposes. You may contact ZirMed Customer Support and ask for the changes you would like to make.

ZirMed Employees

ZirMed employees are required to keep customer information private, as a condition of their employment with the Company. Only selected, authorized ZirMed employees are permitted to access your health information.

Employees are required to attend confidentiality/privacy training class, and to sign a confidentiality agreement. All employees and contractors must abide by our privacy policy, and those who violate that policy are subject to disciplinary action, up to and including termination of their employment and legal action.

Privacy Questions

For privacy questions or concerns about ZirMed’s Web site, please contact us at one of the following:

Email: support@ZirMed.com
Visit: www.ZirMed.com
Call: 877-494-7633.

Related Information

Terms of Use

Our Terms of Use provisions are accessed from the first page of our Web site. These terms govern use of our Web site and apply to provider/members and visitors alike. Although all members are required to execute a sales agreement, a membership agreement, or both with ZirMed, the Terms of Use contain the rules governing Web site use, confirming provisions of the cited agreement, and instructing non-members. The portion of the Terms of Use pertinent to this Policy involve warnings about third party documents and linked Web sites, both of which are out of ZirMed’s control and both of which should have their own privacy policies that should be reviewed.