Abeo Solutions, Inc. HIPAA Notice of Privacy Practices

  Effective Date: September 22, 2013

 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

 

If you have any questions about this notice, please contact Sunil Chaudhari at (512) 335-1976.

OUR OBLIGATIONS:

We are required by law to:

  •   Maintain the privacy of protected health information
  •  Notify you of any breaches involving your Protected Health Information
  • Give you this notice of our legal duties and privacy practices regarding health information about you

HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION:

Except for the purposes described below, we will use and disclose Protected Health Information only with your written permission.  You may revoke such permission at any time by writing to our practice Privacy Officer.   We will only use and disclose your Protected Health Information without your authorization when necessary for:

 

  • Treatment. We may use and disclose Protected Health Information for your treatment and to provide you with treatment-related health care services.
  • Payment. We may use and disclose Protected Health Information so that we or others may bill and receive payment from you, an insurance company or a third party for the treatment and services you received.
  • Health Care Operations. We may use and disclose Protected Health Information for health care operations purposes.  We also may share information with other entities that have a relationship with you (for example, your health plan) for their health care operation activities.
  • As Required by Law.  We will disclose Protected Health Information when required to do so by international, federal, state or local law.
  • To Avert a Serious Threat to Health or Safety. We may use and disclose Protected Health Information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
  • Business Associates.  We may disclose Protected Health Information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services.  We will only disclose your Protected Health Information to Business Associates who have agreed in writing to maintain the privacy of Protected Health Information as required by law.
  • Public Health Risks.  We may disclose Protected Health Information for public health activities.  These activities generally include disclosures to prevent or control disease, injury or disability; report births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify people of recalls of products they may be using; a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence.  We will only make this disclosure if you agree or when required or authorized by law.
  • Health Oversight Activities.  We may disclose Protected Health Information to a health oversight agency for activities authorized by law.
  • Data Breach Notification Purposes.  We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your health information.
  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose Health Information in response to a court or administrative order.  We also may disclose Health Information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
  • Law Enforcement. We may release Protected Health Information if asked by a law enforcement official if the information is: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) limited information to identify or locate a suspect, fugitive, material witness, or missing person; (3) about the victim of a crime even if, under certain very limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; (5) about

criminal conduct on our premises; and (6) in an emergency to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

USES AND DISCLOSURES THAT REQUIRE US TO GIVE YOU AN OPPORTUNITY TO OBJECT

Individuals Involved in Your Care or Payment for Your Care. We may disclose your Protected Health Information to a member of your family, a relative, a close friend or any other person you identify, that directly relates to that person’s involvement in your health care, if the information

is relevant to their involvement and you have agreed or had an opportunity to object.

WRITTEN AUTHORIZATION IS REQUIRED FOR OTHER USES AND ISCLOSURES

The following uses and disclosures of your Protected Health Information will be made only with your written authorization:

1.  Uses and disclosures of Protected Health Information for marketing purposes; and

2.  Disclosures that constitute a sale of your Protected Health Information

Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization.  If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.

YOUR RIGHTS:

You have the following rights regarding Health Information we have about you:

Right to Inspect and Copy.  You have a right to inspect and copy Health Information that may be used to make decisions about your care or payment for your care.

Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity.

Right to Get Notice of a Breach.  You have the right to be notified upon a breach of any of your unsecured Protected Health Information.

Right to Amend.  If you feel that Protected Health Information we have is incorrect or incomplete, you may ask us to amend the information.  You have the right to request an amendment for as long as the information is kept by or for our office.

Right to an Accounting of Disclosures.  You have the right to request a list of certain

disclosures we made of Protected Health Information for purposes other than treatment, payment and health care operations or for which you provided written authorization.

Right to Request Restrictions.  You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations.  You also have the right to request a limit on the Protected Health Information we disclose to someone involved in your care or the payment for your care, like a family member or friend.  We are not required to agree to your request.

Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.  To request confidential communications, you must make your request, in writing, to Sunil Chaudhari.  Your request must specify how or where you wish to be contacted.  We will accommodate reasonable requests.

Right to a Paper Copy of This Notice.  You have the right to a paper copy of this notice.  You may ask us to give you a copy of this notice at any time.  Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.  You may obtain a copy of this notice at our web site, www.crystalpm.com.

CHANGES TO THIS NOTICE:

We reserve the right to change this notice and make the new notice apply to Protected Health Information we already have as well as any information we receive in the future.  We will post a copy of our current notice at our office.  The notice will contain the effective date on the first page, in the top right-hand corner.

