Privacy Policy and HIPAA

The contents of the holtynwellness.com site, such as text, graphics, images, and other materials contained on this site (“Content”) are for informational purposes only.

The Content is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Holtyn & Associates, LLC does not endorse any specific product, service, or treatment.  Always ask your doctor or other qualified health care provider any questions you may have regarding a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read.

Your privacy comes first! 

It is held in confidence by Holtyn & Associates, LLC and is never shared or used without your permission, except in aggregate, anonymous form for scientific research.  In the course of this Health Survey, you will receive a log in ID and personal password to secure the confidentiality of your information.

Your employer may have access only to aggregate information collected by the Health Survey. This aggregate information does not include any information that could be used to identify you as an individual employee. 

HIPAA

Holtyn & Associates, LLC wants to assure its clients that its One to One Program can be used in full compliance with the privacy requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the HIPAA privacy regulations1. Clients who have questions concerning whether they must meet HIPAA standards should consult their own legal counsel.

———————————

HIPAA requires Covered Entities to protect the confidentiality of individually-identifiable health information. A Covered Entity is a health care provider that submits health claims electronically, a health plan, or a health care clearinghouse. Individually-identifiable health information, called “protected health information,” includes information relating to an individual’s health or condition if it identifies the individual or could reasonably be expected to allow identification of the individual, including demographic information collected from an individual.

Information from which identifying information has been removed is called “de-identified information.” De-identified information is not protected, because it cannot be associated with an individual. The HIPAA privacy rule lists the identifiers which must be removed to de-identify information. De-identified information may be identified by a code, as long as the de-identification code is not disclosed (see 45 CFR § 164.502(d)).

Holtyn & Associates, LLC maintains a computerized database of wellness information collected via Health Surveys and Biometric Assessments of individual participants. While a) no medical benefits or cures are expressed or implied, b) the product is not to be used as, or used in lieu of, any course of medical or psychological treatment, and c) none of the feedback or summary data maintained in the program can be interpreted as medically or psychologically diagnostic, in the hands of a covered provider this data may be protected health information if the individual can be identified. HIPAA allows providers and members of their workforce to have access to protected health information to provide services to the individual, and for operational purposes. However, covered providers must protect a patient’s individually-identifiable health information from being disclosed to or accessed by other participants.

Holtyn & Associates , LLC offers participants a secure method of protecting the confidentiality of an individuals’ information in the database.

The Holtyn website is secured and encrypted using SSL (Secure Sockets Layer). Each user is assigned a unique combination of a login id and password so that users will not have access to one another’s information.

Employers receive group reports which total and analyze the workforce as a whole and do not identify any single participant by name, other than to indicate enrollment in the program. Although employers will be able to see information relating to other users, they will have no way of connecting that information to other users, and their ability to see this information will not violate HIPAA. 1 Public Law 104-91, sec. 262; 45 CFR Parts 160 and 164.