COMPLAINTS:

If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services.  To file a complaint with our office, contact Sunil Chaudhari.  All complaints must be made in writing.  You will not be penalized for filing a complaint.

Click here to download a pdf copy.

If your server fails or if you choose to upgrade to a new machine you will need to manually transfer your Crystal PM database to the new computer. The following steps will demonstrate how to do this.

Prerequisites: You will need to make sure that none of your staff are currently working in Crystal and that the program is closed out on all workstations (including the server). You will need to budget for down time (30-60 minutes) depending on the size of your database. An external hard drive, flash drive or network location will be necessary to make the change over.

Note: The Crystal PM server/client software should be installed on the new server computer in advance.

To begin the database migration, you will need to stop the MySQL database. Click Start > All Programs > Accessories > right-click on the Command Prompt and select Run as Administrator.

The ‘administrative’ command prompt will appear.
Type in the following phrase where the cursor is flashing on this window: net stop mysql and press Enter.

The following window will appear informing you that the database was successfully stopped:

Minimize the Command Prompt and navigate to Start > Computer (or My Computer) > Local Disk (C:) > Program Files (or Program Files X86) > MySQL. Double-click on this folder.

Within the MySQL folder, click on data:

Within the data folder, you will see a folder titled easyopti:

Note: It is important to verify that your external device has sufficient space on it to transfer the database. To check the size of the database, right click on the easyopti folder and click properties:

The size of this database is 341 MB or 0.3 GB.

Verify that your external device is capable of containing this amount of data by reviewing the amount of space
available on the device (for this example, my device shows 4.06GB free of 7.45GB available).

Right-click on the easyopti folder and click ‘Copy’

Click on Start > Computer (or My Computer) > and locate your external device (mine is in the D drive):

Right-click on the removable device and click ‘Paste’. This will move a copy of the database to your external device:

The database will still be on the old server computer and can be deleted once the data has been moved.

Eject the removable device and connect it to the new server computer. The following window will appear:

Select ‘Open folder to view files’. Right-click on the easyopti folder and click ‘Copy’. Next you will need to stop the database on the new server computer. Navigate to Start > All Programs > Accessories > right-click on the Command Prompt and select Run as Administrator. The ‘administrative’ command prompt will appear. Type in the following phrase where the cursor is flashing on this
window: net stop mysql and press Enter:

The following window will appear informing you that the database was successfully stopped:

(Minimize the command prompt as you will need to go back to it after the transfer is complete)

You will now navigate to the new (empty) easyopti folder on the new server computer. Select Start > Computer (or My Computer) > Program Files (or Program Files X86) > MySQL > data

In the ‘white space’ below the folder right-click and choose ‘Paste‘. This will paste the easyopti folder (from the removable device) into the screen. You will be prompted to merge the new easyopti folder with the existing. Click yes to approve. If a screen appears referring to conflicts, select the ‘copy and replace’ option and check the box to approve for all conflicts.

Next, bring up the command prompt (that was previously minimized) and type in the following phrase: net start mysql and press enter:

You will be able to access Crystal PM.
Note: You will need to provide the server hostname to each of your workstations as you have switched computers and the information from the old server computer is no longer valid. You will also need to open TCP port 3306 in Windows Firewall on the new server computer if you are running this utility.

To locate the server computer hostname open the command prompt and type the term hostname.

For this example, the hostname of this computer is ‘Loki’. Enter this under Configuration > Server on your workstations and they will be able to connect and write to the Crystal PM database on the server computer.

It’s very important to back up your Crystal PM database as a preventative against theft, natural disaster, or hardware failure. This walkthrough will explain how to perform this function.

On your server computer perform the steps below:

For Windows Vista/Windows 7: Click on Start > Computer > Double-click Local Disk (C:).

Within the Local Disk you will see a folder titled Program Files. Double click this.Note: If your version of Windows is 64 bit you will see Program Files(X64). If you see this folder, open it.

For Windows XP: Click on Start > My Computer > Double-click Local Disk (C:).Note: If you do not see My Computer in your start menu, it will be on the desktop.

Within the Program Files (or Program Files X86 folder) you will locate the CrystalPM folder.

Double-click on the folder. Once it is open, you will see the various files that operate the program. Click the letter ‘b’ on your keyboard. The selection will show this backup icon.

 

Right-click on the icon titled ‘backup’ and mouse over the entry titled ‘Send To’. Choose the second option in the list titled ‘Desktop: (create shortcut)’.

This icon will appear on your desktop.
Note: To backup Crystal, you will need a form of removable media (flash drive, external hard drive, etc). A good rule of thumb is to have two external hard drives that you rotate out on a daily basis and to back the data up with the same frequency. Your data can be backed up to the server computer, but if the server computer fails, your data cannot readily be transferred to another machine and may be lost altogether.

To ensure that the backup icon is backing up the data to the proper location, right click on the backup-Shortcut icon and select ‘Edit’. The following screen will appear in Notepad:

There will only be two areas to edit in this screen. One is program files, if your server computer shows Program Files (X86), you will need to put the cursor after the word ‘files’, hit the spacebar once and type ‘(X86) as shown below:

This ensures that the data folder (within Program Files(X86) is being backed up properly. The second entry that you will need to edit is the filename where you see ‘e:backup’ in the screenshot. This drive letter must match the drive letter that your computer has assigned to the external hard drive or flash drive. To locate this, insert the device into your server computer’s USB port and click on Start > Computer and you will see the following:

For this example, my computer assigned my external device to the ‘D’ drive. On the backup shortcut editing screen change the drive letter from e to d (leave all other data on this page as it is)

Save the changes to the edits made here:
And your back up icon for Crystal is now setup.

Note: Do not run this during the day when your staff is using Crystal. The first step of the backup process is to stop the Crystal PM database which means that all users currently logged in will have their sessions in the program abruptly ended.

A good rule of thumb is to verify that all users are logged out of Crystal (including the server computer) and run the backup at the beginning or end of your workday as time permits.

Once the backup completes (time will vary depending on the size of your database) you can verify that the backup completed by clicking on Start > Computer > Removable Disk (D:). Within the external device, there will be a folder titled ‘backup’

Opening this folder will display similar information as you see here:

Click the item titled ‘Date modified’ at the top to view the most recent date that the data was backed up.

Note: This backup icon does not back up any other data on your machine other than Crystal PM.

If you’re IT person decides to move the Crystal PM database to a different drive on your server computer (for space requirements or performing backups), these are the necessary steps to facilitate this.

Note: You will need to ensure that none of your staff are working in Crystal while this is being done because the database will need to be shut down requiring all users to be out of the program (including the server computer).

For this example, I will move the live Crystal PM database to the ‘T’ drive:

Open this drive and create a folder titled ‘CPMData’:

To begin, click Start > All Programs > Accessories > (right-click on) Command Prompt and click Run as Administrator. Type in the phrase: net stop mysql and click Enter:

The database has been stopped at this point.
Minimize the command prompt window and navigate to Start > Computer (or My Computer) > Local Disk (C:) > Program Files (or Program Files X86) > MySQL.

Right-click on the MySQL folder and select ‘Copy’.

Navigate to the CPMData folder you created on the new drive you are switching the database to (exa: Start > Computer > downloads (\abeo) (T:) > CPMData. Once inside the CPMData folder, right-click and select ‘Paste’.

You will see the MySQL database folder in the CPMData folder at this point.

Note: This could take some time to accomplish depending on the size of your database.

Next, you will need to navigate to Start > Computer (or My Computer) > Local Disk (C:) > Windows > my.ini.
Double-click on my.ini and it will open in the Notepad.

You will need to edit the line ‘basedir=C :/program files/mysql to show (in my case):
datadir=T:/CPMData/mysql/data(Your data is now being stored/written to the file specified in this entry)
Save the changes to the my.ini folder and close out of it.
Now maximize the Command Prompt and enter the phrase: net start mysql

Crystal PM can now be accessed as usual on the server/workstation computers.

To install Crystal PM on a workstation running the Windows 8 operating system, you will first insert the Server & Client disk into your CD drive.

The following screen will appear:

Click the dark blue box and the following options will appear:

Select ‘Open folder to view files’.

Double-click on the ‘Client’ folder.

Click on the ‘Setup’ icon.

The program will load as follows. Click ‘next’.

Follow the prompts and click the ‘Finish’ button on this screen:

The following window will appear:

You will need to enter the server name or IP address of the server computer. To locate this, go to another workstation (not your server computer) in your office and open Crystal. Click Configuration > Server.

The information in this box is what you will need for the new workstation.
Note: Windows 8 may require a .NET framework installation to complete the setup. If it does, it will prompt you when you attempt to install Crystal.